x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xa, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:20 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xe000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:20 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 10:23:20 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x28}}, 0x0) 10:23:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2534.983523][T27847] syz-executor.3 (27847) used greatest stack depth: 15504 bytes left 10:23:21 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 10:23:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x10000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:21 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x28}}, 0x0) 10:23:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xf, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:21 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0) 10:23:21 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:21 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0) 10:23:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x11000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x10, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:21 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:21 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0) 10:23:21 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:22 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x12000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:22 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={0x0}}, 0x0) 10:23:22 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x60, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:22 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x10, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:22 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={0x0}}, 0x0) 10:23:22 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x3b403fa6, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:22 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x10, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:22 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={0x0}}, 0x0) 10:23:22 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x0, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:22 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 10:23:22 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xa63f403b, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:22 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x0, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:22 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xa, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:22 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x0, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:22 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xf0ffffff, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:23 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 1) 10:23:23 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}]}, 0x28}}, 0x0) [ 2537.079816][T27946] FAULT_INJECTION: forcing a failure. [ 2537.079816][T27946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2537.118931][T27946] CPU: 1 PID: 27946 Comm: syz-executor.0 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2537.129497][T27946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2537.139580][T27946] Call Trace: [ 2537.142880][T27946] [ 2537.145835][T27946] dump_stack_lvl+0x1e7/0x2e0 [ 2537.150555][T27946] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2537.155786][T27946] ? __pfx__printk+0x10/0x10 [ 2537.160418][T27946] ? __pfx_lock_release+0x10/0x10 [ 2537.165475][T27946] should_fail_ex+0x3ae/0x4e0 [ 2537.170192][T27946] _copy_from_user+0x2f/0xe0 [ 2537.174835][T27946] copy_msghdr_from_user+0xae/0x680 10:23:23 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}]}, 0x28}}, 0x0) [ 2537.180084][T27946] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 2537.185939][T27946] __sys_sendmsg+0x23d/0x3a0 [ 2537.190573][T27946] ? __pfx___sys_sendmsg+0x10/0x10 [ 2537.195788][T27946] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2537.202155][T27946] ? do_syscall_64+0x108/0x240 [ 2537.207053][T27946] ? do_syscall_64+0xb4/0x240 [ 2537.211756][T27946] do_syscall_64+0xf9/0x240 [ 2537.216274][T27946] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2537.222210][T27946] RIP: 0033:0x7f4351a7dda9 [ 2537.226649][T27946] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 2537.246288][T27946] RSP: 002b:00007f43528b70c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2537.254732][T27946] RAX: ffffffffffffffda RBX: 00007f4351bac050 RCX: 00007f4351a7dda9 [ 2537.262737][T27946] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003 [ 2537.270731][T27946] RBP: 00007f43528b7120 R08: 0000000000000000 R09: 0000000000000000 10:23:23 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}]}, 0x28}}, 0x0) 10:23:23 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 2) [ 2537.278737][T27946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2537.286744][T27946] R13: 000000000000006e R14: 00007f4351bac050 R15: 00007ffe42cdd908 [ 2537.294763][T27946] 10:23:23 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xffffff7f, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:23 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x28}}, 0x0) [ 2537.501277][T27960] FAULT_INJECTION: forcing a failure. [ 2537.501277][T27960] name failslab, interval 1, probability 0, space 0, times 0 [ 2537.531784][T27960] CPU: 1 PID: 27960 Comm: syz-executor.0 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2537.542258][T27960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2537.552343][T27960] Call Trace: [ 2537.555691][T27960] [ 2537.558658][T27960] dump_stack_lvl+0x1e7/0x2e0 [ 2537.563470][T27960] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2537.568717][T27960] ? __pfx__printk+0x10/0x10 [ 2537.573349][T27960] ? __pfx___might_resched+0x10/0x10 [ 2537.578684][T27960] should_fail_ex+0x3ae/0x4e0 [ 2537.583395][T27960] should_failslab+0x9/0x20 [ 2537.587921][T27960] kmem_cache_alloc_node+0x7e/0x380 [ 2537.593156][T27960] ? __alloc_skb+0x181/0x420 [ 2537.597790][T27960] __alloc_skb+0x181/0x420 [ 2537.602245][T27960] ? __pfx___alloc_skb+0x10/0x10 [ 2537.607220][T27960] ? netlink_autobind+0xd5/0x2f0 [ 2537.612707][T27960] ? netlink_autobind+0x2af/0x2f0 [ 2537.617758][T27960] netlink_sendmsg+0x6fc/0xd70 [ 2537.622570][T27960] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2537.627890][T27960] ? __import_iovec+0x552/0x890 [ 2537.632776][T27960] ? aa_sock_msg_perm+0x91/0x160 [ 2537.637726][T27960] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2537.643011][T27960] ? security_socket_sendmsg+0x87/0xb0 [ 2537.648470][T27960] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2537.653748][T27960] __sock_sendmsg+0x221/0x270 [ 2537.658435][T27960] ____sys_sendmsg+0x525/0x7d0 [ 2537.663208][T27960] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2537.668501][T27960] __sys_sendmsg+0x2b0/0x3a0 [ 2537.673089][T27960] ? __pfx___sys_sendmsg+0x10/0x10 [ 2537.678233][T27960] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2537.684745][T27960] ? do_syscall_64+0x108/0x240 [ 2537.689623][T27960] ? do_syscall_64+0xb4/0x240 [ 2537.694312][T27960] do_syscall_64+0xf9/0x240 [ 2537.698822][T27960] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2537.704731][T27960] RIP: 0033:0x7f4351a7dda9 [ 2537.709143][T27960] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 2537.728758][T27960] RSP: 002b:00007f43528b70c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2537.737188][T27960] RAX: ffffffffffffffda RBX: 00007f4351bac050 RCX: 00007f4351a7dda9 [ 2537.745255][T27960] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003 [ 2537.753224][T27960] RBP: 00007f43528b7120 R08: 0000000000000000 R09: 0000000000000000 [ 2537.761190][T27960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2537.769155][T27960] R13: 000000000000006e R14: 00007f4351bac050 R15: 00007ffe42cdd908 [ 2537.777136][T27960] 10:23:23 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x300, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:23 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 3) 10:23:24 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xfffffff0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:24 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x28}}, 0x0) 10:23:24 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 4) [ 2538.183669][T27975] FAULT_INJECTION: forcing a failure. [ 2538.183669][T27975] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2538.196606][T27963] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2538.196737][T27963] CPU: 1 PID: 27963 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2538.196758][T27963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2538.196768][T27963] Call Trace: [ 2538.196775][T27963] [ 2538.196783][T27963] dump_stack_lvl+0x1e7/0x2e0 [ 2538.196817][T27963] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2538.196842][T27963] ? __pfx__printk+0x10/0x10 [ 2538.196864][T27963] ? ___ratelimit+0x4c4/0x670 [ 2538.196892][T27963] ? __pfx____ratelimit+0x10/0x10 [ 2538.196921][T27963] dump_header+0xda/0x6a0 [ 2538.196975][T27963] oom_kill_process+0x3a7/0x930 [ 2538.197002][T27963] out_of_memory+0xf67/0x1320 [ 2538.197053][T27963] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2538.197075][T27963] ? __pfx___mutex_lock+0x10/0x10 [ 2538.197097][T27963] ? __pfx_out_of_memory+0x10/0x10 [ 2538.197128][T27963] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2538.294560][T27963] ? __pfx_lock_release+0x10/0x10 [ 2538.299623][T27963] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2538.305713][T27963] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2538.310918][T27963] ? mem_cgroup_iter+0x422/0x560 [ 2538.315869][T27963] try_charge_memcg+0xda2/0x18a0 [ 2538.320812][T27963] ? mark_lock+0x9a/0x350 [ 2538.325171][T27963] ? __pfx_try_charge_memcg+0x10/0x10 [ 2538.330572][T27963] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2538.336739][T27963] charge_memcg+0xa2/0x160 [ 2538.341165][T27963] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2538.347248][T27963] __read_swap_cache_async+0x480/0x8b0 [ 2538.352729][T27963] ? mark_lock+0x9a/0x350 [ 2538.357096][T27963] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2538.363103][T27963] swap_cluster_readahead+0x67c/0x810 [ 2538.368497][T27963] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2538.374423][T27963] ? __pfx_lock_release+0x10/0x10 [ 2538.379471][T27963] ? xas_descend+0x37e/0x470 [ 2538.384108][T27963] swapin_readahead+0x1ea/0x1070 [ 2538.389072][T27963] ? filemap_get_entry+0x127/0x4e0 [ 2538.394208][T27963] ? __pfx_swapin_readahead+0x10/0x10 [ 2538.399610][T27963] ? __filemap_get_folio+0x935/0xbc0 [ 2538.404933][T27963] ? swap_cache_get_folio+0x9f/0x570 [ 2538.410240][T27963] do_swap_page+0x791/0x3f40 [ 2538.414847][T27963] ? rcu_is_watching+0x15/0xb0 [ 2538.419632][T27963] ? do_swap_page+0x154/0x3f40 [ 2538.424400][T27963] ? __pfx_do_swap_page+0x10/0x10 [ 2538.429435][T27963] ? pte_offset_map_nolock+0x137/0x1f0 [ 2538.434922][T27963] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2538.440761][T27963] __handle_mm_fault+0x15e8/0x72d0 [ 2538.445917][T27963] ? reacquire_held_locks+0x3eb/0x690 [ 2538.451330][T27963] ? __pfx___handle_mm_fault+0x10/0x10 [ 2538.456872][T27963] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2538.462662][T27963] ? mtree_range_walk+0x6fd/0x8e0 [ 2538.467778][T27963] ? lock_vma_under_rcu+0x18a/0x730 [ 2538.472990][T27963] ? __pfx_lock_release+0x10/0x10 [ 2538.478201][T27963] ? lock_vma_under_rcu+0x2f9/0x730 [ 2538.483430][T27963] ? lock_vma_under_rcu+0x18a/0x730 [ 2538.488634][T27963] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2538.494186][T27963] handle_mm_fault+0x3c1/0x8a0 [ 2538.498987][T27963] exc_page_fault+0x456/0x870 [ 2538.503704][T27963] asm_exc_page_fault+0x26/0x30 [ 2538.508663][T27963] RIP: 0033:0x7fdfb6252fc2 [ 2538.513093][T27963] Code: 0c 03 00 00 a8 20 0f 85 c5 fb ff ff 48 8d b3 30 06 00 00 31 ff b8 8f 00 00 00 0f 05 83 8b 0c 03 00 00 20 e9 a9 fb ff ff 31 c0 <87> 05 18 83 c8 00 83 f8 01 0f 8f a4 03 00 00 31 d2 4d 85 f6 0f 44 [ 2538.532708][T27963] RSP: 002b:00007ffda0a70010 EFLAGS: 00010246 [ 2538.538785][T27963] RAX: 0000000000000000 RBX: 00007fdfb54006c0 RCX: 0000000000000003 [ 2538.546763][T27963] RDX: 0000000000801000 RSI: 00007fdfb6edb300 RDI: 00007fdfb54006c0 [ 2538.554752][T27963] RBP: 0000000000000000 R08: 00007fdfb63ac05c R09: 00007fdfb63ac05c [ 2538.562761][T27963] R10: 0000000000021000 R11: 0000000000020000 R12: 00007ffda0a702b0 [ 2538.570747][T27963] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 2538.578754][T27963] [ 2538.581782][T27975] CPU: 0 PID: 27975 Comm: syz-executor.0 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2538.587644][T27963] memory: usage 307200kB, limit 307200kB, failcnt 1938 [ 2538.592201][T27975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2538.592217][T27975] Call Trace: [ 2538.592226][T27975] [ 2538.592235][T27975] dump_stack_lvl+0x1e7/0x2e0 [ 2538.592275][T27975] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2538.599604][T27963] memory+swap: usage 307460kB, limit 9007199254740988kB, failcnt 0 [ 2538.609129][T27975] ? __pfx__printk+0x10/0x10 [ 2538.609165][T27975] ? __pfx_lock_release+0x10/0x10 [ 2538.609201][T27975] should_fail_ex+0x3ae/0x4e0 [ 2538.609231][T27975] _copy_from_iter+0x222/0x1d40 [ 2538.609260][T27975] ? __virt_addr_valid+0x183/0x520 [ 2538.609288][T27975] ? __pfx_lock_release+0x10/0x10 [ 2538.609323][T27975] ? __pfx__copy_from_iter+0x10/0x10 [ 2538.612985][T27963] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0 [ 2538.615526][T27975] ? __virt_addr_valid+0x183/0x520 [ 2538.615558][T27975] ? __virt_addr_valid+0x183/0x520 [ 2538.615584][T27975] ? __virt_addr_valid+0x44e/0x520 [ 2538.620403][T27963] Memory cgroup stats for [ 2538.625417][T27975] ? __phys_addr_symbol+0x2f/0x70 [ 2538.625450][T27975] ? __check_object_size+0x4bb/0xa00 [ 2538.625479][T27975] netlink_sendmsg+0x804/0xd70 [ 2538.634208][T27963] /syz3 [ 2538.638060][T27975] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2538.638126][T27975] ? __import_iovec+0x552/0x890 [ 2538.643789][T27963] : [ 2538.648063][T27975] ? aa_sock_msg_perm+0x91/0x160 [ 2538.648106][T27975] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2538.648132][T27975] ? security_socket_sendmsg+0x87/0xb0 [ 2538.648158][T27975] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2538.648177][T27975] __sock_sendmsg+0x221/0x270 [ 2538.648209][T27975] ____sys_sendmsg+0x525/0x7d0 [ 2538.653319][T27963] cache 8192 [ 2538.658185][T27975] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2538.658239][T27975] __sys_sendmsg+0x2b0/0x3a0 [ 2538.658264][T27975] ? __pfx___sys_sendmsg+0x10/0x10 [ 2538.658324][T27975] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2538.663611][T27963] rss 0 [ 2538.668691][T27975] ? do_syscall_64+0x108/0x240 [ 2538.668732][T27975] ? do_syscall_64+0xb4/0x240 [ 2538.668764][T27975] do_syscall_64+0xf9/0x240 [ 2538.668795][T27975] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2538.668825][T27975] RIP: 0033:0x7f4351a7dda9 [ 2538.668842][T27975] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 2538.668858][T27975] RSP: 002b:00007f43528b70c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2538.668880][T27975] RAX: ffffffffffffffda RBX: 00007f4351bac050 RCX: 00007f4351a7dda9 [ 2538.668895][T27975] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003 [ 2538.668906][T27975] RBP: 00007f43528b7120 R08: 0000000000000000 R09: 0000000000000000 [ 2538.668919][T27975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2538.668931][T27975] R13: 000000000000006e R14: 00007f4351bac050 R15: 00007ffe42cdd908 [ 2538.668957][T27975] [ 2538.883313][T27963] rss_huge 0 [ 2538.886630][T27963] shmem 0 [ 2538.889570][T27963] mapped_file 0 [ 2538.893028][T27963] dirty 0 [ 2538.896784][T27963] writeback 0 [ 2538.900089][T27963] workingset_refault_anon 1258 [ 2538.904875][T27963] workingset_refault_file 1 [ 2538.909477][T27963] swap 241664 [ 2538.912763][T27963] swapcached 0 [ 2538.916121][T27963] pgpgin 320852 [ 2538.920264][T27963] pgpgout 320850 [ 2538.923818][T27963] pgfault 792009 [ 2538.927470][T27963] pgmajfault 933 [ 2538.931111][T27963] inactive_anon 0 [ 2538.934747][T27963] active_anon 0 [ 2538.938334][T27963] inactive_file 0 [ 2538.941956][T27963] active_file 8192 [ 2538.945660][T27963] unevictable 0 [ 2538.949188][T27963] hierarchical_memory_limit 314572800 [ 2538.954572][T27963] hierarchical_memsw_limit 9223372036854771712 [ 2538.960948][T27963] total_cache 8192 [ 2538.964686][T27963] total_rss 0 [ 2538.968109][T27963] total_rss_huge 0 [ 2538.971859][T27963] total_shmem 0 [ 2538.975644][T27963] total_mapped_file 0 [ 2538.979900][T27963] total_dirty 0 [ 2538.983563][T27963] total_writeback 0 [ 2538.992829][T27963] total_workingset_refault_anon 1258 [ 2538.998393][T27963] total_workingset_refault_file 1 [ 2539.003676][T27963] total_swap 266240 [ 2539.008170][T27963] total_swapcached 0 [ 2539.012112][T27963] total_pgpgin 330398 [ 2539.016083][T27963] total_pgpgout 330396 [ 2539.020759][T27963] total_pgfault 801596 [ 2539.024847][T27963] total_pgmajfault 933 [ 2539.029108][T27963] total_inactive_anon 0 [ 2539.033497][T27963] total_active_anon 0 [ 2539.041149][T27963] total_inactive_file 0 [ 2539.045404][T27963] total_active_file 8192 [ 2539.049896][T27963] total_unevictable 0 [ 2539.053897][T27963] anon_cost 0 [ 2539.057430][T27963] file_cost 0 [ 2539.060736][T27963] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=27963,uid=0 [ 2539.078921][T27963] Memory cgroup out of memory: Killed process 27963 (syz-executor.3) total-vm:54508kB, anon-rss:136kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 10:23:25 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x500, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2539.212441][T27969] __nla_validate_parse: 70 callbacks suppressed [ 2539.212460][T27969] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 10:23:25 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x28}}, 0x0) 10:23:25 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x10, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2539.282996][T27974] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 10:23:25 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 5) [ 2539.383200][T27980] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 10:23:25 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x18, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2539.492067][T27981] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2539.523822][T27987] FAULT_INJECTION: forcing a failure. [ 2539.523822][T27987] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2539.572304][T27987] CPU: 1 PID: 27987 Comm: syz-executor.0 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2539.582776][T27987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2539.592860][T27987] Call Trace: [ 2539.596167][T27987] [ 2539.599120][T27987] dump_stack_lvl+0x1e7/0x2e0 [ 2539.603838][T27987] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2539.609074][T27987] ? __pfx__printk+0x10/0x10 [ 2539.613701][T27987] ? __pfx_lock_release+0x10/0x10 [ 2539.618764][T27987] should_fail_ex+0x3ae/0x4e0 [ 2539.623481][T27987] _copy_from_iter+0x222/0x1d40 [ 2539.628365][T27987] ? __virt_addr_valid+0x183/0x520 [ 2539.633509][T27987] ? __pfx_lock_release+0x10/0x10 [ 2539.638581][T27987] ? __pfx__copy_from_iter+0x10/0x10 [ 2539.643898][T27987] ? __virt_addr_valid+0x183/0x520 [ 2539.649046][T27987] ? __virt_addr_valid+0x183/0x520 [ 2539.654189][T27987] ? __virt_addr_valid+0x44e/0x520 [ 2539.659331][T27987] ? __phys_addr_symbol+0x2f/0x70 [ 2539.664381][T27987] ? __check_object_size+0x4bb/0xa00 [ 2539.669695][T27987] netlink_sendmsg+0x804/0xd70 [ 2539.674495][T27987] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2539.679802][T27987] ? __import_iovec+0x552/0x890 [ 2539.684681][T27987] ? aa_sock_msg_perm+0x91/0x160 [ 2539.689648][T27987] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2539.694967][T27987] ? security_socket_sendmsg+0x87/0xb0 [ 2539.700464][T27987] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2539.705776][T27987] __sock_sendmsg+0x221/0x270 [ 2539.710487][T27987] ____sys_sendmsg+0x525/0x7d0 [ 2539.715295][T27987] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2539.720633][T27987] __sys_sendmsg+0x2b0/0x3a0 [ 2539.725258][T27987] ? __pfx___sys_sendmsg+0x10/0x10 [ 2539.730456][T27987] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2539.736928][T27987] ? do_syscall_64+0x108/0x240 [ 2539.741740][T27987] ? do_syscall_64+0xb4/0x240 [ 2539.746460][T27987] do_syscall_64+0xf9/0x240 [ 2539.751008][T27987] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2539.756953][T27987] RIP: 0033:0x7f4351a7dda9 [ 2539.761399][T27987] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 2539.781029][T27987] RSP: 002b:00007f43528b70c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2539.789476][T27987] RAX: ffffffffffffffda RBX: 00007f4351bac050 RCX: 00007f4351a7dda9 [ 2539.797493][T27987] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003 [ 2539.805493][T27987] RBP: 00007f43528b7120 R08: 0000000000000000 R09: 0000000000000000 [ 2539.813489][T27987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2539.821488][T27987] R13: 000000000000006e R14: 00007f4351bac050 R15: 00007ffe42cdd908 [ 2539.829504][T27987] 10:23:26 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2539.883192][T27989] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2539.962009][T27986] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 10:23:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x140, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2540.024963][T27992] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:23:26 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 6) 10:23:26 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2540.172245][T27995] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 10:23:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0xec0, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2540.284515][T27999] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2540.374344][T27998] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 10:23:26 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2540.445975][T28002] FAULT_INJECTION: forcing a failure. [ 2540.445975][T28002] name failslab, interval 1, probability 0, space 0, times 0 [ 2540.476338][T28002] CPU: 1 PID: 28002 Comm: syz-executor.0 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2540.486824][T28002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2540.496911][T28002] Call Trace: [ 2540.500213][T28002] [ 2540.503171][T28002] dump_stack_lvl+0x1e7/0x2e0 [ 2540.507900][T28002] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2540.513161][T28002] ? __pfx__printk+0x10/0x10 [ 2540.517801][T28002] ? __pfx___might_resched+0x10/0x10 [ 2540.523130][T28002] should_fail_ex+0x3ae/0x4e0 [ 2540.527853][T28002] ? rtm_new_nexthop+0x25d7/0x96d0 [ 2540.533003][T28002] should_failslab+0x9/0x20 [ 2540.537545][T28002] kmalloc_trace+0x76/0x360 [ 2540.542087][T28002] ? lwtunnel_valid_encap_type+0x265/0x5f0 [ 2540.547938][T28002] rtm_new_nexthop+0x25d7/0x96d0 [ 2540.552930][T28002] ? mark_lock+0x9a/0x350 [ 2540.557294][T28002] ? __pfx_rtm_new_nexthop+0x10/0x10 [ 2540.562624][T28002] ? __lock_acquire+0x1345/0x1fd0 [ 2540.567814][T28002] ? __pfx_lock_acquire+0x10/0x10 [ 2540.572889][T28002] ? __mutex_lock+0x99a/0xd70 [ 2540.577594][T28002] ? __pfx_lock_release+0x10/0x10 [ 2540.582628][T28002] ? do_raw_spin_lock+0x14e/0x370 [ 2540.587655][T28002] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2540.592860][T28002] ? __mutex_lock+0x526/0xd70 [ 2540.597550][T28002] ? __pfx_rtm_new_nexthop+0x10/0x10 [ 2540.602834][T28002] rtnetlink_rcv_msg+0x885/0x1040 [ 2540.607863][T28002] ? rtnetlink_rcv_msg+0x208/0x1040 [ 2540.613064][T28002] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2540.618528][T28002] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2540.624510][T28002] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2540.630846][T28002] ? __local_bh_enable_ip+0x168/0x200 [ 2540.636229][T28002] ? lockdep_hardirqs_on+0x98/0x140 [ 2540.641435][T28002] ? __local_bh_enable_ip+0x168/0x200 [ 2540.646813][T28002] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2540.651921][T28002] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 2540.657648][T28002] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2540.662757][T28002] ? __dev_queue_xmit+0x15fd/0x3b10 [ 2540.667962][T28002] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2540.673078][T28002] ? ref_tracker_free+0x643/0x7e0 [ 2540.678114][T28002] netlink_rcv_skb+0x1e3/0x430 [ 2540.682879][T28002] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2540.688346][T28002] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2540.693649][T28002] ? netlink_deliver_tap+0x2e/0x1b0 [ 2540.698856][T28002] netlink_unicast+0x7ea/0x980 [ 2540.703628][T28002] ? __pfx_netlink_unicast+0x10/0x10 [ 2540.708911][T28002] ? __virt_addr_valid+0x44e/0x520 [ 2540.714021][T28002] ? __phys_addr_symbol+0x2f/0x70 [ 2540.719045][T28002] ? __check_object_size+0x4bb/0xa00 [ 2540.724324][T28002] ? bpf_lsm_netlink_send+0x9/0x10 [ 2540.729440][T28002] netlink_sendmsg+0xa3b/0xd70 [ 2540.734209][T28002] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2540.739488][T28002] ? __import_iovec+0x552/0x890 [ 2540.744340][T28002] ? aa_sock_msg_perm+0x91/0x160 [ 2540.749284][T28002] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2540.754564][T28002] ? security_socket_sendmsg+0x87/0xb0 [ 2540.760025][T28002] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2540.765305][T28002] __sock_sendmsg+0x221/0x270 [ 2540.769992][T28002] ____sys_sendmsg+0x525/0x7d0 [ 2540.774759][T28002] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2540.780145][T28002] __sys_sendmsg+0x2b0/0x3a0 [ 2540.784738][T28002] ? __pfx___sys_sendmsg+0x10/0x10 [ 2540.789880][T28002] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2540.796216][T28002] ? do_syscall_64+0x108/0x240 [ 2540.800983][T28002] ? do_syscall_64+0xb4/0x240 [ 2540.805662][T28002] do_syscall_64+0xf9/0x240 [ 2540.810168][T28002] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2540.816059][T28002] RIP: 0033:0x7f4351a7dda9 [ 2540.820642][T28002] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 2540.840250][T28002] RSP: 002b:00007f43528b70c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2540.848667][T28002] RAX: ffffffffffffffda RBX: 00007f4351bac050 RCX: 00007f4351a7dda9 [ 2540.856631][T28002] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003 [ 2540.864592][T28002] RBP: 00007f43528b7120 R08: 0000000000000000 R09: 0000000000000000 [ 2540.872553][T28002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2540.880518][T28002] R13: 000000000000006e R14: 00007f4351bac050 R15: 00007ffe42cdd908 [ 2540.888505][T28002] 10:23:27 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 7) 10:23:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x33fe0, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:27 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x28}}, 0x0) 10:23:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0xfffffdef, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2541.350769][T28013] FAULT_INJECTION: forcing a failure. [ 2541.350769][T28013] name failslab, interval 1, probability 0, space 0, times 0 [ 2541.392416][T28013] CPU: 0 PID: 28013 Comm: syz-executor.0 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2541.402894][T28013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2541.412982][T28013] Call Trace: [ 2541.416292][T28013] [ 2541.419250][T28013] dump_stack_lvl+0x1e7/0x2e0 [ 2541.423985][T28013] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2541.429224][T28013] ? __pfx__printk+0x10/0x10 [ 2541.433869][T28013] ? __pfx___might_resched+0x10/0x10 [ 2541.439201][T28013] should_fail_ex+0x3ae/0x4e0 [ 2541.443923][T28013] ? rtm_new_nexthop+0x277d/0x96d0 [ 2541.449074][T28013] should_failslab+0x9/0x20 [ 2541.453608][T28013] kmalloc_trace+0x76/0x360 [ 2541.458143][T28013] ? rtm_new_nexthop+0x25d7/0x96d0 [ 2541.463310][T28013] rtm_new_nexthop+0x277d/0x96d0 [ 2541.468318][T28013] ? mark_lock+0x9a/0x350 [ 2541.472677][T28013] ? __pfx_rtm_new_nexthop+0x10/0x10 [ 2541.477997][T28013] ? __lock_acquire+0x1345/0x1fd0 [ 2541.483091][T28013] ? __pfx_lock_acquire+0x10/0x10 [ 2541.488157][T28013] ? __mutex_lock+0x99a/0xd70 [ 2541.492864][T28013] ? __pfx_lock_release+0x10/0x10 [ 2541.497920][T28013] ? do_raw_spin_lock+0x14e/0x370 [ 2541.502981][T28013] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2541.508223][T28013] ? __mutex_lock+0x526/0xd70 [ 2541.512956][T28013] ? __pfx_rtm_new_nexthop+0x10/0x10 [ 2541.518286][T28013] rtnetlink_rcv_msg+0x885/0x1040 [ 2541.523349][T28013] ? rtnetlink_rcv_msg+0x208/0x1040 [ 2541.528592][T28013] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2541.534269][T28013] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2541.540305][T28013] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2541.546683][T28013] ? __local_bh_enable_ip+0x168/0x200 [ 2541.552100][T28013] ? lockdep_hardirqs_on+0x98/0x140 [ 2541.557345][T28013] ? __local_bh_enable_ip+0x168/0x200 [ 2541.562766][T28013] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2541.567916][T28013] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 2541.573688][T28013] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2541.578842][T28013] ? __dev_queue_xmit+0x15fd/0x3b10 [ 2541.584084][T28013] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2541.589271][T28013] ? ref_tracker_free+0x643/0x7e0 [ 2541.594347][T28013] netlink_rcv_skb+0x1e3/0x430 [ 2541.599154][T28013] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2541.604651][T28013] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2541.609993][T28013] ? netlink_deliver_tap+0x2e/0x1b0 [ 2541.615225][T28013] netlink_unicast+0x7ea/0x980 [ 2541.620044][T28013] ? __pfx_netlink_unicast+0x10/0x10 [ 2541.625362][T28013] ? __virt_addr_valid+0x44e/0x520 [ 2541.630505][T28013] ? __phys_addr_symbol+0x2f/0x70 [ 2541.635559][T28013] ? __check_object_size+0x4bb/0xa00 [ 2541.640873][T28013] ? bpf_lsm_netlink_send+0x9/0x10 [ 2541.646022][T28013] netlink_sendmsg+0xa3b/0xd70 [ 2541.650826][T28013] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2541.656140][T28013] ? __import_iovec+0x552/0x890 [ 2541.661019][T28013] ? aa_sock_msg_perm+0x91/0x160 [ 2541.665996][T28013] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2541.671387][T28013] ? security_socket_sendmsg+0x87/0xb0 [ 2541.676880][T28013] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2541.682187][T28013] __sock_sendmsg+0x221/0x270 [ 2541.686918][T28013] ____sys_sendmsg+0x525/0x7d0 [ 2541.691729][T28013] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2541.697063][T28013] __sys_sendmsg+0x2b0/0x3a0 [ 2541.701689][T28013] ? __pfx___sys_sendmsg+0x10/0x10 [ 2541.706866][T28013] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2541.713232][T28013] ? do_syscall_64+0x108/0x240 [ 2541.718043][T28013] ? do_syscall_64+0xb4/0x240 [ 2541.722753][T28013] do_syscall_64+0xf9/0x240 [ 2541.727296][T28013] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2541.733223][T28013] RIP: 0033:0x7f4351a7dda9 [ 2541.737673][T28013] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 2541.757317][T28013] RSP: 002b:00007f43528b70c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2541.765856][T28013] RAX: ffffffffffffffda RBX: 00007f4351bac050 RCX: 00007f4351a7dda9 [ 2541.773867][T28013] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003 [ 2541.781866][T28013] RBP: 00007f43528b7120 R08: 0000000000000000 R09: 0000000000000000 10:23:27 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x28}}, 0x0) [ 2541.789867][T28013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2541.797891][T28013] R13: 000000000000006e R14: 00007f4351bac050 R15: 00007ffe42cdd908 [ 2541.805913][T28013] 10:23:27 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 8) 10:23:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x10, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:28 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x7b, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:28 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x28}}, 0x0) [ 2542.038432][T28027] validate_nla: 57 callbacks suppressed [ 2542.038451][T28027] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2542.085862][T28027] FAULT_INJECTION: forcing a failure. [ 2542.085862][T28027] name failslab, interval 1, probability 0, space 0, times 0 [ 2542.119406][T28027] CPU: 1 PID: 28027 Comm: syz-executor.0 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2542.129882][T28027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2542.139963][T28027] Call Trace: [ 2542.143272][T28027] [ 2542.146228][T28027] dump_stack_lvl+0x1e7/0x2e0 [ 2542.150953][T28027] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2542.156198][T28027] ? __pfx__printk+0x10/0x10 [ 2542.160830][T28027] ? __pfx___might_resched+0x10/0x10 [ 2542.166163][T28027] should_fail_ex+0x3ae/0x4e0 [ 2542.170888][T28027] should_failslab+0x9/0x20 [ 2542.175420][T28027] kmem_cache_alloc_node+0x7e/0x380 [ 2542.180650][T28027] ? __alloc_skb+0x181/0x420 10:23:28 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2542.185289][T28027] __alloc_skb+0x181/0x420 [ 2542.189737][T28027] ? __local_bh_enable_ip+0x168/0x200 [ 2542.195161][T28027] ? __pfx___alloc_skb+0x10/0x10 [ 2542.200149][T28027] netlink_ack+0x399/0x12b0 [ 2542.204706][T28027] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2542.209854][T28027] ? __pfx_netlink_ack+0x10/0x10 [ 2542.214823][T28027] ? ref_tracker_free+0x643/0x7e0 [ 2542.219895][T28027] netlink_rcv_skb+0x262/0x430 [ 2542.224691][T28027] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2542.230193][T28027] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2542.235522][T28027] ? netlink_deliver_tap+0x2e/0x1b0 [ 2542.240752][T28027] netlink_unicast+0x7ea/0x980 [ 2542.245570][T28027] ? __pfx_netlink_unicast+0x10/0x10 [ 2542.250893][T28027] ? __virt_addr_valid+0x44e/0x520 [ 2542.256047][T28027] ? __phys_addr_symbol+0x2f/0x70 [ 2542.261106][T28027] ? __check_object_size+0x4bb/0xa00 [ 2542.266436][T28027] ? bpf_lsm_netlink_send+0x9/0x10 [ 2542.271594][T28027] netlink_sendmsg+0xa3b/0xd70 [ 2542.276400][T28027] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2542.281716][T28027] ? __import_iovec+0x552/0x890 [ 2542.286599][T28027] ? aa_sock_msg_perm+0x91/0x160 [ 2542.291579][T28027] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2542.296902][T28027] ? security_socket_sendmsg+0x87/0xb0 [ 2542.302400][T28027] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2542.307721][T28027] __sock_sendmsg+0x221/0x270 [ 2542.312446][T28027] ____sys_sendmsg+0x525/0x7d0 [ 2542.317255][T28027] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2542.322585][T28027] __sys_sendmsg+0x2b0/0x3a0 [ 2542.327207][T28027] ? __pfx___sys_sendmsg+0x10/0x10 [ 2542.332384][T28027] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2542.338747][T28027] ? do_syscall_64+0x108/0x240 [ 2542.343539][T28027] ? do_syscall_64+0xb4/0x240 [ 2542.348248][T28027] do_syscall_64+0xf9/0x240 [ 2542.352792][T28027] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2542.358724][T28027] RIP: 0033:0x7f4351a7dda9 [ 2542.363157][T28027] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 10:23:28 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x2, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2542.382763][T28027] RSP: 002b:00007f43528b70c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2542.391182][T28027] RAX: ffffffffffffffda RBX: 00007f4351bac050 RCX: 00007f4351a7dda9 [ 2542.399266][T28027] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003 [ 2542.407231][T28027] RBP: 00007f43528b7120 R08: 0000000000000000 R09: 0000000000000000 [ 2542.415193][T28027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2542.423176][T28027] R13: 000000000000006e R14: 00007f4351bac050 R15: 00007ffe42cdd908 [ 2542.431171][T28027] 10:23:28 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:28 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 9) 10:23:28 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x4, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:28 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x5, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:28 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:28 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 10) [ 2542.676625][T28044] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:29 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 11) [ 2542.896882][T28054] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:29 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 1) 10:23:29 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2543.151158][T28063] FAULT_INJECTION: forcing a failure. [ 2543.151158][T28063] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2543.199687][T28062] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2543.208942][T28063] CPU: 0 PID: 28063 Comm: syz-executor.2 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2543.219403][T28063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2543.229501][T28063] Call Trace: [ 2543.232807][T28063] [ 2543.235757][T28063] dump_stack_lvl+0x1e7/0x2e0 [ 2543.240479][T28063] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2543.245723][T28063] ? __pfx__printk+0x10/0x10 [ 2543.250357][T28063] ? __pfx_lock_release+0x10/0x10 [ 2543.255430][T28063] should_fail_ex+0x3ae/0x4e0 [ 2543.260153][T28063] _copy_from_user+0x2f/0xe0 [ 2543.264786][T28063] copy_msghdr_from_user+0xae/0x680 [ 2543.270028][T28063] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 2543.276083][T28063] __sys_sendmsg+0x23d/0x3a0 [ 2543.281662][T28063] ? __pfx___sys_sendmsg+0x10/0x10 [ 2543.286841][T28063] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2543.293200][T28063] ? do_syscall_64+0x108/0x240 [ 2543.298010][T28063] ? do_syscall_64+0xb4/0x240 [ 2543.302738][T28063] do_syscall_64+0xf9/0x240 [ 2543.307280][T28063] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2543.313209][T28063] RIP: 0033:0x7f3f3f67dda9 [ 2543.317650][T28063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 2543.337295][T28063] RSP: 002b:00007f3f3e9de0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2543.345748][T28063] RAX: ffffffffffffffda RBX: 00007f3f3f7ac050 RCX: 00007f3f3f67dda9 [ 2543.353759][T28063] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003 [ 2543.361759][T28063] RBP: 00007f3f3e9de120 R08: 0000000000000000 R09: 0000000000000000 [ 2543.369775][T28063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2543.377786][T28063] R13: 000000000000006e R14: 00007f3f3f7ac050 R15: 00007ffeea079348 [ 2543.385805][T28063] 10:23:29 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 12) 10:23:29 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x600, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2543.465046][T28174] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 2543.492695][T20857] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 2543.501372][T20857] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 10:23:29 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 2) [ 2543.510095][T20857] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 2543.520000][T20857] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 2543.528525][T20857] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 2543.643283][T28073] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2543.679144][T28073] FAULT_INJECTION: forcing a failure. [ 2543.679144][T28073] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2543.696584][T28076] FAULT_INJECTION: forcing a failure. [ 2543.696584][T28076] name failslab, interval 1, probability 0, space 0, times 0 [ 2543.716423][T28073] CPU: 1 PID: 28073 Comm: syz-executor.0 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2543.726915][T28073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2543.737009][T28073] Call Trace: [ 2543.740313][T28073] [ 2543.743272][T28073] dump_stack_lvl+0x1e7/0x2e0 [ 2543.748005][T28073] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2543.753255][T28073] ? __pfx__printk+0x10/0x10 [ 2543.757884][T28073] ? __pfx_lock_release+0x10/0x10 [ 2543.762955][T28073] ? __lock_acquire+0x1345/0x1fd0 [ 2543.768028][T28073] should_fail_ex+0x3ae/0x4e0 [ 2543.772752][T28073] _copy_from_user+0x2f/0xe0 [ 2543.777379][T28073] kstrtouint_from_user+0xc6/0x190 [ 2543.782689][T28073] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 2543.788449][T28073] ? __pfx_lock_acquire+0x10/0x10 [ 2543.793526][T28073] proc_fail_nth_write+0xaa/0x2d0 [ 2543.798594][T28073] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 2543.804534][T28073] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 2543.810211][T28073] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 2543.815884][T28073] vfs_write+0x2a4/0xcb0 [ 2543.820192][T28073] ? __pfx_vfs_write+0x10/0x10 [ 2543.825003][T28073] ? __fget_files+0x3f4/0x470 [ 2543.829723][T28073] ? __fget_files+0x28/0x470 [ 2543.834535][T28073] ? __fdget_pos+0x258/0x320 [ 2543.839167][T28073] ksys_write+0x1a0/0x2c0 [ 2543.843555][T28073] ? __pfx_ksys_write+0x10/0x10 [ 2543.848444][T28073] ? do_syscall_64+0x108/0x240 [ 2543.853251][T28073] ? do_syscall_64+0xb4/0x240 [ 2543.857980][T28073] do_syscall_64+0xf9/0x240 [ 2543.862541][T28073] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2543.868484][T28073] RIP: 0033:0x7f4351a7caef [ 2543.872935][T28073] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 b9 80 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 0c 81 02 00 48 [ 2543.892575][T28073] RSP: 002b:00007f43528b70c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 2543.901030][T28073] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4351a7caef [ 2543.909035][T28073] RDX: 0000000000000001 RSI: 00007f43528b7130 RDI: 0000000000000006 [ 2543.917042][T28073] RBP: 00007f43528b7120 R08: 0000000000000000 R09: 0000000000000000 [ 2543.925039][T28073] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 2543.933037][T28073] R13: 000000000000006e R14: 00007f4351bac050 R15: 00007ffe42cdd908 [ 2543.941057][T28073] [ 2543.944855][T28065] lo speed is unknown, defaulting to 1000 [ 2543.945430][T28076] CPU: 1 PID: 28076 Comm: syz-executor.2 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2543.961306][T28076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2543.971364][T28076] Call Trace: [ 2543.974639][T28076] [ 2543.977563][T28076] dump_stack_lvl+0x1e7/0x2e0 [ 2543.982252][T28076] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2543.987457][T28076] ? __pfx__printk+0x10/0x10 [ 2543.992052][T28076] ? __pfx___might_resched+0x10/0x10 [ 2543.997356][T28076] should_fail_ex+0x3ae/0x4e0 [ 2544.002041][T28076] should_failslab+0x9/0x20 [ 2544.006556][T28076] kmem_cache_alloc_node+0x7e/0x380 [ 2544.011777][T28076] ? __alloc_skb+0x181/0x420 [ 2544.016379][T28076] __alloc_skb+0x181/0x420 [ 2544.020841][T28076] ? __pfx___alloc_skb+0x10/0x10 [ 2544.025807][T28076] ? netlink_autobind+0xd5/0x2f0 [ 2544.030755][T28076] ? netlink_autobind+0x2af/0x2f0 [ 2544.035781][T28076] netlink_sendmsg+0x6fc/0xd70 [ 2544.040559][T28076] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2544.045853][T28076] ? __import_iovec+0x552/0x890 [ 2544.050733][T28076] ? aa_sock_msg_perm+0x91/0x160 [ 2544.055704][T28076] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2544.061003][T28076] ? security_socket_sendmsg+0x87/0xb0 [ 2544.066470][T28076] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2544.071768][T28076] __sock_sendmsg+0x221/0x270 [ 2544.076474][T28076] ____sys_sendmsg+0x525/0x7d0 [ 2544.081263][T28076] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2544.086559][T28076] __sys_sendmsg+0x2b0/0x3a0 [ 2544.091175][T28076] ? __pfx___sys_sendmsg+0x10/0x10 [ 2544.096342][T28076] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2544.102704][T28076] ? do_syscall_64+0x108/0x240 [ 2544.107472][T28076] ? do_syscall_64+0xb4/0x240 [ 2544.112150][T28076] do_syscall_64+0xf9/0x240 [ 2544.116663][T28076] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2544.122600][T28076] RIP: 0033:0x7f3f3f67dda9 [ 2544.127006][T28076] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 10:23:30 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x2, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2544.146614][T28076] RSP: 002b:00007f3f3e9de0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2544.155094][T28076] RAX: ffffffffffffffda RBX: 00007f3f3f7ac050 RCX: 00007f3f3f67dda9 [ 2544.163097][T28076] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003 [ 2544.171080][T28076] RBP: 00007f3f3e9de120 R08: 0000000000000000 R09: 0000000000000000 [ 2544.179042][T28076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2544.187029][T28076] R13: 000000000000006e R14: 00007f3f3f7ac050 R15: 00007ffeea079348 [ 2544.195031][T28076] 10:23:30 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:30 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 3) [ 2544.345443][T28078] __nla_validate_parse: 24 callbacks suppressed [ 2544.345463][T28078] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2544.473118][T28081] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2544.540944][T28083] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2544.576135][T28084] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:30 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) (fail_nth: 4) 10:23:30 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x3, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:30 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2544.595814][T28075] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2544.733283][T28075] syz-executor.3 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=1, oom_score_adj=1000 [ 2544.746003][T28075] CPU: 1 PID: 28075 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2544.756454][T28075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2544.766544][T28075] Call Trace: [ 2544.769843][T28075] [ 2544.772789][T28075] dump_stack_lvl+0x1e7/0x2e0 [ 2544.777519][T28075] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2544.782751][T28075] ? __pfx__printk+0x10/0x10 [ 2544.787348][T28075] ? ___ratelimit+0x4c4/0x670 [ 2544.792028][T28075] ? __pfx____ratelimit+0x10/0x10 [ 2544.797064][T28075] dump_header+0xda/0x6a0 [ 2544.801422][T28075] oom_kill_process+0x3a7/0x930 [ 2544.806304][T28075] out_of_memory+0xf67/0x1320 [ 2544.811012][T28075] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2544.816674][T28075] ? __pfx___mutex_lock+0x10/0x10 [ 2544.821721][T28075] ? __pfx_out_of_memory+0x10/0x10 [ 2544.826875][T28075] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2544.832449][T28075] ? __pfx_lock_release+0x10/0x10 [ 2544.837514][T28075] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2544.843610][T28075] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2544.848837][T28075] ? mem_cgroup_iter+0x422/0x560 [ 2544.853806][T28075] try_charge_memcg+0xda2/0x18a0 [ 2544.858800][T28075] ? __pfx_try_charge_memcg+0x10/0x10 [ 2544.864198][T28075] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2544.869941][T28075] ? __pfx_lock_release+0x10/0x10 [ 2544.875000][T28075] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2544.881012][T28075] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2544.886733][T28075] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2544.892534][T28075] obj_cgroup_charge+0x389/0x630 [ 2544.897474][T28075] ? obj_cgroup_charge+0x121/0x630 [ 2544.902591][T28075] ? __pfx_obj_cgroup_charge+0x10/0x10 [ 2544.908154][T28075] ? __kmalloc_node_track_caller+0xc1/0x4e0 [ 2544.914077][T28075] ? __pfx___might_resched+0x10/0x10 [ 2544.919375][T28075] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 2544.925276][T28075] __memcg_slab_pre_alloc_hook+0x28d/0x2b0 [ 2544.931098][T28075] __kmalloc_node_track_caller+0x310/0x4e0 [ 2544.936903][T28075] ? neigh_sysctl_register+0xb4/0x500 [ 2544.942275][T28075] ? __asan_memset+0x23/0x50 [ 2544.946869][T28075] kmemdup+0x2a/0x60 [ 2544.950767][T28075] neigh_sysctl_register+0xb4/0x500 [ 2544.955965][T28075] ? __pfx_ndisc_ifinfo_sysctl_change+0x10/0x10 [ 2544.962283][T28075] ? __pfx_neigh_sysctl_register+0x10/0x10 [ 2544.968098][T28075] ? __raw_spin_lock_init+0x45/0x100 [ 2544.973385][T28075] addrconf_sysctl_register+0xb2/0x1c0 [ 2544.978843][T28075] ipv6_add_dev+0xd64/0x1290 [ 2544.983474][T28075] addrconf_notify+0x6a7/0x1020 [ 2544.988330][T28075] notifier_call_chain+0x18f/0x3b0 [ 2544.993470][T28075] register_netdevice+0x151f/0x19c0 [ 2544.998686][T28075] ? __pfx_register_netdevice+0x10/0x10 [ 2545.004233][T28075] ? __xdp_rxq_info_reg+0x142/0x290 [ 2545.009445][T28075] br_dev_newlink+0x27/0x100 [ 2545.014088][T28075] ? __pfx_br_dev_newlink+0x10/0x10 [ 2545.019291][T28075] rtnl_newlink+0x158f/0x20a0 [ 2545.023972][T28075] ? rtnl_newlink+0x451/0x20a0 [ 2545.028746][T28075] ? __pfx_rtnl_newlink+0x10/0x10 [ 2545.033783][T28075] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2545.038986][T28075] ? __mutex_lock+0x9a4/0xd70 [ 2545.043660][T28075] ? __mutex_lock+0x526/0xd70 [ 2545.048351][T28075] ? __pfx_rtnl_newlink+0x10/0x10 [ 2545.053371][T28075] rtnetlink_rcv_msg+0x885/0x1040 [ 2545.058401][T28075] ? rtnetlink_rcv_msg+0x208/0x1040 [ 2545.063599][T28075] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2545.069061][T28075] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2545.075046][T28075] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2545.081376][T28075] ? __local_bh_enable_ip+0x168/0x200 [ 2545.086750][T28075] ? lockdep_hardirqs_on+0x98/0x140 [ 2545.091948][T28075] ? __local_bh_enable_ip+0x168/0x200 [ 2545.097326][T28075] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2545.102439][T28075] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 2545.108171][T28075] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2545.113285][T28075] ? __dev_queue_xmit+0x15fd/0x3b10 [ 2545.118516][T28075] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2545.123634][T28075] ? ref_tracker_free+0x643/0x7e0 [ 2545.128662][T28075] netlink_rcv_skb+0x1e3/0x430 [ 2545.133443][T28075] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2545.138988][T28075] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2545.144284][T28075] ? netlink_deliver_tap+0x2e/0x1b0 [ 2545.149478][T28075] netlink_unicast+0x7ea/0x980 [ 2545.154254][T28075] ? __pfx_netlink_unicast+0x10/0x10 [ 2545.159536][T28075] ? __virt_addr_valid+0x44e/0x520 [ 2545.164648][T28075] ? __phys_addr_symbol+0x2f/0x70 [ 2545.169669][T28075] ? __check_object_size+0x4bb/0xa00 [ 2545.174976][T28075] ? bpf_lsm_netlink_send+0x9/0x10 [ 2545.180118][T28075] netlink_sendmsg+0xa3b/0xd70 [ 2545.184902][T28075] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2545.190185][T28075] ? __import_iovec+0x552/0x890 [ 2545.195036][T28075] ? aa_sock_msg_perm+0x91/0x160 [ 2545.199978][T28075] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2545.205259][T28075] ? security_socket_sendmsg+0x87/0xb0 [ 2545.210722][T28075] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2545.216002][T28075] __sock_sendmsg+0x221/0x270 [ 2545.220684][T28075] ____sys_sendmsg+0x525/0x7d0 [ 2545.225464][T28075] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2545.230760][T28075] __sys_sendmsg+0x2b0/0x3a0 [ 2545.235361][T28075] ? __pfx___sys_sendmsg+0x10/0x10 [ 2545.240614][T28075] ? restore_fpregs_from_fpstate+0x100/0x250 [ 2545.246691][T28075] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2545.253048][T28075] ? do_syscall_64+0x108/0x240 [ 2545.257892][T28075] ? do_syscall_64+0xb4/0x240 [ 2545.262605][T28075] do_syscall_64+0xf9/0x240 [ 2545.267132][T28075] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2545.273051][T28075] RIP: 0033:0x7fdfb627dda9 [ 2545.277485][T28075] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 2545.297112][T28075] RSP: 002b:00007fdfb704a0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2545.305618][T28075] RAX: ffffffffffffffda RBX: 00007fdfb63abf80 RCX: 00007fdfb627dda9 [ 2545.313581][T28075] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2545.321549][T28075] RBP: 00007fdfb62ca47a R08: 0000000000000000 R09: 0000000000000000 [ 2545.329537][T28075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2545.337520][T28075] R13: 000000000000000b R14: 00007fdfb63abf80 R15: 00007ffda0a70068 [ 2545.345532][T28075] [ 2545.400429][T28075] memory: usage 307200kB, limit 307200kB, failcnt 4883 [ 2545.416872][T28075] memory+swap: usage 307460kB, limit 9007199254740988kB, failcnt 0 [ 2545.425384][T28075] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0 [ 2545.426953][T28096] FAULT_INJECTION: forcing a failure. [ 2545.426953][T28096] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2545.433241][T28075] Memory cgroup stats for /syz3: [ 2545.446467][T28075] cache 4096 [ 2545.455084][T28075] rss 0 [ 2545.463621][T28075] rss_huge 0 [ 2545.467258][T28096] CPU: 1 PID: 28096 Comm: syz-executor.2 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2545.477704][T28096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2545.487817][T28096] Call Trace: [ 2545.491091][T28096] [ 2545.494016][T28096] dump_stack_lvl+0x1e7/0x2e0 [ 2545.498703][T28096] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2545.503910][T28096] ? __pfx__printk+0x10/0x10 [ 2545.508502][T28096] ? __pfx_lock_release+0x10/0x10 [ 2545.513531][T28096] should_fail_ex+0x3ae/0x4e0 [ 2545.518211][T28096] _copy_from_iter+0x222/0x1d40 [ 2545.523062][T28096] ? __virt_addr_valid+0x183/0x520 [ 2545.528176][T28096] ? __pfx_lock_release+0x10/0x10 [ 2545.533205][T28096] ? __pfx__copy_from_iter+0x10/0x10 [ 2545.538489][T28096] ? __virt_addr_valid+0x183/0x520 [ 2545.543596][T28096] ? __virt_addr_valid+0x183/0x520 [ 2545.548704][T28096] ? __virt_addr_valid+0x44e/0x520 [ 2545.553818][T28096] ? __phys_addr_symbol+0x2f/0x70 [ 2545.558838][T28096] ? __check_object_size+0x4bb/0xa00 [ 2545.564125][T28096] netlink_sendmsg+0x804/0xd70 [ 2545.568893][T28096] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2545.574179][T28096] ? __import_iovec+0x552/0x890 [ 2545.579029][T28096] ? aa_sock_msg_perm+0x91/0x160 [ 2545.583969][T28096] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2545.589249][T28096] ? security_socket_sendmsg+0x87/0xb0 [ 2545.594712][T28096] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2545.599996][T28096] __sock_sendmsg+0x221/0x270 [ 2545.604677][T28096] ____sys_sendmsg+0x525/0x7d0 [ 2545.609446][T28096] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2545.614752][T28096] __sys_sendmsg+0x2b0/0x3a0 [ 2545.619377][T28096] ? __pfx___sys_sendmsg+0x10/0x10 [ 2545.624585][T28096] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2545.630935][T28096] ? do_syscall_64+0x108/0x240 [ 2545.635713][T28096] ? do_syscall_64+0xb4/0x240 [ 2545.640403][T28096] do_syscall_64+0xf9/0x240 [ 2545.644918][T28096] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2545.650844][T28096] RIP: 0033:0x7f3f3f67dda9 [ 2545.655258][T28096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 2545.674874][T28096] RSP: 002b:00007f3f3e9de0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2545.683321][T28096] RAX: ffffffffffffffda RBX: 00007f3f3f7ac050 RCX: 00007f3f3f67dda9 [ 2545.691303][T28096] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003 [ 2545.699271][T28096] RBP: 00007f3f3e9de120 R08: 0000000000000000 R09: 0000000000000000 [ 2545.707235][T28096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2545.715203][T28096] R13: 000000000000006e R14: 00007f3f3f7ac050 R15: 00007ffeea079348 [ 2545.723185][T28096] [ 2545.733265][T28075] shmem 0 [ 2545.736353][T28075] mapped_file 0 [ 2545.739923][T28075] dirty 4096 [ 2545.743138][T28075] writeback 0 [ 2545.751150][T28075] workingset_refault_anon 3180 [ 2545.755939][T28075] workingset_refault_file 1 [ 2545.774070][T28075] swap 245760 [ 2545.777948][T28075] swapcached 0 [ 2545.781541][T28075] pgpgin 322975 [ 2545.785213][T28075] pgpgout 322974 [ 2545.789108][T20857] Bluetooth: hci6: command 0x0409 tx timeout [ 2545.789863][T28075] pgfault 794870 [ 2545.802576][T28075] pgmajfault 2525 [ 2545.809205][T28075] inactive_anon 0 [ 2545.812923][T28075] active_anon 0 [ 2545.816963][T28075] inactive_file 0 [ 2545.820678][T28075] active_file 4096 [ 2545.824443][T28075] unevictable 0 [ 2545.828283][T28075] hierarchical_memory_limit 314572800 [ 2545.833685][T28075] hierarchical_memsw_limit 9223372036854771712 [ 2545.840374][T28075] total_cache 4096 [ 2545.844124][T28075] total_rss 0 [ 2545.847538][T28075] total_rss_huge 0 [ 2545.851350][T28075] total_shmem 0 [ 2545.854840][T28075] total_mapped_file 0 [ 2545.859146][T28075] total_dirty 4096 [ 2545.862918][T28075] total_writeback 0 [ 2545.867124][T28075] total_workingset_refault_anon 3180 [ 2545.872486][T28075] total_workingset_refault_file 1 [ 2545.877736][T28075] total_swap 270336 [ 2545.881658][T28075] total_swapcached 0 [ 2545.885602][T28075] total_pgpgin 332521 [ 2545.889908][T28075] total_pgpgout 332520 [ 2545.893997][T28075] total_pgfault 804457 [ 2545.898422][T28075] total_pgmajfault 2525 [ 2545.902621][T28075] total_inactive_anon 0 [ 2545.906984][T28075] total_active_anon 0 [ 2545.911101][T28075] total_inactive_file 0 [ 2545.915316][T28075] total_active_file 4096 [ 2545.919753][T28075] total_unevictable 0 [ 2545.923759][T28075] anon_cost 0 [ 2545.927185][T28075] file_cost 0 [ 2545.930522][T28075] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28072,uid=0 [ 2545.947411][T28075] Memory cgroup out of memory: Killed process 28072 (syz-executor.3) total-vm:54640kB, anon-rss:136kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 10:23:32 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x700, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2546.016821][T28089] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2546.102049][T28092] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2546.142508][T28093] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:23:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x4, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:32 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x2, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2546.185514][T28094] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:32 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2546.339519][T28100] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2546.388317][T28103] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2546.450228][T28105] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2546.570938][T28107] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2546.583629][T28097] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2546.597055][T28097] CPU: 0 PID: 28097 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2546.607533][T28097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2546.617623][T28097] Call Trace: [ 2546.620921][T28097] [ 2546.623878][T28097] dump_stack_lvl+0x1e7/0x2e0 [ 2546.628570][T28097] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2546.633799][T28097] ? __pfx__printk+0x10/0x10 [ 2546.638402][T28097] ? ___ratelimit+0x4c4/0x670 [ 2546.643112][T28097] ? __pfx____ratelimit+0x10/0x10 [ 2546.648280][T28097] dump_header+0xda/0x6a0 [ 2546.652621][T28097] oom_kill_process+0x3a7/0x930 [ 2546.657475][T28097] out_of_memory+0xf67/0x1320 [ 2546.662161][T28097] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2546.667809][T28097] ? __pfx___mutex_lock+0x10/0x10 [ 2546.672853][T28097] ? __pfx_out_of_memory+0x10/0x10 [ 2546.677969][T28097] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2546.683512][T28097] ? __pfx_lock_release+0x10/0x10 [ 2546.688533][T28097] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2546.694601][T28097] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2546.699798][T28097] ? mem_cgroup_iter+0x422/0x560 [ 2546.704734][T28097] try_charge_memcg+0xda2/0x18a0 [ 2546.709691][T28097] ? __pfx_try_charge_memcg+0x10/0x10 [ 2546.715053][T28097] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2546.720763][T28097] ? __pfx_lock_release+0x10/0x10 [ 2546.725784][T28097] ? memcg_account_kmem+0x1e7/0x210 [ 2546.730982][T28097] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2546.736782][T28097] __memcg_kmem_charge_page+0xe1/0x250 [ 2546.742238][T28097] memcg_charge_kernel_stack+0x28a/0x550 [ 2546.747868][T28097] dup_task_struct+0x40d/0x7d0 [ 2546.752628][T28097] copy_process+0x5d5/0x3fc0 [ 2546.757221][T28097] ? __might_fault+0xa9/0x120 [ 2546.761895][T28097] ? __pfx_lock_release+0x10/0x10 [ 2546.766922][T28097] ? __pfx_copy_process+0x10/0x10 [ 2546.771938][T28097] ? __might_fault+0xc5/0x120 [ 2546.776611][T28097] ? __asan_memset+0x23/0x50 [ 2546.781199][T28097] kernel_clone+0x21d/0x8d0 [ 2546.785698][T28097] ? __pfx_kernel_clone+0x10/0x10 [ 2546.790727][T28097] __se_sys_clone3+0x2cb/0x350 [ 2546.795484][T28097] ? __pfx___se_sys_clone3+0x10/0x10 [ 2546.800771][T28097] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2546.806757][T28097] ? exc_page_fault+0x587/0x870 [ 2546.811604][T28097] ? do_syscall_64+0xb4/0x240 [ 2546.816306][T28097] do_syscall_64+0xf9/0x240 [ 2546.820807][T28097] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2546.826712][T28097] RIP: 0033:0x7fdfb62a9b99 [ 2546.831132][T28097] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2546.850730][T28097] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2546.859138][T28097] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2546.867102][T28097] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2546.875064][T28097] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2546.883023][T28097] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2546.890985][T28097] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2546.898960][T28097] 10:23:33 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x3, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x5, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:33 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2546.935061][T28097] memory: usage 307200kB, limit 307200kB, failcnt 5328 [ 2546.999448][T28097] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2547.034437][T28097] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0 [ 2547.045150][T28097] Memory cgroup stats for /syz3: [ 2547.045392][T28097] cache 4096 [ 2547.054517][T28097] rss 0 [ 2547.057878][T28097] rss_huge 0 [ 2547.061185][T28097] shmem 0 [ 2547.064422][T28097] mapped_file 0 [ 2547.069077][T28097] dirty 0 [ 2547.072106][T28097] writeback 0 [ 2547.075462][T28097] workingset_refault_anon 3342 [ 2547.083045][T28097] workingset_refault_file 1 [ 2547.089320][T28097] swap 192512 [ 2547.092724][T28097] swapcached 0 [ 2547.096678][T28097] pgpgin 323157 [ 2547.100247][T28097] pgpgout 323156 [ 2547.103871][T28097] pgfault 795125 [ 2547.108109][T28097] pgmajfault 2668 [ 2547.111849][T28097] inactive_anon 0 [ 2547.115604][T28097] active_anon 0 [ 2547.120211][T28097] inactive_file 0 [ 2547.123965][T28097] active_file 4096 [ 2547.128339][T28097] unevictable 0 [ 2547.131900][T28097] hierarchical_memory_limit 314572800 [ 2547.137805][T28097] hierarchical_memsw_limit 9223372036854771712 [ 2547.144113][T28097] total_cache 4096 [ 2547.148896][T28097] total_rss 0 [ 2547.152343][T28097] total_rss_huge 0 [ 2547.164353][T28097] total_shmem 0 [ 2547.170604][T28097] total_mapped_file 0 [ 2547.173514][T28117] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2547.174755][T28097] total_dirty 0 [ 2547.187075][T28065] chnl_net:caif_netlink_parms(): no params data found 10:23:33 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x2, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:33 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x4, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2547.201344][T28097] total_writeback 0 [ 2547.205503][T28097] total_workingset_refault_anon 3342 [ 2547.259947][T28097] total_workingset_refault_file 1 [ 2547.270963][T28097] total_swap 217088 [ 2547.279501][T28097] total_swapcached 0 [ 2547.296377][T28097] total_pgpgin 332703 [ 2547.300565][T28097] total_pgpgout 332702 [ 2547.320025][T28097] total_pgfault 804712 [ 2547.327673][T28097] total_pgmajfault 2668 [ 2547.336778][T28097] total_inactive_anon 0 [ 2547.342131][T28097] total_active_anon 0 [ 2547.351622][T28097] total_inactive_file 0 [ 2547.355980][T28097] total_active_file 4096 [ 2547.366960][T28097] total_unevictable 0 [ 2547.371218][T28097] anon_cost 0 [ 2547.374707][T28097] file_cost 0 [ 2547.379328][T28097] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28097,uid=0 10:23:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x6, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:33 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x3, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2547.418017][T28097] Memory cgroup out of memory: Killed process 28097 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2547.456025][T28126] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:33 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:33 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x900, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2547.697008][T28136] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2547.717153][T28136] CPU: 0 PID: 28136 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2547.727621][T28136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2547.737936][T28136] Call Trace: [ 2547.741211][T28136] [ 2547.744135][T28136] dump_stack_lvl+0x1e7/0x2e0 [ 2547.748821][T28136] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2547.754450][T28136] ? __pfx__printk+0x10/0x10 [ 2547.759036][T28136] ? ___ratelimit+0x4c4/0x670 [ 2547.763755][T28136] ? __pfx____ratelimit+0x10/0x10 [ 2547.768844][T28136] dump_header+0xda/0x6a0 [ 2547.773176][T28136] oom_kill_process+0x3a7/0x930 [ 2547.778025][T28136] out_of_memory+0xf67/0x1320 [ 2547.782702][T28136] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2547.788330][T28136] ? __pfx___mutex_lock+0x10/0x10 [ 2547.793346][T28136] ? __pfx_out_of_memory+0x10/0x10 [ 2547.798457][T28136] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2547.803996][T28136] ? __pfx_lock_release+0x10/0x10 [ 2547.809017][T28136] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2547.815082][T28136] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2547.820273][T28136] ? mem_cgroup_iter+0x422/0x560 [ 2547.825206][T28136] try_charge_memcg+0xda2/0x18a0 [ 2547.830141][T28136] ? mark_lock+0x9a/0x350 [ 2547.834485][T28136] ? __pfx_try_charge_memcg+0x10/0x10 [ 2547.839903][T28136] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2547.846148][T28136] charge_memcg+0xa2/0x160 [ 2547.850662][T28136] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2547.856722][T28136] __read_swap_cache_async+0x480/0x8b0 [ 2547.862179][T28136] ? mark_lock+0x9a/0x350 [ 2547.866684][T28136] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2547.872667][T28136] swap_cluster_readahead+0x67c/0x810 [ 2547.878043][T28136] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2547.883936][T28136] ? __pfx_lock_release+0x10/0x10 [ 2547.888961][T28136] ? xas_descend+0x37e/0x470 [ 2547.893554][T28136] swapin_readahead+0x1ea/0x1070 [ 2547.898492][T28136] ? filemap_get_entry+0x127/0x4e0 [ 2547.903617][T28136] ? __pfx_swapin_readahead+0x10/0x10 [ 2547.908990][T28136] ? __filemap_get_folio+0x935/0xbc0 [ 2547.914277][T28136] ? swap_cache_get_folio+0x9f/0x570 [ 2547.919560][T28136] do_swap_page+0x791/0x3f40 [ 2547.924146][T28136] ? rcu_is_watching+0x15/0xb0 [ 2547.928912][T28136] ? do_swap_page+0x154/0x3f40 [ 2547.933666][T28136] ? __pfx_do_swap_page+0x10/0x10 [ 2547.938691][T28136] ? pte_offset_map_nolock+0x137/0x1f0 [ 2547.944155][T28136] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2547.949968][T28136] __handle_mm_fault+0x15e8/0x72d0 [ 2547.955102][T28136] ? reacquire_held_locks+0x3eb/0x690 [ 2547.960559][T28136] ? __pfx___handle_mm_fault+0x10/0x10 [ 2547.966023][T28136] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2547.971747][T28136] ? mtree_range_walk+0x6fd/0x8e0 [ 2547.976767][T28136] ? lock_vma_under_rcu+0x18a/0x730 [ 2547.981956][T28136] ? __pfx_lock_release+0x10/0x10 [ 2547.986977][T28136] ? lock_vma_under_rcu+0x2f9/0x730 [ 2547.992198][T28136] ? lock_vma_under_rcu+0x18a/0x730 [ 2547.997389][T28136] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2548.002930][T28136] handle_mm_fault+0x3c1/0x8a0 [ 2548.007692][T28136] exc_page_fault+0x456/0x870 [ 2548.012371][T28136] asm_exc_page_fault+0x26/0x30 [ 2548.017214][T28136] RIP: 0033:0x7fdfb622bc90 [ 2548.021621][T28136] Code: eb fe 0f 1f 84 00 00 00 00 00 64 c7 04 25 ac ff ff ff 00 00 00 00 48 83 c4 38 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 <80> 3d 28 9a ca 00 00 74 58 53 48 81 ec f0 03 00 00 48 89 e3 0f 1f [ 2548.041222][T28136] RSP: 002b:00007ffda0a70378 EFLAGS: 00010202 [ 2548.047285][T28136] RAX: 0000000000000001 RBX: 00007ffda0a70440 RCX: 0000000000000000 [ 2548.055264][T28136] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555555682788 [ 2548.063245][T28136] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 2548.071218][T28136] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 2548.079185][T28136] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 2548.087182][T28136] [ 2548.115746][T20857] Bluetooth: hci6: command 0x041b tx timeout [ 2548.127165][T28136] memory: usage 307188kB, limit 307200kB, failcnt 5540 [ 2548.135135][T28136] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2548.144675][T28136] kmem: usage 307156kB, limit 9007199254740988kB, failcnt 0 [ 2548.148309][T28133] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2548.154297][T28136] Memory cgroup stats for /syz3: [ 2548.161116][T28136] cache 4096 [ 2548.169555][T28136] rss 4096 [ 2548.172898][T28136] rss_huge 0 [ 2548.175992][T28065] bridge0: port 1(bridge_slave_0) entered blocking state [ 2548.201161][T28065] bridge0: port 1(bridge_slave_0) entered disabled state [ 2548.204805][T28136] shmem 0 [ 2548.211324][T28136] mapped_file 0 10:23:34 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x4, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:34 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2548.214786][T28136] dirty 0 [ 2548.217927][T28136] writeback 0 [ 2548.221229][T28136] workingset_refault_anon 3409 [ 2548.226012][T28136] workingset_refault_file 1 [ 2548.232715][T28136] swap 212992 [ 2548.236027][T28136] swapcached 0 [ 2548.239567][T28136] pgpgin 323234 [ 2548.243044][T28136] pgpgout 323232 [ 2548.249683][T28065] bridge_slave_0: entered allmulticast mode [ 2548.250073][T28136] pgfault 795234 [ 2548.262785][T28136] pgmajfault 2726 [ 2548.267600][T28136] inactive_anon 0 [ 2548.271267][T28136] active_anon 4096 [ 2548.275002][T28136] inactive_file 0 [ 2548.278798][T28136] active_file 4096 [ 2548.282530][T28136] unevictable 0 [ 2548.285998][T28136] hierarchical_memory_limit 314572800 [ 2548.291725][T28136] hierarchical_memsw_limit 9223372036854771712 [ 2548.298005][T28136] total_cache 4096 [ 2548.301735][T28136] total_rss 4096 [ 2548.305289][T28136] total_rss_huge 0 [ 2548.305436][T28065] bridge_slave_0: entered promiscuous mode [ 2548.309189][T28136] total_shmem 0 [ 2548.309200][T28136] total_mapped_file 0 [ 2548.309209][T28136] total_dirty 0 [ 2548.309217][T28136] total_writeback 0 [ 2548.309225][T28136] total_workingset_refault_anon 3409 [ 2548.309234][T28136] total_workingset_refault_file 1 [ 2548.309243][T28136] total_swap 237568 [ 2548.309250][T28136] total_swapcached 0 [ 2548.309257][T28136] total_pgpgin 332780 [ 2548.309265][T28136] total_pgpgout 332778 [ 2548.309274][T28136] total_pgfault 804821 [ 2548.309281][T28136] total_pgmajfault 2726 [ 2548.309288][T28136] total_inactive_anon 0 [ 2548.309296][T28136] total_active_anon 4096 [ 2548.309304][T28136] total_inactive_file 0 [ 2548.309313][T28136] total_active_file 4096 [ 2548.309320][T28136] total_unevictable 0 [ 2548.309328][T28136] anon_cost 0 [ 2548.309336][T28136] file_cost 0 [ 2548.309345][T28136] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28136,uid=0 10:23:34 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x7, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2548.429935][T28065] bridge0: port 2(bridge_slave_1) entered blocking state [ 2548.444559][T28065] bridge0: port 2(bridge_slave_1) entered disabled state [ 2548.447906][T28136] Memory cgroup out of memory: Killed process 28136 (syz-executor.3) total-vm:50536kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 [ 2548.466679][T28065] bridge_slave_1: entered allmulticast mode 10:23:34 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xa00, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2548.481332][T28065] bridge_slave_1: entered promiscuous mode 10:23:34 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:34 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x7, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2548.769303][T28065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2548.783391][T28147] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:35 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2548.934527][T28065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 10:23:35 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x8, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:35 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x8, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2549.112244][T28156] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:35 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x7, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2549.256803][T28065] team0: Port device team_slave_0 added [ 2549.404741][T28167] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:35 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x9, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:35 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x9, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2549.448112][T28065] team0: Port device team_slave_1 added [ 2549.461720][T28166] __nla_validate_parse: 16 callbacks suppressed [ 2549.461740][T28166] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:23:35 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x8, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2549.589057][T28171] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2549.708459][T28173] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2549.778459][T28176] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2549.810590][T28149] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2549.828505][T28177] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2549.830402][T28149] CPU: 0 PID: 28149 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2549.847896][T28149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2549.854983][T28065] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2549.857947][T28149] Call Trace: [ 2549.857958][T28149] [ 2549.857966][T28149] dump_stack_lvl+0x1e7/0x2e0 [ 2549.857999][T28149] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2549.858023][T28149] ? __pfx__printk+0x10/0x10 [ 2549.858041][T28149] ? ___ratelimit+0x4c4/0x670 [ 2549.858067][T28149] ? __pfx____ratelimit+0x10/0x10 [ 2549.895356][T28149] dump_header+0xda/0x6a0 [ 2549.899721][T28149] oom_kill_process+0x3a7/0x930 [ 2549.904600][T28149] out_of_memory+0xf67/0x1320 [ 2549.909313][T28149] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2549.915063][T28149] ? __pfx___mutex_lock+0x10/0x10 [ 2549.920113][T28149] ? __pfx_out_of_memory+0x10/0x10 [ 2549.925259][T28149] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2549.930843][T28149] ? __pfx_lock_release+0x10/0x10 [ 2549.935931][T28149] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2549.942029][T28149] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2549.947257][T28149] ? mem_cgroup_iter+0x422/0x560 [ 2549.952231][T28149] try_charge_memcg+0xda2/0x18a0 [ 2549.957229][T28149] ? __pfx_try_charge_memcg+0x10/0x10 [ 2549.962628][T28149] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2549.968377][T28149] ? __pfx_lock_release+0x10/0x10 [ 2549.969792][T28065] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2549.973413][T28149] ? memcg_account_kmem+0x1e7/0x210 [ 2549.973450][T28149] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2550.007494][T28065] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2550.010259][T28149] __memcg_kmem_charge_page+0xe1/0x250 10:23:36 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x9, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2550.010298][T28149] memcg_charge_kernel_stack+0x28a/0x550 [ 2550.031879][T28149] dup_task_struct+0x15d/0x7d0 [ 2550.032672][T28065] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2550.036653][T28149] copy_process+0x5d5/0x3fc0 [ 2550.036692][T28149] ? __might_fault+0xa9/0x120 [ 2550.036714][T28149] ? __pfx_lock_release+0x10/0x10 [ 2550.036741][T28149] ? __lock_acquire+0x1345/0x1fd0 [ 2550.036765][T28149] ? __pfx_copy_process+0x10/0x10 [ 2550.036784][T28149] ? __might_fault+0xc5/0x120 [ 2550.036814][T28149] ? __asan_memset+0x23/0x50 [ 2550.036842][T28149] kernel_clone+0x21d/0x8d0 [ 2550.036869][T28149] ? __pfx_kernel_clone+0x10/0x10 [ 2550.036895][T28149] ? __pfx_lock_release+0x10/0x10 [ 2550.036925][T28149] __se_sys_clone3+0x2cb/0x350 [ 2550.036946][T28149] ? __might_fault+0xa9/0x120 [ 2550.036967][T28149] ? __pfx___se_sys_clone3+0x10/0x10 [ 2550.036987][T28149] ? rcu_is_watching+0x15/0xb0 [ 2550.037025][T28149] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2550.037063][T28149] ? exc_page_fault+0x587/0x870 [ 2550.044197][T28065] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2550.048569][T28149] ? do_syscall_64+0xb4/0x240 [ 2550.048601][T28149] do_syscall_64+0xf9/0x240 [ 2550.048628][T28149] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2550.048655][T28149] RIP: 0033:0x7fdfb62a9b99 [ 2550.048671][T28149] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2550.048686][T28149] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2550.195440][T28149] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2550.203403][T28149] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2550.211368][T28149] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2550.219329][T28149] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2550.227383][T28149] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2550.235386][T28149] [ 2550.260561][T28065] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 10:23:36 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xa, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2550.289221][T20857] Bluetooth: hci6: command 0x040f tx timeout [ 2550.317779][T28149] memory: usage 307200kB, limit 307200kB, failcnt 6650 [ 2550.324822][T28149] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2550.332905][T28149] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0 [ 2550.354959][T28149] Memory cgroup stats for /syz3: [ 2550.355104][T28149] cache 4096 [ 2550.372038][T28149] rss 0 [ 2550.374950][T28149] rss_huge 0 [ 2550.378730][T28149] shmem 0 [ 2550.381765][T28149] mapped_file 0 [ 2550.385316][T28149] dirty 0 [ 2550.388489][T28149] writeback 0 [ 2550.391927][T28149] workingset_refault_anon 3768 [ 2550.397224][T28149] workingset_refault_file 1 [ 2550.401929][T28182] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2550.411756][T28149] swap 192512 [ 2550.418811][T28149] swapcached 0 [ 2550.422494][T28149] pgpgin 323639 [ 2550.426047][T28149] pgpgout 323638 [ 2550.434496][T28149] pgfault 795776 [ 2550.444906][T28149] pgmajfault 3054 [ 2550.453399][T28149] inactive_anon 0 [ 2550.460167][T28149] active_anon 0 [ 2550.463732][T28149] inactive_file 4096 [ 2550.471963][T28149] active_file 0 [ 2550.475930][T28149] unevictable 0 [ 2550.483578][T28149] hierarchical_memory_limit 314572800 10:23:36 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xa, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:36 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x1c, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2550.489340][T28185] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2550.522995][T28149] hierarchical_memsw_limit 9223372036854771712 [ 2550.554580][T28149] total_cache 4096 [ 2550.558679][T28149] total_rss 0 [ 2550.562795][T28149] total_rss_huge 0 [ 2550.568405][T28149] total_shmem 0 [ 2550.573558][T28189] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2550.583190][T28149] total_mapped_file 0 [ 2550.588770][T28149] total_dirty 0 [ 2550.592263][T28149] total_writeback 0 [ 2550.596087][T28149] total_workingset_refault_anon 3768 [ 2550.602647][T28149] total_workingset_refault_file 1 [ 2550.608056][T28149] total_swap 217088 [ 2550.611884][T28149] total_swapcached 0 [ 2550.615784][T28149] total_pgpgin 333185 10:23:36 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xb, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2550.625175][T28149] total_pgpgout 333184 [ 2550.634289][T28186] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2550.634523][T28149] total_pgfault 805363 [ 2550.647298][T28149] total_pgmajfault 3054 [ 2550.651473][T28149] total_inactive_anon 0 [ 2550.673784][T28149] total_active_anon 0 [ 2550.678079][T28149] total_inactive_file 4096 [ 2550.683050][T28149] total_active_file 0 [ 2550.687849][T28149] total_unevictable 0 [ 2550.691918][T28149] anon_cost 0 [ 2550.695292][T28149] file_cost 0 [ 2550.698816][T28149] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28149,uid=0 10:23:36 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xc00, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2550.714582][T28149] Memory cgroup out of memory: Killed process 28149 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2550.738821][T28190] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:23:36 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xfc, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2550.841568][T28065] hsr_slave_0: entered promiscuous mode [ 2550.877319][T28065] hsr_slave_1: entered promiscuous mode [ 2550.894052][T28065] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2550.904159][T28065] Cannot create hsr debugfs directory [ 2550.924379][T28195] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 10:23:37 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:37 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xb, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2550.970836][T28198] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2550.989473][T28200] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:23:37 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x177, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2551.249931][T28206] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2551.260295][T28196] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2551.272857][T28196] CPU: 0 PID: 28196 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2551.283322][T28196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2551.293400][T28196] Call Trace: [ 2551.296710][T28196] [ 2551.299656][T28196] dump_stack_lvl+0x1e7/0x2e0 [ 2551.304366][T28196] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2551.309604][T28196] ? __pfx__printk+0x10/0x10 [ 2551.314213][T28196] ? ___ratelimit+0x4c4/0x670 [ 2551.318943][T28196] ? __pfx____ratelimit+0x10/0x10 [ 2551.324010][T28196] dump_header+0xda/0x6a0 [ 2551.328414][T28196] oom_kill_process+0x3a7/0x930 [ 2551.333323][T28196] out_of_memory+0xf67/0x1320 [ 2551.338020][T28196] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2551.343699][T28196] ? __pfx___mutex_lock+0x10/0x10 [ 2551.348759][T28196] ? __pfx_out_of_memory+0x10/0x10 [ 2551.353983][T28196] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2551.359540][T28196] ? __pfx_lock_release+0x10/0x10 [ 2551.364569][T28196] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2551.370636][T28196] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2551.375828][T28196] ? mem_cgroup_iter+0x422/0x560 [ 2551.380853][T28196] try_charge_memcg+0xda2/0x18a0 [ 2551.385804][T28196] ? __pfx_try_charge_memcg+0x10/0x10 [ 2551.391190][T28196] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2551.396939][T28196] ? __pfx_lock_release+0x10/0x10 [ 2551.401993][T28196] ? memcg_account_kmem+0x1e7/0x210 [ 2551.407211][T28196] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2551.413028][T28196] __memcg_kmem_charge_page+0xe1/0x250 [ 2551.418509][T28196] memcg_charge_kernel_stack+0x28a/0x550 [ 2551.424164][T28196] dup_task_struct+0x40d/0x7d0 [ 2551.428937][T28196] copy_process+0x5d5/0x3fc0 [ 2551.433535][T28196] ? __might_fault+0xa9/0x120 [ 2551.438212][T28196] ? __pfx_lock_release+0x10/0x10 [ 2551.443248][T28196] ? __pfx_copy_process+0x10/0x10 [ 2551.448269][T28196] ? __might_fault+0xc5/0x120 [ 2551.452942][T28196] ? __asan_memset+0x23/0x50 [ 2551.457534][T28196] kernel_clone+0x21d/0x8d0 [ 2551.462045][T28196] ? __pfx_kernel_clone+0x10/0x10 [ 2551.467077][T28196] __se_sys_clone3+0x2cb/0x350 [ 2551.471839][T28196] ? __pfx___se_sys_clone3+0x10/0x10 [ 2551.477128][T28196] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2551.483120][T28196] ? exc_page_fault+0x587/0x870 [ 2551.487974][T28196] ? do_syscall_64+0xb4/0x240 [ 2551.492658][T28196] do_syscall_64+0xf9/0x240 [ 2551.497169][T28196] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2551.503063][T28196] RIP: 0033:0x7fdfb62a9b99 [ 2551.507471][T28196] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2551.527078][T28196] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2551.535484][T28196] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 10:23:37 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xd, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2551.543447][T28196] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2551.551416][T28196] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2551.559393][T28196] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2551.567387][T28196] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2551.575541][T28196] [ 2551.669279][T28196] memory: usage 307200kB, limit 307200kB, failcnt 7065 [ 2551.680637][T28196] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2551.691442][T28196] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0 [ 2551.704543][T28196] Memory cgroup stats for /syz3: [ 2551.704677][T28196] cache 4096 10:23:37 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x300, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2551.726545][T28196] rss 0 [ 2551.729436][T28196] rss_huge 0 [ 2551.732718][T28196] shmem 0 [ 2551.735736][T28196] mapped_file 0 [ 2551.763773][T28196] dirty 0 [ 2551.768088][T28196] writeback 0 [ 2551.771526][T28196] workingset_refault_anon 3920 10:23:37 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xc, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:37 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xe, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2551.777190][T28196] workingset_refault_file 1 [ 2551.781827][T28196] swap 192512 [ 2551.785213][T28196] swapcached 0 [ 2551.792213][T28196] pgpgin 323812 [ 2551.796611][T28196] pgpgout 323811 [ 2551.800277][T28196] pgfault 796037 [ 2551.803910][T28196] pgmajfault 3206 [ 2551.808098][T28196] inactive_anon 0 [ 2551.811840][T28196] active_anon 0 [ 2551.815371][T28196] inactive_file 4096 [ 2551.820073][T28196] active_file 0 [ 2551.823643][T28196] unevictable 0 [ 2551.849765][T28196] hierarchical_memory_limit 314572800 [ 2551.857205][T28196] hierarchical_memsw_limit 9223372036854771712 [ 2551.863507][T28196] total_cache 4096 [ 2551.867868][T28196] total_rss 0 [ 2551.882074][T28196] total_rss_huge 0 [ 2551.885935][T28196] total_shmem 0 [ 2551.895824][T28196] total_mapped_file 0 10:23:38 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x36a, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2551.914471][T28196] total_dirty 0 [ 2551.921574][T28196] total_writeback 0 [ 2551.925838][T28196] total_workingset_refault_anon 3920 [ 2551.936775][T28196] total_workingset_refault_file 1 [ 2551.959073][T28196] total_swap 217088 [ 2551.963331][T28196] total_swapcached 0 [ 2551.968008][T28196] total_pgpgin 333358 [ 2551.972008][T28196] total_pgpgout 333357 [ 2551.976081][T28196] total_pgfault 805624 [ 2551.980479][T28196] total_pgmajfault 3206 [ 2551.984715][T28196] total_inactive_anon 0 [ 2551.991431][T28196] total_active_anon 0 [ 2551.995712][T28196] total_inactive_file 4096 [ 2552.000233][T28196] total_active_file 0 [ 2552.004227][T28196] total_unevictable 0 [ 2552.008458][T28196] anon_cost 0 [ 2552.011821][T28196] file_cost 0 [ 2552.015118][T28196] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28196,uid=0 [ 2552.039277][T28196] Memory cgroup out of memory: Killed process 28196 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:23:38 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xf, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:38 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xf00, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:38 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x500, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:38 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xd, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2552.346889][T20857] Bluetooth: hci6: command 0x0419 tx timeout 10:23:38 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x10, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2552.471440][T28231] validate_nla: 2 callbacks suppressed [ 2552.471461][T28231] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:38 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x600, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2552.693371][T28240] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:38 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x11, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:38 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xe, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:38 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x700, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:39 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x12, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2552.897466][T28249] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2552.974391][T28230] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2553.009188][T28230] CPU: 0 PID: 28230 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2553.019653][T28230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2553.029718][T28230] Call Trace: [ 2553.032990][T28230] [ 2553.035912][T28230] dump_stack_lvl+0x1e7/0x2e0 [ 2553.040594][T28230] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2553.045794][T28230] ? __pfx__printk+0x10/0x10 [ 2553.050380][T28230] ? ___ratelimit+0x4c4/0x670 [ 2553.055053][T28230] ? __pfx____ratelimit+0x10/0x10 [ 2553.060079][T28230] dump_header+0xda/0x6a0 [ 2553.064419][T28230] oom_kill_process+0x3a7/0x930 [ 2553.069295][T28230] out_of_memory+0xf67/0x1320 [ 2553.073972][T28230] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2553.079600][T28230] ? __pfx___mutex_lock+0x10/0x10 [ 2553.084617][T28230] ? __pfx_out_of_memory+0x10/0x10 [ 2553.089730][T28230] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2553.095270][T28230] ? __pfx_lock_release+0x10/0x10 [ 2553.100288][T28230] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2553.106362][T28230] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2553.111574][T28230] ? mem_cgroup_iter+0x422/0x560 [ 2553.116509][T28230] try_charge_memcg+0xda2/0x18a0 [ 2553.121472][T28230] ? __pfx_try_charge_memcg+0x10/0x10 [ 2553.126855][T28230] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2553.132565][T28230] ? __pfx_lock_release+0x10/0x10 [ 2553.137588][T28230] ? memcg_account_kmem+0x1e7/0x210 [ 2553.142805][T28230] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2553.148625][T28230] __memcg_kmem_charge_page+0xe1/0x250 [ 2553.154081][T28230] memcg_charge_kernel_stack+0x304/0x550 [ 2553.159723][T28230] dup_task_struct+0x15d/0x7d0 [ 2553.164514][T28230] copy_process+0x5d5/0x3fc0 [ 2553.169145][T28230] ? __might_fault+0xa9/0x120 [ 2553.173854][T28230] ? __pfx_lock_release+0x10/0x10 [ 2553.179117][T28230] ? __lock_acquire+0x1345/0x1fd0 [ 2553.184355][T28230] ? __pfx_copy_process+0x10/0x10 [ 2553.189407][T28230] ? __might_fault+0xc5/0x120 [ 2553.194095][T28230] ? __asan_memset+0x23/0x50 [ 2553.198705][T28230] kernel_clone+0x21d/0x8d0 [ 2553.203237][T28230] ? __pfx_kernel_clone+0x10/0x10 [ 2553.208318][T28230] ? __pfx_lock_release+0x10/0x10 [ 2553.213343][T28230] __se_sys_clone3+0x2cb/0x350 [ 2553.218104][T28230] ? __might_fault+0xa9/0x120 [ 2553.222775][T28230] ? __pfx___se_sys_clone3+0x10/0x10 [ 2553.228240][T28230] ? rcu_is_watching+0x15/0xb0 [ 2553.233027][T28230] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2553.239035][T28230] ? exc_page_fault+0x587/0x870 [ 2553.243922][T28230] ? do_syscall_64+0xb4/0x240 [ 2553.248629][T28230] do_syscall_64+0xf9/0x240 [ 2553.253135][T28230] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2553.259029][T28230] RIP: 0033:0x7fdfb62a9b99 [ 2553.263436][T28230] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2553.283037][T28230] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2553.291461][T28230] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2553.299440][T28230] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2553.307410][T28230] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2553.315378][T28230] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 10:23:39 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x10, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:39 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x900, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2553.323430][T28230] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2553.331403][T28230] [ 2553.387355][T28230] memory: usage 307200kB, limit 307200kB, failcnt 7889 [ 2553.394415][T28230] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2553.419048][T28230] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2553.432140][T28230] Memory cgroup stats for /syz3: [ 2553.432280][T28230] cache 0 [ 2553.440706][T28230] rss 0 [ 2553.445809][T28230] rss_huge 0 [ 2553.449945][T28230] shmem 0 [ 2553.472506][T28230] mapped_file 0 [ 2553.476085][T28230] dirty 0 [ 2553.480995][T28230] writeback 0 10:23:39 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x18, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2553.487969][T28230] workingset_refault_anon 4241 [ 2553.494015][T28230] workingset_refault_file 1 [ 2553.499012][T28230] swap 192512 [ 2553.502398][T28230] swapcached 0 [ 2553.505845][T28230] pgpgin 324145 [ 2553.511789][T28230] pgpgout 324145 [ 2553.515478][T28230] pgfault 796487 [ 2553.519502][T28230] pgmajfault 3479 [ 2553.527784][T28230] inactive_anon 0 [ 2553.534717][T28230] active_anon 0 [ 2553.542262][T28230] inactive_file 0 [ 2553.546040][T28230] active_file 0 [ 2553.560114][T28230] unevictable 0 [ 2553.575611][T28230] hierarchical_memory_limit 314572800 [ 2553.587588][T28230] hierarchical_memsw_limit 9223372036854771712 [ 2553.607606][T28230] total_cache 0 [ 2553.614676][T28230] total_rss 0 [ 2553.629727][T28230] total_rss_huge 0 [ 2553.635497][T28230] total_shmem 0 10:23:39 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x1c00, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2553.639844][T28230] total_mapped_file 0 [ 2553.648715][T28230] total_dirty 0 [ 2553.657185][T28230] total_writeback 0 [ 2553.665656][T28230] total_workingset_refault_anon 4241 [ 2553.677918][T28230] total_workingset_refault_file 1 [ 2553.688982][T28230] total_swap 217088 10:23:39 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x11, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2553.700495][T28230] total_swapcached 0 [ 2553.710555][T28230] total_pgpgin 333691 [ 2553.727981][T28267] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2553.733696][T28230] total_pgpgout 333691 10:23:39 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x21, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2553.766626][T28230] total_pgfault 806074 [ 2553.773104][T28230] total_pgmajfault 3479 [ 2553.780412][T28230] total_inactive_anon 0 [ 2553.788153][T28230] total_active_anon 0 [ 2553.794959][T28230] total_inactive_file 0 [ 2553.806653][T28230] total_active_file 0 [ 2553.814141][T28230] total_unevictable 0 [ 2553.820932][T28230] anon_cost 0 [ 2553.824549][T28230] file_cost 0 [ 2553.834679][T28230] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28230,uid=0 10:23:40 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6a03, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2553.876845][T28230] Memory cgroup out of memory: Killed process 28230 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:23:40 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x426b, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:40 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x12, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2553.978113][T28277] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:40 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x25, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:40 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6cf9, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:40 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x48, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2554.183260][T28287] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:40 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x300, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:40 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x7701, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:40 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x4c, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2554.360600][T28292] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2554.441891][T28279] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2554.489794][T28279] CPU: 0 PID: 28279 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2554.500261][T28279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2554.502448][T28300] __nla_validate_parse: 30 callbacks suppressed [ 2554.502466][T28300] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2554.510404][T28279] Call Trace: [ 2554.510419][T28279] [ 2554.510428][T28279] dump_stack_lvl+0x1e7/0x2e0 [ 2554.510464][T28279] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2554.510486][T28279] ? __pfx__printk+0x10/0x10 [ 2554.510506][T28279] ? ___ratelimit+0x4c4/0x670 [ 2554.510532][T28279] ? __pfx____ratelimit+0x10/0x10 [ 2554.510563][T28279] dump_header+0xda/0x6a0 [ 2554.510592][T28279] oom_kill_process+0x3a7/0x930 [ 2554.510620][T28279] out_of_memory+0xf67/0x1320 [ 2554.510649][T28279] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2554.510673][T28279] ? __pfx___mutex_lock+0x10/0x10 [ 2554.510697][T28279] ? __pfx_out_of_memory+0x10/0x10 [ 2554.510729][T28279] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2554.510749][T28279] ? __pfx_lock_release+0x10/0x10 [ 2554.510775][T28279] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2554.602683][T28279] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2554.607892][T28279] ? mem_cgroup_iter+0x422/0x560 [ 2554.612828][T28279] try_charge_memcg+0xda2/0x18a0 [ 2554.617779][T28279] ? __pfx_try_charge_memcg+0x10/0x10 [ 2554.623145][T28279] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2554.628857][T28279] ? __pfx_lock_release+0x10/0x10 [ 2554.633887][T28279] ? memcg_account_kmem+0x1e7/0x210 [ 2554.639090][T28279] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2554.644900][T28279] __memcg_kmem_charge_page+0xe1/0x250 [ 2554.650451][T28279] memcg_charge_kernel_stack+0x304/0x550 [ 2554.656091][T28279] dup_task_struct+0x40d/0x7d0 [ 2554.660853][T28279] copy_process+0x5d5/0x3fc0 [ 2554.665627][T28279] ? __might_fault+0xa9/0x120 [ 2554.670304][T28279] ? __pfx_lock_release+0x10/0x10 [ 2554.675330][T28279] ? __pfx_copy_process+0x10/0x10 [ 2554.680347][T28279] ? __might_fault+0xc5/0x120 [ 2554.685022][T28279] ? __asan_memset+0x23/0x50 [ 2554.689610][T28279] kernel_clone+0x21d/0x8d0 [ 2554.694110][T28279] ? __pfx_kernel_clone+0x10/0x10 [ 2554.699142][T28279] __se_sys_clone3+0x2cb/0x350 [ 2554.703902][T28279] ? __pfx___se_sys_clone3+0x10/0x10 [ 2554.709189][T28279] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2554.715172][T28279] ? exc_page_fault+0x587/0x870 [ 2554.720020][T28279] ? do_syscall_64+0xb4/0x240 [ 2554.724693][T28279] do_syscall_64+0xf9/0x240 [ 2554.729195][T28279] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2554.735085][T28279] RIP: 0033:0x7fdfb62a9b99 [ 2554.739496][T28279] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2554.759103][T28279] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2554.767516][T28279] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2554.775477][T28279] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2554.783442][T28279] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 10:23:40 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xf96c, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2554.791408][T28279] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2554.799379][T28279] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2554.807355][T28279] [ 2554.824187][T28301] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2554.826731][T28279] memory: usage 307200kB, limit 307200kB, failcnt 8316 10:23:40 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x60, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:40 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x500, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2554.863788][T28279] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2554.874183][T28279] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2554.906947][T28279] Memory cgroup stats for /syz3: [ 2554.907081][T28279] cache 0 [ 2554.914985][T28279] rss 8192 [ 2554.926989][T28279] rss_huge 0 [ 2554.930224][T28279] shmem 0 [ 2554.933354][T28279] mapped_file 0 [ 2554.943998][T28279] dirty 0 [ 2554.948044][T28279] writeback 0 [ 2554.949271][T28303] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2554.951339][T28279] workingset_refault_anon 4414 [ 2554.951351][T28279] workingset_refault_file 1 [ 2554.951360][T28279] swap 184320 [ 2554.951367][T28279] swapcached 4096 [ 2554.951375][T28279] pgpgin 324333 [ 2554.951382][T28279] pgpgout 324331 [ 2555.065948][T28279] pgfault 796733 [ 2555.071904][T28279] pgmajfault 3624 [ 2555.078696][T28279] inactive_anon 0 [ 2555.082583][T28279] active_anon 0 [ 2555.086134][T28279] inactive_file 0 [ 2555.094237][T28279] active_file 0 [ 2555.098515][T28279] unevictable 0 [ 2555.102060][T28279] hierarchical_memory_limit 314572800 [ 2555.108075][T28279] hierarchical_memsw_limit 9223372036854771712 [ 2555.113764][T28306] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2555.114335][T28279] total_cache 0 [ 2555.127962][T28279] total_rss 8192 [ 2555.132740][T28279] total_rss_huge 0 [ 2555.136715][T28279] total_shmem 0 [ 2555.140192][T28279] total_mapped_file 0 [ 2555.144179][T28279] total_dirty 0 [ 2555.148103][T28279] total_writeback 0 [ 2555.151926][T28279] total_workingset_refault_anon 4414 [ 2555.157584][T28279] total_workingset_refault_file 1 [ 2555.162627][T28279] total_swap 208896 [ 2555.167004][T28279] total_swapcached 4096 [ 2555.171174][T28279] total_pgpgin 333879 [ 2555.175149][T28279] total_pgpgout 333877 [ 2555.184691][T28279] total_pgfault 806320 [ 2555.189178][T28307] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2555.198576][T28279] total_pgmajfault 3624 [ 2555.202741][T28279] total_inactive_anon 0 [ 2555.216229][T28279] total_active_anon 0 [ 2555.220259][T28279] total_inactive_file 0 [ 2555.224627][T28279] total_active_file 0 [ 2555.229092][T28279] total_unevictable 0 [ 2555.236276][T28279] anon_cost 0 [ 2555.239588][T28279] file_cost 0 [ 2555.242891][T28279] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28279,uid=0 10:23:41 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xfc00, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:41 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x68, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2555.264975][T28310] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2555.273924][T28279] Memory cgroup out of memory: Killed process 28279 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8848kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:23:41 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x600, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x4788, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2555.388512][T28313] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2555.456490][T28315] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2555.493697][T28317] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 10:23:41 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xff00, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:41 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6c, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2555.565079][T28320] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2555.658365][T28324] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:23:41 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x700, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2555.716742][T28326] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 10:23:41 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x34000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:41 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x74, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2555.806066][T28328] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 10:23:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x7a, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:42 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x400300, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:42 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x900, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2556.082060][T28319] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2556.115504][T28319] CPU: 0 PID: 28319 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2556.125974][T28319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2556.136056][T28319] Call Trace: [ 2556.139356][T28319] [ 2556.142300][T28319] dump_stack_lvl+0x1e7/0x2e0 [ 2556.147018][T28319] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2556.152243][T28319] ? __pfx__printk+0x10/0x10 [ 2556.156864][T28319] ? ___ratelimit+0x4c4/0x670 [ 2556.161581][T28319] ? __pfx____ratelimit+0x10/0x10 [ 2556.166642][T28319] dump_header+0xda/0x6a0 [ 2556.171004][T28319] oom_kill_process+0x3a7/0x930 [ 2556.175886][T28319] out_of_memory+0xf67/0x1320 10:23:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x300, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:42 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x1000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2556.180607][T28319] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2556.186269][T28319] ? __pfx___mutex_lock+0x10/0x10 [ 2556.191334][T28319] ? __pfx_out_of_memory+0x10/0x10 [ 2556.196483][T28319] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2556.202054][T28319] ? __pfx_lock_release+0x10/0x10 [ 2556.207110][T28319] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2556.213214][T28319] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2556.218441][T28319] ? mem_cgroup_iter+0x422/0x560 [ 2556.223413][T28319] try_charge_memcg+0xda2/0x18a0 [ 2556.228408][T28319] ? __pfx_try_charge_memcg+0x10/0x10 [ 2556.233808][T28319] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2556.239549][T28319] ? __pfx_lock_release+0x10/0x10 [ 2556.244610][T28319] ? memcg_account_kmem+0x1e7/0x210 [ 2556.249852][T28319] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2556.255666][T28319] __memcg_kmem_charge_page+0xe1/0x250 [ 2556.261152][T28319] memcg_charge_kernel_stack+0x304/0x550 [ 2556.266820][T28319] dup_task_struct+0x15d/0x7d0 [ 2556.271607][T28319] copy_process+0x5d5/0x3fc0 [ 2556.276230][T28319] ? __might_fault+0xa9/0x120 [ 2556.280926][T28319] ? __pfx_lock_release+0x10/0x10 [ 2556.285965][T28319] ? __lock_acquire+0x1345/0x1fd0 [ 2556.291013][T28319] ? __pfx_copy_process+0x10/0x10 [ 2556.296046][T28319] ? __might_fault+0xc5/0x120 [ 2556.300727][T28319] ? __asan_memset+0x23/0x50 [ 2556.305321][T28319] kernel_clone+0x21d/0x8d0 [ 2556.309828][T28319] ? __pfx_kernel_clone+0x10/0x10 [ 2556.314853][T28319] ? __pfx_lock_release+0x10/0x10 [ 2556.319880][T28319] __se_sys_clone3+0x2cb/0x350 [ 2556.324637][T28319] ? __might_fault+0xa9/0x120 [ 2556.329308][T28319] ? __pfx___se_sys_clone3+0x10/0x10 [ 2556.334601][T28319] ? rcu_is_watching+0x15/0xb0 [ 2556.339384][T28319] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2556.345378][T28319] ? exc_page_fault+0x587/0x870 [ 2556.350237][T28319] ? do_syscall_64+0xb4/0x240 [ 2556.354921][T28319] do_syscall_64+0xf9/0x240 [ 2556.359428][T28319] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2556.365322][T28319] RIP: 0033:0x7fdfb62a9b99 [ 2556.369731][T28319] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2556.389337][T28319] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2556.397751][T28319] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2556.405715][T28319] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2556.413686][T28319] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2556.421649][T28319] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2556.429616][T28319] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2556.437590][T28319] [ 2556.463539][T28319] memory: usage 307200kB, limit 307200kB, failcnt 8886 [ 2556.475611][T28319] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2556.496424][T28319] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2556.512657][T28319] Memory cgroup stats for /syz3: [ 2556.512788][T28319] cache 0 [ 2556.526908][T28319] rss 0 [ 2556.533104][T28319] rss_huge 0 [ 2556.539883][T28319] shmem 0 [ 2556.547950][T28319] mapped_file 0 [ 2556.551568][T28319] dirty 0 [ 2556.554654][T28319] writeback 0 [ 2556.559251][T28319] workingset_refault_anon 4624 [ 2556.564256][T28319] workingset_refault_file 1 [ 2556.571624][T28319] swap 192512 [ 2556.575042][T28319] swapcached 0 [ 2556.579528][T28319] pgpgin 324572 10:23:42 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xa00, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2556.611862][T28319] pgpgout 324572 10:23:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x36a, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:42 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x2000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2556.643362][T28319] pgfault 797060 [ 2556.658414][T28319] pgmajfault 3814 [ 2556.676681][T28319] inactive_anon 0 [ 2556.680362][T28319] active_anon 0 [ 2556.683826][T28319] inactive_file 0 [ 2556.706063][T28319] active_file 0 [ 2556.713624][T28319] unevictable 0 [ 2556.722523][T28319] hierarchical_memory_limit 314572800 [ 2556.735145][T28319] hierarchical_memsw_limit 9223372036854771712 [ 2556.749158][T28319] total_cache 0 [ 2556.756308][T28319] total_rss 0 [ 2556.763093][T28319] total_rss_huge 0 [ 2556.771483][T28319] total_shmem 0 [ 2556.783042][T28319] total_mapped_file 0 [ 2556.792037][T28319] total_dirty 0 [ 2556.800099][T28319] total_writeback 0 10:23:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x500, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:42 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xb00, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2556.807107][T28319] total_workingset_refault_anon 4624 [ 2556.815899][T28319] total_workingset_refault_file 1 [ 2556.826400][T28319] total_swap 217088 10:23:43 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x3000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2556.856481][T28319] total_swapcached 0 [ 2556.860389][T28319] total_pgpgin 334118 [ 2556.864347][T28319] total_pgpgout 334118 [ 2556.868581][T28319] total_pgfault 806647 [ 2556.875012][T28319] total_pgmajfault 3814 [ 2556.882859][T28319] total_inactive_anon 0 [ 2556.890828][T28319] total_active_anon 0 [ 2556.897268][T28319] total_inactive_file 0 [ 2556.901454][T28319] total_active_file 0 [ 2556.905442][T28319] total_unevictable 0 [ 2556.929119][T28319] anon_cost 0 [ 2556.934803][T28319] file_cost 0 [ 2556.941947][T28319] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28319,uid=0 [ 2556.972300][T28319] Memory cgroup out of memory: Killed process 28319 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:23:43 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x4888, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:43 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x4000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:43 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x600, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:43 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xc00, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:43 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x700, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:43 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x5000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:43 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x900, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:43 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:43 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xd00, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2557.633466][T28388] validate_nla: 8 callbacks suppressed [ 2557.633488][T28388] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2557.702078][T28369] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2557.712969][T28369] CPU: 0 PID: 28369 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2557.723417][T28369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2557.733471][T28369] Call Trace: [ 2557.736745][T28369] [ 2557.739669][T28369] dump_stack_lvl+0x1e7/0x2e0 [ 2557.744350][T28369] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2557.749542][T28369] ? __pfx__printk+0x10/0x10 [ 2557.754124][T28369] ? ___ratelimit+0x4c4/0x670 [ 2557.758802][T28369] ? __pfx____ratelimit+0x10/0x10 [ 2557.763823][T28369] dump_header+0xda/0x6a0 [ 2557.768155][T28369] oom_kill_process+0x3a7/0x930 [ 2557.773002][T28369] out_of_memory+0xf67/0x1320 [ 2557.777687][T28369] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2557.783312][T28369] ? __pfx___mutex_lock+0x10/0x10 [ 2557.788339][T28369] ? __pfx_out_of_memory+0x10/0x10 [ 2557.793457][T28369] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2557.799007][T28369] ? __pfx_lock_release+0x10/0x10 [ 2557.804031][T28369] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2557.810092][T28369] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2557.815289][T28369] ? mem_cgroup_iter+0x422/0x560 [ 2557.820235][T28369] try_charge_memcg+0xda2/0x18a0 [ 2557.825184][T28369] ? __pfx_try_charge_memcg+0x10/0x10 [ 2557.830548][T28369] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2557.836261][T28369] ? __pfx_lock_release+0x10/0x10 [ 2557.841281][T28369] ? memcg_account_kmem+0x1e7/0x210 [ 2557.846481][T28369] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2557.852278][T28369] __memcg_kmem_charge_page+0xe1/0x250 [ 2557.857734][T28369] memcg_charge_kernel_stack+0x304/0x550 [ 2557.863360][T28369] dup_task_struct+0x15d/0x7d0 [ 2557.868119][T28369] copy_process+0x5d5/0x3fc0 [ 2557.872707][T28369] ? __might_fault+0xa9/0x120 [ 2557.877375][T28369] ? __pfx_lock_release+0x10/0x10 [ 2557.882397][T28369] ? __lock_acquire+0x1345/0x1fd0 [ 2557.887415][T28369] ? __pfx_copy_process+0x10/0x10 [ 2557.892438][T28369] ? __might_fault+0xc5/0x120 [ 2557.897113][T28369] ? __asan_memset+0x23/0x50 [ 2557.901700][T28369] kernel_clone+0x21d/0x8d0 [ 2557.906207][T28369] ? __pfx_kernel_clone+0x10/0x10 [ 2557.911230][T28369] ? __pfx_lock_release+0x10/0x10 [ 2557.916254][T28369] __se_sys_clone3+0x2cb/0x350 [ 2557.921011][T28369] ? __might_fault+0xa9/0x120 [ 2557.925682][T28369] ? __pfx___se_sys_clone3+0x10/0x10 [ 2557.930958][T28369] ? rcu_is_watching+0x15/0xb0 [ 2557.936251][T28369] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2557.942293][T28369] ? exc_page_fault+0x587/0x870 [ 2557.947154][T28369] ? do_syscall_64+0xb4/0x240 [ 2557.951846][T28369] do_syscall_64+0xf9/0x240 [ 2557.956421][T28369] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2557.962325][T28369] RIP: 0033:0x7fdfb62a9b99 [ 2557.966739][T28369] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2557.986348][T28369] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2557.994777][T28369] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 10:23:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xa00, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2558.002755][T28369] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2558.010725][T28369] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2558.018777][T28369] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2558.026752][T28369] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2558.034826][T28369] 10:23:44 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x7000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2558.085381][T28369] memory: usage 307200kB, limit 307200kB, failcnt 9422 [ 2558.095075][T28369] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2558.104572][T28369] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2558.115599][T28369] Memory cgroup stats for /syz3: [ 2558.115734][T28369] cache 0 [ 2558.162775][T28369] rss 0 [ 2558.169947][T28369] rss_huge 0 [ 2558.182474][T28369] shmem 0 [ 2558.185549][T28369] mapped_file 0 [ 2558.194057][T28399] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:44 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xe00, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2558.212920][T28369] dirty 0 [ 2558.221281][T28369] writeback 0 [ 2558.236044][T28369] workingset_refault_anon 4827 [ 2558.254978][T28369] workingset_refault_file 1 10:23:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xb00, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2558.262560][T28369] swap 192512 [ 2558.273519][T28369] swapcached 0 [ 2558.283044][T28369] pgpgin 324800 10:23:44 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x8000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2558.306579][T28369] pgpgout 324800 [ 2558.310174][T28369] pgfault 797368 [ 2558.313725][T28369] pgmajfault 3984 [ 2558.331798][T28369] inactive_anon 0 [ 2558.335525][T28369] active_anon 0 [ 2558.362229][T28369] inactive_file 0 [ 2558.376393][T28369] active_file 0 [ 2558.379899][T28369] unevictable 0 [ 2558.383376][T28369] hierarchical_memory_limit 314572800 [ 2558.404674][T28369] hierarchical_memsw_limit 9223372036854771712 10:23:44 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x1100, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2558.416379][T28369] total_cache 0 [ 2558.419911][T28369] total_rss 0 [ 2558.423206][T28369] total_rss_huge 0 [ 2558.427322][T28369] total_shmem 0 [ 2558.430799][T28369] total_mapped_file 0 [ 2558.434784][T28369] total_dirty 0 [ 2558.438839][T28369] total_writeback 0 [ 2558.452048][T28369] total_workingset_refault_anon 4827 [ 2558.462329][T28369] total_workingset_refault_file 1 [ 2558.467641][T28369] total_swap 217088 [ 2558.474286][T28369] total_swapcached 0 [ 2558.479279][T28409] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2558.494025][T28369] total_pgpgin 334346 [ 2558.500343][T28369] total_pgpgout 334346 [ 2558.504614][T28369] total_pgfault 806955 10:23:44 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x9000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xc00, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2558.524828][T28369] total_pgmajfault 3984 [ 2558.530402][T28369] total_inactive_anon 0 [ 2558.535978][T28369] total_active_anon 0 [ 2558.544159][T28369] total_inactive_file 0 [ 2558.551789][T28369] total_active_file 0 [ 2558.557430][T28369] total_unevictable 0 [ 2558.567528][T28369] anon_cost 0 [ 2558.575977][T28369] file_cost 0 [ 2558.595584][T28369] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28369,uid=0 [ 2558.635088][T28369] Memory cgroup out of memory: Killed process 28369 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:23:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x5865, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:44 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x1200, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:44 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x1c000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xd00, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2558.714379][T28416] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:45 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6a030000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:45 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xe00, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2558.899527][T28427] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:45 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x34000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2559.071789][T28422] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2559.083498][T28422] CPU: 1 PID: 28422 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2559.093939][T28422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2559.104027][T28422] Call Trace: [ 2559.107334][T28422] [ 2559.110287][T28422] dump_stack_lvl+0x1e7/0x2e0 [ 2559.115008][T28422] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2559.120233][T28422] ? __pfx__printk+0x10/0x10 [ 2559.124847][T28422] ? ___ratelimit+0x4c4/0x670 [ 2559.129338][T28434] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2559.129549][T28422] ? __pfx____ratelimit+0x10/0x10 [ 2559.142659][T28422] dump_header+0xda/0x6a0 [ 2559.147039][T28422] oom_kill_process+0x3a7/0x930 [ 2559.151914][T28422] out_of_memory+0xf67/0x1320 [ 2559.156613][T28422] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2559.162280][T28422] ? __pfx___mutex_lock+0x10/0x10 [ 2559.167337][T28422] ? __pfx_out_of_memory+0x10/0x10 [ 2559.172485][T28422] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2559.178057][T28422] ? __pfx_lock_release+0x10/0x10 [ 2559.183119][T28422] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2559.189218][T28422] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2559.194442][T28422] ? mem_cgroup_iter+0x422/0x560 [ 2559.199422][T28422] try_charge_memcg+0xda2/0x18a0 [ 2559.204384][T28422] ? mark_lock+0x9a/0x350 [ 2559.208763][T28422] ? __pfx_try_charge_memcg+0x10/0x10 [ 2559.214190][T28422] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2559.220367][T28422] charge_memcg+0xa2/0x160 [ 2559.224815][T28422] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2559.230907][T28422] __read_swap_cache_async+0x480/0x8b0 [ 2559.236396][T28422] ? mark_lock+0x9a/0x350 [ 2559.240767][T28422] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2559.246963][T28422] swap_cluster_readahead+0x67c/0x810 [ 2559.252391][T28422] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2559.258316][T28422] ? __pfx_lock_release+0x10/0x10 [ 2559.263365][T28422] ? xas_descend+0x37e/0x470 [ 2559.267986][T28422] swapin_readahead+0x1ea/0x1070 10:23:45 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xf00, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2559.272972][T28422] ? filemap_get_entry+0x127/0x4e0 [ 2559.278152][T28422] ? __pfx_swapin_readahead+0x10/0x10 [ 2559.283565][T28422] ? __filemap_get_folio+0x935/0xbc0 [ 2559.288884][T28422] ? swap_cache_get_folio+0x9f/0x570 [ 2559.294196][T28422] do_swap_page+0x791/0x3f40 [ 2559.298808][T28422] ? rcu_is_watching+0x15/0xb0 [ 2559.303610][T28422] ? do_swap_page+0x154/0x3f40 [ 2559.308395][T28422] ? __pfx_do_swap_page+0x10/0x10 [ 2559.313439][T28422] ? pte_offset_map_nolock+0x137/0x1f0 [ 2559.318925][T28422] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2559.324756][T28422] ? fault_dirty_shared_page+0x2aa/0x440 [ 2559.330429][T28422] __handle_mm_fault+0x15e8/0x72d0 [ 2559.335595][T28422] ? reacquire_held_locks+0x3eb/0x690 [ 2559.341008][T28422] ? __pfx___handle_mm_fault+0x10/0x10 [ 2559.346507][T28422] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2559.352262][T28422] ? mtree_range_walk+0x6fd/0x8e0 [ 2559.357303][T28422] ? lock_vma_under_rcu+0x18a/0x730 [ 2559.362524][T28422] ? __pfx_lock_release+0x10/0x10 [ 2559.367560][T28422] ? lock_vma_under_rcu+0x2f9/0x730 10:23:45 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x1100, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2559.372800][T28422] ? lock_vma_under_rcu+0x18a/0x730 [ 2559.375809][T28439] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2559.378004][T28422] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2559.378035][T28422] handle_mm_fault+0x3c1/0x8a0 [ 2559.378068][T28422] exc_page_fault+0x456/0x870 [ 2559.401112][T28422] asm_exc_page_fault+0x26/0x30 [ 2559.405992][T28422] RIP: 0033:0x7fdfb6228268 [ 2559.410439][T28422] Code: 00 00 48 8b 0d 91 d4 ca 00 4c 63 05 7a d4 ca 00 48 8b 05 7b d4 ca 00 49 01 c8 48 39 c8 72 13 4c 39 c0 73 0e 48 8d 50 04 89 38 <48> 89 15 61 d4 ca 00 c3 52 48 8d 35 c3 0e 0a 00 48 89 c2 48 8d 3d [ 2559.430072][T28422] RSP: 002b:00007ffda0a70148 EFLAGS: 00010287 [ 2559.436168][T28422] RAX: 0000001b31520000 RBX: 0000000000000003 RCX: 0000001b31520000 [ 2559.444165][T28422] RDX: 0000001b31520004 RSI: 0000000000000000 RDI: 0000000000000000 [ 2559.452153][T28422] RBP: 0000000000000001 R08: 0000001b31920000 R09: 0000000000040000 [ 2559.460147][T28422] R10: 0000000000000011 R11: 0000000000000293 R12: 0000000000000000 10:23:45 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x400300, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:45 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x77010000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:45 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x1200, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2559.468141][T28422] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 2559.476238][T28422] [ 2559.477791][T28441] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2559.543091][T28422] memory: usage 307180kB, limit 307200kB, failcnt 9705 [ 2559.551553][T28443] __nla_validate_parse: 37 callbacks suppressed [ 2559.551571][T28443] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2559.551897][T28422] memory+swap: usage 307364kB, limit 9007199254740988kB, failcnt 0 [ 2559.576365][T28422] kmem: usage 307164kB, limit 9007199254740988kB, failcnt 0 [ 2559.583973][T28422] Memory cgroup stats for /syz3: [ 2559.584111][T28422] cache 0 [ 2559.593324][T28422] rss 16384 [ 2559.597032][T28422] rss_huge 0 [ 2559.600396][T28422] shmem 0 [ 2559.604769][T28422] mapped_file 0 [ 2559.608604][T28422] dirty 0 [ 2559.611705][T28422] writeback 0 [ 2559.615508][T28422] workingset_refault_anon 4954 [ 2559.620689][T28422] workingset_refault_file 1 [ 2559.625531][T28422] swap 163840 [ 2559.630031][T28422] swapcached 0 [ 2559.633606][T28422] pgpgin 324937 [ 2559.639204][T28422] pgpgout 324933 [ 2559.642920][T28422] pgfault 797538 [ 2559.646797][T28422] pgmajfault 4063 [ 2559.650588][T28422] inactive_anon 16384 [ 2559.654729][T28422] active_anon 0 [ 2559.658881][T28422] inactive_file 0 [ 2559.662679][T28422] active_file 0 [ 2559.666487][T28422] unevictable 0 [ 2559.667067][T28445] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2559.670127][T28422] hierarchical_memory_limit 314572800 [ 2559.684999][T28422] hierarchical_memsw_limit 9223372036854771712 [ 2559.695325][T28422] total_cache 0 [ 2559.712766][T28422] total_rss 16384 [ 2559.716505][T28448] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2559.726855][T28422] total_rss_huge 0 [ 2559.730707][T28422] total_shmem 0 [ 2559.735598][T28422] total_mapped_file 0 10:23:45 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x8fcf84b9, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2559.747008][T28422] total_dirty 0 [ 2559.755603][T28422] total_writeback 0 [ 2559.760495][T28422] total_workingset_refault_anon 4954 [ 2559.773588][T28450] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2559.778878][T28422] total_workingset_refault_file 1 10:23:45 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x1000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2559.798588][T28422] total_swap 188416 [ 2559.803435][T28422] total_swapcached 0 [ 2559.817858][T28422] total_pgpgin 334483 [ 2559.823141][T28422] total_pgpgout 334479 [ 2559.836648][T28422] total_pgfault 807125 [ 2559.840916][T28422] total_pgmajfault 4063 10:23:45 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x1800, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2559.851037][T28422] total_inactive_anon 16384 [ 2559.855714][T28422] total_active_anon 0 [ 2559.860411][T28422] total_inactive_file 0 [ 2559.864719][T28422] total_active_file 0 [ 2559.875989][T28453] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2559.886517][T28422] total_unevictable 0 [ 2559.890635][T28422] anon_cost 0 [ 2559.896925][T28422] file_cost 0 10:23:46 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2559.902417][T28422] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28422,uid=0 [ 2559.924505][T28422] Memory cgroup out of memory: Killed process 28422 (syz-executor.3) total-vm:54376kB, anon-rss:0kB, file-rss:8704kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 2559.943730][T28455] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 10:23:46 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xb984cf8f, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2560.021963][T28457] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2560.068790][T28460] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2560.099034][T28462] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:23:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x2000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:46 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x2000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:46 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xe0ffffff, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2560.303841][T28467] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2560.384223][T28468] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2560.427851][T28470] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:23:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x2100, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:46 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xf0ffffff, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:46 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x3000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x2500, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:46 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xf96c0000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:46 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x4000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2560.877130][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2560.913443][ T5088] CPU: 1 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 10:23:47 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xfc000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2560.923822][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2560.933896][ T5088] Call Trace: [ 2560.937201][ T5088] [ 2560.940162][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2560.944879][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2560.950104][ T5088] ? __pfx__printk+0x10/0x10 [ 2560.954725][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2560.959434][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2560.964497][ T5088] dump_header+0xda/0x6a0 [ 2560.968858][ T5088] oom_kill_process+0x3a7/0x930 [ 2560.973750][ T5088] out_of_memory+0xf67/0x1320 [ 2560.978464][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2560.984129][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2560.989193][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2560.994340][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2560.999920][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2561.004983][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2561.011085][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2561.016305][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2561.021275][ T5088] try_charge_memcg+0xda2/0x18a0 10:23:47 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xfe80ffff, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2561.026242][ T5088] ? mark_lock+0x9a/0x350 [ 2561.030624][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2561.036053][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2561.042243][ T5088] charge_memcg+0xa2/0x160 [ 2561.046711][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2561.052815][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2561.058309][ T5088] ? mark_lock+0x9a/0x350 [ 2561.062677][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2561.068711][ T5088] swap_cluster_readahead+0x67c/0x810 [ 2561.074115][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2561.080031][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2561.085074][ T5088] ? xas_descend+0x37e/0x470 [ 2561.089685][ T5088] swapin_readahead+0x1ea/0x1070 [ 2561.094641][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2561.099791][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2561.105214][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2561.110523][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2561.115823][ T5088] do_swap_page+0x791/0x3f40 [ 2561.120430][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2561.125216][ T5088] ? do_swap_page+0x154/0x3f40 [ 2561.129982][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2561.135009][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2561.140472][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2561.146275][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 2561.151472][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2561.156606][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2561.162070][ T5088] ? mt_find+0x226/0x850 [ 2561.166490][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2561.171554][ T5088] ? mt_find+0x62d/0x850 [ 2561.175807][ T5088] ? mt_find+0x226/0x850 [ 2561.180077][ T5088] ? find_vma+0x142/0x1c0 [ 2561.184421][ T5088] ? __pfx_find_vma+0x10/0x10 [ 2561.189095][ T5088] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2561.195170][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2561.199940][ T5088] exc_page_fault+0x2ad/0x870 [ 2561.204621][ T5088] asm_exc_page_fault+0x26/0x30 [ 2561.209463][ T5088] RIP: 0010:__get_user_8+0x11/0x20 [ 2561.214567][ T5088] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2561.234203][ T5088] RSP: 0018:ffffc90003fffd98 EFLAGS: 00050202 [ 2561.240277][ T5088] RAX: 0000555555682da8 RBX: ffff88802746d0b8 RCX: ffffc90003fffc03 [ 2561.248330][ T5088] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2561.256294][ T5088] RBP: ffffc90003fffec8 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2561.264256][ T5088] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc90003fffda0 [ 2561.272230][ T5088] R13: ffffc90003ffffd8 R14: dffffc0000000000 R15: ffff88802746bb80 [ 2561.280219][ T5088] __rseq_handle_notify_resume+0x158/0x1490 [ 2561.286132][ T5088] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2561.292481][ T5088] ? syscall_exit_to_user_mode+0xa2/0x360 [ 2561.298201][ T5088] syscall_exit_to_user_mode+0x113/0x360 [ 2561.303836][ T5088] do_syscall_64+0x108/0x240 [ 2561.308429][ T5088] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2561.314321][ T5088] RIP: 0033:0x7fdfb62a91b5 [ 2561.318739][ T5088] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 2561.338342][ T5088] RSP: 002b:00007ffda0a70310 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 2561.346752][ T5088] RAX: 0000000000000000 RBX: 0000000000007778 RCX: 00007fdfb62a91b5 [ 2561.354717][ T5088] RDX: 00007ffda0a70350 RSI: 0000000000000000 RDI: 0000000000000000 [ 2561.362678][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000000 R09: 00007ffda0b240b0 [ 2561.370644][ T5088] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2561.378607][ T5088] R13: 0000000000270ffc R14: 0000000000270ffc R15: 0000000000000000 [ 2561.386591][ T5088] [ 2561.404049][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 10380 [ 2561.411305][ T5088] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 10:23:47 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x4788, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:47 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x5000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2561.426580][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2561.433907][ T5088] Memory cgroup stats for /syz3: [ 2561.434178][ T5088] cache 0 10:23:47 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xfec0ffff, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2561.517251][ T5088] rss 24576 [ 2561.520421][ T5088] rss_huge 0 [ 2561.523633][ T5088] shmem 0 [ 2561.544591][ T5088] mapped_file 0 [ 2561.549168][ T5088] dirty 0 [ 2561.552161][ T5088] writeback 0 [ 2561.555460][ T5088] workingset_refault_anon 5237 [ 2561.561583][ T5088] workingset_refault_file 1 10:23:47 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x4800, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2561.566389][ T5088] swap 167936 [ 2561.569885][ T5088] swapcached 0 [ 2561.573354][ T5088] pgpgin 325232 [ 2561.577328][ T5088] pgpgout 325226 [ 2561.580974][ T5088] pgfault 797938 [ 2561.584990][ T5088] pgmajfault 4295 [ 2561.592337][ T5088] inactive_anon 24576 [ 2561.596723][ T5088] active_anon 0 [ 2561.600308][ T5088] inactive_file 0 [ 2561.604287][ T5088] active_file 0 [ 2561.607989][ T5088] unevictable 0 [ 2561.611549][ T5088] hierarchical_memory_limit 314572800 [ 2561.617136][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2561.623450][ T5088] total_cache 0 [ 2561.628150][ T5088] total_rss 24576 [ 2561.631869][ T5088] total_rss_huge 0 [ 2561.635689][ T5088] total_shmem 0 [ 2561.649260][ T5088] total_mapped_file 0 [ 2561.653355][ T5088] total_dirty 0 [ 2561.663479][ T5088] total_writeback 0 [ 2561.667925][ T5088] total_workingset_refault_anon 5237 [ 2561.675151][ T5088] total_workingset_refault_file 1 [ 2561.689474][ T5088] total_swap 192512 [ 2561.693325][ T5088] total_swapcached 0 10:23:47 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xff000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2561.716596][ T5088] total_pgpgin 334778 [ 2561.720629][ T5088] total_pgpgout 334772 [ 2561.724706][ T5088] total_pgfault 807525 [ 2561.740283][ T5088] total_pgmajfault 4295 [ 2561.744491][ T5088] total_inactive_anon 24576 [ 2561.749816][ T5088] total_active_anon 0 [ 2561.753828][ T5088] total_inactive_file 0 [ 2561.758321][ T5088] total_active_file 0 [ 2561.762323][ T5088] total_unevictable 0 [ 2561.774545][ T5088] anon_cost 0 [ 2561.779009][ T5088] file_cost 0 [ 2561.782325][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28461,uid=0 10:23:47 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x6000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:47 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x4888, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2561.809500][ T5088] Memory cgroup out of memory: Killed process 28461 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:23:47 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xffff0000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6558, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:48 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xffff80fe, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:48 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x4c00, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:48 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x7000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:48 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xffffc0fe, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:48 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x5865, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:48 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x8000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:48 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xffffff7f, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2562.414976][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2562.485385][ T5088] CPU: 0 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2562.495755][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2562.505825][ T5088] Call Trace: [ 2562.509118][ T5088] [ 2562.512060][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2562.516775][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2562.521997][ T5088] ? __pfx__printk+0x10/0x10 [ 2562.526612][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2562.531321][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2562.536376][ T5088] dump_header+0xda/0x6a0 [ 2562.540741][ T5088] oom_kill_process+0x3a7/0x930 [ 2562.545625][ T5088] out_of_memory+0xf67/0x1320 [ 2562.550333][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2562.555985][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2562.561015][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2562.566147][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2562.571715][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2562.576770][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2562.582871][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2562.588100][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2562.593058][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2562.598061][ T5088] ? mark_lock+0x9a/0x350 [ 2562.602449][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2562.607880][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2562.614052][ T5088] charge_memcg+0xa2/0x160 [ 2562.618667][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2562.624762][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2562.630358][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2562.636364][ T5088] ? blk_start_plug+0x6f/0x1b0 [ 2562.641165][ T5088] swap_cluster_readahead+0x398/0x810 [ 2562.646554][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2562.652459][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2562.657484][ T5088] ? xas_descend+0x37e/0x470 [ 2562.662080][ T5088] swapin_readahead+0x1ea/0x1070 [ 2562.667025][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2562.672170][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2562.677562][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2562.682849][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2562.688136][ T5088] do_swap_page+0x791/0x3f40 [ 2562.692723][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2562.697497][ T5088] ? do_swap_page+0x154/0x3f40 [ 2562.702256][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2562.707275][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2562.712729][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2562.718540][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 2562.723739][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2562.728869][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2562.734331][ T5088] ? mt_find+0x226/0x850 [ 2562.738581][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2562.743615][ T5088] ? mt_find+0x62d/0x850 [ 2562.747856][ T5088] ? mt_find+0x226/0x850 [ 2562.752111][ T5088] ? find_vma+0x142/0x1c0 [ 2562.756434][ T5088] ? __pfx_find_vma+0x10/0x10 [ 2562.761101][ T5088] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2562.767082][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2562.771854][ T5088] exc_page_fault+0x2ad/0x870 [ 2562.776714][ T5088] asm_exc_page_fault+0x26/0x30 [ 2562.781558][ T5088] RIP: 0010:__get_user_8+0x11/0x20 [ 2562.786663][ T5088] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2562.806261][ T5088] RSP: 0018:ffffc90003fffd98 EFLAGS: 00050202 [ 2562.812323][ T5088] RAX: 0000555555682da8 RBX: ffff88802746d0b8 RCX: ffffc90003fffc03 [ 2562.820293][ T5088] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2562.828258][ T5088] RBP: ffffc90003fffec8 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2562.836226][ T5088] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc90003fffda0 [ 2562.844191][ T5088] R13: ffffc90003ffffd8 R14: dffffc0000000000 R15: ffff88802746bb80 [ 2562.852171][ T5088] __rseq_handle_notify_resume+0x158/0x1490 [ 2562.858086][ T5088] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2562.864422][ T5088] ? syscall_exit_to_user_mode+0xa2/0x360 [ 2562.870140][ T5088] syscall_exit_to_user_mode+0x113/0x360 [ 2562.875772][ T5088] do_syscall_64+0x108/0x240 [ 2562.880367][ T5088] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2562.886257][ T5088] RIP: 0033:0x7fdfb62a91b5 [ 2562.890666][ T5088] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 2562.910266][ T5088] RSP: 002b:00007ffda0a70310 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 2562.918676][ T5088] RAX: 0000000000000000 RBX: 0000000000007779 RCX: 00007fdfb62a91b5 [ 2562.926641][ T5088] RDX: 00007ffda0a70350 RSI: 0000000000000000 RDI: 0000000000000000 [ 2562.934603][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000000 R09: 00007ffda0b240b0 [ 2562.942569][ T5088] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2562.950538][ T5088] R13: 00000000002717b6 R14: 00000000002717b6 R15: 0000000000000000 [ 2562.958516][ T5088] [ 2562.970062][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 10741 [ 2562.977680][ T5088] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 10:23:49 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:49 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xffffffe0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2563.008467][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2563.019652][ T5088] Memory cgroup stats for /syz3: [ 2563.019766][ T5088] cache 0 [ 2563.054335][ T5088] rss 16384 [ 2563.064622][ T5088] rss_huge 0 [ 2563.076503][ T5088] shmem 0 [ 2563.083315][ T5088] mapped_file 0 [ 2563.091812][ T5088] dirty 0 [ 2563.097294][ T5088] writeback 0 [ 2563.100610][ T5088] workingset_refault_anon 5371 [ 2563.105378][ T5088] workingset_refault_file 1 [ 2563.110628][ T5088] swap 176128 [ 2563.113940][ T5088] swapcached 0 [ 2563.119332][ T5088] pgpgin 325377 [ 2563.122812][ T5088] pgpgout 325373 [ 2563.127102][ T5088] pgfault 798153 [ 2563.132361][ T5088] pgmajfault 4414 [ 2563.137181][ T5088] inactive_anon 16384 [ 2563.141191][ T5088] active_anon 0 [ 2563.144659][ T5088] inactive_file 0 [ 2563.149116][ T5088] active_file 0 [ 2563.152597][ T5088] unevictable 0 [ 2563.156074][ T5088] hierarchical_memory_limit 314572800 [ 2563.162304][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2563.169335][ T5088] total_cache 0 [ 2563.172810][ T5088] total_rss 16384 [ 2563.177359][ T5088] total_rss_huge 0 [ 2563.181096][ T5088] total_shmem 0 [ 2563.184657][ T5088] total_mapped_file 0 [ 2563.189942][T28545] validate_nla: 8 callbacks suppressed [ 2563.189957][T28545] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:49 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x9000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:49 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xfffffff0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2563.213114][ T5088] total_dirty 0 [ 2563.218398][ T5088] total_writeback 0 [ 2563.222253][ T5088] total_workingset_refault_anon 5371 [ 2563.246766][ T5088] total_workingset_refault_file 1 [ 2563.251844][ T5088] total_swap 200704 [ 2563.255681][ T5088] total_swapcached 0 10:23:49 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6558, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2563.269311][ T5088] total_pgpgin 334923 [ 2563.273339][ T5088] total_pgpgout 334919 [ 2563.283082][ T5088] total_pgfault 807740 [ 2563.291818][ T5088] total_pgmajfault 4414 [ 2563.296119][ T5088] total_inactive_anon 16384 [ 2563.302307][ T5088] total_active_anon 0 [ 2563.317268][ T5088] total_inactive_file 0 [ 2563.322090][ T5088] total_active_file 0 [ 2563.345572][ T5088] total_unevictable 0 [ 2563.353975][ T5088] anon_cost 0 [ 2563.364035][ T5088] file_cost 0 [ 2563.368925][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28518,uid=0 [ 2563.394724][ T5088] Memory cgroup out of memory: Killed process 28518 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:23:49 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6b42, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:49 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x10, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2563.419451][T28554] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:49 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6800, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:49 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xa000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:49 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x18, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:49 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6a03, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2563.627693][T28563] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2563.765874][T28556] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2563.804704][T28556] CPU: 0 PID: 28556 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2563.815175][T28556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2563.825353][T28556] Call Trace: [ 2563.828660][T28556] [ 2563.831615][T28556] dump_stack_lvl+0x1e7/0x2e0 [ 2563.836331][T28556] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2563.841650][T28556] ? __pfx__printk+0x10/0x10 [ 2563.846445][T28556] ? ___ratelimit+0x4c4/0x670 [ 2563.851150][T28556] ? __pfx____ratelimit+0x10/0x10 [ 2563.851731][T28569] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2563.856187][T28556] dump_header+0xda/0x6a0 [ 2563.856297][T28556] oom_kill_process+0x3a7/0x930 [ 2563.856327][T28556] out_of_memory+0xf67/0x1320 [ 2563.856354][T28556] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2563.856376][T28556] ? __pfx___mutex_lock+0x10/0x10 [ 2563.856399][T28556] ? __pfx_out_of_memory+0x10/0x10 [ 2563.894067][T28556] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2563.899645][T28556] ? __pfx_lock_release+0x10/0x10 [ 2563.904699][T28556] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2563.910794][T28556] ? do_raw_spin_unlock+0x13b/0x8b0 10:23:49 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x140, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:49 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6c00, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:50 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x7400, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2563.916014][T28556] ? mem_cgroup_iter+0x422/0x560 [ 2563.920992][T28556] try_charge_memcg+0xda2/0x18a0 [ 2563.925957][T28556] ? mark_lock+0x9a/0x350 [ 2563.930337][T28556] ? __pfx_try_charge_memcg+0x10/0x10 [ 2563.935839][T28556] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2563.938665][T28573] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2563.942351][T28556] charge_memcg+0xa2/0x160 [ 2563.942389][T28556] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2563.942413][T28556] __read_swap_cache_async+0x480/0x8b0 [ 2563.966482][T28556] ? mark_lock+0x9a/0x350 [ 2563.970847][T28556] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2563.976872][T28556] swap_cluster_readahead+0x67c/0x810 [ 2563.982290][T28556] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2563.988229][T28556] ? __pfx_lock_release+0x10/0x10 [ 2563.993290][T28556] ? xas_descend+0x37e/0x470 [ 2563.997925][T28556] swapin_readahead+0x1ea/0x1070 [ 2564.002897][T28556] ? filemap_get_entry+0x127/0x4e0 [ 2564.008046][T28556] ? __pfx_swapin_readahead+0x10/0x10 10:23:50 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x7a00, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2564.013453][T28556] ? __filemap_get_folio+0x935/0xbc0 [ 2564.018774][T28556] ? swap_cache_get_folio+0x9f/0x570 [ 2564.024103][T28556] do_swap_page+0x791/0x3f40 [ 2564.028718][T28556] ? rcu_is_watching+0x15/0xb0 [ 2564.033515][T28556] ? do_swap_page+0x154/0x3f40 [ 2564.038309][T28556] ? __pfx_do_swap_page+0x10/0x10 [ 2564.040050][T28575] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2564.043341][T28556] ? pte_offset_map_nolock+0x137/0x1f0 [ 2564.043374][T28556] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2564.062726][T28556] ? __pfx_validate_chain+0x10/0x10 [ 2564.069092][T28556] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 2564.075360][T28556] __handle_mm_fault+0x15e8/0x72d0 [ 2564.080536][T28556] ? __pfx___handle_mm_fault+0x10/0x10 [ 2564.086296][T28556] ? mt_find+0x226/0x850 [ 2564.090564][T28556] ? __pfx_lock_release+0x10/0x10 [ 2564.095630][T28556] ? mt_find+0x62d/0x850 [ 2564.099913][T28556] ? mt_find+0x226/0x850 [ 2564.104199][T28556] ? find_vma+0x142/0x1c0 [ 2564.108541][T28556] ? __pfx_find_vma+0x10/0x10 10:23:50 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x8100, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2564.113322][T28556] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2564.119335][T28556] handle_mm_fault+0x3c1/0x8a0 [ 2564.124136][T28556] exc_page_fault+0x2ad/0x870 [ 2564.126623][T28577] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2564.128825][T28556] asm_exc_page_fault+0x26/0x30 [ 2564.128851][T28556] RIP: 0010:__get_user_8+0x11/0x20 [ 2564.146965][T28556] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2564.166595][T28556] RSP: 0018:ffffc90004c87d78 EFLAGS: 00050202 [ 2564.172692][T28556] RAX: 0000555555682da8 RBX: ffff8880258cee78 RCX: ffffc90004c87c03 [ 2564.180692][T28556] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2564.188692][T28556] RBP: ffffc90004c87ec0 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2564.196679][T28556] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc90004c87d80 [ 2564.204673][T28556] R13: ffffc90004c87fd8 R14: dffffc0000000000 R15: ffff8880258cd940 [ 2564.212684][T28556] __rseq_handle_notify_resume+0x158/0x1490 [ 2564.214655][T28579] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2564.218605][T28556] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2564.218649][T28556] ? irqentry_exit_to_user_mode+0x52/0x270 [ 2564.218677][T28556] irqentry_exit_to_user_mode+0xbb/0x270 [ 2564.218702][T28556] exc_page_fault+0x587/0x870 [ 2564.218732][T28556] asm_exc_page_fault+0x26/0x30 [ 2564.218750][T28556] RIP: 0033:0x7fdfb6228266 [ 2564.218768][T28556] Code: 1f 44 00 00 48 8b 0d 91 d4 ca 00 4c 63 05 7a d4 ca 00 48 8b 05 7b d4 ca 00 49 01 c8 48 39 c8 72 13 4c 39 c0 73 0e 48 8d 50 04 <89> 38 48 89 15 61 d4 ca 00 c3 52 48 8d 35 c3 0e 0a 00 48 89 c2 48 [ 2564.218784][T28556] RSP: 002b:00007ffda0a70148 EFLAGS: 00010287 [ 2564.284225][T28556] RAX: 0000001b31520000 RBX: 0000000000000003 RCX: 0000001b31520000 [ 2564.292218][T28556] RDX: 0000001b31520004 RSI: 0000000000000000 RDI: 0000000000000000 [ 2564.300215][T28556] RBP: 0000000000000001 R08: 0000001b31920000 R09: 0000000000040000 [ 2564.306464][T28581] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:50 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x8847, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:50 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x8848, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:50 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0xec0, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2564.308190][T28556] R10: 0000000000000011 R11: 0000000000000293 R12: 0000000000000000 [ 2564.308208][T28556] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 2564.308236][T28556] [ 2564.346906][T28556] memory: usage 307180kB, limit 307200kB, failcnt 10930 [ 2564.353893][T28556] memory+swap: usage 307364kB, limit 9007199254740988kB, failcnt 0 10:23:50 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xb000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2564.428297][T28556] kmem: usage 307164kB, limit 9007199254740988kB, failcnt 0 [ 2564.435928][T28556] Memory cgroup stats for /syz3: [ 2564.436063][T28556] cache 0 10:23:50 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x33fe0, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2564.482345][T28556] rss 16384 [ 2564.489002][T28556] rss_huge 0 [ 2564.497626][T28556] shmem 0 [ 2564.503910][T28556] mapped_file 0 [ 2564.516863][T28556] dirty 0 [ 2564.520592][T28556] writeback 0 [ 2564.523980][T28556] workingset_refault_anon 5432 [ 2564.529934][T28556] workingset_refault_file 1 [ 2564.534699][T28556] swap 163840 [ 2564.538593][T28556] swapcached 0 [ 2564.542114][T28556] pgpgin 325463 [ 2564.545664][T28556] pgpgout 325459 [ 2564.551086][T28556] pgfault 798279 [ 2564.565357][T28556] pgmajfault 4475 [ 2564.573707][T28556] inactive_anon 0 [ 2564.579068][T28556] active_anon 16384 10:23:50 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xafbe, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2564.591832][T28556] inactive_file 0 [ 2564.596915][T28556] active_file 0 [ 2564.602632][T28556] unevictable 0 [ 2564.603317][T28590] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2564.617127][T28592] __nla_validate_parse: 42 callbacks suppressed [ 2564.617144][T28592] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2564.623666][T28556] hierarchical_memory_limit 314572800 10:23:50 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0xfffffdef, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2564.677516][T28556] hierarchical_memsw_limit 9223372036854771712 [ 2564.683991][T28556] total_cache 0 [ 2564.705402][T28556] total_rss 16384 [ 2564.720532][T28556] total_rss_huge 0 [ 2564.724298][T28556] total_shmem 0 10:23:50 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xc000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2564.734966][T28596] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2564.744938][T28556] total_mapped_file 0 [ 2564.753921][T28556] total_dirty 0 [ 2564.763416][T28556] total_writeback 0 [ 2564.774785][T28556] total_workingset_refault_anon 5432 10:23:50 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xbeaf, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2564.796233][T28556] total_workingset_refault_file 1 [ 2564.801303][T28556] total_swap 188416 [ 2564.805120][T28556] total_swapcached 0 [ 2564.824233][T28556] total_pgpgin 335009 [ 2564.830310][T28599] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2564.856392][T28556] total_pgpgout 335005 [ 2564.860532][T28556] total_pgfault 807866 [ 2564.864674][T28556] total_pgmajfault 4475 [ 2564.882329][T28556] total_inactive_anon 0 [ 2564.891988][T28556] total_active_anon 16384 [ 2564.906371][T28556] total_inactive_file 0 [ 2564.910731][T28556] total_active_file 0 [ 2564.914868][T28556] total_unevictable 0 [ 2564.924280][T28556] anon_cost 0 [ 2564.931064][T28556] file_cost 0 [ 2564.937674][T28600] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:23:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x8100, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2564.937718][T28556] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28556,uid=0 [ 2564.966043][T28556] Memory cgroup out of memory: Killed process 28556 (syz-executor.3) total-vm:54376kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 10:23:51 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2565.004556][T28603] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 10:23:51 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x34000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2565.135558][T28609] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:23:51 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xd000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2565.199124][T28611] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 10:23:51 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x7b, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:51 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x400300, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2565.348995][T28614] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2565.467883][T28619] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2565.532661][T28618] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2565.580399][T28607] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2565.591008][T28607] CPU: 1 PID: 28607 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2565.601438][T28607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2565.611480][T28607] Call Trace: [ 2565.614747][T28607] [ 2565.617668][T28607] dump_stack_lvl+0x1e7/0x2e0 [ 2565.622345][T28607] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2565.627530][T28607] ? __pfx__printk+0x10/0x10 [ 2565.632099][T28607] ? ___ratelimit+0x4c4/0x670 [ 2565.636767][T28607] ? __pfx____ratelimit+0x10/0x10 [ 2565.641779][T28607] dump_header+0xda/0x6a0 [ 2565.646094][T28607] oom_kill_process+0x3a7/0x930 [ 2565.650949][T28607] out_of_memory+0xf67/0x1320 [ 2565.655631][T28607] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2565.661260][T28607] ? __pfx___mutex_lock+0x10/0x10 [ 2565.666280][T28607] ? __pfx_out_of_memory+0x10/0x10 [ 2565.671391][T28607] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2565.676928][T28607] ? __pfx_lock_release+0x10/0x10 [ 2565.681955][T28607] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2565.688017][T28607] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2565.693205][T28607] ? mem_cgroup_iter+0x422/0x560 [ 2565.698144][T28607] try_charge_memcg+0xda2/0x18a0 [ 2565.703091][T28607] ? __pfx_try_charge_memcg+0x10/0x10 [ 2565.708453][T28607] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2565.714164][T28607] ? __pfx_lock_release+0x10/0x10 [ 2565.719186][T28607] ? memcg_account_kmem+0x1e7/0x210 [ 2565.724381][T28607] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2565.730179][T28607] __memcg_kmem_charge_page+0xe1/0x250 [ 2565.735639][T28607] memcg_charge_kernel_stack+0x304/0x550 [ 2565.741268][T28607] dup_task_struct+0x15d/0x7d0 [ 2565.746025][T28607] copy_process+0x5d5/0x3fc0 [ 2565.750619][T28607] ? __might_fault+0xa9/0x120 [ 2565.755294][T28607] ? __pfx_lock_release+0x10/0x10 [ 2565.760318][T28607] ? __pfx_copy_process+0x10/0x10 [ 2565.765331][T28607] ? __might_fault+0xc5/0x120 [ 2565.770000][T28607] ? __asan_memset+0x23/0x50 [ 2565.774627][T28607] kernel_clone+0x21d/0x8d0 [ 2565.779164][T28607] ? __pfx_kernel_clone+0x10/0x10 [ 2565.784192][T28607] __se_sys_clone3+0x2cb/0x350 [ 2565.788948][T28607] ? __pfx___se_sys_clone3+0x10/0x10 [ 2565.794235][T28607] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2565.800223][T28607] ? exc_page_fault+0x587/0x870 [ 2565.805074][T28607] ? do_syscall_64+0xb4/0x240 [ 2565.809746][T28607] do_syscall_64+0xf9/0x240 [ 2565.814247][T28607] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2565.820143][T28607] RIP: 0033:0x7fdfb62a9b99 [ 2565.824549][T28607] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2565.844149][T28607] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2565.852557][T28607] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2565.860519][T28607] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2565.868479][T28607] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2565.876439][T28607] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2565.884403][T28607] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2565.892380][T28607] 10:23:52 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xe000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:52 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x2, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:52 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x1000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2565.924755][T28607] memory: usage 307200kB, limit 307200kB, failcnt 11376 [ 2565.972221][T28607] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2565.980534][T28607] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2565.994525][T28607] Memory cgroup stats for /syz3: [ 2565.994657][T28607] cache 0 [ 2566.006791][T28607] rss 4096 [ 2566.009848][T28607] rss_huge 0 [ 2566.013055][T28607] shmem 0 [ 2566.016012][T28607] mapped_file 0 [ 2566.036464][T28607] dirty 0 [ 2566.039460][T28607] writeback 0 [ 2566.042764][T28607] workingset_refault_anon 5613 [ 2566.056140][T28607] workingset_refault_file 1 [ 2566.060998][T28607] swap 188416 [ 2566.064292][T28607] swapcached 0 [ 2566.075760][T28607] pgpgin 325682 [ 2566.079654][T28607] pgpgout 325681 [ 2566.084064][T28607] pgfault 798573 [ 2566.088480][T28607] pgmajfault 4631 [ 2566.092136][T28607] inactive_anon 0 [ 2566.095771][T28607] active_anon 4096 [ 2566.100451][T28607] inactive_file 0 [ 2566.104123][T28607] active_file 0 [ 2566.110791][T28607] unevictable 0 [ 2566.114514][T28607] hierarchical_memory_limit 314572800 [ 2566.120369][T28607] hierarchical_memsw_limit 9223372036854771712 [ 2566.127317][T28607] total_cache 0 [ 2566.130870][T28607] total_rss 4096 10:23:52 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x2000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2566.134503][T28607] total_rss_huge 0 [ 2566.138942][T28607] total_shmem 0 [ 2566.142483][T28607] total_mapped_file 0 [ 2566.161643][T28607] total_dirty 0 [ 2566.168939][T28607] total_writeback 0 [ 2566.178283][T28607] total_workingset_refault_anon 5613 10:23:52 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x3, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2566.189550][T28607] total_workingset_refault_file 1 [ 2566.205708][T28607] total_swap 212992 [ 2566.218674][T28607] total_swapcached 0 [ 2566.222625][T28607] total_pgpgin 335228 [ 2566.232318][T28607] total_pgpgout 335227 10:23:52 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x10000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2566.238477][T28607] total_pgfault 808160 [ 2566.243074][T28607] total_pgmajfault 4631 [ 2566.250413][T28607] total_inactive_anon 0 [ 2566.258819][T28607] total_active_anon 4096 [ 2566.265096][T28607] total_inactive_file 0 [ 2566.281169][T28607] total_active_file 0 [ 2566.285192][T28607] total_unevictable 0 [ 2566.299024][T28607] anon_cost 0 [ 2566.302355][T28607] file_cost 0 [ 2566.305655][T28607] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28607,uid=0 10:23:52 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x3000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:52 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x4, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2566.337925][T28607] Memory cgroup out of memory: Killed process 28607 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8944kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:23:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x8847, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:52 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x5, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:52 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x11000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:52 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x4000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:52 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x45cfeff, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:52 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x7, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:52 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x12000000, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:53 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x5000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:53 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x8, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:53 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x3b403fa6, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:53 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2567.189779][T28644] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2567.211829][T28644] CPU: 1 PID: 28644 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2567.222296][T28644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2567.232379][T28644] Call Trace: [ 2567.235680][T28644] [ 2567.238647][T28644] dump_stack_lvl+0x1e7/0x2e0 [ 2567.243541][T28644] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2567.248777][T28644] ? __pfx__printk+0x10/0x10 [ 2567.253395][T28644] ? ___ratelimit+0x4c4/0x670 [ 2567.258114][T28644] ? __pfx____ratelimit+0x10/0x10 [ 2567.263178][T28644] dump_header+0xda/0x6a0 [ 2567.267539][T28644] oom_kill_process+0x3a7/0x930 [ 2567.272418][T28644] out_of_memory+0xf67/0x1320 [ 2567.277138][T28644] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2567.282800][T28644] ? __pfx___mutex_lock+0x10/0x10 [ 2567.287853][T28644] ? __pfx_out_of_memory+0x10/0x10 [ 2567.293009][T28644] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2567.298586][T28644] ? __pfx_lock_release+0x10/0x10 [ 2567.303636][T28644] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2567.309739][T28644] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2567.314978][T28644] ? mem_cgroup_iter+0x422/0x560 [ 2567.319953][T28644] try_charge_memcg+0xda2/0x18a0 [ 2567.324939][T28644] ? __pfx_try_charge_memcg+0x10/0x10 [ 2567.330688][T28644] ? get_mem_cgroup_from_objcg+0x19/0x150 10:23:53 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xa63f403b, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2567.336438][T28644] ? __pfx_lock_release+0x10/0x10 [ 2567.341516][T28644] ? memcg_account_kmem+0x1e7/0x210 [ 2567.346770][T28644] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2567.352609][T28644] __memcg_kmem_charge_page+0xe1/0x250 [ 2567.358190][T28644] memcg_charge_kernel_stack+0x304/0x550 [ 2567.363860][T28644] dup_task_struct+0x15d/0x7d0 [ 2567.368659][T28644] copy_process+0x5d5/0x3fc0 [ 2567.373294][T28644] ? __might_fault+0xa9/0x120 [ 2567.377995][T28644] ? __pfx_lock_release+0x10/0x10 [ 2567.383068][T28644] ? __pfx_copy_process+0x10/0x10 10:23:53 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x654feff, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2567.388121][T28644] ? __might_fault+0xc5/0x120 [ 2567.392831][T28644] ? __asan_memset+0x23/0x50 [ 2567.397631][T28644] kernel_clone+0x21d/0x8d0 [ 2567.402173][T28644] ? __pfx_kernel_clone+0x10/0x10 [ 2567.407247][T28644] __se_sys_clone3+0x2cb/0x350 [ 2567.412128][T28644] ? __pfx___se_sys_clone3+0x10/0x10 [ 2567.417458][T28644] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2567.423495][T28644] ? exc_page_fault+0x587/0x870 [ 2567.428376][T28644] ? do_syscall_64+0xb4/0x240 [ 2567.433078][T28644] do_syscall_64+0xf9/0x240 [ 2567.437610][T28644] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2567.443532][T28644] RIP: 0033:0x7fdfb62a9b99 [ 2567.447978][T28644] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2567.467615][T28644] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2567.476059][T28644] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 10:23:53 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x14, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2567.484058][T28644] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2567.492073][T28644] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2567.500068][T28644] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2567.508062][T28644] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2567.516595][T28644] 10:23:53 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xf0ffffff, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:53 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x7000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2567.569340][T28644] memory: usage 307200kB, limit 307200kB, failcnt 12044 10:23:53 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x6900, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2567.609863][T28644] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2567.655798][T28644] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2567.678764][T28644] Memory cgroup stats for /syz3: [ 2567.678898][T28644] cache 0 [ 2567.687043][T28644] rss 12288 [ 2567.692499][T28644] rss_huge 0 [ 2567.701432][T28644] shmem 0 [ 2567.705870][T28644] mapped_file 0 [ 2567.714144][T28644] dirty 0 [ 2567.721057][T28644] writeback 0 [ 2567.731535][T28644] workingset_refault_anon 5836 [ 2567.737290][T28644] workingset_refault_file 1 [ 2567.744312][T28644] swap 180224 [ 2567.748293][T28644] swapcached 0 10:23:53 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x8000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2567.755097][T28644] pgpgin 325960 [ 2567.763431][T28644] pgpgout 325957 [ 2567.771817][T28644] pgfault 798964 [ 2567.783017][T28644] pgmajfault 4866 10:23:53 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2567.817262][T28644] inactive_anon 0 [ 2567.821202][T28644] active_anon 12288 [ 2567.825031][T28644] inactive_file 0 [ 2567.840700][T28644] active_file 0 [ 2567.844208][T28644] unevictable 0 [ 2567.857285][T28644] hierarchical_memory_limit 314572800 10:23:53 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xffffff7f, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2567.862698][T28644] hierarchical_memsw_limit 9223372036854771712 [ 2567.882381][T28644] total_cache 0 [ 2567.885892][T28644] total_rss 12288 [ 2567.896291][T28644] total_rss_huge 0 [ 2567.900054][T28644] total_shmem 0 [ 2567.903534][T28644] total_mapped_file 0 [ 2567.921081][T28644] total_dirty 0 [ 2567.924763][T28644] total_writeback 0 [ 2567.929736][T28644] total_workingset_refault_anon 5836 [ 2567.935229][T28644] total_workingset_refault_file 1 [ 2567.941118][T28644] total_swap 204800 [ 2567.945142][T28644] total_swapcached 0 [ 2567.950294][T28644] total_pgpgin 335506 [ 2567.954784][T28644] total_pgpgout 335503 [ 2567.959532][T28644] total_pgfault 808551 [ 2567.963830][T28644] total_pgmajfault 4866 [ 2567.971455][T28644] total_inactive_anon 0 [ 2567.982339][T28644] total_active_anon 12288 [ 2567.987755][T28644] total_inactive_file 0 [ 2567.991938][T28644] total_active_file 0 [ 2567.995996][T28644] total_unevictable 0 [ 2568.000365][T28644] anon_cost 0 [ 2568.014264][T28644] file_cost 0 10:23:54 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x2, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:54 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x9000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2568.019130][T28644] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28644,uid=0 10:23:54 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xfffffff0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2568.061312][T28644] Memory cgroup out of memory: Killed process 28644 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:23:54 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x8848, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2568.283720][T28710] validate_nla: 13 callbacks suppressed [ 2568.283740][T28710] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:54 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x3, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:54 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xa000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:54 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:54 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xb000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2568.573842][T28717] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2568.602248][T28711] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2568.618904][T28711] CPU: 0 PID: 28711 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2568.629365][T28711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2568.639452][T28711] Call Trace: [ 2568.642744][T28711] [ 2568.645683][T28711] dump_stack_lvl+0x1e7/0x2e0 [ 2568.650397][T28711] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2568.655639][T28711] ? __pfx__printk+0x10/0x10 [ 2568.660260][T28711] ? ___ratelimit+0x4c4/0x670 [ 2568.664969][T28711] ? __pfx____ratelimit+0x10/0x10 [ 2568.670028][T28711] dump_header+0xda/0x6a0 [ 2568.674393][T28711] oom_kill_process+0x3a7/0x930 [ 2568.679280][T28711] out_of_memory+0xf67/0x1320 [ 2568.683980][T28711] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2568.689630][T28711] ? __pfx___mutex_lock+0x10/0x10 [ 2568.694696][T28711] ? __pfx_out_of_memory+0x10/0x10 [ 2568.699841][T28711] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2568.705413][T28711] ? __pfx_lock_release+0x10/0x10 [ 2568.710478][T28711] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2568.716568][T28711] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2568.721776][T28711] ? mem_cgroup_iter+0x422/0x560 [ 2568.726742][T28711] try_charge_memcg+0xda2/0x18a0 [ 2568.731729][T28711] ? __pfx_try_charge_memcg+0x10/0x10 [ 2568.737218][T28711] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2568.742956][T28711] ? __pfx_lock_release+0x10/0x10 [ 2568.748009][T28711] ? memcg_account_kmem+0x1e7/0x210 [ 2568.753856][T28711] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2568.759687][T28711] __memcg_kmem_charge_page+0xe1/0x250 [ 2568.765173][T28711] memcg_charge_kernel_stack+0x304/0x550 [ 2568.770860][T28711] dup_task_struct+0x40d/0x7d0 [ 2568.775654][T28711] copy_process+0x5d5/0x3fc0 [ 2568.780289][T28711] ? __might_fault+0xa9/0x120 [ 2568.784993][T28711] ? __pfx_lock_release+0x10/0x10 [ 2568.790046][T28711] ? __pfx_copy_process+0x10/0x10 [ 2568.795086][T28711] ? __might_fault+0xc5/0x120 [ 2568.799786][T28711] ? __asan_memset+0x23/0x50 [ 2568.804408][T28711] kernel_clone+0x21d/0x8d0 [ 2568.805654][T28724] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2568.808932][T28711] ? __pfx_kernel_clone+0x10/0x10 10:23:54 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x4, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2568.808975][T28711] __se_sys_clone3+0x2cb/0x350 [ 2568.809000][T28711] ? __pfx___se_sys_clone3+0x10/0x10 [ 2568.809032][T28711] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2568.809070][T28711] ? exc_page_fault+0x587/0x870 [ 2568.809098][T28711] ? do_syscall_64+0xb4/0x240 [ 2568.809126][T28711] do_syscall_64+0xf9/0x240 [ 2568.809156][T28711] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2568.809185][T28711] RIP: 0033:0x7fdfb62a9b99 [ 2568.809204][T28711] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2568.809219][T28711] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2568.809241][T28711] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2568.809255][T28711] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2568.809267][T28711] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 10:23:55 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x2, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2568.809279][T28711] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2568.809292][T28711] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2568.809319][T28711] [ 2568.850425][T28711] memory: usage 307200kB, limit 307200kB, failcnt 12519 10:23:55 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xc000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:55 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x5, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2568.967972][T28711] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2568.991099][T28711] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2569.026567][T28711] Memory cgroup stats for /syz3: [ 2569.026701][T28711] cache 0 [ 2569.034603][T28711] rss 28672 [ 2569.043714][T28711] rss_huge 0 [ 2569.051586][T28711] shmem 0 [ 2569.054560][T28711] mapped_file 0 [ 2569.063185][T28711] dirty 0 [ 2569.101700][T28711] writeback 0 [ 2569.105063][T28711] workingset_refault_anon 6013 [ 2569.117208][T28711] workingset_refault_file 1 [ 2569.121823][T28711] swap 163840 [ 2569.125174][T28711] swapcached 0 [ 2569.129319][T28711] pgpgin 326151 [ 2569.132873][T28711] pgpgout 326144 [ 2569.137046][T28711] pgfault 799242 [ 2569.140677][T28711] pgmajfault 5029 [ 2569.145099][T28711] inactive_anon 28672 10:23:55 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xd000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:55 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x3, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2569.149906][T28711] active_anon 0 [ 2569.154950][T28711] inactive_file 0 [ 2569.159233][T28711] active_file 0 [ 2569.162924][T28734] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2569.171229][T28711] unevictable 0 [ 2569.174796][T28711] hierarchical_memory_limit 314572800 [ 2569.189013][T28711] hierarchical_memsw_limit 9223372036854771712 10:23:55 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x6, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2569.219729][T28711] total_cache 0 [ 2569.225390][T28711] total_rss 28672 [ 2569.229250][T28711] total_rss_huge 0 [ 2569.233005][T28711] total_shmem 0 [ 2569.238271][T28711] total_mapped_file 0 [ 2569.244383][T28711] total_dirty 0 [ 2569.263328][T28711] total_writeback 0 [ 2569.272642][T28711] total_workingset_refault_anon 6013 [ 2569.281864][T28711] total_workingset_refault_file 1 [ 2569.298591][T28711] total_swap 188416 [ 2569.302445][T28711] total_swapcached 0 [ 2569.314173][T28711] total_pgpgin 335697 [ 2569.318436][T28711] total_pgpgout 335690 [ 2569.322619][T28711] total_pgfault 808829 [ 2569.327218][T28711] total_pgmajfault 5029 [ 2569.333491][T28711] total_inactive_anon 28672 [ 2569.338232][T28711] total_active_anon 0 [ 2569.342297][T28711] total_inactive_file 0 [ 2569.346664][T28711] total_active_file 0 [ 2569.350758][T28711] total_unevictable 0 [ 2569.354991][T28711] anon_cost 0 [ 2569.358699][T28711] file_cost 0 [ 2569.363678][T28711] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28711,uid=0 [ 2569.386473][T28711] Memory cgroup out of memory: Killed process 28711 (syz-executor.3) total-vm:54508kB, anon-rss:128kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:23:55 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x7, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:55 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xe000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:55 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x34000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2569.422553][T28742] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:55 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x4, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:55 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x8, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:55 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xf000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2569.668696][T28750] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2569.680804][T28752] __nla_validate_parse: 42 callbacks suppressed [ 2569.680822][T28752] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2569.771353][T28754] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:23:55 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x9, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2569.831936][T28758] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 10:23:56 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x10000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:56 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x5, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2569.942873][T28759] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2569.974312][T28762] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:23:56 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x1c, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2570.079743][T28766] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2570.159968][T28767] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2570.165194][T28749] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2570.217272][T28749] CPU: 1 PID: 28749 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2570.227738][T28749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2570.237823][T28749] Call Trace: [ 2570.241124][T28749] [ 2570.244084][T28749] dump_stack_lvl+0x1e7/0x2e0 [ 2570.248813][T28749] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2570.254048][T28749] ? __pfx__printk+0x10/0x10 [ 2570.258679][T28749] ? ___ratelimit+0x4c4/0x670 [ 2570.263482][T28749] ? __pfx____ratelimit+0x10/0x10 [ 2570.268542][T28749] dump_header+0xda/0x6a0 [ 2570.272911][T28749] oom_kill_process+0x3a7/0x930 [ 2570.277787][T28749] out_of_memory+0xf67/0x1320 [ 2570.282464][T28749] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2570.288089][T28749] ? __pfx___mutex_lock+0x10/0x10 [ 2570.293107][T28749] ? __pfx_out_of_memory+0x10/0x10 [ 2570.298217][T28749] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2570.303754][T28749] ? __pfx_lock_release+0x10/0x10 [ 2570.308781][T28749] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2570.314843][T28749] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2570.320044][T28749] ? mem_cgroup_iter+0x422/0x560 [ 2570.324978][T28749] try_charge_memcg+0xda2/0x18a0 [ 2570.329925][T28749] ? __pfx_try_charge_memcg+0x10/0x10 [ 2570.335287][T28749] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2570.340995][T28749] ? __pfx_lock_release+0x10/0x10 [ 2570.346016][T28749] ? memcg_account_kmem+0x1e7/0x210 [ 2570.351215][T28749] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2570.357013][T28749] __memcg_kmem_charge_page+0xe1/0x250 [ 2570.362468][T28749] memcg_charge_kernel_stack+0x304/0x550 [ 2570.368111][T28749] dup_task_struct+0x15d/0x7d0 [ 2570.372899][T28749] copy_process+0x5d5/0x3fc0 [ 2570.377530][T28749] ? __might_fault+0xa9/0x120 [ 2570.382231][T28749] ? __pfx_lock_release+0x10/0x10 [ 2570.387282][T28749] ? __lock_acquire+0x1345/0x1fd0 [ 2570.392331][T28749] ? __pfx_copy_process+0x10/0x10 [ 2570.397549][T28749] ? __might_fault+0xc5/0x120 [ 2570.402253][T28749] ? __asan_memset+0x23/0x50 [ 2570.406899][T28749] kernel_clone+0x21d/0x8d0 [ 2570.411427][T28749] ? __pfx_kernel_clone+0x10/0x10 [ 2570.416479][T28749] ? __pfx_lock_release+0x10/0x10 [ 2570.421541][T28749] __se_sys_clone3+0x2cb/0x350 [ 2570.426327][T28749] ? __might_fault+0xa9/0x120 [ 2570.431029][T28749] ? __pfx___se_sys_clone3+0x10/0x10 [ 2570.436333][T28749] ? rcu_is_watching+0x15/0xb0 [ 2570.441132][T28749] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2570.447143][T28749] ? exc_page_fault+0x587/0x870 [ 2570.452002][T28749] ? do_syscall_64+0xb4/0x240 [ 2570.456676][T28749] do_syscall_64+0xf9/0x240 [ 2570.461181][T28749] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2570.467073][T28749] RIP: 0033:0x7fdfb62a9b99 [ 2570.471479][T28749] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2570.491076][T28749] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2570.499482][T28749] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2570.507445][T28749] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2570.515405][T28749] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2570.523374][T28749] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2570.531339][T28749] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2570.539314][T28749] 10:23:56 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x6, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2570.570422][T28769] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2570.578876][T28749] memory: usage 307200kB, limit 307200kB, failcnt 13183 [ 2570.607282][T28771] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:23:56 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x11000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2570.608645][T28749] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2570.625442][T28749] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2570.633355][T28749] Memory cgroup stats for /syz3: [ 2570.633482][T28749] cache 0 [ 2570.656363][T28749] rss 0 [ 2570.659181][T28749] rss_huge 0 [ 2570.662384][T28749] shmem 0 [ 2570.665319][T28749] mapped_file 0 [ 2570.676848][T28749] dirty 0 [ 2570.679829][T28749] writeback 0 [ 2570.683134][T28749] workingset_refault_anon 6278 [ 2570.696838][T28749] workingset_refault_file 1 [ 2570.703730][T28749] swap 192512 [ 2570.711094][T28749] swapcached 0 [ 2570.717070][T28749] pgpgin 326430 [ 2570.720949][T28749] pgpgout 326430 10:23:56 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xfc, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2570.724546][T28777] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2570.724575][T28749] pgfault 799619 [ 2570.747732][T28749] pgmajfault 5248 [ 2570.751495][T28749] inactive_anon 0 [ 2570.755229][T28749] active_anon 0 [ 2570.761936][T28749] inactive_file 0 [ 2570.765686][T28749] active_file 0 [ 2570.769877][T28749] unevictable 0 [ 2570.773449][T28749] hierarchical_memory_limit 314572800 [ 2570.793694][T28749] hierarchical_memsw_limit 9223372036854771712 [ 2570.800723][T28749] total_cache 0 [ 2570.803237][T28776] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2570.806984][T28749] total_rss 0 [ 2570.817691][T28749] total_rss_huge 0 [ 2570.821954][T28749] total_shmem 0 [ 2570.825626][T28749] total_mapped_file 0 [ 2570.830341][T28749] total_dirty 0 [ 2570.834053][T28749] total_writeback 0 [ 2570.838260][T28749] total_workingset_refault_anon 6278 [ 2570.843762][T28749] total_workingset_refault_file 1 [ 2570.849127][T28749] total_swap 217088 [ 2570.853183][T28749] total_swapcached 0 [ 2570.858803][T28749] total_pgpgin 335976 [ 2570.863007][T28749] total_pgpgout 335976 [ 2570.866735][T28779] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2570.875691][T28781] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2570.876935][T28749] total_pgfault 809206 [ 2570.905253][T28749] total_pgmajfault 5248 10:23:57 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x12000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2570.928352][T28749] total_inactive_anon 0 [ 2570.933478][T28749] total_active_anon 0 [ 2570.939170][T28749] total_inactive_file 0 [ 2570.943432][T28749] total_active_file 0 [ 2570.948514][T28749] total_unevictable 0 [ 2570.952714][T28749] anon_cost 0 [ 2570.956675][T28749] file_cost 0 [ 2570.960155][T28749] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28749,uid=0 10:23:57 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x7, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:57 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x177, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2571.011712][T28749] Memory cgroup out of memory: Killed process 28749 (syz-executor.3) total-vm:54508kB, anon-rss:128kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:23:57 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x18000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:57 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x400300, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2571.063816][T28785] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:57 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x8, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:57 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x20000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:57 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x300, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:57 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x21000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:57 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x36a, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:57 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x9, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:57 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x500, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2571.624925][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2571.652844][ T5088] CPU: 1 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2571.663217][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2571.673291][ T5088] Call Trace: [ 2571.676593][ T5088] [ 2571.679553][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2571.684267][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2571.689483][ T5088] ? __pfx__printk+0x10/0x10 [ 2571.694102][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2571.698804][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2571.703849][ T5088] dump_header+0xda/0x6a0 [ 2571.708207][ T5088] oom_kill_process+0x3a7/0x930 [ 2571.713081][ T5088] out_of_memory+0xf67/0x1320 [ 2571.717868][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2571.723532][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2571.728582][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2571.733732][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2571.739299][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2571.744354][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2571.750446][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2571.755654][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2571.761220][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2571.766170][ T5088] ? mark_lock+0x9a/0x350 [ 2571.770563][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2571.775987][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2571.782170][ T5088] charge_memcg+0xa2/0x160 [ 2571.786621][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2571.792683][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2571.798135][ T5088] ? mark_lock+0x9a/0x350 [ 2571.802461][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2571.808455][ T5088] swap_cluster_readahead+0x67c/0x810 [ 2571.813861][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2571.819753][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2571.825642][ T5088] ? xas_descend+0x37e/0x470 [ 2571.830234][ T5088] swapin_readahead+0x1ea/0x1070 [ 2571.835166][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2571.840284][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2571.845657][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2571.850938][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2571.856226][ T5088] do_swap_page+0x791/0x3f40 [ 2571.860820][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2571.865675][ T5088] ? do_swap_page+0x154/0x3f40 [ 2571.870603][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2571.875617][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2571.881070][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2571.886866][ T5088] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2571.892841][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 2571.898038][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2571.903168][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2571.908631][ T5088] ? mt_find+0x226/0x850 [ 2571.912872][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2571.917906][ T5088] ? mt_find+0x62d/0x850 [ 2571.922146][ T5088] ? mt_find+0x226/0x850 [ 2571.926399][ T5088] ? find_vma+0x142/0x1c0 [ 2571.930721][ T5088] ? __pfx_find_vma+0x10/0x10 [ 2571.935387][ T5088] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2571.941362][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2571.946129][ T5088] exc_page_fault+0x2ad/0x870 [ 2571.950815][ T5088] asm_exc_page_fault+0x26/0x30 [ 2571.955655][ T5088] RIP: 0010:__get_user_8+0x11/0x20 [ 2571.960763][ T5088] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2571.980362][ T5088] RSP: 0018:ffffc90003fffd98 EFLAGS: 00050202 [ 2571.986426][ T5088] RAX: 0000555555682da8 RBX: ffff88802746d0b8 RCX: ffffc90003fffc03 [ 2571.994386][ T5088] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2572.002345][ T5088] RBP: ffffc90003fffec8 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2572.010309][ T5088] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc90003fffda0 [ 2572.018296][ T5088] R13: ffffc90003ffffd8 R14: dffffc0000000000 R15: ffff88802746bb80 [ 2572.026272][ T5088] __rseq_handle_notify_resume+0x158/0x1490 [ 2572.032173][ T5088] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2572.038522][ T5088] ? syscall_exit_to_user_mode+0xa2/0x360 [ 2572.044239][ T5088] syscall_exit_to_user_mode+0x113/0x360 [ 2572.049893][ T5088] do_syscall_64+0x108/0x240 [ 2572.054522][ T5088] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2572.060435][ T5088] RIP: 0033:0x7fdfb62a91b5 [ 2572.064850][ T5088] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 2572.084452][ T5088] RSP: 002b:00007ffda0a70310 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 2572.092858][ T5088] RAX: 0000000000000000 RBX: 000000000000777f RCX: 00007fdfb62a91b5 [ 2572.100821][ T5088] RDX: 00007ffda0a70350 RSI: 0000000000000000 RDI: 0000000000000000 [ 2572.108783][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000000 R09: 00007ffda0b240b0 [ 2572.116746][ T5088] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2572.124731][ T5088] R13: 0000000000273b92 R14: 0000000000273b92 R15: 0000000000000000 [ 2572.132718][ T5088] 10:23:58 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x600, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:58 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x25000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:58 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xa, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:58 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x700, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2572.212079][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 13646 [ 2572.229899][ T5088] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2572.254523][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2572.266079][ T5088] Memory cgroup stats for /syz3: [ 2572.279849][ T5088] cache 0 [ 2572.297433][ T5088] rss 12288 [ 2572.302497][ T5088] rss_huge 0 [ 2572.305825][ T5088] shmem 0 [ 2572.325520][ T5088] mapped_file 0 [ 2572.330507][ T5088] dirty 0 [ 2572.333609][ T5088] writeback 0 [ 2572.337464][ T5088] workingset_refault_anon 6464 [ 2572.342419][ T5088] workingset_refault_file 1 [ 2572.348320][ T5088] swap 180224 [ 2572.351764][ T5088] swapcached 0 [ 2572.355241][ T5088] pgpgin 326636 [ 2572.359180][ T5088] pgpgout 326633 [ 2572.362871][ T5088] pgfault 799901 [ 2572.366987][ T5088] pgmajfault 5418 [ 2572.370827][ T5088] inactive_anon 12288 [ 2572.379032][ T5088] active_anon 0 [ 2572.382705][ T5088] inactive_file 0 [ 2572.387242][ T5088] active_file 0 [ 2572.390954][ T5088] unevictable 0 [ 2572.394640][ T5088] hierarchical_memory_limit 314572800 [ 2572.400710][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2572.414688][ T5088] total_cache 0 [ 2572.418306][ T5088] total_rss 12288 [ 2572.421952][ T5088] total_rss_huge 0 [ 2572.425676][ T5088] total_shmem 0 [ 2572.432726][ T5088] total_mapped_file 0 [ 2572.436814][ T5088] total_dirty 0 [ 2572.441517][ T5088] total_writeback 0 [ 2572.445361][ T5088] total_workingset_refault_anon 6464 [ 2572.451537][ T5088] total_workingset_refault_file 1 10:23:58 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x900, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:58 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x48000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2572.473501][ T5088] total_swap 204800 [ 2572.486061][ T5088] total_swapcached 0 [ 2572.492442][ T5088] total_pgpgin 336182 [ 2572.506909][ T5088] total_pgpgout 336179 [ 2572.511030][ T5088] total_pgfault 809488 [ 2572.515117][ T5088] total_pgmajfault 5418 10:23:58 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xb, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2572.538106][ T5088] total_inactive_anon 12288 [ 2572.542676][ T5088] total_active_anon 0 [ 2572.552549][ T5088] total_inactive_file 0 [ 2572.559533][ T5088] total_active_file 0 [ 2572.566656][ T5088] total_unevictable 0 [ 2572.571679][ T5088] anon_cost 0 [ 2572.575143][ T5088] file_cost 0 [ 2572.579194][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28793,uid=0 [ 2572.595650][ T5088] Memory cgroup out of memory: Killed process 28793 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:23:58 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x4c000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:58 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x1c00, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:58 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x1000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:23:58 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x60000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:58 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xc, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:59 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x6a03, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x65580000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:59 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xd, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x68000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:59 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x6cf9, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2573.339772][T28860] validate_nla: 8 callbacks suppressed [ 2573.339790][T28860] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:23:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6a030000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:23:59 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xe, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2573.409887][T28838] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2573.438688][T28838] CPU: 0 PID: 28838 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2573.449153][T28838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2573.459225][T28838] Call Trace: [ 2573.462523][T28838] [ 2573.465471][T28838] dump_stack_lvl+0x1e7/0x2e0 [ 2573.470184][T28838] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2573.475410][T28838] ? __pfx__printk+0x10/0x10 [ 2573.480023][T28838] ? ___ratelimit+0x4c4/0x670 [ 2573.484727][T28838] ? __pfx____ratelimit+0x10/0x10 [ 2573.489779][T28838] dump_header+0xda/0x6a0 [ 2573.494138][T28838] oom_kill_process+0x3a7/0x930 [ 2573.499022][T28838] out_of_memory+0xf67/0x1320 [ 2573.503726][T28838] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2573.509373][T28838] ? __pfx___mutex_lock+0x10/0x10 [ 2573.514420][T28838] ? __pfx_out_of_memory+0x10/0x10 [ 2573.519566][T28838] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2573.525135][T28838] ? __pfx_lock_release+0x10/0x10 [ 2573.530183][T28838] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2573.536276][T28838] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2573.541504][T28838] ? mem_cgroup_iter+0x422/0x560 [ 2573.546471][T28838] try_charge_memcg+0xda2/0x18a0 [ 2573.551456][T28838] ? __pfx_try_charge_memcg+0x10/0x10 [ 2573.556851][T28838] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2573.562589][T28838] ? __pfx_lock_release+0x10/0x10 [ 2573.567644][T28838] ? memcg_account_kmem+0x1e7/0x210 [ 2573.572881][T28838] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2573.578712][T28838] __memcg_kmem_charge_page+0xe1/0x250 [ 2573.584198][T28838] memcg_charge_kernel_stack+0x304/0x550 [ 2573.589857][T28838] dup_task_struct+0x15d/0x7d0 [ 2573.594638][T28838] copy_process+0x5d5/0x3fc0 [ 2573.599257][T28838] ? __might_fault+0xa9/0x120 [ 2573.603963][T28838] ? __pfx_lock_release+0x10/0x10 10:23:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6c000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2573.609019][T28838] ? __lock_acquire+0x1345/0x1fd0 [ 2573.610400][T28868] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2573.614050][T28838] ? __pfx_copy_process+0x10/0x10 [ 2573.614078][T28838] ? __might_fault+0xc5/0x120 [ 2573.614105][T28838] ? __asan_memset+0x23/0x50 [ 2573.636457][T28838] kernel_clone+0x21d/0x8d0 [ 2573.640989][T28838] ? __pfx_kernel_clone+0x10/0x10 [ 2573.646055][T28838] ? __pfx_lock_release+0x10/0x10 [ 2573.651117][T28838] __se_sys_clone3+0x2cb/0x350 [ 2573.655907][T28838] ? __might_fault+0xa9/0x120 [ 2573.660613][T28838] ? __pfx___se_sys_clone3+0x10/0x10 [ 2573.665929][T28838] ? rcu_is_watching+0x15/0xb0 [ 2573.670744][T28838] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2573.676772][T28838] ? exc_page_fault+0x587/0x870 [ 2573.681657][T28838] ? do_syscall_64+0xb4/0x240 [ 2573.686369][T28838] do_syscall_64+0xf9/0x240 [ 2573.690908][T28838] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2573.696830][T28838] RIP: 0033:0x7fdfb62a9b99 [ 2573.701266][T28838] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2573.720902][T28838] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2573.729346][T28838] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2573.737514][T28838] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2573.745504][T28838] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2573.753488][T28838] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 10:23:59 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x7701, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2573.761480][T28838] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2573.769496][T28838] 10:23:59 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x10, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2573.804749][T28838] memory: usage 307200kB, limit 307200kB, failcnt 14239 [ 2573.836753][T28870] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2573.845077][T28838] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 10:24:00 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x74000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2573.853593][T28838] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2573.882579][T28838] Memory cgroup stats for /syz3: [ 2573.882712][T28838] cache 0 [ 2573.893287][T28838] rss 8192 [ 2573.899159][T28838] rss_huge 0 [ 2573.902931][T28838] shmem 0 [ 2573.906842][T28838] mapped_file 0 [ 2573.926787][T28838] dirty 0 [ 2573.929767][T28838] writeback 0 [ 2573.933071][T28838] workingset_refault_anon 6650 [ 2573.942521][T28838] workingset_refault_file 1 [ 2573.949208][T28838] swap 184320 [ 2573.952528][T28838] swapcached 0 [ 2573.955906][T28838] pgpgin 326860 [ 2573.959652][T28838] pgpgout 326858 [ 2573.963305][T28838] pgfault 800205 [ 2573.972376][T28838] pgmajfault 5599 [ 2573.976112][T28838] inactive_anon 0 [ 2573.980018][T28838] active_anon 8192 [ 2573.984073][T28838] inactive_file 0 [ 2573.987999][T28838] active_file 0 [ 2573.991568][T28838] unevictable 0 [ 2573.995103][T28838] hierarchical_memory_limit 314572800 [ 2574.002121][T28838] hierarchical_memsw_limit 9223372036854771712 [ 2574.008627][T28838] total_cache 0 [ 2574.012181][T28838] total_rss 8192 [ 2574.015814][T28838] total_rss_huge 0 [ 2574.019983][T28838] total_shmem 0 [ 2574.026030][T28838] total_mapped_file 0 [ 2574.035564][T28838] total_dirty 0 [ 2574.043553][T28838] total_writeback 0 [ 2574.048434][T28838] total_workingset_refault_anon 6650 [ 2574.048942][T28879] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2574.060813][T28838] total_workingset_refault_file 1 10:24:00 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xf96c, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:00 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x7a000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2574.077298][T28838] total_swap 208896 [ 2574.081144][T28838] total_swapcached 0 [ 2574.085048][T28838] total_pgpgin 336406 [ 2574.108151][T28838] total_pgpgout 336404 [ 2574.112275][T28838] total_pgfault 809792 [ 2574.119646][T28838] total_pgmajfault 5599 10:24:00 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x11, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2574.136538][T28838] total_inactive_anon 0 [ 2574.140733][T28838] total_active_anon 8192 [ 2574.144988][T28838] total_inactive_file 0 [ 2574.165191][T28838] total_active_file 0 [ 2574.172445][T28838] total_unevictable 0 [ 2574.184955][T28838] anon_cost 0 [ 2574.191953][T28838] file_cost 0 [ 2574.195276][T28838] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28838,uid=0 10:24:00 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x2000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:24:00 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x81000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:00 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xfc00, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2574.226388][T28838] Memory cgroup out of memory: Killed process 28838 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2574.260670][T28884] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:24:00 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x8183c99d, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:00 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xff00, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2574.460983][T28890] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:24:00 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x12, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2574.733853][T28898] __nla_validate_parse: 40 callbacks suppressed [ 2574.733876][T28898] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2574.794500][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2574.807188][T28903] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2574.822197][ T5088] CPU: 1 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2574.832575][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2574.842658][ T5088] Call Trace: [ 2574.845973][ T5088] [ 2574.848928][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2574.853645][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2574.858887][ T5088] ? __pfx__printk+0x10/0x10 [ 2574.863508][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2574.868226][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2574.873288][ T5088] dump_header+0xda/0x6a0 [ 2574.877658][ T5088] oom_kill_process+0x3a7/0x930 [ 2574.882553][ T5088] out_of_memory+0xf67/0x1320 [ 2574.887269][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2574.892928][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2574.897975][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2574.903124][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2574.908704][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2574.909628][T28907] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2574.913743][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2574.913781][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2574.913805][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2574.939272][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2574.944212][ T5088] ? mark_lock+0x9a/0x350 [ 2574.948550][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2574.953935][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2574.960081][ T5088] charge_memcg+0xa2/0x160 [ 2574.964499][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2574.970576][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2574.976030][ T5088] ? mark_lock+0x9a/0x350 [ 2574.980362][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2574.986345][ T5088] ? blk_start_plug+0x6f/0x1b0 [ 2574.991105][ T5088] swap_cluster_readahead+0x398/0x810 [ 2574.996481][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2575.002373][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2575.007396][ T5088] ? xas_descend+0x37e/0x470 [ 2575.011988][ T5088] swapin_readahead+0x1ea/0x1070 [ 2575.016922][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2575.022040][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2575.027420][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2575.032709][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2575.037994][ T5088] do_swap_page+0x791/0x3f40 [ 2575.042580][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2575.047347][ T5088] ? do_swap_page+0x154/0x3f40 [ 2575.052102][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2575.057134][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2575.062667][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2575.068483][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 2575.073712][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2575.078869][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2575.084349][ T5088] ? mt_find+0x226/0x850 [ 2575.088609][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2575.093659][ T5088] ? mt_find+0x62d/0x850 [ 2575.097904][ T5088] ? mt_find+0x226/0x850 [ 2575.102170][ T5088] ? find_vma+0x142/0x1c0 [ 2575.106497][ T5088] ? __pfx_find_vma+0x10/0x10 [ 2575.111167][ T5088] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2575.117156][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2575.121929][ T5088] exc_page_fault+0x2ad/0x870 [ 2575.126630][ T5088] asm_exc_page_fault+0x26/0x30 [ 2575.131489][ T5088] RIP: 0010:__get_user_8+0x11/0x20 [ 2575.136617][ T5088] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2575.156234][ T5088] RSP: 0018:ffffc90003fffd98 EFLAGS: 00050202 [ 2575.162306][ T5088] RAX: 0000555555682da8 RBX: ffff88802746d0b8 RCX: ffffc90003fffc03 [ 2575.170281][ T5088] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2575.178255][ T5088] RBP: ffffc90003fffec8 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2575.186238][ T5088] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc90003fffda0 [ 2575.194221][ T5088] R13: ffffc90003ffffd8 R14: dffffc0000000000 R15: ffff88802746bb80 [ 2575.202219][ T5088] __rseq_handle_notify_resume+0x158/0x1490 [ 2575.208134][ T5088] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2575.214464][ T5088] ? syscall_exit_to_user_mode+0xa2/0x360 [ 2575.220198][ T5088] syscall_exit_to_user_mode+0x113/0x360 [ 2575.225829][ T5088] do_syscall_64+0x108/0x240 [ 2575.230430][ T5088] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2575.236329][ T5088] RIP: 0033:0x7fdfb62a91b5 [ 2575.240738][ T5088] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 2575.260339][ T5088] RSP: 002b:00007ffda0a70310 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 2575.268745][ T5088] RAX: 0000000000000000 RBX: 0000000000007781 RCX: 00007fdfb62a91b5 [ 2575.276710][ T5088] RDX: 00007ffda0a70350 RSI: 0000000000000000 RDI: 0000000000000000 [ 2575.284676][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000000 R09: 00007ffda0b240b0 10:24:00 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x34000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2575.292636][ T5088] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2575.300600][ T5088] R13: 0000000000274805 R14: 0000000000274805 R15: 0000000000000000 [ 2575.308582][ T5088] [ 2575.341549][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 14776 [ 2575.348885][ T5088] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2575.357356][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2575.364743][ T5088] Memory cgroup stats for /syz3: [ 2575.364845][ T5088] cache 0 [ 2575.374823][ T5088] rss 16384 [ 2575.378597][ T5088] rss_huge 0 [ 2575.381921][ T5088] shmem 0 [ 2575.384966][ T5088] mapped_file 0 10:24:01 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x300, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x88470000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:01 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x400300, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2575.391720][ T5088] dirty 0 [ 2575.395535][ T5088] writeback 0 [ 2575.446311][ T5088] workingset_refault_anon 6872 [ 2575.451195][ T5088] workingset_refault_file 1 [ 2575.453897][T28910] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2575.455786][ T5088] swap 176128 [ 2575.560786][ T5088] swapcached 0 [ 2575.564372][ T5088] pgpgin 327102 [ 2575.568732][ T5088] pgpgout 327098 [ 2575.572621][ T5088] pgfault 800529 [ 2575.579687][ T5088] pgmajfault 5788 [ 2575.583883][ T5088] inactive_anon 0 [ 2575.588202][ T5088] active_anon 12288 [ 2575.592173][ T5088] inactive_file 0 [ 2575.595934][ T5088] active_file 0 [ 2575.604661][ T5088] unevictable 0 [ 2575.608665][ T5088] hierarchical_memory_limit 314572800 [ 2575.611214][T28914] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2575.614138][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2575.623234][T28913] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2575.635900][ T5088] total_cache 0 [ 2575.647990][ T5088] total_rss 16384 10:24:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x88480000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2575.658612][ T5088] total_rss_huge 0 [ 2575.671696][T28915] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2575.671746][ T5088] total_shmem 0 [ 2575.688241][ T5088] total_mapped_file 0 [ 2575.695878][ T5088] total_dirty 0 [ 2575.707233][ T5088] total_writeback 0 10:24:01 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x1000000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2575.713969][ T5088] total_workingset_refault_anon 6872 [ 2575.729096][ T5088] total_workingset_refault_file 1 [ 2575.734612][ T5088] total_swap 200704 10:24:01 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x500, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2575.766446][ T5088] total_swapcached 0 [ 2575.770401][ T5088] total_pgpgin 336648 [ 2575.774400][ T5088] total_pgpgout 336644 [ 2575.785481][ T5088] total_pgfault 810116 [ 2575.791638][ T5088] total_pgmajfault 5788 [ 2575.795910][ T5088] total_inactive_anon 0 [ 2575.801278][ T5088] total_active_anon 12288 [ 2575.805730][ T5088] total_inactive_file 0 [ 2575.812337][T28920] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2575.822950][ T5088] total_active_file 0 [ 2575.827647][ T5088] total_unevictable 0 [ 2575.831655][ T5088] anon_cost 0 [ 2575.834956][ T5088] file_cost 0 [ 2575.850234][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28892,uid=0 10:24:02 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x3000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2575.883731][T28924] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2575.883884][ T5088] Memory cgroup out of memory: Killed process 28892 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x88a8ffff, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2575.990764][T28925] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2576.012635][T28922] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:24:02 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x600, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:02 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x2000000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2576.091854][T28931] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 10:24:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x9dc98381, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2576.135475][T28931] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2576.185258][T28933] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:24:02 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x3000000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xafbe0000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:02 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x700, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2576.463439][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2576.494378][ T5088] CPU: 0 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2576.504841][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2576.515102][ T5088] Call Trace: [ 2576.518406][ T5088] [ 2576.521433][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2576.526235][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2576.531464][ T5088] ? __pfx__printk+0x10/0x10 [ 2576.536089][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2576.540798][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2576.545856][ T5088] dump_header+0xda/0x6a0 [ 2576.550220][ T5088] oom_kill_process+0x3a7/0x930 [ 2576.555095][ T5088] out_of_memory+0xf67/0x1320 10:24:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xf0ffffff, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2576.559777][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2576.565413][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2576.570449][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2576.575605][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2576.581174][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2576.586219][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2576.592317][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2576.597538][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2576.602494][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2576.607427][ T5088] ? mark_lock+0x9a/0x350 [ 2576.611774][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2576.617163][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2576.623311][ T5088] charge_memcg+0xa2/0x160 [ 2576.627729][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2576.633794][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2576.639250][ T5088] ? mark_lock+0x9a/0x350 [ 2576.643579][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2576.649655][ T5088] swap_cluster_readahead+0x67c/0x810 [ 2576.655053][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2576.660951][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2576.666021][ T5088] ? xas_descend+0x37e/0x470 [ 2576.670629][ T5088] swapin_readahead+0x1ea/0x1070 [ 2576.675571][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2576.680692][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2576.686070][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2576.691370][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2576.697785][ T5088] do_swap_page+0x791/0x3f40 [ 2576.702377][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2576.707153][ T5088] ? do_swap_page+0x154/0x3f40 [ 2576.711914][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2576.716936][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2576.722398][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2576.728218][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 2576.733417][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2576.739515][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2576.744983][ T5088] ? mt_find+0x226/0x850 [ 2576.749414][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2576.754493][ T5088] ? mt_find+0x62d/0x850 [ 2576.758865][ T5088] ? mt_find+0x226/0x850 [ 2576.763855][ T5088] ? find_vma+0x142/0x1c0 [ 2576.768974][ T5088] ? __pfx_find_vma+0x10/0x10 [ 2576.773685][ T5088] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2576.779801][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2576.785107][ T5088] exc_page_fault+0x2ad/0x870 [ 2576.789976][ T5088] asm_exc_page_fault+0x26/0x30 [ 2576.794827][ T5088] RIP: 0010:__get_user_8+0x11/0x20 [ 2576.799939][ T5088] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2576.819720][ T5088] RSP: 0018:ffffc90003fffd98 EFLAGS: 00050202 [ 2576.825798][ T5088] RAX: 0000555555682da8 RBX: ffff88802746d0b8 RCX: ffffc90003fffc03 [ 2576.833868][ T5088] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2576.841934][ T5088] RBP: ffffc90003fffec8 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2576.849915][ T5088] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc90003fffda0 [ 2576.857886][ T5088] R13: ffffc90003ffffd8 R14: dffffc0000000000 R15: ffff88802746bb80 [ 2576.865870][ T5088] __rseq_handle_notify_resume+0x158/0x1490 [ 2576.871783][ T5088] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2576.878116][ T5088] ? syscall_exit_to_user_mode+0xa2/0x360 [ 2576.883838][ T5088] syscall_exit_to_user_mode+0x113/0x360 [ 2576.889474][ T5088] do_syscall_64+0x108/0x240 [ 2576.894069][ T5088] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2576.899983][ T5088] RIP: 0033:0x7fdfb62a91b5 [ 2576.904392][ T5088] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 2576.924079][ T5088] RSP: 002b:00007ffda0a70310 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 2576.932511][ T5088] RAX: 0000000000000000 RBX: 0000000000007782 RCX: 00007fdfb62a91b5 [ 2576.940490][ T5088] RDX: 00007ffda0a70350 RSI: 0000000000000000 RDI: 0000000000000000 [ 2576.948471][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000000 R09: 00007ffda0b240b0 [ 2576.956439][ T5088] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2576.964410][ T5088] R13: 0000000000274e74 R14: 0000000000274e74 R15: 0000000000000000 [ 2576.972391][ T5088] [ 2576.998890][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 15167 [ 2577.007443][ T5088] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 10:24:03 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x900, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:03 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x4000000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2577.015585][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2577.023316][ T5088] Memory cgroup stats for /syz3: [ 2577.023416][ T5088] cache 0 [ 2577.032121][ T5088] rss 0 [ 2577.035073][ T5088] rss_huge 0 [ 2577.039675][ T5088] shmem 0 [ 2577.042940][ T5088] mapped_file 0 [ 2577.049497][ T5088] dirty 0 [ 2577.052643][ T5088] writeback 0 [ 2577.056128][ T5088] workingset_refault_anon 6996 [ 2577.061328][ T5088] workingset_refault_file 1 10:24:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xfffe5406, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2577.116334][ T5088] swap 192512 [ 2577.119736][ T5088] swapcached 0 [ 2577.123138][ T5088] pgpgin 327268 [ 2577.138827][ T5088] pgpgout 327268 [ 2577.142439][ T5088] pgfault 800753 [ 2577.146007][ T5088] pgmajfault 5906 [ 2577.153643][ T5088] inactive_anon 0 [ 2577.161323][ T5088] active_anon 0 [ 2577.169454][ T5088] inactive_file 0 [ 2577.175782][ T5088] active_file 0 [ 2577.182851][ T5088] unevictable 0 [ 2577.190494][ T5088] hierarchical_memory_limit 314572800 [ 2577.200467][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2577.211904][ T5088] total_cache 0 [ 2577.221179][ T5088] total_rss 0 [ 2577.225268][ T5088] total_rss_huge 0 [ 2577.230380][ T5088] total_shmem 0 [ 2577.234284][ T5088] total_mapped_file 0 [ 2577.240072][ T5088] total_dirty 0 [ 2577.243669][ T5088] total_writeback 0 [ 2577.248231][ T5088] total_workingset_refault_anon 6996 [ 2577.253721][ T5088] total_workingset_refault_file 1 [ 2577.259698][ T5088] total_swap 217088 [ 2577.264746][ T5088] total_swapcached 0 10:24:03 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x5000000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2577.273971][ T5088] total_pgpgin 336814 [ 2577.291020][ T5088] total_pgpgout 336814 [ 2577.299718][ T5088] total_pgfault 810340 [ 2577.309605][ T5088] total_pgmajfault 5906 [ 2577.318362][ T5088] total_inactive_anon 0 10:24:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xfffe5c04, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2577.327091][ T5088] total_active_anon 0 [ 2577.335882][ T5088] total_inactive_file 0 10:24:03 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xa00, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2577.374698][ T5088] total_active_file 0 [ 2577.390636][ T5088] total_unevictable 0 [ 2577.394664][ T5088] anon_cost 0 [ 2577.399114][ T5088] file_cost 0 [ 2577.402426][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28928,uid=0 10:24:03 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x4000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2577.447085][ T5088] Memory cgroup out of memory: Killed process 28928 (syz-executor.3) total-vm:54508kB, anon-rss:128kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:03 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x6000000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xffffa888, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:03 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xb00, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:03 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x7000000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xffffff7f, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2577.819552][T28972] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2577.849674][T28972] CPU: 0 PID: 28972 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 10:24:03 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x8000000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2577.860140][T28972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2577.870309][T28972] Call Trace: [ 2577.873617][T28972] [ 2577.876571][T28972] dump_stack_lvl+0x1e7/0x2e0 [ 2577.881292][T28972] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2577.886613][T28972] ? __pfx__printk+0x10/0x10 [ 2577.891239][T28972] ? ___ratelimit+0x4c4/0x670 [ 2577.895948][T28972] ? __pfx____ratelimit+0x10/0x10 [ 2577.901010][T28972] dump_header+0xda/0x6a0 [ 2577.905381][T28972] oom_kill_process+0x3a7/0x930 [ 2577.910438][T28972] out_of_memory+0xf67/0x1320 [ 2577.915150][T28972] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2577.920812][T28972] ? __pfx___mutex_lock+0x10/0x10 [ 2577.925866][T28972] ? __pfx_out_of_memory+0x10/0x10 [ 2577.931013][T28972] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2577.936565][T28972] ? __pfx_lock_release+0x10/0x10 [ 2577.941591][T28972] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2577.947660][T28972] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2577.952863][T28972] ? mem_cgroup_iter+0x422/0x560 [ 2577.957800][T28972] try_charge_memcg+0xda2/0x18a0 [ 2577.962732][T28972] ? mark_lock+0x9a/0x350 [ 2577.967073][T28972] ? __pfx_try_charge_memcg+0x10/0x10 [ 2577.972459][T28972] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2577.978608][T28972] charge_memcg+0xa2/0x160 [ 2577.983026][T28972] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2577.989090][T28972] __read_swap_cache_async+0x480/0x8b0 [ 2577.994546][T28972] ? mark_lock+0x9a/0x350 [ 2577.998878][T28972] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2578.004888][T28972] ? blk_start_plug+0x6f/0x1b0 [ 2578.009663][T28972] swap_cluster_readahead+0x398/0x810 [ 2578.015150][T28972] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2578.021318][T28972] ? __pfx_lock_release+0x10/0x10 [ 2578.026352][T28972] ? xas_descend+0x37e/0x470 [ 2578.030964][T28972] swapin_readahead+0x1ea/0x1070 [ 2578.035906][T28972] ? filemap_get_entry+0x127/0x4e0 [ 2578.041042][T28972] ? __pfx_swapin_readahead+0x10/0x10 [ 2578.046446][T28972] ? __filemap_get_folio+0x935/0xbc0 [ 2578.051732][T28972] ? swap_cache_get_folio+0x9f/0x570 [ 2578.057016][T28972] do_swap_page+0x791/0x3f40 [ 2578.061604][T28972] ? rcu_is_watching+0x15/0xb0 [ 2578.066392][T28972] ? do_swap_page+0x154/0x3f40 [ 2578.071182][T28972] ? __pfx_do_swap_page+0x10/0x10 [ 2578.076303][T28972] ? pte_offset_map_nolock+0x137/0x1f0 [ 2578.081789][T28972] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2578.087604][T28972] ? __pfx_validate_chain+0x10/0x10 [ 2578.092833][T28972] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 2578.099089][T28972] __handle_mm_fault+0x15e8/0x72d0 [ 2578.104246][T28972] ? __pfx___handle_mm_fault+0x10/0x10 [ 2578.109720][T28972] ? mt_find+0x226/0x850 [ 2578.114065][T28972] ? __pfx_lock_release+0x10/0x10 [ 2578.119125][T28972] ? mt_find+0x62d/0x850 [ 2578.123372][T28972] ? mt_find+0x226/0x850 [ 2578.127632][T28972] ? find_vma+0x142/0x1c0 [ 2578.132082][T28972] ? __pfx_find_vma+0x10/0x10 [ 2578.136771][T28972] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2578.142777][T28972] handle_mm_fault+0x3c1/0x8a0 [ 2578.147565][T28972] exc_page_fault+0x2ad/0x870 [ 2578.152259][T28972] asm_exc_page_fault+0x26/0x30 [ 2578.157131][T28972] RIP: 0010:__get_user_8+0x11/0x20 [ 2578.162277][T28972] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2578.181976][T28972] RSP: 0018:ffffc9000586fd78 EFLAGS: 00050202 [ 2578.188060][T28972] RAX: 0000555555682da8 RBX: ffff88802f3a32f8 RCX: ffffc9000586fc03 [ 2578.196046][T28972] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2578.204123][T28972] RBP: ffffc9000586fec0 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2578.212372][T28972] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc9000586fd80 [ 2578.221739][T28972] R13: ffffc9000586ffd8 R14: dffffc0000000000 R15: ffff88802f3a1dc0 [ 2578.230377][T28972] __rseq_handle_notify_resume+0x158/0x1490 [ 2578.236466][T28972] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2578.242822][T28972] ? irqentry_exit_to_user_mode+0x52/0x270 [ 2578.248638][T28972] irqentry_exit_to_user_mode+0xbb/0x270 [ 2578.254276][T28972] exc_page_fault+0x587/0x870 [ 2578.258975][T28972] asm_exc_page_fault+0x26/0x30 [ 2578.263913][T28972] RIP: 0033:0x7fdfb6228266 [ 2578.268334][T28972] Code: 1f 44 00 00 48 8b 0d 91 d4 ca 00 4c 63 05 7a d4 ca 00 48 8b 05 7b d4 ca 00 49 01 c8 48 39 c8 72 13 4c 39 c0 73 0e 48 8d 50 04 <89> 38 48 89 15 61 d4 ca 00 c3 52 48 8d 35 c3 0e 0a 00 48 89 c2 48 [ 2578.287973][T28972] RSP: 002b:00007ffda0a70148 EFLAGS: 00010287 [ 2578.294040][T28972] RAX: 0000001b31520000 RBX: 0000000000000003 RCX: 0000001b31520000 [ 2578.302011][T28972] RDX: 0000001b31520004 RSI: 0000000000000000 RDI: 0000000000000000 [ 2578.310028][T28972] RBP: 0000000000000001 R08: 0000001b31920000 R09: 0000000000040000 [ 2578.318170][T28972] R10: 0000000000000011 R11: 0000000000000293 R12: 0000000000000000 [ 2578.326309][T28972] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 2578.334432][T28972] [ 2578.388585][T28972] memory: usage 307200kB, limit 307200kB, failcnt 15370 [ 2578.395835][T28972] memory+swap: usage 307364kB, limit 9007199254740988kB, failcnt 0 [ 2578.415575][T28972] kmem: usage 307164kB, limit 9007199254740988kB, failcnt 0 [ 2578.425978][T28972] Memory cgroup stats for /syz3: [ 2578.426102][T28972] cache 0 10:24:04 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x9000000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2578.443417][T28989] validate_nla: 6 callbacks suppressed [ 2578.443437][T28989] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2578.460678][T28972] rss 16384 [ 2578.463934][T28972] rss_huge 0 [ 2578.472463][T28972] shmem 0 [ 2578.475566][T28972] mapped_file 0 [ 2578.484154][T28972] dirty 0 10:24:04 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xfffffff0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:04 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xc00, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2578.492898][T28972] writeback 0 [ 2578.505841][T28972] workingset_refault_anon 7072 [ 2578.544095][T28972] workingset_refault_file 1 [ 2578.549459][T28972] swap 163840 [ 2578.552801][T28972] swapcached 0 [ 2578.559627][T28972] pgpgin 327361 [ 2578.569628][T28972] pgpgout 327357 [ 2578.580526][T28972] pgfault 800886 [ 2578.584346][T28972] pgmajfault 5978 10:24:04 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x1c000000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2578.593780][T28972] inactive_anon 16384 [ 2578.604057][T28972] active_anon 0 [ 2578.622059][T28972] inactive_file 0 [ 2578.632918][T28972] active_file 0 [ 2578.637516][T28972] unevictable 0 [ 2578.641583][T28972] hierarchical_memory_limit 314572800 [ 2578.647687][T28972] hierarchical_memsw_limit 9223372036854771712 [ 2578.654039][T28972] total_cache 0 [ 2578.658038][T28972] total_rss 16384 [ 2578.661820][T28972] total_rss_huge 0 [ 2578.665772][T28972] total_shmem 0 [ 2578.671912][T28972] total_mapped_file 0 [ 2578.676134][T28972] total_dirty 0 [ 2578.681406][T28972] total_writeback 0 [ 2578.685604][T28972] total_workingset_refault_anon 7072 [ 2578.694423][T28997] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2578.721711][T28972] total_workingset_refault_file 1 [ 2578.736624][T28972] total_swap 188416 10:24:04 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0xa, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:04 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xd00, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2578.745203][T28972] total_swapcached 0 [ 2578.758361][T28972] total_pgpgin 336907 [ 2578.778657][T28972] total_pgpgout 336903 [ 2578.782782][T28972] total_pgfault 810473 [ 2578.797834][T28972] total_pgmajfault 5978 [ 2578.802044][T28972] total_inactive_anon 16384 [ 2578.807454][T28972] total_active_anon 0 [ 2578.811465][T28972] total_inactive_file 0 [ 2578.815721][T28972] total_active_file 0 [ 2578.821265][T28972] total_unevictable 0 [ 2578.825278][T28972] anon_cost 0 [ 2578.830797][T28972] file_cost 0 10:24:04 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x6a030000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:05 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x4f0fcff, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2578.834119][T28972] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=28972,uid=0 [ 2578.865984][T28972] Memory cgroup out of memory: Killed process 28972 (syz-executor.3) total-vm:54376kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 10:24:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x10, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:05 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x77010000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:05 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xe00, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2579.130001][T29007] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2579.142405][T29007] CPU: 1 PID: 29007 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2579.153038][T29007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2579.163122][T29007] Call Trace: [ 2579.166426][T29007] [ 2579.169384][T29007] dump_stack_lvl+0x1e7/0x2e0 [ 2579.174096][T29007] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2579.179327][T29007] ? __pfx__printk+0x10/0x10 [ 2579.183953][T29007] ? ___ratelimit+0x4c4/0x670 [ 2579.188669][T29007] ? __pfx____ratelimit+0x10/0x10 [ 2579.193754][T29007] dump_header+0xda/0x6a0 [ 2579.198127][T29007] oom_kill_process+0x3a7/0x930 [ 2579.203009][T29007] out_of_memory+0xf67/0x1320 [ 2579.207712][T29007] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2579.213362][T29007] ? __pfx___mutex_lock+0x10/0x10 [ 2579.218420][T29007] ? __pfx_out_of_memory+0x10/0x10 [ 2579.223580][T29007] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2579.229151][T29007] ? __pfx_lock_release+0x10/0x10 [ 2579.234203][T29007] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2579.240302][T29007] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2579.245527][T29007] ? mem_cgroup_iter+0x422/0x560 [ 2579.250499][T29007] try_charge_memcg+0xda2/0x18a0 [ 2579.255460][T29007] ? mark_lock+0x9a/0x350 [ 2579.259840][T29007] ? __pfx_try_charge_memcg+0x10/0x10 [ 2579.265285][T29007] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2579.271561][T29007] charge_memcg+0xa2/0x160 10:24:05 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x8fcf84b9, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:05 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xb984cf8f, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2579.276534][T29007] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2579.282727][T29007] __read_swap_cache_async+0x480/0x8b0 [ 2579.288224][T29007] ? mark_lock+0x9a/0x350 [ 2579.292588][T29007] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2579.298611][T29007] swap_cluster_readahead+0x67c/0x810 [ 2579.304025][T29007] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2579.309949][T29007] ? __pfx_lock_release+0x10/0x10 [ 2579.315007][T29007] ? xas_descend+0x37e/0x470 [ 2579.319634][T29007] swapin_readahead+0x1ea/0x1070 [ 2579.324600][T29007] ? filemap_get_entry+0x127/0x4e0 10:24:05 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x1100, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2579.329757][T29007] ? __pfx_swapin_readahead+0x10/0x10 [ 2579.335176][T29007] ? __filemap_get_folio+0x935/0xbc0 [ 2579.340500][T29007] ? swap_cache_get_folio+0x9f/0x570 [ 2579.345816][T29007] do_swap_page+0x791/0x3f40 [ 2579.350428][T29007] ? rcu_is_watching+0x15/0xb0 [ 2579.355235][T29007] ? do_swap_page+0x154/0x3f40 [ 2579.360023][T29007] ? __pfx_do_swap_page+0x10/0x10 [ 2579.365074][T29007] ? pte_offset_map_nolock+0x137/0x1f0 [ 2579.370564][T29007] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2579.376396][T29007] ? __pfx_validate_chain+0x10/0x10 [ 2579.381617][T29007] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 2579.387889][T29007] __handle_mm_fault+0x15e8/0x72d0 [ 2579.393067][T29007] ? __pfx___handle_mm_fault+0x10/0x10 [ 2579.398571][T29007] ? mt_find+0x226/0x850 [ 2579.402835][T29007] ? __pfx_lock_release+0x10/0x10 [ 2579.407905][T29007] ? mt_find+0x62d/0x850 [ 2579.412183][T29007] ? mt_find+0x226/0x850 [ 2579.416482][T29007] ? find_vma+0x142/0x1c0 [ 2579.420837][T29007] ? __pfx_find_vma+0x10/0x10 [ 2579.425531][T29007] ? lockdep_hardirqs_on_prepare+0x43c/0x780 10:24:05 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xe0ffffff, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2579.431540][T29007] handle_mm_fault+0x3c1/0x8a0 [ 2579.436325][T29007] exc_page_fault+0x2ad/0x870 [ 2579.441030][T29007] asm_exc_page_fault+0x26/0x30 [ 2579.445899][T29007] RIP: 0010:__get_user_8+0x11/0x20 [ 2579.451033][T29007] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2579.470661][T29007] RSP: 0018:ffffc9000586fd78 EFLAGS: 00050202 [ 2579.476762][T29007] RAX: 0000555555682da8 RBX: ffff88801f35b2f8 RCX: ffffc9000586fc03 [ 2579.484754][T29007] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2579.492746][T29007] RBP: ffffc9000586fec0 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2579.500752][T29007] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc9000586fd80 [ 2579.508746][T29007] R13: ffffc9000586ffd8 R14: dffffc0000000000 R15: ffff88801f359dc0 [ 2579.516757][T29007] __rseq_handle_notify_resume+0x158/0x1490 [ 2579.522708][T29007] ? __pfx___rseq_handle_notify_resume+0x10/0x10 10:24:05 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xf0ffffff, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2579.529078][T29007] ? irqentry_exit_to_user_mode+0x52/0x270 [ 2579.534921][T29007] irqentry_exit_to_user_mode+0xbb/0x270 [ 2579.540591][T29007] exc_page_fault+0x587/0x870 [ 2579.545309][T29007] asm_exc_page_fault+0x26/0x30 [ 2579.550192][T29007] RIP: 0033:0x7fdfb6228266 [ 2579.554624][T29007] Code: 1f 44 00 00 48 8b 0d 91 d4 ca 00 4c 63 05 7a d4 ca 00 48 8b 05 7b d4 ca 00 49 01 c8 48 39 c8 72 13 4c 39 c0 73 0e 48 8d 50 04 <89> 38 48 89 15 61 d4 ca 00 c3 52 48 8d 35 c3 0e 0a 00 48 89 c2 48 [ 2579.574256][T29007] RSP: 002b:00007ffda0a70148 EFLAGS: 00010287 10:24:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x18, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2579.580353][T29007] RAX: 0000001b31520000 RBX: 0000000000000003 RCX: 0000001b31520000 [ 2579.588366][T29007] RDX: 0000001b31520004 RSI: 0000000000000000 RDI: 0000000000000000 [ 2579.596384][T29007] RBP: 0000000000000001 R08: 0000001b31920000 R09: 0000000000040000 [ 2579.604381][T29007] R10: 0000000000000011 R11: 0000000000000293 R12: 0000000000000000 [ 2579.612384][T29007] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 2579.620392][T29007] 10:24:05 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x1200, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2579.665468][T29007] memory: usage 307180kB, limit 307200kB, failcnt 15553 [ 2579.674135][T29007] memory+swap: usage 307364kB, limit 9007199254740988kB, failcnt 0 [ 2579.683008][T29007] kmem: usage 307164kB, limit 9007199254740988kB, failcnt 0 [ 2579.693034][T29007] Memory cgroup stats for /syz3: [ 2579.693162][T29007] cache 0 [ 2579.703209][T29007] rss 16384 [ 2579.707185][T29007] rss_huge 0 [ 2579.710547][T29007] shmem 0 [ 2579.713642][T29007] mapped_file 0 [ 2579.717892][T29007] dirty 0 [ 2579.720961][T29007] writeback 0 [ 2579.724431][T29007] workingset_refault_anon 7148 [ 2579.730297][T29007] workingset_refault_file 1 [ 2579.740233][T29033] __nla_validate_parse: 31 callbacks suppressed [ 2579.740252][T29033] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2579.752030][T29007] swap 163840 10:24:05 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xf96c0000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2579.771307][T29007] swapcached 0 [ 2579.774862][T29007] pgpgin 327449 [ 2579.785266][T29007] pgpgout 327445 [ 2579.789600][T29036] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2579.816505][T29007] pgfault 801005 [ 2579.831372][T29007] pgmajfault 6038 10:24:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x23, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2579.852908][T29007] inactive_anon 0 [ 2579.872429][T29007] active_anon 16384 [ 2579.884620][T29007] inactive_file 0 [ 2579.890869][T29041] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2579.900893][T29007] active_file 0 [ 2579.904476][T29007] unevictable 0 [ 2579.908682][T29007] hierarchical_memory_limit 314572800 [ 2579.914087][T29007] hierarchical_memsw_limit 9223372036854771712 [ 2579.931693][T29007] total_cache 0 [ 2579.940857][T29007] total_rss 16384 [ 2579.944543][T29007] total_rss_huge 0 10:24:06 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x34000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2579.962971][T29043] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2579.965642][T29007] total_shmem 0 [ 2579.997923][T29007] total_mapped_file 0 [ 2580.004108][T29007] total_dirty 0 [ 2580.008104][T29007] total_writeback 0 10:24:06 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xfc000000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x2b, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2580.012116][T29007] total_workingset_refault_anon 7148 [ 2580.017912][T29007] total_workingset_refault_file 1 [ 2580.023091][T29007] total_swap 188416 [ 2580.027749][T29007] total_swapcached 0 [ 2580.031790][T29007] total_pgpgin 336995 [ 2580.036726][T29007] total_pgpgout 336991 [ 2580.040961][T29007] total_pgfault 810592 [ 2580.052972][T29044] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2580.081598][T29007] total_pgmajfault 6038 [ 2580.089342][T29046] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2580.090024][T29007] total_inactive_anon 0 [ 2580.124479][T29007] total_active_anon 16384 [ 2580.135922][T29007] total_inactive_file 0 [ 2580.143038][T29007] total_active_file 0 [ 2580.151712][T29007] total_unevictable 0 [ 2580.159804][T29007] anon_cost 0 [ 2580.163222][T29007] file_cost 0 10:24:06 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x5000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2580.168067][T29007] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29007,uid=0 [ 2580.175035][T29050] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2580.184845][T29007] Memory cgroup out of memory: Killed process 29007 (syz-executor.3) total-vm:54376kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 2580.251170][T29049] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 10:24:06 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x400300, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x2d, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:06 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xfe80ffff, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2580.299878][T29054] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2580.395154][T29058] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 10:24:06 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x140, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:06 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xfec0ffff, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:06 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x1000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:07 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0xec0, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2580.975134][T29055] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2580.990472][T29055] CPU: 0 PID: 29055 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2581.000939][T29055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2581.011033][T29055] Call Trace: [ 2581.014351][T29055] [ 2581.017457][T29055] dump_stack_lvl+0x1e7/0x2e0 [ 2581.022147][T29055] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2581.027351][T29055] ? __pfx__printk+0x10/0x10 [ 2581.031936][T29055] ? ___ratelimit+0x4c4/0x670 [ 2581.036617][T29055] ? __pfx____ratelimit+0x10/0x10 [ 2581.041640][T29055] dump_header+0xda/0x6a0 [ 2581.046089][T29055] oom_kill_process+0x3a7/0x930 [ 2581.050944][T29055] out_of_memory+0xf67/0x1320 [ 2581.055620][T29055] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2581.061272][T29055] ? __pfx___mutex_lock+0x10/0x10 [ 2581.066414][T29055] ? __pfx_out_of_memory+0x10/0x10 [ 2581.071619][T29055] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2581.077183][T29055] ? __pfx_lock_release+0x10/0x10 [ 2581.082209][T29055] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2581.088277][T29055] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2581.093470][T29055] ? mem_cgroup_iter+0x422/0x560 [ 2581.098408][T29055] try_charge_memcg+0xda2/0x18a0 [ 2581.103535][T29055] ? __pfx_try_charge_memcg+0x10/0x10 [ 2581.108903][T29055] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2581.114617][T29055] ? __pfx_lock_release+0x10/0x10 [ 2581.119640][T29055] ? memcg_account_kmem+0x1e7/0x210 [ 2581.124929][T29055] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2581.130731][T29055] __memcg_kmem_charge_page+0xe1/0x250 [ 2581.136330][T29055] memcg_charge_kernel_stack+0x304/0x550 [ 2581.142190][T29055] dup_task_struct+0x15d/0x7d0 [ 2581.147149][T29055] copy_process+0x5d5/0x3fc0 [ 2581.151992][T29055] ? __might_fault+0xa9/0x120 [ 2581.156773][T29055] ? __pfx_lock_release+0x10/0x10 [ 2581.161801][T29055] ? __pfx_copy_process+0x10/0x10 [ 2581.166818][T29055] ? __might_fault+0xc5/0x120 [ 2581.171492][T29055] ? __asan_memset+0x23/0x50 [ 2581.176082][T29055] kernel_clone+0x21d/0x8d0 [ 2581.180582][T29055] ? __pfx_kernel_clone+0x10/0x10 [ 2581.185710][T29055] __se_sys_clone3+0x2cb/0x350 [ 2581.190472][T29055] ? __pfx___se_sys_clone3+0x10/0x10 [ 2581.195761][T29055] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2581.201765][T29055] ? exc_page_fault+0x587/0x870 [ 2581.206638][T29055] ? do_syscall_64+0xb4/0x240 [ 2581.211331][T29055] do_syscall_64+0xf9/0x240 [ 2581.215872][T29055] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2581.221783][T29055] RIP: 0033:0x7fdfb62a9b99 [ 2581.226206][T29055] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2581.245921][T29055] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2581.254348][T29055] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2581.262600][T29055] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2581.270655][T29055] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2581.278632][T29055] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2581.286616][T29055] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2581.294678][T29055] 10:24:07 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xff000000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2581.332810][T29055] memory: usage 307200kB, limit 307200kB, failcnt 16122 [ 2581.355608][T29055] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 10:24:07 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x2000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2581.384134][T29055] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2581.413230][T29055] Memory cgroup stats for /syz3: [ 2581.413344][T29055] cache 0 [ 2581.422839][T29055] rss 0 [ 2581.425717][T29055] rss_huge 0 [ 2581.430203][T29055] shmem 0 [ 2581.433294][T29055] mapped_file 0 10:24:07 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x33fe0, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2581.458913][T29055] dirty 0 [ 2581.461903][T29055] writeback 0 [ 2581.472123][T29055] workingset_refault_anon 7363 [ 2581.477665][T29055] workingset_refault_file 1 [ 2581.482351][T29055] swap 192512 [ 2581.485671][T29055] swapcached 0 [ 2581.490116][T29055] pgpgin 327692 [ 2581.493618][T29055] pgpgout 327692 [ 2581.499700][T29055] pgfault 801356 [ 2581.503367][T29055] pgmajfault 6250 10:24:07 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xffff0000, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2581.508380][T29055] inactive_anon 0 [ 2581.512210][T29055] active_anon 0 [ 2581.515680][T29055] inactive_file 0 [ 2581.520116][T29055] active_file 0 [ 2581.523593][T29055] unevictable 0 [ 2581.527974][T29055] hierarchical_memory_limit 314572800 [ 2581.533414][T29055] hierarchical_memsw_limit 9223372036854771712 [ 2581.542122][T29055] total_cache 0 [ 2581.545626][T29055] total_rss 0 [ 2581.550472][T29055] total_rss_huge 0 [ 2581.554320][T29055] total_shmem 0 [ 2581.558830][T29055] total_mapped_file 0 [ 2581.569945][T29055] total_dirty 0 [ 2581.573951][T29055] total_writeback 0 [ 2581.578574][T29055] total_workingset_refault_anon 7363 [ 2581.606396][T29055] total_workingset_refault_file 1 [ 2581.611467][T29055] total_swap 217088 [ 2581.615295][T29055] total_swapcached 0 [ 2581.642876][T29055] total_pgpgin 337238 [ 2581.648462][T29055] total_pgpgout 337238 [ 2581.652550][T29055] total_pgfault 810943 10:24:07 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x3000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2581.661549][T29055] total_pgmajfault 6250 [ 2581.665803][T29055] total_inactive_anon 0 [ 2581.676622][T29055] total_active_anon 0 [ 2581.680756][T29055] total_inactive_file 0 [ 2581.685000][T29055] total_active_file 0 [ 2581.697095][T29055] total_unevictable 0 [ 2581.701194][T29055] anon_cost 0 [ 2581.704574][T29055] file_cost 0 10:24:07 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0xfffffdef, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2581.709456][T29055] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29055,uid=0 [ 2581.725883][T29055] Memory cgroup out of memory: Killed process 29055 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:07 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xffff80fe, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:07 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x6000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:24:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0xa, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:08 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xffffc0fe, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:08 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x4000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x10, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:08 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xffffff7f, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x25, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:08 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x5000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2582.335230][T29098] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2582.392574][T29098] CPU: 0 PID: 29098 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2582.403071][T29098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2582.413143][T29098] Call Trace: [ 2582.416450][T29098] [ 2582.419390][T29098] dump_stack_lvl+0x1e7/0x2e0 [ 2582.424100][T29098] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2582.429332][T29098] ? __pfx__printk+0x10/0x10 [ 2582.433962][T29098] ? ___ratelimit+0x4c4/0x670 [ 2582.438685][T29098] ? __pfx____ratelimit+0x10/0x10 [ 2582.443739][T29098] dump_header+0xda/0x6a0 [ 2582.448084][T29098] oom_kill_process+0x3a7/0x930 [ 2582.453197][T29098] out_of_memory+0xf67/0x1320 [ 2582.457877][T29098] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2582.463507][T29098] ? __pfx___mutex_lock+0x10/0x10 [ 2582.468530][T29098] ? __pfx_out_of_memory+0x10/0x10 [ 2582.473674][T29098] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2582.479219][T29098] ? __pfx_lock_release+0x10/0x10 [ 2582.484243][T29098] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2582.490308][T29098] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2582.495504][T29098] ? mem_cgroup_iter+0x422/0x560 [ 2582.500448][T29098] try_charge_memcg+0xda2/0x18a0 [ 2582.505399][T29098] ? __pfx_try_charge_memcg+0x10/0x10 [ 2582.510774][T29098] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2582.516497][T29098] ? __pfx_lock_release+0x10/0x10 [ 2582.521525][T29098] ? memcg_account_kmem+0x1e7/0x210 [ 2582.526730][T29098] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2582.532531][T29098] __memcg_kmem_charge_page+0xe1/0x250 [ 2582.537994][T29098] memcg_charge_kernel_stack+0x304/0x550 [ 2582.543629][T29098] dup_task_struct+0x40d/0x7d0 [ 2582.548407][T29098] copy_process+0x5d5/0x3fc0 [ 2582.553003][T29098] ? __might_fault+0xa9/0x120 [ 2582.557682][T29098] ? __pfx_lock_release+0x10/0x10 [ 2582.562713][T29098] ? __lock_acquire+0x1345/0x1fd0 [ 2582.567735][T29098] ? __pfx_copy_process+0x10/0x10 [ 2582.572755][T29098] ? __might_fault+0xc5/0x120 [ 2582.577428][T29098] ? __asan_memset+0x23/0x50 [ 2582.582020][T29098] kernel_clone+0x21d/0x8d0 [ 2582.586524][T29098] ? __pfx_kernel_clone+0x10/0x10 [ 2582.591553][T29098] ? __pfx_lock_release+0x10/0x10 [ 2582.596583][T29098] __se_sys_clone3+0x2cb/0x350 [ 2582.601343][T29098] ? __might_fault+0xa9/0x120 [ 2582.606020][T29098] ? __pfx___se_sys_clone3+0x10/0x10 [ 2582.611297][T29098] ? rcu_is_watching+0x15/0xb0 [ 2582.616070][T29098] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2582.622064][T29098] ? exc_page_fault+0x587/0x870 [ 2582.626918][T29098] ? do_syscall_64+0xb4/0x240 [ 2582.631596][T29098] do_syscall_64+0xf9/0x240 [ 2582.636148][T29098] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2582.642056][T29098] RIP: 0033:0x7fdfb62a9b99 [ 2582.646477][T29098] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2582.666077][T29098] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2582.674573][T29098] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2582.682537][T29098] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2582.690531][T29098] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2582.698503][T29098] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2582.706477][T29098] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2582.714567][T29098] [ 2582.738935][T29098] memory: usage 307200kB, limit 307200kB, failcnt 16668 [ 2582.746814][T29098] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2582.754839][T29098] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2582.763372][T29098] Memory cgroup stats for /syz3: [ 2582.763598][T29098] cache 0 [ 2582.772196][T29098] rss 20480 [ 2582.777150][T29098] rss_huge 0 [ 2582.780520][T29098] shmem 0 [ 2582.783575][T29098] mapped_file 0 [ 2582.789328][T29098] dirty 0 [ 2582.792416][T29098] writeback 0 [ 2582.795826][T29098] workingset_refault_anon 7548 [ 2582.802181][T29098] workingset_refault_file 1 [ 2582.807112][T29098] swap 172032 [ 2582.810526][T29098] swapcached 0 [ 2582.814028][T29098] pgpgin 327898 [ 2582.850309][T29098] pgpgout 327893 [ 2582.857449][T29098] pgfault 801653 [ 2582.865647][T29098] pgmajfault 6424 [ 2582.870942][T29098] inactive_anon 0 [ 2582.874724][T29098] active_anon 20480 [ 2582.879325][T29098] inactive_file 0 [ 2582.883216][T29098] active_file 0 [ 2582.887317][T29098] unevictable 0 [ 2582.890901][T29098] hierarchical_memory_limit 314572800 10:24:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x7b, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:09 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xffffffe0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2582.900118][T29098] hierarchical_memsw_limit 9223372036854771712 [ 2582.907821][T29098] total_cache 0 [ 2582.911916][T29098] total_rss 20480 [ 2582.926955][T29098] total_rss_huge 0 [ 2582.930827][T29098] total_shmem 0 [ 2582.934643][T29098] total_mapped_file 0 [ 2582.944383][T29098] total_dirty 0 10:24:09 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x6000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2582.950616][T29098] total_writeback 0 [ 2582.956502][T29098] total_workingset_refault_anon 7548 [ 2582.986346][T29098] total_workingset_refault_file 1 [ 2582.991459][T29098] total_swap 196608 [ 2582.995311][T29098] total_swapcached 0 10:24:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x2, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2583.002725][T29098] total_pgpgin 337444 [ 2583.009151][T29098] total_pgpgout 337439 [ 2583.015573][T29098] total_pgfault 811240 [ 2583.033065][T29098] total_pgmajfault 6424 [ 2583.038040][T29098] total_inactive_anon 0 [ 2583.042378][T29098] total_active_anon 20480 [ 2583.047565][T29098] total_inactive_file 0 [ 2583.051902][T29098] total_active_file 0 [ 2583.058776][T29098] total_unevictable 0 [ 2583.063208][T29098] anon_cost 0 [ 2583.067569][T29098] file_cost 0 [ 2583.071010][T29098] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29098,uid=0 10:24:09 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xfffffff0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2583.087618][T29098] Memory cgroup out of memory: Killed process 29098 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:09 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x7000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:24:09 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x3, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:09 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:09 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x7000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2583.495857][T29135] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2583.508194][T29135] CPU: 0 PID: 29135 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2583.518643][T29135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2583.528726][T29135] Call Trace: [ 2583.532024][T29135] [ 2583.534971][T29135] dump_stack_lvl+0x1e7/0x2e0 [ 2583.539673][T29135] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2583.544870][T29135] ? __pfx__printk+0x10/0x10 [ 2583.549468][T29135] ? ___ratelimit+0x4c4/0x670 [ 2583.554175][T29135] ? __pfx____ratelimit+0x10/0x10 [ 2583.559222][T29135] dump_header+0xda/0x6a0 [ 2583.563558][T29135] oom_kill_process+0x3a7/0x930 [ 2583.568501][T29135] out_of_memory+0xf67/0x1320 [ 2583.573184][T29135] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2583.578813][T29135] ? __pfx___mutex_lock+0x10/0x10 [ 2583.583833][T29135] ? __pfx_out_of_memory+0x10/0x10 [ 2583.588950][T29135] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2583.594491][T29135] ? __pfx_lock_release+0x10/0x10 [ 2583.599514][T29135] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2583.605578][T29135] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2583.610778][T29135] ? mem_cgroup_iter+0x422/0x560 [ 2583.615714][T29135] try_charge_memcg+0xda2/0x18a0 [ 2583.620648][T29135] ? mark_lock+0x9a/0x350 [ 2583.624989][T29135] ? __pfx_try_charge_memcg+0x10/0x10 [ 2583.630459][T29135] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2583.636607][T29135] charge_memcg+0xa2/0x160 [ 2583.641109][T29135] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2583.647171][T29135] __read_swap_cache_async+0x480/0x8b0 [ 2583.652629][T29135] ? mark_lock+0x9a/0x350 [ 2583.656962][T29135] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2583.663029][T29135] ? blk_start_plug+0x6f/0x1b0 [ 2583.667795][T29135] swap_cluster_readahead+0x398/0x810 [ 2583.673171][T29135] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2583.679065][T29135] ? __pfx_lock_release+0x10/0x10 [ 2583.684096][T29135] ? xas_descend+0x37e/0x470 [ 2583.688783][T29135] swapin_readahead+0x1ea/0x1070 [ 2583.693724][T29135] ? filemap_get_entry+0x127/0x4e0 [ 2583.698854][T29135] ? __pfx_swapin_readahead+0x10/0x10 [ 2583.704230][T29135] ? __filemap_get_folio+0x935/0xbc0 [ 2583.709538][T29135] ? swap_cache_get_folio+0x9f/0x570 [ 2583.714822][T29135] do_swap_page+0x791/0x3f40 [ 2583.719496][T29135] ? rcu_is_watching+0x15/0xb0 [ 2583.724267][T29135] ? do_swap_page+0x154/0x3f40 [ 2583.729025][T29135] ? __pfx_do_swap_page+0x10/0x10 [ 2583.734040][T29135] ? pte_offset_map_nolock+0x137/0x1f0 [ 2583.739493][T29135] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2583.745295][T29135] ? __pfx_validate_chain+0x10/0x10 [ 2583.750484][T29135] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 2583.756727][T29135] __handle_mm_fault+0x15e8/0x72d0 [ 2583.761863][T29135] ? __pfx___handle_mm_fault+0x10/0x10 [ 2583.767324][T29135] ? mt_find+0x226/0x850 [ 2583.771562][T29135] ? __pfx_lock_release+0x10/0x10 [ 2583.776596][T29135] ? mt_find+0x62d/0x850 [ 2583.780837][T29135] ? mt_find+0x226/0x850 [ 2583.785191][T29135] ? find_vma+0x142/0x1c0 [ 2583.789549][T29135] ? __pfx_find_vma+0x10/0x10 [ 2583.794227][T29135] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2583.800208][T29135] handle_mm_fault+0x3c1/0x8a0 [ 2583.804974][T29135] exc_page_fault+0x2ad/0x870 [ 2583.809654][T29135] asm_exc_page_fault+0x26/0x30 [ 2583.814498][T29135] RIP: 0010:__get_user_8+0x11/0x20 [ 2583.819602][T29135] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2583.839291][T29135] RSP: 0018:ffffc9000ec2fd78 EFLAGS: 00050202 [ 2583.845362][T29135] RAX: 0000555555682da8 RBX: ffff88803730d0b8 RCX: ffffc9000ec2fc03 [ 2583.853327][T29135] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2583.861292][T29135] RBP: ffffc9000ec2fec0 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2583.869263][T29135] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc9000ec2fd80 [ 2583.877580][T29135] R13: ffffc9000ec2ffd8 R14: dffffc0000000000 R15: ffff88803730bb80 [ 2583.885565][T29135] __rseq_handle_notify_resume+0x158/0x1490 [ 2583.891563][T29135] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2583.897897][T29135] ? irqentry_exit_to_user_mode+0x52/0x270 [ 2583.903701][T29135] irqentry_exit_to_user_mode+0xbb/0x270 [ 2583.909339][T29135] exc_page_fault+0x587/0x870 [ 2583.914018][T29135] asm_exc_page_fault+0x26/0x30 [ 2583.918863][T29135] RIP: 0033:0x7fdfb6228266 [ 2583.923271][T29135] Code: 1f 44 00 00 48 8b 0d 91 d4 ca 00 4c 63 05 7a d4 ca 00 48 8b 05 7b d4 ca 00 49 01 c8 48 39 c8 72 13 4c 39 c0 73 0e 48 8d 50 04 <89> 38 48 89 15 61 d4 ca 00 c3 52 48 8d 35 c3 0e 0a 00 48 89 c2 48 [ 2583.942967][T29135] RSP: 002b:00007ffda0a70148 EFLAGS: 00010287 [ 2583.949118][T29135] RAX: 0000001b31520000 RBX: 0000000000000003 RCX: 0000001b31520000 [ 2583.957081][T29135] RDX: 0000001b31520004 RSI: 0000000000000000 RDI: 0000000000000000 [ 2583.965040][T29135] RBP: 0000000000000001 R08: 0000001b31920000 R09: 0000000000040000 [ 2583.973004][T29135] R10: 0000000000000011 R11: 0000000000000293 R12: 0000000000000000 [ 2583.980966][T29135] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 2583.988942][T29135] [ 2584.026671][T29143] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:24:10 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x2, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:10 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x4, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2584.136314][T29135] memory: usage 307180kB, limit 307200kB, failcnt 16958 [ 2584.160137][T29135] memory+swap: usage 307364kB, limit 9007199254740988kB, failcnt 0 [ 2584.168388][T29135] kmem: usage 307164kB, limit 9007199254740988kB, failcnt 0 [ 2584.175801][T29135] Memory cgroup stats for /syz3: [ 2584.175936][T29135] cache 0 [ 2584.185748][T29135] rss 16384 [ 2584.189146][T29135] rss_huge 0 [ 2584.192465][T29135] shmem 0 [ 2584.195496][T29135] mapped_file 0 [ 2584.199564][T29135] dirty 0 [ 2584.202754][T29135] writeback 0 [ 2584.206131][T29135] workingset_refault_anon 7660 [ 2584.211421][T29135] workingset_refault_file 1 [ 2584.216005][T29135] swap 163840 [ 2584.229100][T29135] swapcached 0 [ 2584.232594][T29135] pgpgin 328021 10:24:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x8000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:10 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x3, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2584.236561][T29135] pgpgout 328017 [ 2584.240233][T29135] pgfault 801827 [ 2584.243923][T29135] pgmajfault 6513 [ 2584.247822][T29135] inactive_anon 12288 [ 2584.251927][T29135] active_anon 4096 [ 2584.255757][T29135] inactive_file 0 [ 2584.259654][T29135] active_file 0 [ 2584.263234][T29135] unevictable 0 [ 2584.280631][T29135] hierarchical_memory_limit 314572800 10:24:10 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x5, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2584.286056][T29135] hierarchical_memsw_limit 9223372036854771712 [ 2584.316381][T29135] total_cache 0 [ 2584.319901][T29135] total_rss 16384 [ 2584.323552][T29135] total_rss_huge 0 [ 2584.336473][T29135] total_shmem 0 [ 2584.344952][T29135] total_mapped_file 0 [ 2584.353889][T29135] total_dirty 0 [ 2584.360925][T29135] total_writeback 0 [ 2584.365916][T29135] total_workingset_refault_anon 7660 [ 2584.376136][T29135] total_workingset_refault_file 1 [ 2584.385659][T29135] total_swap 188416 [ 2584.389883][T29135] total_swapcached 0 [ 2584.396837][T29135] total_pgpgin 337567 [ 2584.400876][T29135] total_pgpgout 337563 [ 2584.405034][T29135] total_pgfault 811414 [ 2584.409885][T29135] total_pgmajfault 6513 10:24:10 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x4, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2584.414163][T29135] total_inactive_anon 12288 [ 2584.421010][T29135] total_active_anon 4096 [ 2584.425346][T29135] total_inactive_file 0 [ 2584.434851][T29135] total_active_file 0 [ 2584.439649][T29135] total_unevictable 0 [ 2584.444729][T29157] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:24:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x9000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:10 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x7, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2584.467076][T29135] anon_cost 0 [ 2584.486342][T29135] file_cost 0 [ 2584.492102][T29135] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29135,uid=0 10:24:10 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x8000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2584.557016][T29135] Memory cgroup out of memory: Killed process 29135 (syz-executor.3) total-vm:54376kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 10:24:10 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x5, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:10 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x8, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2584.700075][T29167] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:24:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xa000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2584.807794][T29170] __nla_validate_parse: 38 callbacks suppressed [ 2584.807815][T29170] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2584.888274][T29172] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 10:24:11 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x6, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0xa, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2585.006634][T29175] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2585.125773][T29179] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2585.125999][T29165] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2585.158167][T29165] CPU: 1 PID: 29165 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2585.168632][T29165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2585.178725][T29165] Call Trace: [ 2585.182034][T29165] [ 2585.184981][T29165] dump_stack_lvl+0x1e7/0x2e0 [ 2585.189703][T29165] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2585.194932][T29165] ? __pfx__printk+0x10/0x10 [ 2585.199550][T29165] ? ___ratelimit+0x4c4/0x670 [ 2585.204258][T29165] ? __pfx____ratelimit+0x10/0x10 [ 2585.209307][T29165] dump_header+0xda/0x6a0 [ 2585.213641][T29165] oom_kill_process+0x3a7/0x930 [ 2585.218490][T29165] out_of_memory+0xf67/0x1320 [ 2585.223168][T29165] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2585.228795][T29165] ? __pfx___mutex_lock+0x10/0x10 [ 2585.233828][T29165] ? __pfx_out_of_memory+0x10/0x10 [ 2585.238957][T29165] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2585.244512][T29165] ? __pfx_lock_release+0x10/0x10 [ 2585.249549][T29165] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2585.255620][T29165] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2585.260829][T29165] ? mem_cgroup_iter+0x422/0x560 [ 2585.265767][T29165] try_charge_memcg+0xda2/0x18a0 [ 2585.270698][T29165] ? mark_lock+0x9a/0x350 [ 2585.275046][T29165] ? __pfx_try_charge_memcg+0x10/0x10 [ 2585.280431][T29165] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2585.286582][T29165] charge_memcg+0xa2/0x160 [ 2585.291002][T29165] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2585.297063][T29165] __read_swap_cache_async+0x480/0x8b0 [ 2585.302518][T29165] ? mark_lock+0x9a/0x350 [ 2585.306848][T29165] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2585.312827][T29165] ? blk_start_plug+0x6f/0x1b0 [ 2585.317602][T29165] swap_cluster_readahead+0x398/0x810 [ 2585.322975][T29165] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2585.328865][T29165] ? __pfx_lock_release+0x10/0x10 [ 2585.333885][T29165] ? xas_descend+0x37e/0x470 [ 2585.338478][T29165] swapin_readahead+0x1ea/0x1070 [ 2585.343410][T29165] ? filemap_get_entry+0x127/0x4e0 [ 2585.348525][T29165] ? __pfx_swapin_readahead+0x10/0x10 [ 2585.353896][T29165] ? __filemap_get_folio+0x935/0xbc0 [ 2585.359188][T29165] ? swap_cache_get_folio+0x9f/0x570 [ 2585.364469][T29165] do_swap_page+0x791/0x3f40 [ 2585.369052][T29165] ? __lock_acquire+0x1345/0x1fd0 [ 2585.374591][T29165] ? rcu_is_watching+0x15/0xb0 [ 2585.379357][T29165] ? do_swap_page+0x154/0x3f40 [ 2585.384110][T29165] ? __pfx_do_swap_page+0x10/0x10 [ 2585.389130][T29165] ? pte_offset_map_nolock+0x137/0x1f0 [ 2585.394598][T29165] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2585.400394][T29165] ? __pfx_validate_chain+0x10/0x10 [ 2585.405590][T29165] __handle_mm_fault+0x15e8/0x72d0 [ 2585.410734][T29165] ? __pfx___handle_mm_fault+0x10/0x10 [ 2585.416206][T29165] ? mt_find+0x226/0x850 [ 2585.420456][T29165] ? __pfx_lock_release+0x10/0x10 [ 2585.425574][T29165] ? mt_find+0x62d/0x850 [ 2585.429820][T29165] ? mt_find+0x226/0x850 [ 2585.434074][T29165] ? find_vma+0x142/0x1c0 [ 2585.438395][T29165] ? __pfx_find_vma+0x10/0x10 [ 2585.443060][T29165] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2585.449039][T29165] handle_mm_fault+0x3c1/0x8a0 [ 2585.453802][T29165] exc_page_fault+0x2ad/0x870 [ 2585.458481][T29165] asm_exc_page_fault+0x26/0x30 [ 2585.463321][T29165] RIP: 0010:__get_user_8+0x11/0x20 [ 2585.468425][T29165] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2585.488119][T29165] RSP: 0018:ffffc9000f82fd78 EFLAGS: 00050202 [ 2585.494193][T29165] RAX: 0000555555682da8 RBX: ffff888079f21538 RCX: ffffc9000f82fc03 [ 2585.502158][T29165] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2585.510126][T29165] RBP: ffffc9000f82fec0 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2585.518113][T29165] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc9000f82fd80 [ 2585.526177][T29165] R13: ffffc9000f82ffd8 R14: dffffc0000000000 R15: ffff888079f20000 [ 2585.534161][T29165] __rseq_handle_notify_resume+0x158/0x1490 [ 2585.540848][T29165] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2585.547186][T29165] ? irqentry_exit_to_user_mode+0x52/0x270 [ 2585.552992][T29165] irqentry_exit_to_user_mode+0xbb/0x270 [ 2585.558890][T29165] exc_page_fault+0x587/0x870 [ 2585.563571][T29165] asm_exc_page_fault+0x26/0x30 [ 2585.568429][T29165] RIP: 0033:0x7fdfb625b2c0 [ 2585.572837][T29165] Code: 5d c3 0f 1f 84 00 00 00 00 00 e8 8b b9 ff ff e9 ae fd ff ff 66 0f 1f 44 00 00 48 8d 35 a9 43 12 00 49 39 f5 0f 85 ef 00 00 00 <80> 3d 31 4c 12 00 00 0f 85 45 ff ff ff e9 24 ff ff ff 66 0f 1f 44 [ 2585.592445][T29165] RSP: 002b:00007ffda0a6ffb0 EFLAGS: 00010246 [ 2585.598510][T29165] RAX: 0000555555683900 RBX: 0000000000000110 RCX: 00005555556838f0 [ 2585.606479][T29165] RDX: 0000000000000121 RSI: 00007fdfb637f660 RDI: 0000555555683900 [ 2585.614451][T29165] RBP: 00005555556838f0 R08: 00000000ffffffff R09: 0000000000000000 [ 2585.622414][T29165] R10: 0000000000021000 R11: 0000000000000010 R12: 0000000000020710 [ 2585.630374][T29165] R13: 00007fdfb637f660 R14: 0000000000001000 R15: 0000000000000000 [ 2585.638351][T29165] [ 2585.665361][T29165] memory: usage 307188kB, limit 307200kB, failcnt 17508 [ 2585.673011][T29182] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2585.685298][T29165] memory+swap: usage 307384kB, limit 9007199254740988kB, failcnt 0 10:24:11 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x7, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2585.777642][T29165] kmem: usage 307172kB, limit 9007199254740988kB, failcnt 0 [ 2585.789097][T29165] Memory cgroup stats for /syz3: [ 2585.789228][T29165] cache 0 [ 2585.799865][T29165] rss 16384 [ 2585.803134][T29165] rss_huge 0 [ 2585.811181][T29165] shmem 0 [ 2585.814290][T29165] mapped_file 0 [ 2585.818991][T29165] dirty 0 [ 2585.822063][T29165] writeback 0 10:24:11 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xb000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x10, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2585.825774][T29165] workingset_refault_anon 7881 [ 2585.830793][T29165] workingset_refault_file 1 [ 2585.841323][T29185] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2585.863229][T29165] swap 176128 [ 2585.879346][T29165] swapcached 0 [ 2585.887862][T29165] pgpgin 328258 [ 2585.892329][T29165] pgpgout 328254 [ 2585.905918][T29165] pgfault 802161 [ 2585.910174][T29165] pgmajfault 6706 [ 2585.913938][T29165] inactive_anon 0 10:24:12 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x8, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2585.925142][T29188] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2585.932861][T29165] active_anon 16384 [ 2585.973073][T29165] inactive_file 0 [ 2585.982146][T29165] active_file 0 [ 2585.984550][T29190] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2585.985632][T29165] unevictable 0 [ 2585.985643][T29165] hierarchical_memory_limit 314572800 [ 2585.985653][T29165] hierarchical_memsw_limit 9223372036854771712 [ 2585.985663][T29165] total_cache 0 [ 2585.985671][T29165] total_rss 16384 [ 2585.985678][T29165] total_rss_huge 0 10:24:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x14, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2585.985686][T29165] total_shmem 0 [ 2585.985694][T29165] total_mapped_file 0 [ 2586.029126][T29193] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2586.046041][T29165] total_dirty 0 [ 2586.050978][T29165] total_writeback 0 [ 2586.054911][T29165] total_workingset_refault_anon 7881 [ 2586.068169][T29165] total_workingset_refault_file 1 [ 2586.073366][T29165] total_swap 200704 [ 2586.084018][T29165] total_swapcached 0 [ 2586.090086][T29165] total_pgpgin 337804 [ 2586.094191][T29165] total_pgpgout 337800 [ 2586.104389][T29165] total_pgfault 811748 [ 2586.110284][T29165] total_pgmajfault 6706 [ 2586.114654][T29165] total_inactive_anon 0 [ 2586.119246][T29165] total_active_anon 16384 10:24:12 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x9, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2586.123676][T29165] total_inactive_file 0 [ 2586.128108][T29165] total_active_file 0 [ 2586.132178][T29165] total_unevictable 0 [ 2586.148941][T29165] anon_cost 0 [ 2586.155875][T29165] file_cost 0 [ 2586.158479][T29198] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2586.162766][T29165] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29165,uid=0 10:24:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x18, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:12 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xc000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2586.235694][T29165] Memory cgroup out of memory: Killed process 29165 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:12 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x9000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:24:12 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x1c, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x25, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:12 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xd000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:12 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xfc, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x6900, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2586.680114][T29218] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:24:12 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x177, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:12 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xe000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2586.888596][T29208] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2586.900607][T29208] CPU: 0 PID: 29208 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2586.911059][T29208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2586.921160][T29208] Call Trace: [ 2586.924467][T29208] [ 2586.927419][T29208] dump_stack_lvl+0x1e7/0x2e0 [ 2586.932139][T29208] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2586.937376][T29208] ? __pfx__printk+0x10/0x10 [ 2586.941995][T29208] ? ___ratelimit+0x4c4/0x670 [ 2586.946789][T29208] ? __pfx____ratelimit+0x10/0x10 [ 2586.951872][T29208] dump_header+0xda/0x6a0 [ 2586.956326][T29208] oom_kill_process+0x3a7/0x930 [ 2586.961223][T29208] out_of_memory+0xf67/0x1320 [ 2586.965946][T29208] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2586.971701][T29208] ? __pfx___mutex_lock+0x10/0x10 [ 2586.976933][T29208] ? __pfx_out_of_memory+0x10/0x10 [ 2586.982089][T29208] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2586.987666][T29208] ? __pfx_lock_release+0x10/0x10 [ 2586.992721][T29208] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2586.998819][T29208] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2587.004055][T29208] ? mem_cgroup_iter+0x422/0x560 [ 2587.009030][T29208] try_charge_memcg+0xda2/0x18a0 [ 2587.014019][T29208] ? __pfx_try_charge_memcg+0x10/0x10 [ 2587.019416][T29208] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2587.025167][T29208] ? __pfx_lock_release+0x10/0x10 [ 2587.030227][T29208] ? memcg_account_kmem+0x1e7/0x210 [ 2587.035469][T29208] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2587.041294][T29208] __memcg_kmem_charge_page+0xe1/0x250 [ 2587.046865][T29208] memcg_charge_kernel_stack+0x11c/0x550 [ 2587.052514][T29208] dup_task_struct+0x15d/0x7d0 [ 2587.057294][T29208] copy_process+0x5d5/0x3fc0 [ 2587.061911][T29208] ? __might_fault+0xa9/0x120 [ 2587.066612][T29208] ? __pfx_lock_release+0x10/0x10 [ 2587.071666][T29208] ? __lock_acquire+0x1345/0x1fd0 [ 2587.076720][T29208] ? __pfx_copy_process+0x10/0x10 [ 2587.081758][T29208] ? __might_fault+0xc5/0x120 [ 2587.086440][T29208] ? __asan_memset+0x23/0x50 [ 2587.091070][T29208] kernel_clone+0x21d/0x8d0 [ 2587.095605][T29208] ? __pfx_kernel_clone+0x10/0x10 [ 2587.100651][T29208] ? __pfx_lock_release+0x10/0x10 [ 2587.105697][T29208] __se_sys_clone3+0x2cb/0x350 [ 2587.110470][T29208] ? __might_fault+0xa9/0x120 [ 2587.115178][T29208] ? __pfx___se_sys_clone3+0x10/0x10 [ 2587.120476][T29208] ? rcu_is_watching+0x15/0xb0 [ 2587.125270][T29208] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2587.131293][T29208] ? exc_page_fault+0x587/0x870 [ 2587.136192][T29208] ? do_syscall_64+0xb4/0x240 [ 2587.140895][T29208] do_syscall_64+0xf9/0x240 [ 2587.145410][T29208] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2587.151323][T29208] RIP: 0033:0x7fdfb62a9b99 [ 2587.155760][T29208] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2587.175381][T29208] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 10:24:13 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2587.183818][T29208] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2587.191786][T29208] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2587.199762][T29208] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2587.207759][T29208] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2587.215752][T29208] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2587.224101][T29208] [ 2587.257936][T29208] memory: usage 307200kB, limit 307200kB, failcnt 17907 [ 2587.264923][T29208] memory+swap: usage 307436kB, limit 9007199254740988kB, failcnt 0 10:24:13 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x300, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2587.301136][T29208] kmem: usage 307184kB, limit 9007199254740988kB, failcnt 0 [ 2587.319835][T29208] Memory cgroup stats for /syz3: [ 2587.321637][T29208] cache 0 [ 2587.343715][T29208] rss 16384 10:24:13 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x10000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2587.350798][T29234] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2587.366406][T29208] rss_huge 0 [ 2587.369788][T29208] shmem 0 [ 2587.374435][T29208] mapped_file 0 [ 2587.383309][T29208] dirty 0 [ 2587.389841][T29208] writeback 0 10:24:13 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x2, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2587.415029][T29208] workingset_refault_anon 8064 [ 2587.420106][T29208] workingset_refault_file 1 [ 2587.427131][T29208] swap 217088 [ 2587.436302][T29208] swapcached 0 [ 2587.439799][T29208] pgpgin 328454 [ 2587.447536][T29208] pgpgout 328450 10:24:13 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x36a, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2587.462064][T29208] pgfault 802448 [ 2587.465818][T29208] pgmajfault 6875 [ 2587.481931][T29208] inactive_anon 12288 [ 2587.491018][T29208] active_anon 4096 [ 2587.511449][T29208] inactive_file 0 [ 2587.545897][T29208] active_file 0 [ 2587.555853][T29208] unevictable 0 [ 2587.576549][T29208] hierarchical_memory_limit 314572800 [ 2587.581326][T29243] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2587.590747][T29208] hierarchical_memsw_limit 9223372036854771712 10:24:13 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x3, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2587.616504][T29208] total_cache 0 [ 2587.622556][T29208] total_rss 16384 [ 2587.650836][T29208] total_rss_huge 0 [ 2587.660521][T29208] total_shmem 0 [ 2587.679512][T29208] total_mapped_file 0 [ 2587.694443][T29208] total_dirty 0 [ 2587.703859][T29208] total_writeback 0 10:24:13 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x500, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2587.727174][T29208] total_workingset_refault_anon 8064 10:24:13 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x11000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2587.762449][T29208] total_workingset_refault_file 1 [ 2587.790970][T29208] total_swap 241664 [ 2587.794818][T29208] total_swapcached 0 [ 2587.799220][T29208] total_pgpgin 338000 [ 2587.803237][T29208] total_pgpgout 337996 [ 2587.816782][T29208] total_pgfault 812035 [ 2587.820894][T29208] total_pgmajfault 6875 [ 2587.825064][T29208] total_inactive_anon 12288 [ 2587.861208][T29208] total_active_anon 4096 [ 2587.866072][T29208] total_inactive_file 0 [ 2587.870869][T29208] total_active_file 0 [ 2587.875430][T29208] total_unevictable 0 [ 2587.880949][T29208] anon_cost 0 [ 2587.887329][T29208] file_cost 0 [ 2587.890778][T29208] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29208,uid=0 [ 2587.916320][T29208] Memory cgroup out of memory: Killed process 29208 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2587.980061][T29251] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:24:14 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x9090ac6, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:24:14 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x4, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:14 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x600, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2588.143644][T10507] tipc: Disabling bearer [ 2588.206886][T10507] tipc: Left network mode 10:24:14 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x12000000, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2588.427271][T29264] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:24:14 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x5, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:14 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x700, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2588.744143][T29260] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2588.755153][T29260] CPU: 1 PID: 29260 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2588.765684][T29260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2588.775751][T29260] Call Trace: [ 2588.779030][T29260] [ 2588.781959][T29260] dump_stack_lvl+0x1e7/0x2e0 [ 2588.786633][T29260] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2588.791838][T29260] ? __pfx__printk+0x10/0x10 [ 2588.796429][T29260] ? ___ratelimit+0x4c4/0x670 [ 2588.801096][T29260] ? __pfx____ratelimit+0x10/0x10 [ 2588.806112][T29260] dump_header+0xda/0x6a0 [ 2588.810455][T29260] oom_kill_process+0x3a7/0x930 [ 2588.815322][T29260] out_of_memory+0xf67/0x1320 [ 2588.819995][T29260] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2588.825620][T29260] ? __pfx___mutex_lock+0x10/0x10 [ 2588.830636][T29260] ? __pfx_out_of_memory+0x10/0x10 [ 2588.835745][T29260] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2588.841283][T29260] ? __pfx_lock_release+0x10/0x10 [ 2588.846299][T29260] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2588.852358][T29260] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2588.857562][T29260] ? mem_cgroup_iter+0x422/0x560 [ 2588.862536][T29260] try_charge_memcg+0xda2/0x18a0 [ 2588.867497][T29260] ? __pfx_try_charge_memcg+0x10/0x10 [ 2588.872860][T29260] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2588.878565][T29260] ? __pfx_lock_release+0x10/0x10 [ 2588.883590][T29260] ? memcg_account_kmem+0x1e7/0x210 [ 2588.888802][T29260] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2588.894602][T29260] __memcg_kmem_charge_page+0xe1/0x250 [ 2588.900064][T29260] memcg_charge_kernel_stack+0x11c/0x550 [ 2588.905690][T29260] dup_task_struct+0x40d/0x7d0 [ 2588.910465][T29260] copy_process+0x5d5/0x3fc0 [ 2588.915090][T29260] ? __might_fault+0xa9/0x120 [ 2588.919776][T29260] ? __pfx_lock_release+0x10/0x10 [ 2588.924797][T29260] ? __lock_acquire+0x1345/0x1fd0 [ 2588.929826][T29260] ? __pfx_copy_process+0x10/0x10 [ 2588.934843][T29260] ? __might_fault+0xc5/0x120 [ 2588.939510][T29260] ? __asan_memset+0x23/0x50 [ 2588.944094][T29260] kernel_clone+0x21d/0x8d0 [ 2588.948591][T29260] ? __pfx_kernel_clone+0x10/0x10 [ 2588.953699][T29260] ? __pfx_lock_release+0x10/0x10 [ 2588.958736][T29260] __se_sys_clone3+0x2cb/0x350 [ 2588.963516][T29260] ? __might_fault+0xa9/0x120 [ 2588.968204][T29260] ? __pfx___se_sys_clone3+0x10/0x10 [ 2588.973492][T29260] ? rcu_is_watching+0x15/0xb0 [ 2588.978267][T29260] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2588.984337][T29260] ? exc_page_fault+0x587/0x870 [ 2588.989186][T29260] ? do_syscall_64+0xb4/0x240 [ 2588.993866][T29260] do_syscall_64+0xf9/0x240 [ 2588.998453][T29260] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2589.004345][T29260] RIP: 0033:0x7fdfb62a9b99 [ 2589.008778][T29260] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2589.028408][T29260] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2589.036818][T29260] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2589.044778][T29260] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2589.052742][T29260] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2589.060714][T29260] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2589.068691][T29260] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2589.076663][T29260] [ 2589.090169][T29260] memory: usage 307200kB, limit 307200kB, failcnt 18238 [ 2589.097497][T29260] memory+swap: usage 307396kB, limit 9007199254740988kB, failcnt 0 [ 2589.105711][T29260] kmem: usage 307184kB, limit 9007199254740988kB, failcnt 0 [ 2589.114517][T29260] Memory cgroup stats for /syz3: [ 2589.114632][T29260] cache 0 [ 2589.123293][T29260] rss 16384 [ 2589.127083][T29260] rss_huge 0 [ 2589.130574][T29260] shmem 0 [ 2589.133784][T29260] mapped_file 0 [ 2589.138250][T29260] dirty 0 [ 2589.141534][T29260] writeback 0 [ 2589.145103][T29260] workingset_refault_anon 8195 [ 2589.151168][T29260] workingset_refault_file 1 [ 2589.156023][T29260] swap 176128 [ 2589.160146][T29260] swapcached 4096 [ 2589.164106][T29260] pgpgin 328611 [ 2589.168444][T29260] pgpgout 328607 [ 2589.172285][T29260] pgfault 802668 [ 2589.176129][T29260] pgmajfault 6995 [ 2589.180855][T29260] inactive_anon 16384 [ 2589.203634][T29260] active_anon 0 [ 2589.213325][T29260] inactive_file 0 [ 2589.222423][T29260] active_file 0 [ 2589.232317][T29260] unevictable 0 [ 2589.241112][T29260] hierarchical_memory_limit 314572800 [ 2589.254947][T29260] hierarchical_memsw_limit 9223372036854771712 [ 2589.264878][T29260] total_cache 0 [ 2589.268605][T29260] total_rss 16384 [ 2589.272348][T29260] total_rss_huge 0 [ 2589.279774][T29260] total_shmem 0 [ 2589.283333][T29260] total_mapped_file 0 [ 2589.287497][T29260] total_dirty 0 [ 2589.291090][T29260] total_writeback 0 [ 2589.294991][T29260] total_workingset_refault_anon 8195 [ 2589.300466][T29260] total_workingset_refault_file 1 10:24:15 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x900, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2589.304615][T29273] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2589.305555][T29260] total_swap 200704 [ 2589.325630][T29260] total_swapcached 4096 [ 2589.331004][T29260] total_pgpgin 338157 [ 2589.335463][T29260] total_pgpgout 338153 [ 2589.342730][T29260] total_pgfault 812255 [ 2589.347386][T29260] total_pgmajfault 6995 10:24:15 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x6, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2589.351697][T29260] total_inactive_anon 16384 [ 2589.361924][T29260] total_active_anon 0 [ 2589.368993][T29260] total_inactive_file 0 [ 2589.401775][T29260] total_active_file 0 [ 2589.406112][T29260] total_unevictable 0 [ 2589.413682][T29260] anon_cost 0 [ 2589.418876][T29260] file_cost 0 [ 2589.435274][T29260] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29260,uid=0 10:24:15 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xa000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:24:15 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x3b403fa6, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2589.454644][T29260] Memory cgroup out of memory: Killed process 29260 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2589.548841][T28065] netdevsim netdevsim4 netdevsim0: renamed from eth0 10:24:15 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x1c00, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:15 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x7, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2589.753018][T29280] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2589.777086][T28065] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2589.851200][T29284] __nla_validate_parse: 25 callbacks suppressed [ 2589.851221][T29284] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2589.988099][T28065] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2590.008062][T29289] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 10:24:16 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x6a03, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2590.047521][T29287] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2590.087067][T29290] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:24:16 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xa63f403b, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:16 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x8, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2590.204264][T28065] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2590.249402][T29294] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2590.282261][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2590.296125][ T5088] CPU: 0 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2590.306498][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2590.316579][ T5088] Call Trace: [ 2590.319874][ T5088] [ 2590.322819][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2590.327634][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2590.332861][ T5088] ? __pfx__printk+0x10/0x10 [ 2590.337458][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2590.342400][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2590.347429][ T5088] dump_header+0xda/0x6a0 [ 2590.351765][ T5088] oom_kill_process+0x3a7/0x930 [ 2590.356808][ T5088] out_of_memory+0xf67/0x1320 [ 2590.361571][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2590.367197][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2590.372214][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2590.377329][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2590.382962][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2590.387994][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2590.394058][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2590.399251][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2590.404188][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2590.409138][ T5088] ? mark_lock+0x9a/0x350 [ 2590.413510][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2590.419003][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2590.425179][ T5088] charge_memcg+0xa2/0x160 [ 2590.429616][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2590.435718][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2590.441181][ T5088] ? mark_lock+0x9a/0x350 [ 2590.445520][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2590.451515][ T5088] ? blk_start_plug+0x6f/0x1b0 [ 2590.456278][ T5088] swap_cluster_readahead+0x398/0x810 [ 2590.461654][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2590.467542][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2590.472560][ T5088] ? xas_descend+0x37e/0x470 [ 2590.477151][ T5088] swapin_readahead+0x1ea/0x1070 [ 2590.482085][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2590.487206][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2590.492581][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2590.497868][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2590.503149][ T5088] do_swap_page+0x791/0x3f40 [ 2590.507735][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2590.512512][ T5088] ? do_swap_page+0x154/0x3f40 [ 2590.517267][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2590.522282][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2590.527736][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2590.533542][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2590.538671][ T5088] ? reacquire_held_locks+0x3eb/0x690 [ 2590.544035][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2590.549499][ T5088] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2590.555219][ T5088] ? mtree_range_walk+0x6fd/0x8e0 [ 2590.560239][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2590.565442][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2590.570601][ T5088] ? lock_vma_under_rcu+0x2f9/0x730 [ 2590.575808][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2590.580999][ T5088] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2590.586553][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2590.591404][ T5088] exc_page_fault+0x456/0x870 [ 2590.596083][ T5088] asm_exc_page_fault+0x26/0x30 [ 2590.600922][ T5088] RIP: 0033:0x7fdfb6238504 [ 2590.605327][ T5088] Code: 24 08 48 8b 05 bd d1 c9 00 bf 01 00 00 00 4c 8b 25 b9 d1 c9 00 48 8d 14 40 48 b8 cd cc cc cc cc cc cc cc 48 f7 e2 48 c1 ea 02 <48> 89 54 24 10 e8 52 1e 04 00 85 c0 0f 85 7f 08 00 00 48 b8 db 34 [ 2590.625032][ T5088] RSP: 002b:00007ffda0a70380 EFLAGS: 00010206 [ 2590.631101][ T5088] RAX: 0000000000000bb8 RBX: 000000000000778b RCX: 0000000000000000 [ 2590.639066][ T5088] RDX: 0000000000000bb8 RSI: 00007ffda0a70440 RDI: 0000000000000001 [ 2590.647191][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000000 R09: 00007ffda0b240b0 [ 2590.655265][ T5088] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2590.663254][ T5088] R13: 00000000002783c3 R14: 00000000002783c3 R15: 0000000000000000 [ 2590.671244][ T5088] [ 2590.687883][T29297] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2590.700151][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 19000 [ 2590.714104][ T5088] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2590.722602][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2590.738513][T29298] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2590.753874][ T5088] Memory cgroup stats for /syz3: [ 2590.753980][ T5088] cache 0 [ 2590.766394][ T5088] rss 0 [ 2590.769400][ T5088] rss_huge 0 [ 2590.772794][ T5088] shmem 0 [ 2590.778087][ T5088] mapped_file 0 [ 2590.785010][ T5088] dirty 0 [ 2590.796423][T29300] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2590.806851][ T5088] writeback 0 [ 2590.815756][ T5088] workingset_refault_anon 8491 [ 2590.824843][ T5088] workingset_refault_file 1 10:24:17 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x6cf9, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x9, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2590.889946][ T1237] ieee802154 phy0 wpan0: encryption failed: -22 [ 2590.890011][ T1237] ieee802154 phy1 wpan1: encryption failed: -22 [ 2590.958649][ T5088] swap 184320 [ 2590.962088][ T5088] swapcached 8192 [ 2590.969896][ T5088] pgpgin 328925 [ 2590.973607][ T5088] pgpgout 328923 [ 2590.977787][ T5088] pgfault 803058 [ 2590.981499][ T5088] pgmajfault 7220 [ 2590.989695][ T5088] inactive_anon 8192 [ 2590.994094][ T5088] active_anon 0 [ 2591.002139][ T5088] inactive_file 0 10:24:17 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xf0ffffff, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2591.013477][ T5088] active_file 0 [ 2591.019931][ T5088] unevictable 0 [ 2591.023501][ T5088] hierarchical_memory_limit 314572800 [ 2591.035187][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2591.042273][T29304] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2591.052977][ T5088] total_cache 0 [ 2591.065135][ T5088] total_rss 0 [ 2591.069644][ T5088] total_rss_huge 0 [ 2591.073495][ T5088] total_shmem 0 [ 2591.084852][ T5088] total_mapped_file 0 [ 2591.090191][ T5088] total_dirty 0 [ 2591.094354][ T5088] total_writeback 0 [ 2591.101779][T29306] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2591.106758][ T5088] total_workingset_refault_anon 8491 [ 2591.125154][ T5088] total_workingset_refault_file 1 [ 2591.130680][ T5088] total_swap 208896 [ 2591.134619][ T5088] total_swapcached 8192 [ 2591.140274][T29307] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2591.147989][ T5088] total_pgpgin 338471 [ 2591.152593][ T5088] total_pgpgout 338469 10:24:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xa, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2591.165038][ T5088] total_pgfault 812645 [ 2591.171012][ T5088] total_pgmajfault 7220 [ 2591.175281][ T5088] total_inactive_anon 8192 10:24:17 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x7701, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2591.212330][T29310] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2591.231300][ T5088] total_active_anon 0 [ 2591.235373][ T5088] total_inactive_file 0 [ 2591.240775][ T5088] total_active_file 0 [ 2591.253393][ T5088] total_unevictable 0 [ 2591.260955][ T5088] anon_cost 0 [ 2591.264434][ T5088] file_cost 0 [ 2591.268252][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29282,uid=0 [ 2591.284085][ T5088] Memory cgroup out of memory: Killed process 29282 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xc000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2591.361128][T29313] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 10:24:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xb, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:17 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xf96c, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2591.435322][T29316] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 10:24:17 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xffffff7f, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2591.524376][T10507] dvmrp0 (unregistering): left allmulticast mode [ 2591.608962][T10507] IPVS: stopping backup sync thread 29939 ... [ 2591.766942][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2591.780588][T29326] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2591.784770][ T5088] CPU: 0 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2591.799185][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2591.809340][ T5088] Call Trace: [ 2591.812641][ T5088] [ 2591.815595][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2591.820334][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2591.825572][ T5088] ? __pfx__printk+0x10/0x10 [ 2591.830198][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2591.835000][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2591.840065][ T5088] dump_header+0xda/0x6a0 [ 2591.844423][ T5088] oom_kill_process+0x3a7/0x930 [ 2591.849292][ T5088] out_of_memory+0xf67/0x1320 [ 2591.853980][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2591.859621][ T5088] ? __pfx___mutex_lock+0x10/0x10 10:24:18 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xfc00, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2591.864670][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2591.869813][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2591.875383][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2591.880437][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2591.886530][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2591.891755][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2591.896725][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2591.901685][ T5088] ? mark_lock+0x9a/0x350 [ 2591.906060][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2591.911496][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2591.917682][ T5088] charge_memcg+0xa2/0x160 [ 2591.922141][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2591.928250][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2591.933728][ T5088] ? mark_lock+0x9a/0x350 [ 2591.938074][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2591.944098][ T5088] ? blk_start_plug+0x6f/0x1b0 [ 2591.948932][ T5088] swap_cluster_readahead+0x398/0x810 [ 2591.954354][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2591.960274][ T5088] ? __pfx_lock_release+0x10/0x10 10:24:18 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xff00, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2591.965323][ T5088] ? xas_descend+0x37e/0x470 [ 2591.969957][ T5088] swapin_readahead+0x1ea/0x1070 [ 2591.974932][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2591.980083][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2591.985499][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2591.990834][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2591.996157][ T5088] do_swap_page+0x791/0x3f40 [ 2592.000779][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2592.005574][ T5088] ? mark_lock+0x9a/0x350 [ 2592.009951][ T5088] ? do_swap_page+0x154/0x3f40 [ 2592.014745][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2592.019804][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2592.025301][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2592.031145][ T5088] ? mark_lock+0x9a/0x350 [ 2592.035513][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2592.040692][ T5088] ? reacquire_held_locks+0x3eb/0x690 [ 2592.046097][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2592.051768][ T5088] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2592.057525][ T5088] ? irqentry_exit+0x63/0x90 [ 2592.062178][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2592.067407][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2592.072467][ T5088] ? lock_vma_under_rcu+0x2f9/0x730 [ 2592.077722][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2592.083124][ T5088] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2592.088703][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2592.093513][ T5088] exc_page_fault+0x456/0x870 [ 2592.098226][ T5088] asm_exc_page_fault+0x26/0x30 [ 2592.103082][ T5088] RIP: 0033:0x7fdfb6238504 10:24:18 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x34000, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2592.107512][ T5088] Code: 24 08 48 8b 05 bd d1 c9 00 bf 01 00 00 00 4c 8b 25 b9 d1 c9 00 48 8d 14 40 48 b8 cd cc cc cc cc cc cc cc 48 f7 e2 48 c1 ea 02 <48> 89 54 24 10 e8 52 1e 04 00 85 c0 0f 85 7f 08 00 00 48 b8 db 34 [ 2592.127320][ T5088] RSP: 002b:00007ffda0a70380 EFLAGS: 00010206 [ 2592.133424][ T5088] RAX: 0000000000000bb8 RBX: 000000000000778c RCX: 0000000000000000 [ 2592.141427][ T5088] RDX: 0000000000000bb8 RSI: 00007ffda0a70440 RDI: 0000000000000001 [ 2592.149430][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000000 R09: 00007ffda0b240b0 [ 2592.157433][ T5088] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2592.165433][ T5088] R13: 0000000000278ad4 R14: 0000000000278ad4 R15: 0000000000000000 [ 2592.173470][ T5088] 10:24:18 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xc, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:18 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0xfffffff0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2592.211689][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 19361 [ 2592.218758][ T5088] memory+swap: usage 307448kB, limit 9007199254740988kB, failcnt 0 [ 2592.226780][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2592.256089][ T5088] Memory cgroup stats for /syz3: [ 2592.256336][ T5088] cache 0 [ 2592.302585][ T5088] rss 0 [ 2592.305508][ T5088] rss_huge 0 [ 2592.313519][ T5088] shmem 0 [ 2592.320105][ T5088] mapped_file 0 [ 2592.327014][ T5088] dirty 0 [ 2592.333357][ T5088] writeback 0 [ 2592.341899][ T5088] workingset_refault_anon 8651 [ 2592.352834][ T5088] workingset_refault_file 1 [ 2592.363161][ T5088] swap 229376 [ 2592.377570][ T5088] swapcached 0 [ 2592.385494][ T5088] pgpgin 329100 [ 2592.392610][ T5088] pgpgout 329100 10:24:18 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x400300, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2592.400674][ T5088] pgfault 803293 [ 2592.404349][ T5088] pgmajfault 7348 [ 2592.410481][ T5088] inactive_anon 0 [ 2592.414750][T29341] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2592.415029][ T5088] active_anon 0 [ 2592.429466][ T5088] inactive_file 0 [ 2592.433232][ T5088] active_file 0 [ 2592.447930][ T5088] unevictable 0 10:24:18 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xd, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2592.454480][ T5088] hierarchical_memory_limit 314572800 [ 2592.465551][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2592.483632][ T5088] total_cache 0 [ 2592.514103][ T5088] total_rss 0 [ 2592.522277][ T5088] total_rss_huge 0 [ 2592.534036][ T5088] total_shmem 0 [ 2592.545569][ T5088] total_mapped_file 0 10:24:18 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x3}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2592.562262][ T5088] total_dirty 0 [ 2592.567540][ T5088] total_writeback 0 [ 2592.572981][ T5088] total_workingset_refault_anon 8651 [ 2592.579055][ T5088] total_workingset_refault_file 1 [ 2592.584450][ T5088] total_swap 253952 [ 2592.588927][ T5088] total_swapcached 0 [ 2592.593235][ T5088] total_pgpgin 338646 [ 2592.597867][ T5088] total_pgpgout 338646 [ 2592.604276][ T5088] total_pgfault 812880 [ 2592.614681][ T5088] total_pgmajfault 7348 [ 2592.619829][ T5088] total_inactive_anon 0 [ 2592.626910][ T5088] total_active_anon 0 [ 2592.631131][ T5088] total_inactive_file 0 [ 2592.635467][ T5088] total_active_file 0 [ 2592.655084][ T5088] total_unevictable 0 [ 2592.660261][ T5088] anon_cost 0 [ 2592.663807][ T5088] file_cost 0 [ 2592.668155][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29319,uid=0 10:24:18 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xf000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2592.693740][ T5088] Memory cgroup out of memory: Killed process 29319 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2593.524619][T29353] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2593.544298][T29353] CPU: 0 PID: 29353 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2593.554763][T29353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2593.564837][T29353] Call Trace: [ 2593.568140][T29353] [ 2593.571096][T29353] dump_stack_lvl+0x1e7/0x2e0 [ 2593.575834][T29353] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2593.581081][T29353] ? __pfx__printk+0x10/0x10 [ 2593.585714][T29353] ? ___ratelimit+0x4c4/0x670 [ 2593.590426][T29353] ? __pfx____ratelimit+0x10/0x10 [ 2593.595496][T29353] dump_header+0xda/0x6a0 [ 2593.600037][T29353] oom_kill_process+0x3a7/0x930 [ 2593.604925][T29353] out_of_memory+0xf67/0x1320 [ 2593.609636][T29353] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2593.615294][T29353] ? __pfx___mutex_lock+0x10/0x10 [ 2593.620345][T29353] ? __pfx_out_of_memory+0x10/0x10 [ 2593.625491][T29353] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2593.631070][T29353] ? __pfx_lock_release+0x10/0x10 [ 2593.636123][T29353] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2593.642224][T29353] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2593.647541][T29353] ? mem_cgroup_iter+0x422/0x560 [ 2593.652502][T29353] try_charge_memcg+0xda2/0x18a0 [ 2593.657487][T29353] ? __pfx_try_charge_memcg+0x10/0x10 [ 2593.662881][T29353] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2593.668627][T29353] ? __pfx_lock_release+0x10/0x10 [ 2593.673770][T29353] ? memcg_account_kmem+0x1e7/0x210 [ 2593.679096][T29353] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2593.684935][T29353] __memcg_kmem_charge_page+0xe1/0x250 [ 2593.690433][T29353] memcg_charge_kernel_stack+0x304/0x550 [ 2593.696097][T29353] dup_task_struct+0x15d/0x7d0 [ 2593.700891][T29353] copy_process+0x5d5/0x3fc0 [ 2593.705521][T29353] ? __might_fault+0xa9/0x120 [ 2593.710313][T29353] ? __pfx_lock_release+0x10/0x10 [ 2593.715371][T29353] ? __lock_acquire+0x1345/0x1fd0 [ 2593.720429][T29353] ? __pfx_copy_process+0x10/0x10 [ 2593.725486][T29353] ? __might_fault+0xc5/0x120 [ 2593.730204][T29353] ? __asan_memset+0x23/0x50 [ 2593.734825][T29353] kernel_clone+0x21d/0x8d0 [ 2593.739361][T29353] ? __pfx_kernel_clone+0x10/0x10 [ 2593.744592][T29353] ? __pfx_lock_release+0x10/0x10 [ 2593.749700][T29353] __se_sys_clone3+0x2cb/0x350 [ 2593.754948][T29353] ? __might_fault+0xa9/0x120 [ 2593.759690][T29353] ? __pfx___se_sys_clone3+0x10/0x10 [ 2593.764999][T29353] ? rcu_is_watching+0x15/0xb0 [ 2593.769806][T29353] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2593.775835][T29353] ? exc_page_fault+0x587/0x870 [ 2593.780728][T29353] ? do_syscall_64+0xb4/0x240 [ 2593.785443][T29353] do_syscall_64+0xf9/0x240 [ 2593.789981][T29353] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2593.795906][T29353] RIP: 0033:0x7fdfb62a9b99 [ 2593.800347][T29353] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2593.819982][T29353] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2593.828427][T29353] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2593.836430][T29353] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2593.844428][T29353] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2593.852432][T29353] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2593.860434][T29353] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2593.868455][T29353] [ 2593.906430][T29353] memory: usage 307200kB, limit 307200kB, failcnt 20094 [ 2593.913456][T29353] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2593.931716][T29353] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2593.944421][T29353] Memory cgroup stats for /syz3: [ 2593.944555][T29353] cache 0 [ 2593.953472][T29353] rss 0 [ 2593.956784][T29353] rss_huge 0 [ 2593.960002][T29353] shmem 0 [ 2593.962947][T29353] mapped_file 0 [ 2593.967120][T29353] dirty 0 [ 2593.970078][T29353] writeback 0 [ 2593.973369][T29353] workingset_refault_anon 8943 [ 2593.979267][T29353] workingset_refault_file 1 [ 2593.983784][T29353] swap 188416 [ 2593.987642][T29353] swapcached 4096 [ 2593.991287][T29353] pgpgin 329405 [ 2593.994744][T29353] pgpgout 329404 [ 2593.999614][T29353] pgfault 803696 [ 2594.003195][T29353] pgmajfault 7590 [ 2594.007421][T29353] inactive_anon 0 [ 2594.011074][T29353] active_anon 0 [ 2594.014559][T29353] inactive_file 0 [ 2594.018917][T29353] active_file 0 [ 2594.022486][T29353] unevictable 0 [ 2594.025952][T29353] hierarchical_memory_limit 314572800 [ 2594.036256][T29353] hierarchical_memsw_limit 9223372036854771712 [ 2594.042433][T29353] total_cache 0 [ 2594.045902][T29353] total_rss 0 [ 2594.051871][T29353] total_rss_huge 0 [ 2594.055613][T29353] total_shmem 0 [ 2594.068947][T29353] total_mapped_file 0 [ 2594.072941][T29353] total_dirty 0 [ 2594.087160][T29353] total_writeback 0 [ 2594.091014][T29353] total_workingset_refault_anon 8943 [ 2594.110006][T29353] total_workingset_refault_file 1 [ 2594.115057][T29353] total_swap 212992 [ 2594.127641][T29353] total_swapcached 4096 [ 2594.133145][T29353] total_pgpgin 338951 [ 2594.140947][T29353] total_pgpgout 338950 [ 2594.149793][T29353] total_pgfault 813283 [ 2594.155700][T29353] total_pgmajfault 7590 [ 2594.163618][T29353] total_inactive_anon 0 [ 2594.172955][T29353] total_active_anon 0 [ 2594.181801][T29353] total_inactive_file 0 [ 2594.187314][T29353] total_active_file 0 [ 2594.196017][T29353] total_unevictable 0 [ 2594.204870][T29353] anon_cost 0 [ 2594.208665][T29353] file_cost 0 10:24:20 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x10000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2594.212160][T29353] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29353,uid=0 [ 2594.229289][T29353] Memory cgroup out of memory: Killed process 29353 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2594.834419][T29354] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2594.854815][T29354] CPU: 0 PID: 29354 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2594.865292][T29354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2594.875378][T29354] Call Trace: [ 2594.878683][T29354] [ 2594.881635][T29354] dump_stack_lvl+0x1e7/0x2e0 [ 2594.886352][T29354] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2594.891592][T29354] ? __pfx__printk+0x10/0x10 [ 2594.896217][T29354] ? ___ratelimit+0x4c4/0x670 [ 2594.900929][T29354] ? __pfx____ratelimit+0x10/0x10 [ 2594.905982][T29354] dump_header+0xda/0x6a0 [ 2594.910346][T29354] oom_kill_process+0x3a7/0x930 [ 2594.915237][T29354] out_of_memory+0xf67/0x1320 [ 2594.919946][T29354] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2594.925607][T29354] ? __pfx___mutex_lock+0x10/0x10 [ 2594.930668][T29354] ? __pfx_out_of_memory+0x10/0x10 [ 2594.935816][T29354] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2594.941387][T29354] ? __pfx_lock_release+0x10/0x10 [ 2594.946445][T29354] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2594.952551][T29354] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2594.957774][T29354] ? mem_cgroup_iter+0x422/0x560 [ 2594.962741][T29354] try_charge_memcg+0xda2/0x18a0 [ 2594.967740][T29354] ? __pfx_try_charge_memcg+0x10/0x10 [ 2594.973136][T29354] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2594.979314][T29354] ? __pfx_lock_release+0x10/0x10 [ 2594.984369][T29354] ? memcg_account_kmem+0x1e7/0x210 [ 2594.989604][T29354] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2594.995436][T29354] __memcg_kmem_charge_page+0xe1/0x250 [ 2595.000929][T29354] memcg_charge_kernel_stack+0x304/0x550 [ 2595.006591][T29354] dup_task_struct+0x15d/0x7d0 [ 2595.011381][T29354] copy_process+0x5d5/0x3fc0 [ 2595.016016][T29354] ? __might_fault+0xa9/0x120 [ 2595.020719][T29354] ? __pfx_lock_release+0x10/0x10 [ 2595.025786][T29354] ? __pfx_copy_process+0x10/0x10 [ 2595.030843][T29354] ? __might_fault+0xc5/0x120 [ 2595.035561][T29354] ? __asan_memset+0x23/0x50 [ 2595.040222][T29354] kernel_clone+0x21d/0x8d0 [ 2595.044772][T29354] ? __pfx_kernel_clone+0x10/0x10 [ 2595.049849][T29354] __se_sys_clone3+0x2cb/0x350 [ 2595.054646][T29354] ? __pfx___se_sys_clone3+0x10/0x10 [ 2595.059970][T29354] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2595.066082][T29354] ? exc_page_fault+0x587/0x870 [ 2595.070965][T29354] ? do_syscall_64+0xb4/0x240 [ 2595.075697][T29354] do_syscall_64+0xf9/0x240 [ 2595.080231][T29354] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2595.086155][T29354] RIP: 0033:0x7fdfb62a9b99 [ 2595.090616][T29354] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2595.110247][T29354] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2595.118692][T29354] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2595.126687][T29354] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2595.134689][T29354] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2595.142699][T29354] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2595.150704][T29354] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2595.158725][T29354] [ 2595.179762][T29354] memory: usage 307200kB, limit 307200kB, failcnt 20664 [ 2595.196263][T29354] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2595.204211][T29354] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2595.227291][T29354] Memory cgroup stats for /syz3: [ 2595.227423][T29354] cache 0 [ 2595.235328][T29354] rss 0 [ 2595.247845][T29354] rss_huge 0 [ 2595.251095][T29354] shmem 0 [ 2595.254046][T29354] mapped_file 0 [ 2595.264780][T29354] dirty 0 [ 2595.268553][T29354] writeback 0 [ 2595.271857][T29354] workingset_refault_anon 9177 [ 2595.285840][T29354] workingset_refault_file 1 [ 2595.290729][T29354] swap 192512 [ 2595.294035][T29354] swapcached 0 [ 2595.297799][T29354] pgpgin 329653 [ 2595.301271][T29354] pgpgout 329653 [ 2595.304823][T29354] pgfault 804024 [ 2595.312465][T29354] pgmajfault 7780 [ 2595.316721][T29354] inactive_anon 0 [ 2595.320375][T29354] active_anon 0 [ 2595.323844][T29354] inactive_file 0 [ 2595.329296][T29354] active_file 0 [ 2595.332778][T29354] unevictable 0 [ 2595.336770][T29354] hierarchical_memory_limit 314572800 [ 2595.342167][T29354] hierarchical_memsw_limit 9223372036854771712 [ 2595.349432][T29354] total_cache 0 [ 2595.352910][T29354] total_rss 0 [ 2595.356740][T29354] total_rss_huge 0 [ 2595.360475][T29354] total_shmem 0 [ 2595.363940][T29354] total_mapped_file 0 [ 2595.368790][T29354] total_dirty 0 [ 2595.372273][T29354] total_writeback 0 [ 2595.376087][T29354] total_workingset_refault_anon 9177 [ 2595.382197][T29354] total_workingset_refault_file 1 [ 2595.388110][T29354] total_swap 217088 [ 2595.391939][T29354] total_swapcached 0 [ 2595.395842][T29354] total_pgpgin 339199 [ 2595.402356][T29354] total_pgpgout 339199 [ 2595.410992][T29354] total_pgfault 813611 [ 2595.415090][T29354] total_pgmajfault 7780 [ 2595.429308][T29354] total_inactive_anon 0 [ 2595.433497][T29354] total_active_anon 0 [ 2595.454199][T29354] total_inactive_file 0 [ 2595.458921][T29354] total_active_file 0 [ 2595.464352][T29354] total_unevictable 0 [ 2595.479670][T29354] anon_cost 0 [ 2595.487839][T29354] file_cost 0 [ 2595.494726][T29354] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29354,uid=0 [ 2595.534140][T29354] Memory cgroup out of memory: Killed process 29354 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x426b0000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2596.459487][T29355] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2596.492135][T29355] CPU: 0 PID: 29355 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2596.502601][T29355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2596.512677][T29355] Call Trace: [ 2596.515967][T29355] [ 2596.518911][T29355] dump_stack_lvl+0x1e7/0x2e0 [ 2596.523614][T29355] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2596.528834][T29355] ? __pfx__printk+0x10/0x10 [ 2596.533436][T29355] ? ___ratelimit+0x4c4/0x670 [ 2596.538143][T29355] ? __pfx____ratelimit+0x10/0x10 [ 2596.543192][T29355] dump_header+0xda/0x6a0 [ 2596.547548][T29355] oom_kill_process+0x3a7/0x930 [ 2596.552417][T29355] out_of_memory+0xf67/0x1320 [ 2596.557113][T29355] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2596.562759][T29355] ? __pfx___mutex_lock+0x10/0x10 [ 2596.567796][T29355] ? __pfx_out_of_memory+0x10/0x10 [ 2596.573285][T29355] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2596.578849][T29355] ? __pfx_lock_release+0x10/0x10 [ 2596.584505][T29355] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2596.590960][T29355] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2596.596176][T29355] ? mem_cgroup_iter+0x422/0x560 [ 2596.601128][T29355] try_charge_memcg+0xda2/0x18a0 [ 2596.606077][T29355] ? __pfx_try_charge_memcg+0x10/0x10 [ 2596.611444][T29355] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2596.617154][T29355] ? __pfx_lock_release+0x10/0x10 [ 2596.622173][T29355] ? memcg_account_kmem+0x1e7/0x210 [ 2596.627374][T29355] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2596.634132][T29355] __memcg_kmem_charge_page+0xe1/0x250 [ 2596.639603][T29355] memcg_charge_kernel_stack+0x304/0x550 [ 2596.645230][T29355] dup_task_struct+0x40d/0x7d0 [ 2596.649989][T29355] copy_process+0x5d5/0x3fc0 [ 2596.654588][T29355] ? __might_fault+0xa9/0x120 [ 2596.659258][T29355] ? __pfx_lock_release+0x10/0x10 [ 2596.664282][T29355] ? __lock_acquire+0x1345/0x1fd0 [ 2596.669301][T29355] ? __pfx_copy_process+0x10/0x10 [ 2596.674322][T29355] ? __might_fault+0xc5/0x120 [ 2596.679000][T29355] ? __asan_memset+0x23/0x50 [ 2596.683629][T29355] kernel_clone+0x21d/0x8d0 [ 2596.688137][T29355] ? __pfx_kernel_clone+0x10/0x10 [ 2596.693159][T29355] ? __pfx_lock_release+0x10/0x10 [ 2596.698184][T29355] __se_sys_clone3+0x2cb/0x350 [ 2596.702938][T29355] ? __might_fault+0xa9/0x120 [ 2596.707607][T29355] ? __pfx___se_sys_clone3+0x10/0x10 [ 2596.712884][T29355] ? rcu_is_watching+0x15/0xb0 [ 2596.717651][T29355] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2596.723633][T29355] ? exc_page_fault+0x587/0x870 [ 2596.728484][T29355] ? do_syscall_64+0xb4/0x240 [ 2596.733162][T29355] do_syscall_64+0xf9/0x240 [ 2596.737665][T29355] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2596.743558][T29355] RIP: 0033:0x7fdfb62a9b99 [ 2596.747966][T29355] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2596.767560][T29355] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2596.775973][T29355] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2596.783935][T29355] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2596.791897][T29355] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2596.799856][T29355] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2596.807818][T29355] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2596.815793][T29355] [ 2596.936274][T29355] memory: usage 307200kB, limit 307200kB, failcnt 21434 [ 2596.943265][T29355] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2596.966339][T29355] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2596.976199][T29355] Memory cgroup stats for /syz3: [ 2596.976338][T29355] cache 0 [ 2596.984270][T29355] rss 12288 [ 2597.000367][T29355] rss_huge 0 [ 2597.003609][T29355] shmem 0 [ 2597.016231][T29355] mapped_file 0 [ 2597.019728][T29355] dirty 0 [ 2597.022685][T29355] writeback 0 [ 2597.025979][T29355] workingset_refault_anon 9465 [ 2597.046624][T29355] workingset_refault_file 1 [ 2597.051173][T29355] swap 180224 [ 2597.054501][T29355] swapcached 0 [ 2597.060923][T29355] pgpgin 329953 [ 2597.064417][T29355] pgpgout 329950 [ 2597.068422][T29355] pgfault 804414 [ 2597.071990][T29355] pgmajfault 8024 [ 2597.075624][T29355] inactive_anon 0 [ 2597.079376][T29355] active_anon 12288 [ 2597.083431][T29355] inactive_file 0 [ 2597.087193][T29355] active_file 0 [ 2597.090658][T29355] unevictable 0 [ 2597.094122][T29355] hierarchical_memory_limit 314572800 [ 2597.104495][T29355] hierarchical_memsw_limit 9223372036854771712 [ 2597.117927][T29355] total_cache 0 [ 2597.121418][T29355] total_rss 12288 [ 2597.125071][T29355] total_rss_huge 0 [ 2597.128895][T29355] total_shmem 0 [ 2597.132671][T29355] total_mapped_file 0 [ 2597.136805][T29355] total_dirty 0 [ 2597.140828][T29355] total_writeback 0 [ 2597.144643][T29355] total_workingset_refault_anon 9465 [ 2597.150625][T29355] total_workingset_refault_file 1 [ 2597.155669][T29355] total_swap 204800 [ 2597.159797][T29355] total_swapcached 0 [ 2597.163951][T29355] total_pgpgin 339499 [ 2597.169203][T29355] total_pgpgout 339496 [ 2597.173479][T29355] total_pgfault 814001 [ 2597.177960][T29355] total_pgmajfault 8024 [ 2597.182144][T29355] total_inactive_anon 0 [ 2597.186890][T29355] total_active_anon 12288 [ 2597.191238][T29355] total_inactive_file 0 [ 2597.195475][T29355] total_active_file 0 [ 2597.200175][T29355] total_unevictable 0 [ 2597.204360][T29355] anon_cost 0 [ 2597.208194][T29355] file_cost 0 [ 2597.211491][T29355] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29355,uid=0 [ 2597.231019][T29355] Memory cgroup out of memory: Killed process 29355 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:23 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x60000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2597.710503][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2597.740202][ T5088] CPU: 0 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2597.750586][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2597.760669][ T5088] Call Trace: [ 2597.763966][ T5088] [ 2597.766913][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2597.771621][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2597.776846][ T5088] ? __pfx__printk+0x10/0x10 [ 2597.781455][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2597.786159][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2597.791218][ T5088] dump_header+0xda/0x6a0 [ 2597.795577][ T5088] oom_kill_process+0x3a7/0x930 [ 2597.800457][ T5088] out_of_memory+0xf67/0x1320 [ 2597.805165][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2597.810820][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2597.815871][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2597.821015][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2597.826591][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2597.831650][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2597.837761][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2597.842987][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2597.847957][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2597.852919][ T5088] ? mark_lock+0x9a/0x350 [ 2597.857299][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2597.862720][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2597.868941][ T5088] charge_memcg+0xa2/0x160 [ 2597.873391][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2597.879571][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2597.885055][ T5088] ? mark_lock+0x9a/0x350 [ 2597.889418][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2597.895442][ T5088] swap_cluster_readahead+0x67c/0x810 [ 2597.900850][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2597.906778][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2597.911841][ T5088] ? xas_descend+0x37e/0x470 [ 2597.916479][ T5088] swapin_readahead+0x1ea/0x1070 [ 2597.921442][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2597.926592][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2597.932000][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2597.937320][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2597.942644][ T5088] do_swap_page+0x791/0x3f40 [ 2597.947299][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2597.952103][ T5088] ? do_swap_page+0x154/0x3f40 [ 2597.956889][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2597.961936][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2597.967421][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2597.973261][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2597.978428][ T5088] ? reacquire_held_locks+0x3eb/0x690 [ 2597.983827][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2597.989328][ T5088] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2597.995087][ T5088] ? mtree_range_walk+0x6fd/0x8e0 [ 2598.000139][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2598.005372][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2598.010433][ T5088] ? lock_vma_under_rcu+0x2f9/0x730 [ 2598.015684][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2598.020919][ T5088] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2598.026496][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2598.031451][ T5088] exc_page_fault+0x456/0x870 [ 2598.036343][ T5088] asm_exc_page_fault+0x26/0x30 [ 2598.041222][ T5088] RIP: 0033:0x7fdfb627a780 [ 2598.045667][ T5088] Code: ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 <80> 3d 71 57 10 00 00 49 89 ca 74 14 b8 3d 00 00 00 0f 05 48 3d 00 [ 2598.065316][ T5088] RSP: 002b:00007ffda0a70378 EFLAGS: 00010246 [ 2598.071500][ T5088] RAX: 0000000000000122 RBX: 0000000000007790 RCX: 0000000000000000 [ 2598.079496][ T5088] RDX: 0000000040000001 RSI: 00007ffda0a703dc RDI: 00000000ffffffff [ 2598.087491][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000010 R09: 00007ffda0b240b0 [ 2598.095488][ T5088] R10: 00007ffda0b24080 R11: 00000000000783e6 R12: 0000000000000032 [ 2598.103484][ T5088] R13: 000000000027a1ee R14: 000000000027a1ee R15: 0000000000000000 [ 2598.111497][ T5088] [ 2598.156289][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 22023 [ 2598.163283][ T5088] memory+swap: usage 307420kB, limit 9007199254740988kB, failcnt 0 [ 2598.179513][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2598.191286][ T5088] Memory cgroup stats for /syz3: [ 2598.191423][ T5088] cache 0 [ 2598.199550][ T5088] rss 0 [ 2598.202328][ T5088] rss_huge 0 [ 2598.205534][ T5088] shmem 0 [ 2598.217045][ T5088] mapped_file 0 [ 2598.220537][ T5088] dirty 0 [ 2598.223489][ T5088] writeback 0 [ 2598.235341][ T5088] workingset_refault_anon 9697 [ 2598.240326][ T5088] workingset_refault_file 1 [ 2598.244850][ T5088] swap 200704 [ 2598.256244][ T5088] swapcached 0 [ 2598.259661][ T5088] pgpgin 330200 [ 2598.263133][ T5088] pgpgout 330200 [ 2598.283838][ T5088] pgfault 804755 [ 2598.287607][ T5088] pgmajfault 8228 [ 2598.291260][ T5088] inactive_anon 0 [ 2598.294904][ T5088] active_anon 0 [ 2598.298741][ T5088] inactive_file 0 [ 2598.302390][ T5088] active_file 0 [ 2598.305860][ T5088] unevictable 0 [ 2598.318054][ T5088] hierarchical_memory_limit 314572800 [ 2598.323461][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2598.337023][ T5088] total_cache 0 [ 2598.340521][ T5088] total_rss 0 [ 2598.343816][ T5088] total_rss_huge 0 [ 2598.356244][ T5088] total_shmem 0 [ 2598.359743][ T5088] total_mapped_file 0 [ 2598.363730][ T5088] total_dirty 0 [ 2598.375287][ T5088] total_writeback 0 [ 2598.379226][ T5088] total_workingset_refault_anon 9697 [ 2598.384534][ T5088] total_workingset_refault_file 1 [ 2598.389910][ T5088] total_swap 225280 [ 2598.393730][ T5088] total_swapcached 0 [ 2598.397690][ T5088] total_pgpgin 339746 [ 2598.401772][ T5088] total_pgpgout 339746 [ 2598.405850][ T5088] total_pgfault 814342 [ 2598.410078][ T5088] total_pgmajfault 8228 [ 2598.414241][ T5088] total_inactive_anon 0 [ 2598.418490][ T5088] total_active_anon 0 [ 2598.422490][ T5088] total_inactive_file 0 [ 2598.426883][ T5088] total_active_file 0 [ 2598.431053][ T5088] total_unevictable 0 [ 2598.435108][ T5088] anon_cost 0 [ 2598.435121][T10507] hsr_slave_0: left promiscuous mode [ 2598.438440][ T5088] file_cost 0 10:24:24 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x65580000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2598.438452][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29356,uid=0 [ 2598.438571][ T5088] Memory cgroup out of memory: Killed process 29356 (syz-executor.3) total-vm:54508kB, anon-rss:128kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2598.483414][T10507] hsr_slave_1: left promiscuous mode [ 2598.490195][T10507] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2598.508269][T10507] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2598.522605][T10507] team0: left allmulticast mode [ 2598.536715][T10507] team_slave_0: left allmulticast mode [ 2598.542782][T10507] team_slave_1: left allmulticast mode [ 2598.549067][T10507] team0: left promiscuous mode [ 2598.553886][T10507] team_slave_0: left promiscuous mode [ 2598.560155][T10507] team_slave_1: left promiscuous mode [ 2598.570188][T10507] bridge0: port 3(team0) entered disabled state [ 2598.581148][T10507] bridge_slave_1: left allmulticast mode [ 2598.587549][T10507] bridge_slave_1: left promiscuous mode [ 2598.594261][T10507] bridge0: port 2(bridge_slave_1) entered disabled state [ 2598.604255][T10507] bridge_slave_0: left allmulticast mode [ 2598.611301][T10507] bridge_slave_0: left promiscuous mode [ 2598.617908][T10507] bridge0: port 1(bridge_slave_0) entered disabled state [ 2599.427280][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2599.439793][ T5088] CPU: 1 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2599.450142][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2599.460202][ T5088] Call Trace: [ 2599.463486][ T5088] [ 2599.466424][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2599.471133][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2599.476343][ T5088] ? __pfx__printk+0x10/0x10 [ 2599.480945][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2599.485637][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2599.490677][ T5088] dump_header+0xda/0x6a0 [ 2599.495021][ T5088] oom_kill_process+0x3a7/0x930 [ 2599.499903][ T5088] out_of_memory+0xf67/0x1320 [ 2599.504605][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2599.510250][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2599.515279][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2599.520405][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2599.525957][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2599.530993][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2599.537085][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2599.542290][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2599.547246][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2599.552198][ T5088] ? mark_lock+0x9a/0x350 [ 2599.556558][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2599.561958][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2599.568216][ T5088] charge_memcg+0xa2/0x160 [ 2599.572660][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2599.578743][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2599.584209][ T5088] ? mark_lock+0x9a/0x350 [ 2599.588560][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2599.594735][ T5088] ? blk_start_plug+0x6f/0x1b0 [ 2599.599511][ T5088] swap_cluster_readahead+0x398/0x810 [ 2599.604910][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2599.610826][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2599.615869][ T5088] ? xas_descend+0x37e/0x470 [ 2599.620472][ T5088] swapin_readahead+0x1ea/0x1070 [ 2599.625427][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2599.630574][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2599.635964][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2599.641264][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2599.646603][ T5088] do_swap_page+0x791/0x3f40 [ 2599.651211][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2599.656005][ T5088] ? do_swap_page+0x154/0x3f40 [ 2599.660781][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2599.665810][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2599.671290][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2599.677130][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2599.682359][ T5088] ? reacquire_held_locks+0x3eb/0x690 [ 2599.687739][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2599.693218][ T5088] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2599.698964][ T5088] ? mtree_range_walk+0x6fd/0x8e0 [ 2599.703998][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2599.709484][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2599.714541][ T5088] ? lock_vma_under_rcu+0x2f9/0x730 [ 2599.719764][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2599.724966][ T5088] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2599.730554][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2599.735421][ T5088] exc_page_fault+0x456/0x870 [ 2599.740125][ T5088] asm_exc_page_fault+0x26/0x30 [ 2599.744981][ T5088] RIP: 0033:0x7fdfb627a780 [ 2599.749492][ T5088] Code: ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 <80> 3d 71 57 10 00 00 49 89 ca 74 14 b8 3d 00 00 00 0f 05 48 3d 00 [ 2599.769461][ T5088] RSP: 002b:00007ffda0a70378 EFLAGS: 00010246 [ 2599.775543][ T5088] RAX: 0000000000000364 RBX: 0000000000007791 RCX: 0000000000000000 [ 2599.783612][ T5088] RDX: 0000000040000001 RSI: 00007ffda0a703dc RDI: 00000000ffffffff [ 2599.791636][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000010 R09: 00007ffda0b240b0 [ 2599.799619][ T5088] R10: 00007ffda0b24080 R11: 0000000000078536 R12: 0000000000000032 [ 2599.807614][ T5088] R13: 000000000027a66c R14: 000000000027a66c R15: 0000000000000000 [ 2599.815625][ T5088] [ 2599.830633][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 22944 [ 2599.837664][ T5088] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2599.845574][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2599.853467][ T5088] Memory cgroup stats for /syz3: [ 2599.853578][ T5088] cache 0 [ 2599.861978][ T5088] rss 8192 [ 2599.865016][ T5088] rss_huge 0 [ 2599.869201][ T5088] shmem 0 [ 2599.872158][ T5088] mapped_file 0 [ 2599.875614][ T5088] dirty 0 [ 2599.879155][ T5088] writeback 0 [ 2599.882455][ T5088] workingset_refault_anon 10051 [ 2599.887782][ T5088] workingset_refault_file 1 [ 2599.892296][ T5088] swap 180224 [ 2599.895583][ T5088] swapcached 4096 [ 2599.900174][ T5088] pgpgin 330568 [ 2599.903960][ T5088] pgpgout 330565 [ 2599.907842][ T5088] pgfault 805241 [ 2599.911391][ T5088] pgmajfault 8534 [ 2599.915026][ T5088] inactive_anon 8192 [ 2599.919517][ T5088] active_anon 4096 [ 2599.923241][ T5088] inactive_file 0 [ 2599.928207][ T5088] active_file 0 [ 2599.931683][ T5088] unevictable 0 [ 2599.935137][ T5088] hierarchical_memory_limit 314572800 [ 2599.946088][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2599.952910][ T5088] total_cache 0 [ 2599.956999][ T5088] total_rss 8192 [ 2599.960556][ T5088] total_rss_huge 0 [ 2599.964276][ T5088] total_shmem 0 [ 2599.968385][ T5088] total_mapped_file 0 [ 2599.972379][ T5088] total_dirty 0 [ 2599.975841][ T5088] total_writeback 0 [ 2599.980222][ T5088] total_workingset_refault_anon 10051 [ 2599.985616][ T5088] total_workingset_refault_file 1 [ 2599.991163][ T5088] total_swap 204800 [ 2599.994981][ T5088] total_swapcached 4096 [ 2599.999655][ T5088] total_pgpgin 340114 [ 2600.003650][ T5088] total_pgpgout 340111 [ 2600.008415][ T5088] total_pgfault 814828 [ 2600.012501][ T5088] total_pgmajfault 8534 [ 2600.017178][ T5088] total_inactive_anon 8192 [ 2600.021613][ T5088] total_active_anon 4096 [ 2600.025854][ T5088] total_inactive_file 0 10:24:26 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x81000000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2600.030429][ T5088] total_active_file 0 [ 2600.034446][ T5088] total_unevictable 0 [ 2600.039898][ T5088] anon_cost 0 [ 2600.043195][ T5088] file_cost 0 [ 2600.046963][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29357,uid=0 [ 2600.062836][ T5088] Memory cgroup out of memory: Killed process 29357 (syz-executor.3) total-vm:54508kB, anon-rss:128kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2600.553834][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2600.570460][ T5088] CPU: 0 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2600.580840][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2600.590915][ T5088] Call Trace: [ 2600.594209][ T5088] [ 2600.597153][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2600.601850][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2600.607107][ T5088] ? __pfx__printk+0x10/0x10 [ 2600.611725][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2600.616434][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2600.621486][ T5088] dump_header+0xda/0x6a0 [ 2600.625840][ T5088] oom_kill_process+0x3a7/0x930 [ 2600.630719][ T5088] out_of_memory+0xf67/0x1320 [ 2600.635421][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2600.641061][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2600.646100][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2600.651237][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2600.656802][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2600.661847][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2600.667938][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2600.673143][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2600.678099][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2600.683049][ T5088] ? mark_lock+0x9a/0x350 [ 2600.687415][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2600.692840][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2600.699010][ T5088] charge_memcg+0xa2/0x160 [ 2600.703460][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2600.709548][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2600.715021][ T5088] ? mark_lock+0x9a/0x350 [ 2600.719364][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2600.725373][ T5088] swap_cluster_readahead+0x67c/0x810 [ 2600.730772][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2600.736724][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2600.741766][ T5088] ? xas_descend+0x37e/0x470 [ 2600.746383][ T5088] swapin_readahead+0x1ea/0x1070 [ 2600.751347][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2600.756509][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2600.761903][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2600.767211][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2600.772520][ T5088] do_swap_page+0x791/0x3f40 [ 2600.777127][ T5088] ? __lock_acquire+0x1345/0x1fd0 [ 2600.782175][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2600.786965][ T5088] ? do_swap_page+0x154/0x3f40 [ 2600.791734][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2600.796775][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2600.802256][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2600.808081][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 2600.813313][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2600.818467][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2600.823955][ T5088] ? mt_find+0x226/0x850 [ 2600.828223][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2600.833292][ T5088] ? mt_find+0x62d/0x850 [ 2600.837570][ T5088] ? mt_find+0x226/0x850 [ 2600.841856][ T5088] ? find_vma+0x142/0x1c0 [ 2600.846201][ T5088] ? __pfx_find_vma+0x10/0x10 [ 2600.850894][ T5088] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2600.856899][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2600.861698][ T5088] exc_page_fault+0x2ad/0x870 [ 2600.866401][ T5088] asm_exc_page_fault+0x26/0x30 [ 2600.871276][ T5088] RIP: 0010:__get_user_8+0x11/0x20 [ 2600.876405][ T5088] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2600.896641][ T5088] RSP: 0000:ffffc90003fffd78 EFLAGS: 00050202 [ 2600.902723][ T5088] RAX: 0000555555682da8 RBX: ffff88802746d0b8 RCX: ffffc90003fffc03 [ 2600.910714][ T5088] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2600.918792][ T5088] RBP: ffffc90003fffec0 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2600.926780][ T5088] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc90003fffd80 [ 2600.934766][ T5088] R13: ffffc90003ffffd8 R14: dffffc0000000000 R15: ffff88802746bb80 [ 2600.942775][ T5088] __rseq_handle_notify_resume+0x158/0x1490 [ 2600.948710][ T5088] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2600.955076][ T5088] ? irqentry_exit_to_user_mode+0x52/0x270 [ 2600.960925][ T5088] irqentry_exit_to_user_mode+0xbb/0x270 [ 2600.966594][ T5088] exc_page_fault+0x587/0x870 [ 2600.971296][ T5088] asm_exc_page_fault+0x26/0x30 [ 2600.976338][ T5088] RIP: 0033:0x7fdfb62384dc [ 2600.980772][ T5088] Code: f5 ba 01 00 00 40 48 89 ee bf ff ff ff ff e8 ab 22 04 00 39 c3 0f 84 09 01 00 00 bf e8 03 00 00 e8 59 58 04 00 48 8b 74 24 08 <48> 8b 05 bd d1 c9 00 bf 01 00 00 00 4c 8b 25 b9 d1 c9 00 48 8d 14 [ 2601.000495][ T5088] RSP: 002b:00007ffda0a70380 EFLAGS: 00010206 [ 2601.006588][ T5088] RAX: 0000000000000000 RBX: 0000000000007792 RCX: 0000000000000000 [ 2601.014597][ T5088] RDX: 0000000000000000 RSI: 00007ffda0a70440 RDI: 0000555555682788 [ 2601.022584][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000000 R09: 00007ffda0b240b0 [ 2601.030582][ T5088] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2601.038583][ T5088] R13: 000000000027ad3d R14: 000000000027ad3d R15: 0000000000000000 [ 2601.046610][ T5088] [ 2601.061698][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 23720 [ 2601.146326][ T5088] memory+swap: usage 307424kB, limit 9007199254740988kB, failcnt 0 [ 2601.154269][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2601.181558][ T5088] Memory cgroup stats for /syz3: [ 2601.181677][ T5088] cache 0 [ 2601.190850][ T5088] rss 8192 [ 2601.193886][ T5088] rss_huge 0 [ 2601.203236][ T5088] shmem 0 [ 2601.206416][ T5088] mapped_file 0 [ 2601.209885][ T5088] dirty 0 [ 2601.212820][ T5088] writeback 0 [ 2601.216108][ T5088] workingset_refault_anon 10322 [ 2601.228314][ T5088] workingset_refault_file 1 [ 2601.232847][ T5088] swap 196608 [ 2601.236136][ T5088] swapcached 0 [ 2601.245612][ T5088] pgpgin 330852 [ 2601.251500][ T5088] pgpgout 330850 [ 2601.255073][ T5088] pgfault 805630 [ 2601.265561][ T5088] pgmajfault 8776 [ 2601.271689][ T5088] inactive_anon 0 [ 2601.275345][ T5088] active_anon 8192 [ 2601.285800][ T5088] inactive_file 0 [ 2601.292279][ T5088] active_file 0 [ 2601.295761][ T5088] unevictable 0 [ 2601.306225][ T5088] hierarchical_memory_limit 314572800 [ 2601.311660][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2601.318700][ T5088] total_cache 0 [ 2601.322190][ T5088] total_rss 8192 [ 2601.325747][ T5088] total_rss_huge 0 [ 2601.329797][ T5088] total_shmem 0 [ 2601.333278][ T5088] total_mapped_file 0 [ 2601.337679][ T5088] total_dirty 0 [ 2601.341225][ T5088] total_writeback 0 [ 2601.345050][ T5088] total_workingset_refault_anon 10322 [ 2601.350801][ T5088] total_workingset_refault_file 1 [ 2601.355841][ T5088] total_swap 221184 [ 2601.360081][ T5088] total_swapcached 0 [ 2601.363998][ T5088] total_pgpgin 340398 [ 2601.368261][ T5088] total_pgpgout 340396 [ 2601.372400][ T5088] total_pgfault 815217 [ 2601.376829][ T5088] total_pgmajfault 8776 [ 2601.381000][ T5088] total_inactive_anon 0 [ 2601.385161][ T5088] total_active_anon 8192 [ 2601.417482][ T5088] total_inactive_file 0 [ 2601.421679][ T5088] total_active_file 0 [ 2601.425681][ T5088] total_unevictable 0 [ 2601.475822][ T5088] anon_cost 0 [ 2601.481700][ T5088] file_cost 0 [ 2601.485019][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29358,uid=0 [ 2601.512066][ T5088] Memory cgroup out of memory: Killed process 29358 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:27 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x88470000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2602.485941][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2602.503796][ T5088] CPU: 0 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2602.514168][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2602.524251][ T5088] Call Trace: [ 2602.527550][ T5088] [ 2602.530499][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2602.535210][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2602.540435][ T5088] ? __pfx__printk+0x10/0x10 [ 2602.545049][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2602.549756][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2602.554810][ T5088] dump_header+0xda/0x6a0 [ 2602.559165][ T5088] oom_kill_process+0x3a7/0x930 [ 2602.564046][ T5088] out_of_memory+0xf67/0x1320 [ 2602.568753][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2602.574410][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2602.579531][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2602.584791][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2602.590380][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2602.595447][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2602.601553][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2602.606787][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2602.611795][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2602.616773][ T5088] ? mark_lock+0x9a/0x350 [ 2602.621152][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2602.626592][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2602.632778][ T5088] charge_memcg+0xa2/0x160 [ 2602.637232][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2602.643331][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2602.648820][ T5088] ? mark_lock+0x9a/0x350 [ 2602.653185][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2602.659206][ T5088] swap_cluster_readahead+0x67c/0x810 [ 2602.664624][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2602.670561][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2602.675615][ T5088] ? xas_descend+0x37e/0x470 [ 2602.680242][ T5088] swapin_readahead+0x1ea/0x1070 [ 2602.685205][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2602.690366][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2602.695867][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2602.701190][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2602.706512][ T5088] do_swap_page+0x791/0x3f40 [ 2602.711136][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2602.715952][ T5088] ? do_swap_page+0x154/0x3f40 [ 2602.720750][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2602.725806][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2602.731302][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2602.737147][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 2602.742383][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2602.747559][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2602.753055][ T5088] ? mt_find+0x226/0x850 [ 2602.757329][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2602.762403][ T5088] ? mt_find+0x62d/0x850 [ 2602.766678][ T5088] ? mt_find+0x226/0x850 [ 2602.770987][ T5088] ? find_vma+0x142/0x1c0 [ 2602.775347][ T5088] ? __pfx_find_vma+0x10/0x10 [ 2602.780312][ T5088] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2602.786344][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2602.791148][ T5088] exc_page_fault+0x2ad/0x870 [ 2602.795866][ T5088] asm_exc_page_fault+0x26/0x30 [ 2602.800749][ T5088] RIP: 0010:__get_user_8+0x11/0x20 [ 2602.805887][ T5088] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2602.825526][ T5088] RSP: 0018:ffffc90003fffd98 EFLAGS: 00050202 [ 2602.831631][ T5088] RAX: 0000555555682da8 RBX: ffff88802746d0b8 RCX: ffffc90003fffc03 [ 2602.839633][ T5088] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2602.847633][ T5088] RBP: ffffc90003fffec8 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2602.855637][ T5088] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc90003fffda0 [ 2602.863647][ T5088] R13: ffffc90003ffffd8 R14: dffffc0000000000 R15: ffff88802746bb80 [ 2602.871677][ T5088] __rseq_handle_notify_resume+0x158/0x1490 [ 2602.877631][ T5088] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2602.884004][ T5088] ? syscall_exit_to_user_mode+0xa2/0x360 [ 2602.889773][ T5088] syscall_exit_to_user_mode+0x113/0x360 [ 2602.895454][ T5088] do_syscall_64+0x108/0x240 [ 2602.900088][ T5088] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2602.906021][ T5088] RIP: 0033:0x7fdfb62a91b5 [ 2602.910459][ T5088] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 2602.930204][ T5088] RSP: 002b:00007ffda0a70310 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 2602.938656][ T5088] RAX: 0000000000000000 RBX: 0000000000007793 RCX: 00007fdfb62a91b5 [ 2602.946665][ T5088] RDX: 00007ffda0a70350 RSI: 0000000000000000 RDI: 0000000000000000 [ 2602.954666][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000000 R09: 00007ffda0b240b0 [ 2602.962667][ T5088] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2602.970663][ T5088] R13: 000000000027b2dc R14: 000000000027b2dc R15: 0000000000000000 [ 2602.978680][ T5088] [ 2603.127906][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 24264 [ 2603.134905][ T5088] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2603.219016][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2603.257670][ T5088] Memory cgroup stats for /syz3: [ 2603.257812][ T5088] cache 0 [ 2603.265982][ T5088] rss 28672 [ 2603.286906][ T5088] rss_huge 0 [ 2603.290171][ T5088] shmem 0 [ 2603.293121][ T5088] mapped_file 0 [ 2603.311744][ T5088] dirty 0 [ 2603.314727][ T5088] writeback 0 [ 2603.328602][ T5088] workingset_refault_anon 10545 [ 2603.333502][ T5088] workingset_refault_file 1 [ 2603.348771][ T5088] swap 163840 [ 2603.352093][ T5088] swapcached 0 [ 2603.355476][ T5088] pgpgin 331088 [ 2603.377163][ T5088] pgpgout 331081 [ 2603.380754][ T5088] pgfault 805945 [ 2603.384639][ T5088] pgmajfault 8962 [ 2603.437423][ T5088] inactive_anon 0 [ 2603.441109][ T5088] active_anon 28672 [ 2603.444934][ T5088] inactive_file 0 [ 2603.486590][ T5088] active_file 0 [ 2603.490120][ T5088] unevictable 0 [ 2603.493587][ T5088] hierarchical_memory_limit 314572800 [ 2603.509303][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2603.515502][ T5088] total_cache 0 [ 2603.552871][ T5088] total_rss 28672 [ 2603.556861][ T5088] total_rss_huge 0 [ 2603.560589][ T5088] total_shmem 0 [ 2603.564051][ T5088] total_mapped_file 0 [ 2603.568902][ T5088] total_dirty 0 [ 2603.572466][ T5088] total_writeback 0 [ 2603.583064][ T5088] total_workingset_refault_anon 10545 [ 2603.621496][ T5088] total_workingset_refault_file 1 [ 2603.635539][ T5088] total_swap 188416 [ 2603.656450][ T5088] total_swapcached 0 [ 2603.660392][ T5088] total_pgpgin 340634 [ 2603.664382][ T5088] total_pgpgout 340627 [ 2603.677781][ T5088] total_pgfault 815532 [ 2603.697180][ T5088] total_pgmajfault 8962 [ 2603.717639][ T5088] total_inactive_anon 0 [ 2603.721840][ T5088] total_active_anon 28672 [ 2603.746953][ T5088] total_inactive_file 0 [ 2603.752470][ T5088] total_active_file 0 [ 2603.799654][ T5088] total_unevictable 0 [ 2603.803682][ T5088] anon_cost 0 [ 2603.807740][ T5088] file_cost 0 [ 2603.811042][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29359,uid=0 [ 2603.848076][ T5088] Memory cgroup out of memory: Killed process 29359 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:30 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x88480000, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2604.315992][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2604.338813][ T5088] CPU: 0 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2604.349185][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2604.359266][ T5088] Call Trace: [ 2604.362568][ T5088] [ 2604.365517][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2604.370228][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2604.375452][ T5088] ? __pfx__printk+0x10/0x10 [ 2604.380076][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2604.384786][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2604.389855][ T5088] dump_header+0xda/0x6a0 [ 2604.394240][ T5088] oom_kill_process+0x3a7/0x930 [ 2604.399127][ T5088] out_of_memory+0xf67/0x1320 [ 2604.403839][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2604.409499][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2604.414552][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2604.419708][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2604.425280][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2604.430336][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2604.436429][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2604.441666][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2604.446637][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2604.451600][ T5088] ? mark_lock+0x9a/0x350 [ 2604.455976][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2604.461404][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2604.467578][ T5088] charge_memcg+0xa2/0x160 [ 2604.472016][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2604.478118][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2604.483694][ T5088] ? mark_lock+0x9a/0x350 [ 2604.488063][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2604.494088][ T5088] ? blk_start_plug+0x6f/0x1b0 [ 2604.498879][ T5088] swap_cluster_readahead+0x398/0x810 [ 2604.504294][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2604.510218][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2604.515283][ T5088] ? xas_descend+0x37e/0x470 [ 2604.519912][ T5088] swapin_readahead+0x1ea/0x1070 [ 2604.524877][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2604.530055][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2604.535464][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2604.540783][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2604.546182][ T5088] do_swap_page+0x791/0x3f40 [ 2604.550790][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2604.555677][ T5088] ? do_swap_page+0x154/0x3f40 [ 2604.560463][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2604.565517][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2604.571004][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2604.576851][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2604.582024][ T5088] ? reacquire_held_locks+0x3eb/0x690 [ 2604.587429][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2604.592934][ T5088] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2604.598695][ T5088] ? mtree_range_walk+0x6fd/0x8e0 [ 2604.603747][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2604.608968][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2604.614018][ T5088] ? lock_vma_under_rcu+0x2f9/0x730 [ 2604.619300][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2604.624572][ T5088] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2604.630178][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2604.634976][ T5088] exc_page_fault+0x456/0x870 [ 2604.639687][ T5088] asm_exc_page_fault+0x26/0x30 [ 2604.644552][ T5088] RIP: 0033:0x7fdfb62a4c15 [ 2604.648986][ T5088] Code: 00 00 f0 83 88 08 03 00 00 10 64 48 8b 3c 25 00 03 00 00 e8 1d 13 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 e7 02 74 0b 66 2e 0f 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 8b 90 [ 2604.668616][ T5088] RSP: 002b:00007ffda0a70308 EFLAGS: 00010297 [ 2604.674702][ T5088] RAX: 0000000000000002 RBX: 0000000000007794 RCX: 0000000000000000 [ 2604.682693][ T5088] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555555682788 [ 2604.690688][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000000 R09: 00007ffda0b240b0 [ 2604.698679][ T5088] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2604.706672][ T5088] R13: 000000000027bc05 R14: 000000000027bc05 R15: 0000000000000000 [ 2604.714690][ T5088] [ 2604.760130][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 24537 [ 2604.776834][ T5088] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2604.784777][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2604.816245][ T5088] Memory cgroup stats for /syz3: [ 2604.816391][ T5088] cache 0 [ 2604.824369][ T5088] rss 0 [ 2604.829483][ T5088] rss_huge 0 [ 2604.832710][ T5088] shmem 0 [ 2604.835650][ T5088] mapped_file 0 [ 2604.847355][ T5088] dirty 0 [ 2604.850330][ T5088] writeback 0 [ 2604.853628][ T5088] workingset_refault_anon 10651 [ 2604.877110][ T5088] workingset_refault_file 1 [ 2604.881662][ T5088] swap 192512 [ 2604.884958][ T5088] swapcached 0 [ 2604.917078][ T5088] pgpgin 331206 [ 2604.920608][ T5088] pgpgout 331206 [ 2604.924167][ T5088] pgfault 806102 [ 2604.936725][ T5088] pgmajfault 9031 [ 2604.940411][ T5088] inactive_anon 0 [ 2604.944068][ T5088] active_anon 0 [ 2604.955981][ T5088] inactive_file 0 [ 2604.959787][ T5088] active_file 0 [ 2604.963264][ T5088] unevictable 0 [ 2604.967520][ T5088] hierarchical_memory_limit 314572800 [ 2604.972956][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2604.979765][ T5088] total_cache 0 [ 2604.983244][ T5088] total_rss 0 [ 2604.988084][ T5088] total_rss_huge 0 [ 2604.991817][ T5088] total_shmem 0 [ 2604.995280][ T5088] total_mapped_file 0 [ 2605.001272][ T5088] total_dirty 0 [ 2605.004764][ T5088] total_writeback 0 [ 2605.016633][ T5088] total_workingset_refault_anon 10651 [ 2605.022041][ T5088] total_workingset_refault_file 1 [ 2605.033516][ T5088] total_swap 217088 [ 2605.037713][ T5088] total_swapcached 0 [ 2605.041807][ T5088] total_pgpgin 340752 [ 2605.045798][ T5088] total_pgpgout 340752 [ 2605.056264][ T5088] total_pgfault 815689 [ 2605.060371][ T5088] total_pgmajfault 9031 [ 2605.064534][ T5088] total_inactive_anon 0 [ 2605.080228][ T5088] total_active_anon 0 [ 2605.084247][ T5088] total_inactive_file 0 [ 2605.098095][ T5088] total_active_file 0 [ 2605.102113][ T5088] total_unevictable 0 [ 2605.106097][ T5088] anon_cost 0 [ 2605.118863][ T5088] file_cost 0 10:24:31 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x88a8ffff, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2605.122186][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29360,uid=0 [ 2605.145242][ T5088] Memory cgroup out of memory: Killed process 29360 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2605.682387][T29361] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2605.700445][T29361] CPU: 1 PID: 29361 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2605.710904][T29361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2605.720982][T29361] Call Trace: [ 2605.724284][T29361] [ 2605.727233][T29361] dump_stack_lvl+0x1e7/0x2e0 [ 2605.732002][T29361] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2605.737235][T29361] ? __pfx__printk+0x10/0x10 [ 2605.741854][T29361] ? ___ratelimit+0x4c4/0x670 [ 2605.746572][T29361] ? __pfx____ratelimit+0x10/0x10 [ 2605.751627][T29361] dump_header+0xda/0x6a0 [ 2605.755994][T29361] oom_kill_process+0x3a7/0x930 [ 2605.760881][T29361] out_of_memory+0xf67/0x1320 [ 2605.765596][T29361] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2605.771262][T29361] ? __pfx___mutex_lock+0x10/0x10 [ 2605.776317][T29361] ? __pfx_out_of_memory+0x10/0x10 [ 2605.781474][T29361] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2605.787049][T29361] ? __pfx_lock_release+0x10/0x10 [ 2605.792104][T29361] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2605.798201][T29361] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2605.803423][T29361] ? mem_cgroup_iter+0x422/0x560 [ 2605.808394][T29361] try_charge_memcg+0xda2/0x18a0 [ 2605.813346][T29361] ? mark_lock+0x9a/0x350 [ 2605.817719][T29361] ? __pfx_try_charge_memcg+0x10/0x10 [ 2605.823150][T29361] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2605.829330][T29361] charge_memcg+0xa2/0x160 [ 2605.833781][T29361] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2605.839964][T29361] __read_swap_cache_async+0x480/0x8b0 [ 2605.845456][T29361] ? mark_lock+0x9a/0x350 [ 2605.849820][T29361] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2605.855866][T29361] ? blk_start_plug+0x6f/0x1b0 [ 2605.860665][T29361] swap_cluster_readahead+0x398/0x810 [ 2605.866083][T29361] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2605.872019][T29361] ? __pfx_lock_release+0x10/0x10 [ 2605.877087][T29361] ? xas_descend+0x37e/0x470 [ 2605.881718][T29361] swapin_readahead+0x1ea/0x1070 [ 2605.886698][T29361] ? filemap_get_entry+0x127/0x4e0 [ 2605.891860][T29361] ? __pfx_swapin_readahead+0x10/0x10 [ 2605.897282][T29361] ? __filemap_get_folio+0x935/0xbc0 [ 2605.902884][T29361] ? swap_cache_get_folio+0x9f/0x570 [ 2605.908210][T29361] do_swap_page+0x791/0x3f40 [ 2605.912832][T29361] ? rcu_is_watching+0x15/0xb0 [ 2605.917641][T29361] ? do_swap_page+0x154/0x3f40 [ 2605.922434][T29361] ? __pfx_do_swap_page+0x10/0x10 [ 2605.927484][T29361] ? pte_offset_map_nolock+0x137/0x1f0 [ 2605.932996][T29361] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2605.938830][T29361] __handle_mm_fault+0x15e8/0x72d0 [ 2605.943991][T29361] ? reacquire_held_locks+0x3eb/0x690 [ 2605.949405][T29361] ? __pfx___handle_mm_fault+0x10/0x10 [ 2605.955091][T29361] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2605.961110][T29361] ? mtree_range_walk+0x6fd/0x8e0 [ 2605.966191][T29361] ? lock_vma_under_rcu+0x18a/0x730 [ 2605.971420][T29361] ? __pfx_lock_release+0x10/0x10 [ 2605.976647][T29361] ? lock_vma_under_rcu+0x2f9/0x730 [ 2605.981852][T29361] ? lock_vma_under_rcu+0x18a/0x730 [ 2605.987053][T29361] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2605.992622][T29361] handle_mm_fault+0x3c1/0x8a0 [ 2605.997396][T29361] exc_page_fault+0x456/0x870 [ 2606.002069][T29361] asm_exc_page_fault+0x26/0x30 [ 2606.006908][T29361] RIP: 0033:0x7fdfb6254110 [ 2606.011313][T29361] Code: b2 09 00 ba c2 01 00 00 48 8d 35 cd b1 09 00 48 8d 3d db b1 09 00 e8 df 86 fe ff e8 6a bd 02 00 66 2e 0f 1f 84 00 00 00 00 00 <8b> 47 10 89 c2 81 e2 7f 01 00 00 83 e0 7c 0f 85 ac 00 00 00 53 48 [ 2606.030934][T29361] RSP: 002b:00007ffda0a6ffa8 EFLAGS: 00010206 [ 2606.037011][T29361] RAX: 0000555555683910 RBX: 0000555555683910 RCX: 00005555556838f0 [ 2606.045017][T29361] RDX: 0000555555683a00 RSI: 0000000000000001 RDI: 00007fdfb637ff20 [ 2606.053028][T29361] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 [ 2606.061031][T29361] R10: 0000000000021000 R11: 0000000000000010 R12: 00007ffda0a702b0 [ 2606.069023][T29361] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 2606.077296][T29361] [ 2606.084419][T29361] memory: usage 307196kB, limit 307200kB, failcnt 25699 [ 2606.091488][T29361] memory+swap: usage 307392kB, limit 9007199254740988kB, failcnt 0 [ 2606.099653][T29361] kmem: usage 307172kB, limit 9007199254740988kB, failcnt 0 [ 2606.107007][T29361] Memory cgroup stats for /syz3: [ 2606.107112][T29361] cache 0 [ 2606.115031][T29361] rss 4096 [ 2606.118257][T29361] rss_huge 0 [ 2606.121498][T29361] shmem 0 [ 2606.124487][T29361] mapped_file 0 [ 2606.128127][T29361] dirty 0 [ 2606.131092][T29361] writeback 0 [ 2606.134402][T29361] workingset_refault_anon 11048 [ 2606.139885][T29361] workingset_refault_file 1 [ 2606.144397][T29361] swap 184320 [ 2606.148622][T29361] swapcached 4096 [ 2606.152475][T29361] pgpgin 331622 [ 2606.156045][T29361] pgpgout 331620 [ 2606.160356][T29361] pgfault 806604 [ 2606.164077][T29361] pgmajfault 9345 [ 2606.168571][T29361] inactive_anon 0 [ 2606.172340][T29361] active_anon 8192 [ 2606.176893][T29361] inactive_file 0 [ 2606.180672][T29361] active_file 0 [ 2606.184259][T29361] unevictable 0 [ 2606.280135][T29361] hierarchical_memory_limit 314572800 [ 2606.285628][T29361] hierarchical_memsw_limit 9223372036854771712 [ 2606.292372][T29361] total_cache 0 [ 2606.295953][T29361] total_rss 4096 [ 2606.304532][T29361] total_rss_huge 0 [ 2606.312473][T29361] total_shmem 0 [ 2606.315966][T29361] total_mapped_file 0 [ 2606.321717][T29361] total_dirty 0 [ 2606.325283][T29361] total_writeback 0 [ 2606.346272][T29361] total_workingset_refault_anon 11048 [ 2606.353898][T29361] total_workingset_refault_file 1 [ 2606.359655][T29361] total_swap 208896 [ 2606.363571][T29361] total_swapcached 4096 [ 2606.368518][T29361] total_pgpgin 341168 [ 2606.372871][T29361] total_pgpgout 341166 [ 2606.377594][T29361] total_pgfault 816191 [ 2606.381766][T29361] total_pgmajfault 9345 [ 2606.386045][T29361] total_inactive_anon 0 [ 2606.391878][T29361] total_active_anon 8192 [ 2606.396578][T29361] total_inactive_file 0 [ 2606.400859][T29361] total_active_file 0 [ 2606.404927][T29361] total_unevictable 0 [ 2606.409644][T29361] anon_cost 0 [ 2606.413024][T29361] file_cost 0 [ 2606.416962][T29361] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29361,uid=0 10:24:32 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xc60a0909, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2606.450084][T29361] Memory cgroup out of memory: Killed process 29361 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2606.895883][T29362] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2606.913774][T29362] CPU: 0 PID: 29362 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2606.924235][T29362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2606.934318][T29362] Call Trace: [ 2606.937624][T29362] [ 2606.940578][T29362] dump_stack_lvl+0x1e7/0x2e0 [ 2606.945303][T29362] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2606.950540][T29362] ? __pfx__printk+0x10/0x10 [ 2606.955163][T29362] ? ___ratelimit+0x4c4/0x670 [ 2606.959964][T29362] ? __pfx____ratelimit+0x10/0x10 [ 2606.965027][T29362] dump_header+0xda/0x6a0 [ 2606.969396][T29362] oom_kill_process+0x3a7/0x930 [ 2606.974302][T29362] out_of_memory+0xf67/0x1320 [ 2606.979020][T29362] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2606.984688][T29362] ? __pfx___mutex_lock+0x10/0x10 [ 2606.989777][T29362] ? __pfx_out_of_memory+0x10/0x10 [ 2606.994966][T29362] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2607.000634][T29362] ? __pfx_lock_release+0x10/0x10 [ 2607.005696][T29362] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2607.011806][T29362] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2607.017041][T29362] ? mem_cgroup_iter+0x422/0x560 [ 2607.022022][T29362] try_charge_memcg+0xda2/0x18a0 [ 2607.026991][T29362] ? mark_lock+0x9a/0x350 [ 2607.031388][T29362] ? __pfx_try_charge_memcg+0x10/0x10 [ 2607.036824][T29362] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2607.043011][T29362] charge_memcg+0xa2/0x160 [ 2607.047467][T29362] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2607.053577][T29362] __read_swap_cache_async+0x480/0x8b0 [ 2607.059114][T29362] ? mark_lock+0x9a/0x350 [ 2607.063489][T29362] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2607.069617][T29362] swap_cluster_readahead+0x67c/0x810 [ 2607.075037][T29362] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2607.081056][T29362] ? __pfx_lock_release+0x10/0x10 [ 2607.086122][T29362] ? xas_descend+0x37e/0x470 [ 2607.090762][T29362] swapin_readahead+0x1ea/0x1070 [ 2607.095777][T29362] ? filemap_get_entry+0x127/0x4e0 [ 2607.100944][T29362] ? __pfx_swapin_readahead+0x10/0x10 [ 2607.106370][T29362] ? __filemap_get_folio+0x935/0xbc0 [ 2607.111715][T29362] ? swap_cache_get_folio+0x9f/0x570 [ 2607.117050][T29362] do_swap_page+0x791/0x3f40 [ 2607.121679][T29362] ? rcu_is_watching+0x15/0xb0 [ 2607.126501][T29362] ? do_swap_page+0x154/0x3f40 [ 2607.131471][T29362] ? __pfx_do_swap_page+0x10/0x10 [ 2607.136527][T29362] ? pte_offset_map_nolock+0x137/0x1f0 [ 2607.142021][T29362] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2607.147869][T29362] __handle_mm_fault+0x15e8/0x72d0 [ 2607.153129][T29362] ? reacquire_held_locks+0x3eb/0x690 [ 2607.158530][T29362] ? __pfx___handle_mm_fault+0x10/0x10 [ 2607.164034][T29362] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2607.169835][T29362] ? mtree_range_walk+0x6fd/0x8e0 [ 2607.174892][T29362] ? lock_vma_under_rcu+0x18a/0x730 [ 2607.180109][T29362] ? __pfx_lock_release+0x10/0x10 [ 2607.185145][T29362] ? lock_vma_under_rcu+0x2f9/0x730 [ 2607.190402][T29362] ? lock_vma_under_rcu+0x18a/0x730 [ 2607.195643][T29362] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2607.201226][T29362] handle_mm_fault+0x3c1/0x8a0 [ 2607.206039][T29362] exc_page_fault+0x456/0x870 [ 2607.210760][T29362] asm_exc_page_fault+0x26/0x30 [ 2607.215637][T29362] RIP: 0033:0x7fdfb62870c4 [ 2607.220079][T29362] Code: 48 8d 6f 0e 48 83 c7 10 e8 79 3f fd ff 48 85 c0 74 2e 48 89 28 48 83 c0 10 48 89 43 08 48 83 c4 08 48 89 df be 01 00 00 00 5b <5d> e9 b6 fc ff ff 66 0f 1f 44 00 00 e8 eb fb ff ff 48 89 c3 eb dd [ 2607.239718][T29362] RSP: 002b:00007ffda0a70000 EFLAGS: 00010202 [ 2607.245822][T29362] RAX: 0000555555683910 RBX: 00007fdfb704a6c0 RCX: 00005555556838f0 [ 2607.253843][T29362] RDX: 0000555555683a00 RSI: 0000000000000001 RDI: 00007fdfb704a6c0 [ 2607.261937][T29362] RBP: 000000000000000f R08: 00000000ffffffff R09: 0000000000000000 [ 2607.269939][T29362] R10: 0000000000021000 R11: 0000000000000010 R12: 00007ffda0a702b0 [ 2607.277950][T29362] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 2607.285978][T29362] [ 2607.322357][T29362] memory: usage 307188kB, limit 307200kB, failcnt 26851 [ 2607.333168][T29362] memory+swap: usage 307384kB, limit 9007199254740988kB, failcnt 0 [ 2607.341439][T29362] kmem: usage 307172kB, limit 9007199254740988kB, failcnt 0 [ 2607.348986][T29362] Memory cgroup stats for /syz3: [ 2607.349519][T29362] cache 0 [ 2607.357513][T29362] rss 16384 [ 2607.360638][T29362] rss_huge 0 [ 2607.363880][T29362] shmem 0 [ 2607.366937][T29362] mapped_file 0 [ 2607.370495][T29362] dirty 0 [ 2607.373440][T29362] writeback 0 [ 2607.382477][T29362] workingset_refault_anon 11510 [ 2607.389342][T29362] workingset_refault_file 1 [ 2607.400656][T29362] swap 176128 [ 2607.403999][T29362] swapcached 0 [ 2607.407551][T29362] pgpgin 332099 [ 2607.411324][T29362] pgpgout 332095 [ 2607.414967][T29362] pgfault 807176 [ 2607.418817][T29362] pgmajfault 9714 [ 2607.422548][T29362] inactive_anon 4096 [ 2607.426878][T29362] active_anon 8192 [ 2607.430709][T29362] inactive_file 0 [ 2607.434425][T29362] active_file 0 [ 2607.438121][T29362] unevictable 0 [ 2607.441930][T29362] hierarchical_memory_limit 314572800 [ 2607.447486][T29362] hierarchical_memsw_limit 9223372036854771712 [ 2607.453735][T29362] total_cache 0 [ 2607.457904][T29362] total_rss 16384 [ 2607.461642][T29362] total_rss_huge 0 [ 2607.465442][T29362] total_shmem 0 [ 2607.470990][T29362] total_mapped_file 0 [ 2607.475063][T29362] total_dirty 0 [ 2607.479122][T29362] total_writeback 0 [ 2607.483350][T29362] total_workingset_refault_anon 11510 [ 2607.490594][T29362] total_workingset_refault_file 1 [ 2607.495732][T29362] total_swap 200704 [ 2607.500188][T29362] total_swapcached 0 [ 2607.504186][T29362] total_pgpgin 341645 [ 2607.508836][T29362] total_pgpgout 341641 [ 2607.512990][T29362] total_pgfault 816763 [ 2607.517599][T29362] total_pgmajfault 9714 [ 2607.522032][T29362] total_inactive_anon 4096 [ 2607.527039][T29362] total_active_anon 8192 [ 2607.531362][T29362] total_inactive_file 0 [ 2607.535589][T29362] total_active_file 0 [ 2607.540283][T29362] total_unevictable 0 [ 2607.544365][T29362] anon_cost 0 [ 2607.556370][T29362] file_cost 0 10:24:33 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xf0ffffff, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2607.559779][T29362] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29362,uid=0 [ 2607.575936][T29362] Memory cgroup out of memory: Killed process 29362 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2608.641540][T29363] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2608.664372][T29363] CPU: 1 PID: 29363 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2608.674834][T29363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2608.684911][T29363] Call Trace: [ 2608.688213][T29363] [ 2608.691331][T29363] dump_stack_lvl+0x1e7/0x2e0 [ 2608.696026][T29363] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2608.701217][T29363] ? __pfx__printk+0x10/0x10 [ 2608.705790][T29363] ? ___ratelimit+0x4c4/0x670 [ 2608.710479][T29363] ? __pfx____ratelimit+0x10/0x10 [ 2608.715519][T29363] dump_header+0xda/0x6a0 [ 2608.719842][T29363] oom_kill_process+0x3a7/0x930 [ 2608.724678][T29363] out_of_memory+0xf67/0x1320 [ 2608.729342][T29363] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2608.734955][T29363] ? __pfx___mutex_lock+0x10/0x10 [ 2608.739962][T29363] ? __pfx_out_of_memory+0x10/0x10 [ 2608.745063][T29363] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2608.750602][T29363] ? __pfx_lock_release+0x10/0x10 [ 2608.755613][T29363] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2608.761675][T29363] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2608.766866][T29363] ? mem_cgroup_iter+0x422/0x560 [ 2608.771789][T29363] try_charge_memcg+0xda2/0x18a0 [ 2608.776736][T29363] ? __pfx_try_charge_memcg+0x10/0x10 [ 2608.782091][T29363] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2608.787794][T29363] ? __pfx_lock_release+0x10/0x10 [ 2608.792804][T29363] ? memcg_account_kmem+0x1e7/0x210 [ 2608.797990][T29363] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2608.803780][T29363] __memcg_kmem_charge_page+0xe1/0x250 [ 2608.809236][T29363] memcg_charge_kernel_stack+0x304/0x550 [ 2608.814858][T29363] dup_task_struct+0x40d/0x7d0 [ 2608.819608][T29363] copy_process+0x5d5/0x3fc0 [ 2608.824188][T29363] ? __might_fault+0xa9/0x120 [ 2608.828848][T29363] ? __pfx_lock_release+0x10/0x10 [ 2608.833862][T29363] ? __pfx_copy_process+0x10/0x10 [ 2608.838870][T29363] ? __might_fault+0xc5/0x120 [ 2608.843529][T29363] ? __asan_memset+0x23/0x50 [ 2608.848106][T29363] kernel_clone+0x21d/0x8d0 [ 2608.852613][T29363] ? __pfx_kernel_clone+0x10/0x10 [ 2608.857646][T29363] __se_sys_clone3+0x2cb/0x350 [ 2608.862399][T29363] ? __pfx___se_sys_clone3+0x10/0x10 [ 2608.867675][T29363] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2608.873658][T29363] ? exc_page_fault+0x587/0x870 [ 2608.878504][T29363] ? do_syscall_64+0xb4/0x240 [ 2608.883165][T29363] do_syscall_64+0xf9/0x240 [ 2608.887656][T29363] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2608.893536][T29363] RIP: 0033:0x7fdfb62a9b99 [ 2608.897938][T29363] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2608.917538][T29363] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2608.925939][T29363] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2608.933903][T29363] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2608.941859][T29363] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2608.949812][T29363] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2608.957767][T29363] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2608.965734][T29363] [ 2608.986704][T29363] memory: usage 307200kB, limit 307200kB, failcnt 28101 [ 2608.993687][T29363] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2609.008764][T29363] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2609.020683][T29363] Memory cgroup stats for /syz3: [ 2609.020802][T29363] cache 0 [ 2609.029682][T29363] rss 0 [ 2609.032498][T29363] rss_huge 0 [ 2609.035706][T29363] shmem 0 [ 2609.045892][T29363] mapped_file 0 [ 2609.049491][T29363] dirty 0 [ 2609.052513][T29363] writeback 0 [ 2609.055888][T29363] workingset_refault_anon 11953 [ 2609.067950][T29363] workingset_refault_file 1 [ 2609.072502][T29363] swap 192512 [ 2609.075800][T29363] swapcached 0 [ 2609.083643][T29363] pgpgin 332557 [ 2609.090772][T29363] pgpgout 332557 [ 2609.094347][T29363] pgfault 807767 [ 2609.098203][T29363] pgmajfault 10093 [ 2609.101970][T29363] inactive_anon 0 [ 2609.105610][T29363] active_anon 0 [ 2609.109295][T29363] inactive_file 0 [ 2609.112937][T29363] active_file 0 [ 2609.116426][T29363] unevictable 0 [ 2609.120179][T29363] hierarchical_memory_limit 314572800 [ 2609.125563][T29363] hierarchical_memsw_limit 9223372036854771712 [ 2609.132081][T29363] total_cache 0 [ 2609.135559][T29363] total_rss 0 [ 2609.139162][T29363] total_rss_huge 0 [ 2609.142929][T29363] total_shmem 0 [ 2609.146543][T29363] total_mapped_file 0 [ 2609.150565][T29363] total_dirty 0 [ 2609.154031][T29363] total_writeback 0 [ 2609.157944][T29363] total_workingset_refault_anon 11953 [ 2609.163322][T29363] total_workingset_refault_file 1 [ 2609.168477][T29363] total_swap 217088 [ 2609.172359][T29363] total_swapcached 0 [ 2609.176338][T29363] total_pgpgin 342103 [ 2609.180378][T29363] total_pgpgout 342103 [ 2609.184466][T29363] total_pgfault 817354 [ 2609.194644][T29363] total_pgmajfault 10093 [ 2609.201433][T29363] total_inactive_anon 0 [ 2609.205622][T29363] total_active_anon 0 [ 2609.210196][T29363] total_inactive_file 0 [ 2609.214365][T29363] total_active_file 0 [ 2609.218731][T29363] total_unevictable 0 [ 2609.223015][T29363] anon_cost 0 [ 2609.227708][T29363] file_cost 0 [ 2609.231033][T29363] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29363,uid=0 [ 2609.246916][T29363] Memory cgroup out of memory: Killed process 29363 (syz-executor.3) total-vm:54508kB, anon-rss:128kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:35 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xfffcf004, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2609.683812][T29364] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2609.713126][T29364] CPU: 0 PID: 29364 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2609.723585][T29364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2609.733655][T29364] Call Trace: [ 2609.736950][T29364] [ 2609.739892][T29364] dump_stack_lvl+0x1e7/0x2e0 [ 2609.744592][T29364] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2609.749826][T29364] dump_header+0xda/0x6a0 [ 2609.754175][T29364] oom_kill_process+0x3a7/0x930 [ 2609.759048][T29364] out_of_memory+0xf67/0x1320 [ 2609.763749][T29364] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2609.769393][T29364] ? __pfx___mutex_lock+0x10/0x10 [ 2609.774445][T29364] ? __pfx_out_of_memory+0x10/0x10 [ 2609.779586][T29364] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2609.785144][T29364] ? __pfx_lock_release+0x10/0x10 [ 2609.790191][T29364] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2609.796286][T29364] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2609.801511][T29364] ? mem_cgroup_iter+0x422/0x560 [ 2609.806472][T29364] try_charge_memcg+0xda2/0x18a0 [ 2609.811471][T29364] ? __pfx_try_charge_memcg+0x10/0x10 [ 2609.816862][T29364] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2609.822612][T29364] ? __pfx_lock_release+0x10/0x10 [ 2609.827662][T29364] ? memcg_account_kmem+0x1e7/0x210 [ 2609.832894][T29364] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2609.838899][T29364] __memcg_kmem_charge_page+0xe1/0x250 [ 2609.844390][T29364] memcg_charge_kernel_stack+0x304/0x550 [ 2609.850048][T29364] dup_task_struct+0x15d/0x7d0 [ 2609.854842][T29364] copy_process+0x5d5/0x3fc0 [ 2609.859466][T29364] ? __might_fault+0xa9/0x120 [ 2609.864164][T29364] ? __pfx_lock_release+0x10/0x10 [ 2609.869225][T29364] ? __pfx_copy_process+0x10/0x10 [ 2609.874273][T29364] ? __might_fault+0xc5/0x120 [ 2609.878977][T29364] ? __asan_memset+0x23/0x50 [ 2609.883597][T29364] kernel_clone+0x21d/0x8d0 [ 2609.888126][T29364] ? __pfx_kernel_clone+0x10/0x10 [ 2609.893188][T29364] __se_sys_clone3+0x2cb/0x350 [ 2609.897976][T29364] ? __pfx___se_sys_clone3+0x10/0x10 [ 2609.903298][T29364] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2609.909313][T29364] ? exc_page_fault+0x587/0x870 [ 2609.914193][T29364] ? do_syscall_64+0xb4/0x240 [ 2609.918897][T29364] do_syscall_64+0xf9/0x240 [ 2609.923770][T29364] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2609.929779][T29364] RIP: 0033:0x7fdfb62a9b99 [ 2609.934211][T29364] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2609.954625][T29364] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2609.963197][T29364] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2609.971291][T29364] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2609.979290][T29364] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2609.980962][ T5096] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 2609.987261][T29364] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2609.987281][T29364] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2609.987307][T29364] [ 2610.024383][ T5096] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 2610.027181][T29364] memory: usage 307200kB, limit 307200kB, failcnt 28652 [ 2610.033952][T28174] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 2610.047608][T28174] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 2610.055275][T28174] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 2610.061069][T29364] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2610.062714][T28174] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 2610.087472][T29364] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2610.094797][T29364] Memory cgroup stats for /syz3: [ 2610.094933][T29364] cache 0 [ 2610.108610][T29364] rss 16384 [ 2610.111755][T29364] rss_huge 0 [ 2610.114972][T29364] shmem 0 [ 2610.118191][T29364] mapped_file 0 [ 2610.121670][T29364] dirty 0 [ 2610.124613][T29364] writeback 0 [ 2610.128019][T29364] workingset_refault_anon 12178 [ 2610.132884][T29364] workingset_refault_file 1 [ 2610.137494][T29364] swap 172032 [ 2610.140795][T29364] swapcached 4096 [ 2610.144692][T29364] pgpgin 332797 [ 2610.148228][T29364] pgpgout 332792 [ 2610.151779][T29364] pgfault 808100 [ 2610.155321][T29364] pgmajfault 10288 [ 2610.159193][T29364] inactive_anon 0 [ 2610.162842][T29364] active_anon 20480 [ 2610.166755][T29364] inactive_file 0 [ 2610.170393][T29364] active_file 0 [ 2610.173865][T29364] unevictable 0 [ 2610.177457][T29364] hierarchical_memory_limit 314572800 [ 2610.182838][T29364] hierarchical_memsw_limit 9223372036854771712 [ 2610.189492][T29364] total_cache 0 [ 2610.192972][T29364] total_rss 16384 [ 2610.197880][T29364] total_rss_huge 0 [ 2610.201791][T29364] total_shmem 0 [ 2610.205283][T29364] total_mapped_file 0 [ 2610.209382][T29364] total_dirty 0 [ 2610.212868][T29364] total_writeback 0 [ 2610.216769][T29364] total_workingset_refault_anon 12178 [ 2610.222146][T29364] total_workingset_refault_file 1 [ 2610.227268][T29364] total_swap 196608 [ 2610.231115][T29364] total_swapcached 4096 [ 2610.235280][T29364] total_pgpgin 342343 [ 2610.239390][T29364] total_pgpgout 342338 [ 2610.243483][T29364] total_pgfault 817687 [ 2610.247981][T29364] total_pgmajfault 10288 [ 2610.252325][T29364] total_inactive_anon 0 [ 2610.256629][T29364] total_active_anon 20480 [ 2610.261056][T29364] total_inactive_file 0 [ 2610.265214][T29364] total_active_file 0 [ 2610.270220][T29364] total_unevictable 0 [ 2610.274221][T29364] anon_cost 0 [ 2610.277631][T29364] file_cost 0 10:24:36 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xffffa888, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2610.280927][T29364] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29364,uid=0 [ 2610.296746][T29364] Memory cgroup out of memory: Killed process 29364 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2611.388179][T29369] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2611.414861][T29369] CPU: 0 PID: 29369 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2611.425361][T29369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2611.435414][T29369] Call Trace: [ 2611.438692][T29369] [ 2611.441620][T29369] dump_stack_lvl+0x1e7/0x2e0 [ 2611.446324][T29369] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2611.451518][T29369] ? __pfx__printk+0x10/0x10 [ 2611.456103][T29369] ? ___ratelimit+0x4c4/0x670 [ 2611.460893][T29369] ? __pfx____ratelimit+0x10/0x10 [ 2611.465977][T29369] dump_header+0xda/0x6a0 [ 2611.470366][T29369] oom_kill_process+0x3a7/0x930 [ 2611.475255][T29369] out_of_memory+0xf67/0x1320 [ 2611.479989][T29369] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2611.485625][T29369] ? __pfx___mutex_lock+0x10/0x10 [ 2611.490673][T29369] ? __pfx_out_of_memory+0x10/0x10 [ 2611.495789][T29369] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2611.501333][T29369] ? __pfx_lock_release+0x10/0x10 [ 2611.506360][T29369] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2611.512434][T29369] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2611.517652][T29369] ? mem_cgroup_iter+0x422/0x560 [ 2611.522595][T29369] try_charge_memcg+0xda2/0x18a0 [ 2611.527543][T29369] ? __pfx_try_charge_memcg+0x10/0x10 [ 2611.532921][T29369] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2611.538646][T29369] ? __pfx_lock_release+0x10/0x10 [ 2611.543695][T29369] ? memcg_account_kmem+0x1e7/0x210 [ 2611.548895][T29369] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2611.554706][T29369] __memcg_kmem_charge_page+0xe1/0x250 [ 2611.560185][T29369] memcg_charge_kernel_stack+0x28a/0x550 [ 2611.565814][T29369] dup_task_struct+0x40d/0x7d0 [ 2611.570591][T29369] copy_process+0x5d5/0x3fc0 [ 2611.575226][T29369] ? __might_fault+0xa9/0x120 [ 2611.579935][T29369] ? __pfx_lock_release+0x10/0x10 [ 2611.584973][T29369] ? __pfx_copy_process+0x10/0x10 [ 2611.590019][T29369] ? __might_fault+0xc5/0x120 [ 2611.594703][T29369] ? __asan_memset+0x23/0x50 [ 2611.599345][T29369] kernel_clone+0x21d/0x8d0 [ 2611.603850][T29369] ? __pfx_kernel_clone+0x10/0x10 [ 2611.608918][T29369] __se_sys_clone3+0x2cb/0x350 [ 2611.613712][T29369] ? __pfx___se_sys_clone3+0x10/0x10 [ 2611.619023][T29369] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2611.625035][T29369] ? exc_page_fault+0x587/0x870 [ 2611.629886][T29369] ? do_syscall_64+0xb4/0x240 [ 2611.634567][T29369] do_syscall_64+0xf9/0x240 [ 2611.639086][T29369] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2611.645003][T29369] RIP: 0033:0x7fdfb62a9b99 [ 2611.649597][T29369] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2611.669221][T29369] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2611.677656][T29369] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2611.685649][T29369] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2611.693616][T29369] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2611.701597][T29369] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2611.709581][T29369] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2611.717555][T29369] [ 2611.730239][T29369] memory: usage 307200kB, limit 307200kB, failcnt 30298 [ 2611.748363][T29369] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0 [ 2611.768846][T29369] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0 [ 2611.781649][T29369] Memory cgroup stats for /syz3: [ 2611.781779][T29369] cache 0 [ 2611.790194][T29369] rss 16384 [ 2611.793319][T29369] rss_huge 0 [ 2611.797028][T29369] shmem 0 [ 2611.799977][T29369] mapped_file 0 [ 2611.803437][T29369] dirty 0 [ 2611.807360][T29369] writeback 0 [ 2611.810671][T29369] workingset_refault_anon 12706 [ 2611.815528][T29369] workingset_refault_file 1 [ 2611.820859][T29369] swap 176128 [ 2611.824181][T29369] swapcached 0 [ 2611.828069][T29369] pgpgin 333341 [ 2611.831538][T29369] pgpgout 333337 [ 2611.835080][T29369] pgfault 808767 [ 2611.843977][T29369] pgmajfault 10721 [ 2611.850897][T29369] inactive_anon 0 [ 2611.854564][T29369] active_anon 12288 [ 2611.861179][T29369] inactive_file 0 [ 2611.864833][T29369] active_file 0 [ 2611.873771][T29369] unevictable 0 [ 2611.879867][T29369] hierarchical_memory_limit 314572800 [ 2611.885531][T29369] hierarchical_memsw_limit 9223372036854771712 [ 2611.896317][T29369] total_cache 0 [ 2611.899808][T29369] total_rss 16384 [ 2611.903448][T29369] total_rss_huge 0 [ 2611.908293][T29369] total_shmem 0 [ 2611.911774][T29369] total_mapped_file 0 [ 2611.915761][T29369] total_dirty 0 [ 2611.919943][T29369] total_writeback 0 [ 2611.923768][T29369] total_workingset_refault_anon 12706 [ 2611.929690][T29369] total_workingset_refault_file 1 [ 2611.934745][T29369] total_swap 200704 [ 2611.939144][T29369] total_swapcached 0 [ 2611.943050][T29369] total_pgpgin 342887 [ 2611.950087][T29369] total_pgpgout 342883 [ 2611.954178][T29369] total_pgfault 818354 [ 2611.958815][T29369] total_pgmajfault 10721 [ 2611.963077][T29369] total_inactive_anon 0 [ 2611.967842][T29369] total_active_anon 12288 [ 2611.972291][T29369] total_inactive_file 0 [ 2611.977057][T29369] total_active_file 0 [ 2611.981056][T29369] total_unevictable 0 [ 2611.985358][T29369] anon_cost 0 [ 2611.989470][T29369] file_cost 0 10:24:38 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xffffff7f, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2611.992860][T29369] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29369,uid=0 [ 2612.009025][T29369] Memory cgroup out of memory: Killed process 29369 (syz-executor.3) total-vm:54508kB, anon-rss:128kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2612.107174][T20857] Bluetooth: hci1: command 0x0409 tx timeout [ 2612.385837][T29370] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2612.396712][T29370] CPU: 0 PID: 29370 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2612.407163][T29370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2612.417241][T29370] Call Trace: [ 2612.420523][T29370] [ 2612.423451][T29370] dump_stack_lvl+0x1e7/0x2e0 [ 2612.428245][T29370] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2612.433453][T29370] ? __pfx__printk+0x10/0x10 [ 2612.438043][T29370] ? ___ratelimit+0x4c4/0x670 [ 2612.442728][T29370] ? __pfx____ratelimit+0x10/0x10 [ 2612.447757][T29370] dump_header+0xda/0x6a0 [ 2612.452091][T29370] oom_kill_process+0x3a7/0x930 [ 2612.456943][T29370] out_of_memory+0xf67/0x1320 [ 2612.461616][T29370] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2612.467244][T29370] ? __pfx___mutex_lock+0x10/0x10 [ 2612.472261][T29370] ? __pfx_out_of_memory+0x10/0x10 [ 2612.477373][T29370] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2612.482919][T29370] ? __pfx_lock_release+0x10/0x10 [ 2612.487943][T29370] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2612.494094][T29370] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2612.499290][T29370] ? mem_cgroup_iter+0x422/0x560 [ 2612.504399][T29370] try_charge_memcg+0xda2/0x18a0 [ 2612.509354][T29370] ? __pfx_try_charge_memcg+0x10/0x10 [ 2612.514727][T29370] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2612.520438][T29370] ? __pfx_lock_release+0x10/0x10 [ 2612.525457][T29370] ? memcg_account_kmem+0x1e7/0x210 [ 2612.530662][T29370] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2612.536466][T29370] __memcg_kmem_charge_page+0xe1/0x250 [ 2612.541924][T29370] memcg_charge_kernel_stack+0x304/0x550 [ 2612.547553][T29370] dup_task_struct+0x40d/0x7d0 [ 2612.552314][T29370] copy_process+0x5d5/0x3fc0 [ 2612.556910][T29370] ? __might_fault+0xa9/0x120 [ 2612.561580][T29370] ? __pfx_lock_release+0x10/0x10 [ 2612.566605][T29370] ? __pfx_copy_process+0x10/0x10 [ 2612.571622][T29370] ? __might_fault+0xc5/0x120 [ 2612.576297][T29370] ? __asan_memset+0x23/0x50 [ 2612.580885][T29370] kernel_clone+0x21d/0x8d0 [ 2612.585388][T29370] ? __pfx_kernel_clone+0x10/0x10 [ 2612.590425][T29370] __se_sys_clone3+0x2cb/0x350 [ 2612.595287][T29370] ? __pfx___se_sys_clone3+0x10/0x10 [ 2612.600576][T29370] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2612.606563][T29370] ? exc_page_fault+0x587/0x870 [ 2612.611410][T29370] ? do_syscall_64+0xb4/0x240 [ 2612.616081][T29370] do_syscall_64+0xf9/0x240 [ 2612.620583][T29370] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2612.626475][T29370] RIP: 0033:0x7fdfb62a9b99 [ 2612.630883][T29370] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2612.650483][T29370] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2612.658901][T29370] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2612.666865][T29370] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2612.674829][T29370] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2612.682790][T29370] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2612.690751][T29370] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2612.698727][T29370] [ 2612.707153][T29370] memory: usage 307200kB, limit 307200kB, failcnt 30897 [ 2612.714132][T29370] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2612.722242][T29370] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2612.729869][T29370] Memory cgroup stats for /syz3: [ 2612.730003][T29370] cache 0 [ 2612.738024][T29370] rss 28672 [ 2612.741227][T29370] rss_huge 0 [ 2612.744436][T29370] shmem 0 [ 2612.747538][T29370] mapped_file 0 [ 2612.751005][T29370] dirty 0 [ 2612.753940][T29370] writeback 0 [ 2612.763028][T29370] workingset_refault_anon 12927 [ 2612.767970][T29370] workingset_refault_file 1 [ 2612.772478][T29370] swap 163840 [ 2612.775765][T29370] swapcached 0 [ 2612.779573][T29370] pgpgin 333582 [ 2612.783101][T29370] pgpgout 333575 [ 2612.786811][T29370] pgfault 809088 [ 2612.790438][T29370] pgmajfault 10908 [ 2612.794177][T29370] inactive_anon 0 [ 2612.797951][T29370] active_anon 28672 [ 2612.801754][T29370] inactive_file 0 [ 2612.805386][T29370] active_file 0 [ 2612.809217][T29370] unevictable 0 [ 2612.812697][T29370] hierarchical_memory_limit 314572800 [ 2612.820936][T29370] hierarchical_memsw_limit 9223372036854771712 [ 2612.849255][T29370] total_cache 0 [ 2612.852774][T29370] total_rss 28672 [ 2612.856564][T29370] total_rss_huge 0 [ 2612.860364][T29370] total_shmem 0 [ 2612.863850][T29370] total_mapped_file 0 [ 2612.868122][T29370] total_dirty 0 [ 2612.871600][T29370] total_writeback 0 [ 2612.875412][T29370] total_workingset_refault_anon 12927 [ 2612.880990][T29370] total_workingset_refault_file 1 [ 2612.886027][T29370] total_swap 188416 [ 2612.890111][T29370] total_swapcached 0 [ 2612.894038][T29370] total_pgpgin 343128 [ 2612.898179][T29370] total_pgpgout 343121 [ 2612.902310][T29370] total_pgfault 818675 [ 2612.907228][T29370] total_pgmajfault 10908 [ 2612.911499][T29370] total_inactive_anon 0 [ 2612.915661][T29370] total_active_anon 28672 [ 2612.920444][T29370] total_inactive_file 0 [ 2612.924608][T29370] total_active_file 0 [ 2612.935528][T29370] total_unevictable 0 [ 2612.939710][T29370] anon_cost 0 [ 2612.943011][T29370] file_cost 0 [ 2612.946827][T29370] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29370,uid=0 [ 2612.962648][T29370] Memory cgroup out of memory: Killed process 29370 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:39 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0xfffffff0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2613.964681][T29371] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2613.975093][T29371] CPU: 0 PID: 29371 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2613.985575][T29371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2613.995658][T29371] Call Trace: [ 2613.998958][T29371] [ 2614.001901][T29371] dump_stack_lvl+0x1e7/0x2e0 [ 2614.006594][T29371] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2614.011814][T29371] ? __pfx__printk+0x10/0x10 [ 2614.016422][T29371] ? ___ratelimit+0x4c4/0x670 [ 2614.021112][T29371] ? __pfx____ratelimit+0x10/0x10 [ 2614.026127][T29371] dump_header+0xda/0x6a0 [ 2614.030491][T29371] oom_kill_process+0x3a7/0x930 [ 2614.035390][T29371] out_of_memory+0xf67/0x1320 [ 2614.040103][T29371] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2614.045732][T29371] ? __pfx___mutex_lock+0x10/0x10 [ 2614.050763][T29371] ? __pfx_out_of_memory+0x10/0x10 [ 2614.055978][T29371] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2614.061528][T29371] ? __pfx_lock_release+0x10/0x10 [ 2614.066660][T29371] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2614.072749][T29371] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2614.077960][T29371] ? mem_cgroup_iter+0x422/0x560 [ 2614.082885][T29371] try_charge_memcg+0xda2/0x18a0 [ 2614.087845][T29371] ? __pfx_try_charge_memcg+0x10/0x10 [ 2614.093236][T29371] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2614.098959][T29371] ? __pfx_lock_release+0x10/0x10 [ 2614.104074][T29371] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2614.109972][T29371] __memcg_kmem_charge_page+0xe1/0x250 [ 2614.115445][T29371] memcg_charge_kernel_stack+0xa7/0x550 [ 2614.120984][T29371] dup_task_struct+0x15d/0x7d0 [ 2614.125731][T29371] copy_process+0x5d5/0x3fc0 [ 2614.130338][T29371] ? __might_fault+0xa9/0x120 [ 2614.135032][T29371] ? __pfx_lock_release+0x10/0x10 [ 2614.140074][T29371] ? __lock_acquire+0x1345/0x1fd0 [ 2614.145087][T29371] ? __pfx_copy_process+0x10/0x10 [ 2614.150114][T29371] ? __might_fault+0xc5/0x120 [ 2614.154798][T29371] ? __asan_memset+0x23/0x50 [ 2614.159379][T29371] kernel_clone+0x21d/0x8d0 [ 2614.163869][T29371] ? __pfx_kernel_clone+0x10/0x10 [ 2614.168910][T29371] ? __pfx_lock_release+0x10/0x10 [ 2614.173983][T29371] __se_sys_clone3+0x2cb/0x350 [ 2614.178767][T29371] ? __might_fault+0xa9/0x120 [ 2614.183441][T29371] ? __pfx___se_sys_clone3+0x10/0x10 [ 2614.186679][T20857] Bluetooth: hci1: command 0x041b tx timeout [ 2614.188704][T29371] ? rcu_is_watching+0x15/0xb0 [ 2614.199455][T29371] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2614.205471][T29371] ? exc_page_fault+0x587/0x870 [ 2614.210346][T29371] ? do_syscall_64+0xb4/0x240 [ 2614.215048][T29371] do_syscall_64+0xf9/0x240 [ 2614.219575][T29371] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2614.225474][T29371] RIP: 0033:0x7fdfb62a9b99 [ 2614.229896][T29371] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2614.249622][T29371] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2614.258051][T29371] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2614.266009][T29371] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2614.273981][T29371] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2614.282045][T29371] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2614.290012][T29371] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2614.298020][T29371] [ 2614.307988][T29371] memory: usage 307200kB, limit 307200kB, failcnt 32279 [ 2614.314957][T29371] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2614.322981][T29371] kmem: usage 307180kB, limit 9007199254740988kB, failcnt 0 [ 2614.330339][T29371] Memory cgroup stats for /syz3: [ 2614.330453][T29371] cache 0 [ 2614.338456][T29371] rss 8192 [ 2614.341490][T29371] rss_huge 0 [ 2614.344694][T29371] shmem 0 [ 2614.347764][T29371] mapped_file 0 [ 2614.351234][T29371] dirty 0 [ 2614.354167][T29371] writeback 0 [ 2614.366973][T29371] workingset_refault_anon 13430 [ 2614.371851][T29371] workingset_refault_file 1 [ 2614.376478][T29371] swap 184320 [ 2614.379830][T29371] swapcached 0 [ 2614.383207][T29371] pgpgin 334101 [ 2614.386769][T29371] pgpgout 334099 [ 2614.390316][T29371] pgfault 809748 [ 2614.393871][T29371] pgmajfault 11322 [ 2614.397721][T29371] inactive_anon 0 [ 2614.401355][T29371] active_anon 8192 [ 2614.405073][T29371] inactive_file 0 [ 2614.409105][T29371] active_file 0 [ 2614.412581][T29371] unevictable 0 [ 2614.416071][T29371] hierarchical_memory_limit 314572800 [ 2614.422167][T29371] hierarchical_memsw_limit 9223372036854771712 [ 2614.441071][T29371] total_cache 0 [ 2614.444595][T29371] total_rss 8192 [ 2614.450260][T29371] total_rss_huge 0 [ 2614.454023][T29371] total_shmem 0 [ 2614.457754][T29371] total_mapped_file 0 [ 2614.461743][T29371] total_dirty 0 [ 2614.465205][T29371] total_writeback 0 [ 2614.469227][T29371] total_workingset_refault_anon 13430 [ 2614.474608][T29371] total_workingset_refault_file 1 [ 2614.479753][T29371] total_swap 208896 [ 2614.483568][T29371] total_swapcached 0 [ 2614.487585][T29371] total_pgpgin 343647 [ 2614.491570][T29371] total_pgpgout 343645 [ 2614.495642][T29371] total_pgfault 819335 [ 2614.499821][T29371] total_pgmajfault 11322 [ 2614.504069][T29371] total_inactive_anon 0 [ 2614.511040][T29371] total_active_anon 8192 [ 2614.515297][T29371] total_inactive_file 0 [ 2614.522620][T29371] total_active_file 0 [ 2614.529330][T29371] total_unevictable 0 [ 2614.533328][T29371] anon_cost 0 [ 2614.540094][T29371] file_cost 0 [ 2614.543402][T29371] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29371,uid=0 [ 2614.569104][T29371] Memory cgroup out of memory: Killed process 29371 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:40 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x10, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2614.946527][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2614.970010][ T5088] CPU: 0 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2614.980582][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2614.990751][ T5088] Call Trace: [ 2614.994043][ T5088] [ 2614.997005][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2615.001826][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2615.007084][ T5088] ? __pfx__printk+0x10/0x10 [ 2615.011694][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2615.016401][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2615.021457][ T5088] dump_header+0xda/0x6a0 [ 2615.025823][ T5088] oom_kill_process+0x3a7/0x930 [ 2615.030708][ T5088] out_of_memory+0xf67/0x1320 [ 2615.035419][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2615.041073][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2615.046097][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2615.051385][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2615.056931][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2615.061966][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2615.068032][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2615.073245][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2615.078181][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2615.083110][ T5088] ? mark_lock+0x9a/0x350 [ 2615.087451][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2615.092834][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2615.098986][ T5088] charge_memcg+0xa2/0x160 [ 2615.103411][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2615.109479][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2615.115059][ T5088] ? mark_lock+0x9a/0x350 [ 2615.119389][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2615.125370][ T5088] ? blk_start_plug+0x6f/0x1b0 [ 2615.130134][ T5088] swap_cluster_readahead+0x398/0x810 [ 2615.135512][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2615.141492][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2615.146523][ T5088] ? xas_descend+0x37e/0x470 [ 2615.151126][ T5088] swapin_readahead+0x1ea/0x1070 [ 2615.156059][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2615.161178][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2615.166555][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2615.171839][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2615.177124][ T5088] do_swap_page+0x791/0x3f40 [ 2615.181707][ T5088] ? __lock_acquire+0x1345/0x1fd0 [ 2615.186728][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2615.191497][ T5088] ? do_swap_page+0x154/0x3f40 [ 2615.196250][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2615.201268][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2615.206725][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2615.212522][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 2615.217718][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2615.222845][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2615.228307][ T5088] ? mt_find+0x226/0x850 [ 2615.232545][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2615.237580][ T5088] ? mt_find+0x62d/0x850 [ 2615.241822][ T5088] ? mt_find+0x226/0x850 [ 2615.246076][ T5088] ? find_vma+0x142/0x1c0 [ 2615.250405][ T5088] ? __pfx_find_vma+0x10/0x10 [ 2615.255074][ T5088] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2615.261053][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2615.265822][ T5088] exc_page_fault+0x2ad/0x870 [ 2615.270504][ T5088] asm_exc_page_fault+0x26/0x30 [ 2615.275436][ T5088] RIP: 0010:__get_user_8+0x11/0x20 [ 2615.280544][ T5088] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2615.300150][ T5088] RSP: 0000:ffffc90003fffd78 EFLAGS: 00050202 [ 2615.306212][ T5088] RAX: 0000555555682da8 RBX: ffff88802746d0b8 RCX: ffffc90003fffc03 [ 2615.314211][ T5088] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2615.322177][ T5088] RBP: ffffc90003fffec0 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2615.330155][ T5088] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc90003fffd80 [ 2615.338117][ T5088] R13: ffffc90003ffffd8 R14: dffffc0000000000 R15: ffff88802746bb80 [ 2615.346097][ T5088] __rseq_handle_notify_resume+0x158/0x1490 [ 2615.352095][ T5088] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2615.358426][ T5088] ? irqentry_exit_to_user_mode+0x52/0x270 [ 2615.364239][ T5088] irqentry_exit_to_user_mode+0xbb/0x270 [ 2615.369881][ T5088] exc_page_fault+0x587/0x870 [ 2615.374560][ T5088] asm_exc_page_fault+0x26/0x30 [ 2615.379661][ T5088] RIP: 0033:0x7fdfb62a91b8 [ 2615.384069][ T5088] Code: 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 44 89 c7 <48> 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8 c3 0f 1f [ 2615.403666][ T5088] RSP: 002b:00007ffda0a70310 EFLAGS: 00010293 [ 2615.409728][ T5088] RAX: 0000000000000000 RBX: 000000000000779c RCX: 00007fdfb62a91b5 [ 2615.417690][ T5088] RDX: 00007ffda0a70350 RSI: 0000000000000000 RDI: 0000000000000000 [ 2615.425655][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000000 R09: 00007ffda0b240b0 [ 2615.433617][ T5088] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2615.441579][ T5088] R13: 000000000027e587 R14: 000000000027e587 R15: 0000000000000000 [ 2615.449562][ T5088] [ 2615.473431][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 32917 [ 2615.480569][ T5088] memory+swap: usage 307424kB, limit 9007199254740988kB, failcnt 0 [ 2615.488991][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2615.496409][ T5088] Memory cgroup stats for /syz3: [ 2615.496525][ T5088] cache 0 [ 2615.518056][ T5088] rss 28672 [ 2615.521220][ T5088] rss_huge 0 [ 2615.524429][ T5088] shmem 0 [ 2615.533431][ T5088] mapped_file 0 [ 2615.537414][ T5088] dirty 0 [ 2615.540365][ T5088] writeback 0 [ 2615.543654][ T5088] workingset_refault_anon 13625 [ 2615.549621][ T5088] workingset_refault_file 1 [ 2615.554143][ T5088] swap 204800 [ 2615.557960][ T5088] swapcached 0 [ 2615.561451][ T5088] pgpgin 334308 [ 2615.564917][ T5088] pgpgout 334301 [ 2615.569396][ T5088] pgfault 810003 [ 2615.572968][ T5088] pgmajfault 11479 [ 2615.578482][ T5088] inactive_anon 0 [ 2615.582229][ T5088] active_anon 28672 [ 2615.586053][ T5088] inactive_file 0 [ 2615.590392][ T5088] active_file 0 [ 2615.593868][ T5088] unevictable 0 [ 2615.597908][ T5088] hierarchical_memory_limit 314572800 [ 2615.603298][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2615.610002][ T5088] total_cache 0 [ 2615.613479][ T5088] total_rss 28672 [ 2615.617665][ T5088] total_rss_huge 0 [ 2615.621411][ T5088] total_shmem 0 [ 2615.624874][ T5088] total_mapped_file 0 [ 2615.635332][ T5088] total_dirty 0 [ 2615.638974][ T5088] total_writeback 0 [ 2615.642800][ T5088] total_workingset_refault_anon 13625 [ 2615.648586][ T5088] total_workingset_refault_file 1 [ 2615.653633][ T5088] total_swap 229376 [ 2615.657532][ T5088] total_swapcached 0 [ 2615.661528][ T5088] total_pgpgin 343854 [ 2615.665551][ T5088] total_pgpgout 343847 [ 2615.669758][ T5088] total_pgfault 819590 [ 2615.673851][ T5088] total_pgmajfault 11479 [ 2615.678223][ T5088] total_inactive_anon 0 [ 2615.682394][ T5088] total_active_anon 28672 [ 2615.688583][ T5088] total_inactive_file 0 [ 2615.695788][ T5088] total_active_file 0 [ 2615.700217][ T5088] total_unevictable 0 [ 2615.704215][ T5088] anon_cost 0 [ 2615.708182][ T5088] file_cost 0 10:24:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x18, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2615.711769][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29372,uid=0 [ 2615.728181][ T5088] Memory cgroup out of memory: Killed process 29372 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2616.209843][T29373] syz-executor.3 invoked oom-killer: gfp_mask=0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2616.223322][T29373] CPU: 1 PID: 29373 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2616.233763][T29373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2616.243842][T29373] Call Trace: [ 2616.247316][T29373] [ 2616.250352][T29373] dump_stack_lvl+0x1e7/0x2e0 [ 2616.255051][T29373] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2616.260245][T29373] ? __pfx__printk+0x10/0x10 [ 2616.264853][T29373] ? ___ratelimit+0x4c4/0x670 [ 2616.269525][T29373] ? __pfx____ratelimit+0x10/0x10 [ 2616.274544][T29373] dump_header+0xda/0x6a0 [ 2616.278900][T29373] oom_kill_process+0x3a7/0x930 [ 2616.283775][T29373] out_of_memory+0xf67/0x1320 [ 2616.288461][T29373] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2616.294083][T29373] ? __pfx___mutex_lock+0x10/0x10 [ 2616.299111][T29373] ? __pfx_out_of_memory+0x10/0x10 [ 2616.304313][T29373] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2616.309849][T29373] ? __pfx_lock_release+0x10/0x10 [ 2616.314873][T29373] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2616.320938][T29373] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2616.326126][T29373] ? mem_cgroup_iter+0x422/0x560 [ 2616.331081][T29373] try_charge_memcg+0xda2/0x18a0 [ 2616.336049][T29373] ? __pfx_try_charge_memcg+0x10/0x10 [ 2616.341415][T29373] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2616.347125][T29373] ? __pfx_lock_release+0x10/0x10 [ 2616.352144][T29373] ? __lock_acquire+0x1345/0x1fd0 [ 2616.357174][T29373] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2616.362880][T29373] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2616.368690][T29373] __memcg_kmem_charge_page+0xe1/0x250 [ 2616.374146][T29373] __alloc_pages+0x28b/0x680 [ 2616.378733][T29373] ? __pfx___alloc_pages+0x10/0x10 [ 2616.383843][T29373] ? policy_nodemask+0x1ec/0x720 [ 2616.388779][T29373] alloc_pages_mpol+0x3de/0x650 [ 2616.393621][T29373] ? do_raw_spin_lock+0x14e/0x370 [ 2616.398638][T29373] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2616.404003][T29373] ? alloc_pages+0xee/0x170 [ 2616.408496][T29373] pte_alloc_one+0x88/0x5d0 [ 2616.412993][T29373] ? __pfx_pte_alloc_one+0x10/0x10 [ 2616.418107][T29373] ? __thp_vma_allowable_orders+0x796/0x8d0 [ 2616.424090][T29373] __do_fault+0xd0/0x460 [ 2616.428345][T29373] __handle_mm_fault+0x23c3/0x72d0 [ 2616.433521][T29373] ? reacquire_held_locks+0x3eb/0x690 [ 2616.438916][T29373] ? __pfx___handle_mm_fault+0x10/0x10 [ 2616.444412][T29373] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2616.450167][T29373] ? mtree_range_walk+0x6fd/0x8e0 [ 2616.455216][T29373] ? lock_vma_under_rcu+0x18a/0x730 [ 2616.460439][T29373] ? __pfx_lock_release+0x10/0x10 [ 2616.465479][T29373] ? lock_vma_under_rcu+0x2f9/0x730 [ 2616.470690][T29373] ? lock_vma_under_rcu+0x18a/0x730 [ 2616.475884][T29373] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2616.481424][T29373] handle_mm_fault+0x3c1/0x8a0 [ 2616.486194][T29373] exc_page_fault+0x456/0x870 [ 2616.490872][T29373] asm_exc_page_fault+0x26/0x30 [ 2616.495713][T29373] RIP: 0033:0x7fdfb6228266 [ 2616.500297][T29373] Code: 1f 44 00 00 48 8b 0d 91 d4 ca 00 4c 63 05 7a d4 ca 00 48 8b 05 7b d4 ca 00 49 01 c8 48 39 c8 72 13 4c 39 c0 73 0e 48 8d 50 04 <89> 38 48 89 15 61 d4 ca 00 c3 52 48 8d 35 c3 0e 0a 00 48 89 c2 48 [ 2616.519896][T29373] RSP: 002b:00007ffda0a70148 EFLAGS: 00010287 [ 2616.525955][T29373] RAX: 0000001b31520000 RBX: 0000000000000003 RCX: 0000001b31520000 [ 2616.533926][T29373] RDX: 0000001b31520004 RSI: 0000000000000000 RDI: 0000000000000000 [ 2616.541892][T29373] RBP: 0000000000000001 R08: 0000001b31920000 R09: 0000000000040000 [ 2616.549857][T29373] R10: 0000000000000011 R11: 0000000000000293 R12: 0000000000000000 [ 2616.557819][T29373] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 2616.565794][T29373] [ 2616.596471][T29373] memory: usage 307200kB, limit 307200kB, failcnt 33640 [ 2616.603574][T29373] memory+swap: usage 307456kB, limit 9007199254740988kB, failcnt 0 [ 2616.611995][T29373] kmem: usage 307180kB, limit 9007199254740988kB, failcnt 0 [ 2616.616580][T20857] Bluetooth: hci1: command 0x040f tx timeout [ 2616.619854][T29373] Memory cgroup stats for /syz3: [ 2616.637138][T29373] cache 0 [ 2616.645146][T29373] rss 28672 [ 2616.648985][T29373] rss_huge 0 [ 2616.652375][T29373] shmem 0 [ 2616.655411][T29373] mapped_file 0 [ 2616.659705][T29373] dirty 0 [ 2616.662658][T29373] writeback 0 [ 2616.665949][T29373] workingset_refault_anon 13844 [ 2616.671575][T29373] workingset_refault_file 1 [ 2616.676876][T29373] swap 229376 [ 2616.680280][T29373] swapcached 0 [ 2616.683693][T29373] pgpgin 334545 [ 2616.687851][T29373] pgpgout 334538 [ 2616.691517][T29373] pgfault 810307 [ 2616.695172][T29373] pgmajfault 11652 [ 2616.700749][T29373] inactive_anon 4096 [ 2616.704780][T29373] active_anon 4096 [ 2616.715495][T29373] inactive_file 0 [ 2616.722311][T29373] active_file 0 [ 2616.725808][T29373] unevictable 0 [ 2616.729587][T29373] hierarchical_memory_limit 314572800 [ 2616.735059][T29373] hierarchical_memsw_limit 9223372036854771712 [ 2616.741683][T29373] total_cache 0 [ 2616.745168][T29373] total_rss 28672 [ 2616.748984][T29373] total_rss_huge 0 [ 2616.752726][T29373] total_shmem 0 [ 2616.756340][T29373] total_mapped_file 0 [ 2616.760338][T29373] total_dirty 0 [ 2616.763807][T29373] total_writeback 0 [ 2616.767783][T29373] total_workingset_refault_anon 13844 [ 2616.773410][T29373] total_workingset_refault_file 1 [ 2616.778574][T29373] total_swap 253952 [ 2616.782389][T29373] total_swapcached 0 [ 2616.786443][T29373] total_pgpgin 344091 [ 2616.790437][T29373] total_pgpgout 344084 [ 2616.794514][T29373] total_pgfault 819894 [ 2616.799011][T29373] total_pgmajfault 11652 [ 2616.803269][T29373] total_inactive_anon 4096 [ 2616.807816][T29373] total_active_anon 4096 [ 2616.812076][T29373] total_inactive_file 0 10:24:42 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x140, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2616.816369][T29373] total_active_file 0 [ 2616.820359][T29373] total_unevictable 0 [ 2616.824349][T29373] anon_cost 0 [ 2616.827821][T29373] file_cost 0 [ 2616.831330][T29373] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29373,uid=0 [ 2616.847099][T29373] Memory cgroup out of memory: Killed process 29373 (syz-executor.3) total-vm:54376kB, anon-rss:0kB, file-rss:8704kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:1000 [ 2617.824032][T29374] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2617.840913][T29374] CPU: 0 PID: 29374 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2617.851385][T29374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2617.861468][T29374] Call Trace: [ 2617.864771][T29374] [ 2617.867722][T29374] dump_stack_lvl+0x1e7/0x2e0 [ 2617.872447][T29374] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2617.877672][T29374] ? __pfx__printk+0x10/0x10 [ 2617.882314][T29374] ? ___ratelimit+0x4c4/0x670 [ 2617.887026][T29374] ? __pfx____ratelimit+0x10/0x10 [ 2617.892176][T29374] dump_header+0xda/0x6a0 [ 2617.896543][T29374] oom_kill_process+0x3a7/0x930 [ 2617.901953][T29374] out_of_memory+0xf67/0x1320 [ 2617.906678][T29374] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2617.912344][T29374] ? __pfx___mutex_lock+0x10/0x10 [ 2617.917397][T29374] ? __pfx_out_of_memory+0x10/0x10 [ 2617.922515][T29374] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2617.928087][T29374] ? __pfx_lock_release+0x10/0x10 [ 2617.933202][T29374] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2617.939446][T29374] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2617.944658][T29374] ? mem_cgroup_iter+0x422/0x560 [ 2617.949597][T29374] try_charge_memcg+0xda2/0x18a0 [ 2617.954569][T29374] ? __pfx_try_charge_memcg+0x10/0x10 [ 2617.959944][T29374] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2617.965685][T29374] ? __pfx_lock_release+0x10/0x10 [ 2617.970783][T29374] ? memcg_account_kmem+0x1e7/0x210 [ 2617.975984][T29374] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2617.981786][T29374] __memcg_kmem_charge_page+0xe1/0x250 [ 2617.987243][T29374] memcg_charge_kernel_stack+0x28a/0x550 [ 2617.992878][T29374] dup_task_struct+0x15d/0x7d0 [ 2617.997701][T29374] copy_process+0x5d5/0x3fc0 [ 2618.002329][T29374] ? __might_fault+0xa9/0x120 [ 2618.007363][T29374] ? __pfx_lock_release+0x10/0x10 [ 2618.012398][T29374] ? __pfx_copy_process+0x10/0x10 [ 2618.017438][T29374] ? __might_fault+0xc5/0x120 [ 2618.022173][T29374] ? __asan_memset+0x23/0x50 [ 2618.026778][T29374] kernel_clone+0x21d/0x8d0 [ 2618.031303][T29374] ? __pfx_kernel_clone+0x10/0x10 [ 2618.036357][T29374] __se_sys_clone3+0x2cb/0x350 [ 2618.041131][T29374] ? __pfx___se_sys_clone3+0x10/0x10 [ 2618.046429][T29374] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2618.052422][T29374] ? exc_page_fault+0x587/0x870 [ 2618.057273][T29374] ? do_syscall_64+0xb4/0x240 [ 2618.061951][T29374] do_syscall_64+0xf9/0x240 [ 2618.066455][T29374] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2618.072351][T29374] RIP: 0033:0x7fdfb62a9b99 [ 2618.076761][T29374] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2618.096360][T29374] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2618.104768][T29374] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2618.112733][T29374] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2618.120696][T29374] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2618.129530][T29374] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2618.137494][T29374] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2618.145482][T29374] [ 2618.154152][T29374] memory: usage 307200kB, limit 307200kB, failcnt 35151 [ 2618.169420][T29374] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0 [ 2618.186512][T29374] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0 [ 2618.197713][T29374] Memory cgroup stats for /syz3: [ 2618.197833][T29374] cache 0 [ 2618.210250][T29374] rss 4096 [ 2618.213318][T29374] rss_huge 0 [ 2618.223109][T29374] shmem 0 [ 2618.226076][T29374] mapped_file 0 [ 2618.237276][T29374] dirty 0 [ 2618.241167][T29374] writeback 0 [ 2618.244486][T29374] workingset_refault_anon 14409 [ 2618.260221][T29374] workingset_refault_file 1 [ 2618.264776][T29374] swap 188416 [ 2618.277700][T29374] swapcached 0 [ 2618.281125][T29374] pgpgin 335123 [ 2618.284591][T29374] pgpgout 335122 [ 2618.299064][T29374] pgfault 811033 [ 2618.302657][T29374] pgmajfault 12115 [ 2618.307161][T29374] inactive_anon 4096 [ 2618.311076][T29374] active_anon 0 [ 2618.314550][T29374] inactive_file 0 [ 2618.318468][T29374] active_file 0 [ 2618.321938][T29374] unevictable 0 [ 2618.325841][T29374] hierarchical_memory_limit 314572800 [ 2618.331511][T29374] hierarchical_memsw_limit 9223372036854771712 [ 2618.338243][T29374] total_cache 0 [ 2618.341725][T29374] total_rss 4096 [ 2618.345296][T29374] total_rss_huge 0 [ 2618.351456][T29374] total_shmem 0 [ 2618.354940][T29374] total_mapped_file 0 [ 2618.359096][T29374] total_dirty 0 [ 2618.362827][T29374] total_writeback 0 [ 2618.367844][T29374] total_workingset_refault_anon 14409 [ 2618.373252][T29374] total_workingset_refault_file 1 [ 2618.391217][T29374] total_swap 212992 [ 2618.395096][T29374] total_swapcached 0 [ 2618.408834][T29374] total_pgpgin 344669 [ 2618.412868][T29374] total_pgpgout 344668 [ 2618.426968][T29374] total_pgfault 820620 [ 2618.431219][T29374] total_pgmajfault 12115 [ 2618.435511][T29374] total_inactive_anon 4096 [ 2618.441030][T29374] total_active_anon 0 [ 2618.445236][T29374] total_inactive_file 0 [ 2618.449899][T29374] total_active_file 0 [ 2618.453946][T29374] total_unevictable 0 [ 2618.458472][T29374] anon_cost 0 [ 2618.461779][T29374] file_cost 0 [ 2618.465074][T29374] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29374,uid=0 10:24:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0xec0, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2618.482132][T29374] Memory cgroup out of memory: Killed process 29374 (syz-executor.3) total-vm:54508kB, anon-rss:128kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2618.685269][T20857] Bluetooth: hci1: command 0x0419 tx timeout [ 2618.948901][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2618.960177][ T5088] CPU: 0 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2618.970524][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2618.980589][ T5088] Call Trace: [ 2618.983858][ T5088] [ 2618.986799][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2618.991499][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2618.996703][ T5088] ? __pfx__printk+0x10/0x10 [ 2619.001287][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2619.005965][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2619.010990][ T5088] dump_header+0xda/0x6a0 [ 2619.015321][ T5088] oom_kill_process+0x3a7/0x930 [ 2619.020172][ T5088] out_of_memory+0xf67/0x1320 [ 2619.025387][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2619.031043][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2619.036074][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2619.041199][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2619.046753][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2619.051780][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2619.057850][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2619.063043][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2619.068001][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2619.072931][ T5088] ? mark_lock+0x9a/0x350 [ 2619.077270][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2619.082655][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2619.088799][ T5088] charge_memcg+0xa2/0x160 [ 2619.093213][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2619.099272][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2619.104725][ T5088] ? mark_lock+0x9a/0x350 [ 2619.109060][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2619.115040][ T5088] ? blk_start_plug+0x6f/0x1b0 [ 2619.119803][ T5088] swap_cluster_readahead+0x398/0x810 [ 2619.125178][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2619.131068][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2619.136095][ T5088] ? xas_descend+0x37e/0x470 [ 2619.140686][ T5088] swapin_readahead+0x1ea/0x1070 [ 2619.145616][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2619.150734][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2619.156110][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2619.161402][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2619.166750][ T5088] do_swap_page+0x791/0x3f40 [ 2619.171628][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2619.176511][ T5088] ? do_swap_page+0x154/0x3f40 [ 2619.181376][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2619.186395][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2619.191863][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2619.197668][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 2619.202869][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2619.208003][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2619.213472][ T5088] ? mt_find+0x226/0x850 [ 2619.217721][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2619.222753][ T5088] ? mt_find+0x62d/0x850 [ 2619.226995][ T5088] ? mt_find+0x226/0x850 [ 2619.231254][ T5088] ? find_vma+0x142/0x1c0 [ 2619.235575][ T5088] ? __pfx_find_vma+0x10/0x10 [ 2619.240243][ T5088] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2619.246224][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2619.250988][ T5088] exc_page_fault+0x2ad/0x870 [ 2619.255669][ T5088] asm_exc_page_fault+0x26/0x30 [ 2619.260516][ T5088] RIP: 0010:__get_user_8+0x11/0x20 [ 2619.265624][ T5088] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2619.285222][ T5088] RSP: 0018:ffffc90003fffd98 EFLAGS: 00050202 [ 2619.291282][ T5088] RAX: 0000555555682da8 RBX: ffff88802746d0b8 RCX: ffffc90003fffc03 [ 2619.299242][ T5088] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2619.307206][ T5088] RBP: ffffc90003fffec8 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2619.315167][ T5088] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc90003fffda0 [ 2619.323131][ T5088] R13: ffffc90003ffffd8 R14: dffffc0000000000 R15: ffff88802746bb80 [ 2619.331115][ T5088] __rseq_handle_notify_resume+0x158/0x1490 [ 2619.337021][ T5088] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2619.343437][ T5088] ? syscall_exit_to_user_mode+0xa2/0x360 [ 2619.349164][ T5088] syscall_exit_to_user_mode+0x113/0x360 [ 2619.354799][ T5088] do_syscall_64+0x108/0x240 [ 2619.359390][ T5088] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2619.365370][ T5088] RIP: 0033:0x7fdfb62a91b5 [ 2619.369778][ T5088] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 2619.389380][ T5088] RSP: 002b:00007ffda0a70310 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 2619.397788][ T5088] RAX: 0000000000000000 RBX: 000000000000779f RCX: 00007fdfb62a91b5 [ 2619.405752][ T5088] RDX: 00007ffda0a70350 RSI: 0000000000000000 RDI: 0000000000000000 [ 2619.413712][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000000 R09: 00007ffda0b240b0 [ 2619.421677][ T5088] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2619.429642][ T5088] R13: 000000000027f4ee R14: 000000000027f4ee R15: 0000000000000000 [ 2619.437708][ T5088] [ 2619.488456][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 36073 [ 2619.495446][ T5088] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2619.504011][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2619.511546][ T5088] Memory cgroup stats for /syz3: [ 2619.511664][ T5088] cache 0 [ 2619.519633][ T5088] rss 16384 [ 2619.522753][ T5088] rss_huge 0 [ 2619.525955][ T5088] shmem 0 [ 2619.529034][ T5088] mapped_file 0 [ 2619.532545][ T5088] dirty 0 [ 2619.535493][ T5088] writeback 0 [ 2619.538905][ T5088] workingset_refault_anon 14712 [ 2619.543762][ T5088] workingset_refault_file 1 [ 2619.549136][ T5088] swap 176128 [ 2619.552511][ T5088] swapcached 0 [ 2619.555888][ T5088] pgpgin 335442 [ 2619.562157][ T5088] pgpgout 335438 [ 2619.565812][ T5088] pgfault 811451 [ 2619.569568][ T5088] pgmajfault 12370 [ 2619.573438][ T5088] inactive_anon 0 [ 2619.577269][ T5088] active_anon 16384 [ 2619.581084][ T5088] inactive_file 0 [ 2619.584775][ T5088] active_file 0 [ 2619.589380][ T5088] unevictable 0 [ 2619.592859][ T5088] hierarchical_memory_limit 314572800 [ 2619.598754][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2619.605017][ T5088] total_cache 0 [ 2619.609072][ T5088] total_rss 16384 [ 2619.612728][ T5088] total_rss_huge 0 [ 2619.616672][ T5088] total_shmem 0 [ 2619.620145][ T5088] total_mapped_file 0 [ 2619.624132][ T5088] total_dirty 0 [ 2619.629782][ T5088] total_writeback 0 [ 2619.633621][ T5088] total_workingset_refault_anon 14712 [ 2619.639094][ T5088] total_workingset_refault_file 1 [ 2619.644188][ T5088] total_swap 200704 [ 2619.648094][ T5088] total_swapcached 0 [ 2619.652019][ T5088] total_pgpgin 344988 [ 2619.656004][ T5088] total_pgpgout 344984 [ 2619.660529][ T5088] total_pgfault 821038 [ 2619.664882][ T5088] total_pgmajfault 12370 [ 2619.669313][ T5088] total_inactive_anon 0 [ 2619.673487][ T5088] total_active_anon 16384 [ 2619.678201][ T5088] total_inactive_file 0 [ 2619.682378][ T5088] total_active_file 0 10:24:45 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x33fe0, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2619.686468][ T5088] total_unevictable 0 [ 2619.690463][ T5088] anon_cost 0 [ 2619.693766][ T5088] file_cost 0 [ 2619.697216][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29375,uid=0 [ 2619.719926][ T5088] Memory cgroup out of memory: Killed process 29375 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2620.381015][T29376] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2620.391377][T29376] CPU: 0 PID: 29376 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2620.401808][T29376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2620.411861][T29376] Call Trace: [ 2620.415138][T29376] [ 2620.418064][T29376] dump_stack_lvl+0x1e7/0x2e0 [ 2620.422757][T29376] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2620.427954][T29376] ? __pfx__printk+0x10/0x10 [ 2620.432539][T29376] ? ___ratelimit+0x4c4/0x670 [ 2620.437215][T29376] ? __pfx____ratelimit+0x10/0x10 [ 2620.442237][T29376] dump_header+0xda/0x6a0 [ 2620.446566][T29376] oom_kill_process+0x3a7/0x930 [ 2620.451413][T29376] out_of_memory+0xf67/0x1320 [ 2620.456085][T29376] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2620.461709][T29376] ? __pfx___mutex_lock+0x10/0x10 [ 2620.466732][T29376] ? __pfx_out_of_memory+0x10/0x10 [ 2620.471874][T29376] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2620.477417][T29376] ? __pfx_lock_release+0x10/0x10 [ 2620.482447][T29376] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2620.488526][T29376] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2620.493720][T29376] ? mem_cgroup_iter+0x422/0x560 [ 2620.498663][T29376] try_charge_memcg+0xda2/0x18a0 [ 2620.503609][T29376] ? __pfx_try_charge_memcg+0x10/0x10 [ 2620.508978][T29376] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2620.514779][T29376] ? __pfx_lock_release+0x10/0x10 [ 2620.519811][T29376] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2620.525609][T29376] __memcg_kmem_charge_page+0xe1/0x250 [ 2620.531067][T29376] memcg_charge_kernel_stack+0xa7/0x550 [ 2620.536616][T29376] dup_task_struct+0x40d/0x7d0 [ 2620.541378][T29376] copy_process+0x5d5/0x3fc0 [ 2620.545968][T29376] ? __might_fault+0xa9/0x120 [ 2620.550639][T29376] ? __pfx_lock_release+0x10/0x10 [ 2620.555659][T29376] ? __lock_acquire+0x1345/0x1fd0 [ 2620.560683][T29376] ? __pfx_copy_process+0x10/0x10 [ 2620.565696][T29376] ? __might_fault+0xc5/0x120 [ 2620.570381][T29376] ? __asan_memset+0x23/0x50 [ 2620.574969][T29376] kernel_clone+0x21d/0x8d0 [ 2620.579471][T29376] ? __pfx_kernel_clone+0x10/0x10 [ 2620.584492][T29376] ? __pfx_lock_release+0x10/0x10 [ 2620.589519][T29376] __se_sys_clone3+0x2cb/0x350 [ 2620.594286][T29376] ? __might_fault+0xa9/0x120 [ 2620.598959][T29376] ? __pfx___se_sys_clone3+0x10/0x10 [ 2620.604233][T29376] ? rcu_is_watching+0x15/0xb0 [ 2620.609000][T29376] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2620.614987][T29376] ? exc_page_fault+0x587/0x870 [ 2620.619833][T29376] ? do_syscall_64+0xb4/0x240 [ 2620.624510][T29376] do_syscall_64+0xf9/0x240 [ 2620.629016][T29376] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2620.634925][T29376] RIP: 0033:0x7fdfb62a9b99 [ 2620.639334][T29376] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2620.658933][T29376] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2620.667342][T29376] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2620.675342][T29376] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2620.683307][T29376] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2620.691273][T29376] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2620.699245][T29376] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2620.707222][T29376] [ 2620.721472][T29376] memory: usage 307200kB, limit 307200kB, failcnt 37143 [ 2620.728612][T29376] memory+swap: usage 307416kB, limit 9007199254740988kB, failcnt 0 [ 2620.737035][T29376] kmem: usage 307180kB, limit 9007199254740988kB, failcnt 0 [ 2620.744429][T29376] Memory cgroup stats for /syz3: [ 2620.744528][T29376] cache 0 [ 2620.759853][T29376] rss 8192 [ 2620.762898][T29376] rss_huge 0 [ 2620.766105][T29376] shmem 0 [ 2620.769681][T29376] mapped_file 0 [ 2620.773159][T29376] dirty 0 [ 2620.776798][T29376] writeback 0 [ 2620.780094][T29376] workingset_refault_anon 15087 [ 2620.784981][T29376] workingset_refault_file 1 [ 2620.790092][T29376] swap 188416 [ 2620.793405][T29376] swapcached 0 [ 2620.797330][T29376] pgpgin 335834 [ 2620.800808][T29376] pgpgout 335832 [ 2620.804452][T29376] pgfault 811960 [ 2620.808734][T29376] pgmajfault 12691 [ 2620.812468][T29376] inactive_anon 8192 [ 2620.817051][T29376] active_anon 0 [ 2620.820532][T29376] inactive_file 0 [ 2620.824168][T29376] active_file 0 [ 2620.828533][T29376] unevictable 0 [ 2620.832001][T29376] hierarchical_memory_limit 314572800 [ 2620.837977][T29376] hierarchical_memsw_limit 9223372036854771712 [ 2620.844206][T29376] total_cache 0 [ 2620.848200][T29376] total_rss 8192 [ 2620.851813][T29376] total_rss_huge 0 [ 2620.855554][T29376] total_shmem 0 [ 2620.859619][T29376] total_mapped_file 0 [ 2620.863614][T29376] total_dirty 0 [ 2620.867575][T29376] total_writeback 0 [ 2620.871402][T29376] total_workingset_refault_anon 15087 [ 2620.877313][T29376] total_workingset_refault_file 1 [ 2620.882349][T29376] total_swap 212992 [ 2620.893364][T29376] total_swapcached 0 [ 2620.897649][T29376] total_pgpgin 345380 [ 2620.901649][T29376] total_pgpgout 345378 [ 2620.905738][T29376] total_pgfault 821547 [ 2620.913187][T29376] total_pgmajfault 12691 [ 2620.917961][T29376] total_inactive_anon 8192 [ 2620.922390][T29376] total_active_anon 0 [ 2620.927048][T29376] total_inactive_file 0 10:24:47 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x100000, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2620.931225][T29376] total_active_file 0 [ 2620.935229][T29376] total_unevictable 0 [ 2620.940183][T29376] anon_cost 0 [ 2620.943481][T29376] file_cost 0 [ 2620.947601][T29376] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29376,uid=0 [ 2620.963575][T29376] Memory cgroup out of memory: Killed process 29376 (syz-executor.3) total-vm:54508kB, anon-rss:128kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2621.817227][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2621.829836][ T5088] CPU: 0 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2621.840193][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2621.850267][ T5088] Call Trace: [ 2621.853561][ T5088] [ 2621.856502][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2621.861213][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2621.866437][ T5088] ? __pfx__printk+0x10/0x10 [ 2621.871047][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2621.875748][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2621.880794][ T5088] dump_header+0xda/0x6a0 [ 2621.885141][ T5088] oom_kill_process+0x3a7/0x930 [ 2621.889999][ T5088] out_of_memory+0xf67/0x1320 [ 2621.894670][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2621.900304][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2621.905335][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2621.910442][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2621.915975][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2621.921009][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2621.927158][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2621.932364][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2621.937309][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2621.942260][ T5088] ? mark_lock+0x9a/0x350 [ 2621.946625][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2621.952192][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2621.958344][ T5088] charge_memcg+0xa2/0x160 [ 2621.962772][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2621.968845][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2621.974327][ T5088] ? mark_lock+0x9a/0x350 [ 2621.978685][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2621.984872][ T5088] ? blk_start_plug+0x6f/0x1b0 [ 2621.989638][ T5088] swap_cluster_readahead+0x398/0x810 [ 2621.995014][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2622.000925][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2622.006038][ T5088] ? xas_descend+0x37e/0x470 [ 2622.010633][ T5088] swapin_readahead+0x1ea/0x1070 [ 2622.015571][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2622.020731][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2622.026121][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2622.031414][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2622.036707][ T5088] do_swap_page+0x791/0x3f40 [ 2622.041322][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2622.046100][ T5088] ? do_swap_page+0x154/0x3f40 [ 2622.050866][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2622.055880][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2622.061440][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2622.067288][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2622.072424][ T5088] ? reacquire_held_locks+0x3eb/0x690 [ 2622.077796][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2622.083267][ T5088] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2622.088995][ T5088] ? mtree_range_walk+0x6fd/0x8e0 [ 2622.094025][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2622.099238][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2622.104281][ T5088] ? lock_vma_under_rcu+0x2f9/0x730 [ 2622.109484][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2622.114672][ T5088] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2622.120244][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2622.125034][ T5088] exc_page_fault+0x456/0x870 [ 2622.129720][ T5088] asm_exc_page_fault+0x26/0x30 [ 2622.134562][ T5088] RIP: 0033:0x7fdfb6238551 [ 2622.139006][ T5088] Code: 00 48 8b 05 a9 d1 c9 00 48 69 8c 24 c0 00 00 00 e8 03 00 00 48 c1 ea 12 48 01 ca 8b 08 48 89 d0 41 39 cf 4c 0f 45 ea 4c 29 f0 <48> 3b 05 48 d1 c9 00 73 22 48 8b 74 24 10 48 39 f0 0f 82 c8 00 00 [ 2622.158639][ T5088] RSP: 002b:00007ffda0a70380 EFLAGS: 00010206 [ 2622.164740][ T5088] RAX: 0000000000000282 RBX: 00000000000077a1 RCX: 0000000000000000 [ 2622.172725][ T5088] RDX: 000000000028010c RSI: 00007ffda0a70440 RDI: 7fffffffffffffff [ 2622.180710][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000010 R09: 00007ffda0b240b0 [ 2622.188707][ T5088] R10: 00007ffda0b24080 R11: 0000000000079522 R12: 0000000000000032 [ 2622.196711][ T5088] R13: 000000000027fe8a R14: 000000000027fe8a R15: 0000000000000000 [ 2622.204714][ T5088] [ 2622.216965][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 38192 [ 2622.223952][ T5088] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2622.236078][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2622.243853][ T5088] Memory cgroup stats for /syz3: [ 2622.243992][ T5088] cache 0 [ 2622.252519][ T5088] rss 24576 [ 2622.255657][ T5088] rss_huge 0 [ 2622.259399][ T5088] shmem 0 [ 2622.262354][ T5088] mapped_file 0 [ 2622.265820][ T5088] dirty 0 [ 2622.269718][ T5088] writeback 0 [ 2622.273022][ T5088] workingset_refault_anon 15470 [ 2622.278370][ T5088] workingset_refault_file 1 [ 2622.282894][ T5088] swap 163840 [ 2622.286747][ T5088] swapcached 4096 [ 2622.290395][ T5088] pgpgin 336231 [ 2622.293854][ T5088] pgpgout 336224 [ 2622.298043][ T5088] pgfault 812489 [ 2622.301609][ T5088] pgmajfault 13019 [ 2622.305533][ T5088] inactive_anon 0 [ 2622.309899][ T5088] active_anon 28672 [ 2622.313729][ T5088] inactive_file 0 [ 2622.318292][ T5088] active_file 0 [ 2622.321778][ T5088] unevictable 0 [ 2622.325253][ T5088] hierarchical_memory_limit 314572800 [ 2622.331361][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2622.337999][ T5088] total_cache 0 [ 2622.341475][ T5088] total_rss 24576 [ 2622.345116][ T5088] total_rss_huge 0 [ 2622.349525][ T5088] total_shmem 0 [ 2622.352999][ T5088] total_mapped_file 0 [ 2622.357430][ T5088] total_dirty 0 [ 2622.360897][ T5088] total_writeback 0 [ 2622.364710][ T5088] total_workingset_refault_anon 15470 [ 2622.370857][ T5088] total_workingset_refault_file 1 [ 2622.375892][ T5088] total_swap 188416 [ 2622.380176][ T5088] total_swapcached 4096 [ 2622.384339][ T5088] total_pgpgin 345777 [ 2622.388745][ T5088] total_pgpgout 345770 [ 2622.392821][ T5088] total_pgfault 822076 [ 2622.397413][ T5088] total_pgmajfault 13019 [ 2622.401671][ T5088] total_inactive_anon 0 [ 2622.405835][ T5088] total_active_anon 28672 [ 2622.410826][ T5088] total_inactive_file 0 [ 2622.414987][ T5088] total_active_file 0 10:24:48 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x1000000, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2622.419526][ T5088] total_unevictable 0 [ 2622.423521][ T5088] anon_cost 0 [ 2622.427737][ T5088] file_cost 0 [ 2622.431042][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29377,uid=0 [ 2622.453493][ T5088] Memory cgroup out of memory: Killed process 29377 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:48 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0xe, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) 10:24:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0xfffffdef, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) 10:24:48 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x4}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x9}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}]}, 0x30}}, 0x0) [ 2623.095632][T29378] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2623.150829][T29378] CPU: 0 PID: 29378 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2623.161304][T29378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2623.171388][T29378] Call Trace: [ 2623.174691][T29378] [ 2623.177652][T29378] dump_stack_lvl+0x1e7/0x2e0 [ 2623.182378][T29378] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2623.187618][T29378] ? __pfx__printk+0x10/0x10 [ 2623.192230][T29378] ? ___ratelimit+0x4c4/0x670 [ 2623.196937][T29378] ? __pfx____ratelimit+0x10/0x10 [ 2623.201993][T29378] dump_header+0xda/0x6a0 [ 2623.206354][T29378] oom_kill_process+0x3a7/0x930 [ 2623.211234][T29378] out_of_memory+0xf67/0x1320 [ 2623.215939][T29378] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2623.221595][T29378] ? __pfx___mutex_lock+0x10/0x10 [ 2623.226639][T29378] ? __pfx_out_of_memory+0x10/0x10 [ 2623.231783][T29378] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2623.237360][T29378] ? __pfx_lock_release+0x10/0x10 [ 2623.242422][T29378] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2623.248616][T29378] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2623.253846][T29378] ? mem_cgroup_iter+0x422/0x560 [ 2623.258817][T29378] try_charge_memcg+0xda2/0x18a0 [ 2623.263804][T29378] ? __pfx_try_charge_memcg+0x10/0x10 [ 2623.269243][T29378] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2623.274991][T29378] ? __pfx_lock_release+0x10/0x10 [ 2623.280048][T29378] ? memcg_account_kmem+0x1e7/0x210 [ 2623.285284][T29378] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2623.291120][T29378] __memcg_kmem_charge_page+0xe1/0x250 [ 2623.296612][T29378] memcg_charge_kernel_stack+0x304/0x550 [ 2623.302276][T29378] dup_task_struct+0x15d/0x7d0 [ 2623.307073][T29378] copy_process+0x5d5/0x3fc0 [ 2623.311709][T29378] ? __might_fault+0xa9/0x120 [ 2623.316419][T29378] ? __pfx_lock_release+0x10/0x10 [ 2623.321476][T29378] ? __pfx_copy_process+0x10/0x10 [ 2623.326531][T29378] ? __might_fault+0xc5/0x120 [ 2623.331235][T29378] ? __asan_memset+0x23/0x50 [ 2623.335864][T29378] kernel_clone+0x21d/0x8d0 [ 2623.340489][T29378] ? __pfx_kernel_clone+0x10/0x10 [ 2623.345571][T29378] __se_sys_clone3+0x2cb/0x350 [ 2623.350373][T29378] ? __pfx___se_sys_clone3+0x10/0x10 [ 2623.355692][T29378] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2623.361711][T29378] ? exc_page_fault+0x587/0x870 [ 2623.366586][T29378] ? do_syscall_64+0xb4/0x240 [ 2623.371296][T29378] do_syscall_64+0xf9/0x240 [ 2623.375830][T29378] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2623.381750][T29378] RIP: 0033:0x7fdfb62a9b99 [ 2623.386189][T29378] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2623.405819][T29378] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2623.414265][T29378] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2623.422261][T29378] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2623.430257][T29378] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2623.438262][T29378] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2623.446258][T29378] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2623.454266][T29378] [ 2623.486290][T29378] memory: usage 307200kB, limit 307200kB, failcnt 38661 [ 2623.493380][T29378] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2623.502000][T29378] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2623.509701][T29378] Memory cgroup stats for /syz3: [ 2623.509823][T29378] cache 0 [ 2623.518288][T29378] rss 16384 [ 2623.521415][T29378] rss_huge 0 [ 2623.524617][T29378] shmem 0 [ 2623.528240][T29378] mapped_file 0 [ 2623.531724][T29378] dirty 0 [ 2623.534663][T29378] writeback 0 [ 2623.538672][T29378] workingset_refault_anon 15626 [ 2623.543534][T29378] workingset_refault_file 1 [ 2623.548568][T29378] swap 176128 [ 2623.551861][T29378] swapcached 0 [ 2623.555236][T29378] pgpgin 336403 [ 2623.559413][T29378] pgpgout 336399 [ 2623.562979][T29378] pgfault 812721 [ 2623.567407][T29378] pgmajfault 13147 [ 2623.571221][T29378] inactive_anon 0 [ 2623.574860][T29378] active_anon 16384 [ 2623.579873][T29378] inactive_file 0 [ 2623.583608][T29378] active_file 0 [ 2623.587637][T29378] unevictable 0 [ 2623.591112][T29378] hierarchical_memory_limit 314572800 [ 2623.598957][T29378] hierarchical_memsw_limit 9223372036854771712 [ 2623.605136][T29378] total_cache 0 [ 2623.609177][T29378] total_rss 16384 [ 2623.612821][T29378] total_rss_huge 0 [ 2623.617094][T29378] total_shmem 0 [ 2623.620584][T29378] total_mapped_file 0 [ 2623.624565][T29378] total_dirty 0 [ 2623.628752][T29378] total_writeback 0 [ 2623.632582][T29378] total_workingset_refault_anon 15626 [ 2623.638515][T29378] total_workingset_refault_file 1 [ 2623.643566][T29378] total_swap 200704 [ 2623.647866][T29378] total_swapcached 0 [ 2623.652126][T29378] total_pgpgin 345949 [ 2623.656106][T29378] total_pgpgout 345945 [ 2623.660594][T29378] total_pgfault 822308 [ 2623.665335][T29378] total_pgmajfault 13147 [ 2623.669922][T29378] total_inactive_anon 0 [ 2623.674081][T29378] total_active_anon 16384 [ 2623.679269][T29378] total_inactive_file 0 [ 2623.683440][T29378] total_active_file 0 10:24:49 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x10, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2623.688540][T29378] total_unevictable 0 [ 2623.692564][T29378] anon_cost 0 [ 2623.695854][T29378] file_cost 0 [ 2623.699920][T29378] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29378,uid=0 [ 2623.716237][T29378] Memory cgroup out of memory: Killed process 29378 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2624.436769][T28174] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 2624.486642][T28174] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 2624.497215][T28174] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 2624.511570][T28174] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 2624.520809][T28174] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 2624.531246][T28174] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 2624.577025][T29379] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2624.588887][T29379] CPU: 1 PID: 29379 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2624.599343][T29379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2624.609412][T29379] Call Trace: [ 2624.612698][T29379] [ 2624.615640][T29379] dump_stack_lvl+0x1e7/0x2e0 [ 2624.620351][T29379] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2624.625567][T29379] ? __pfx__printk+0x10/0x10 [ 2624.630175][T29379] ? ___ratelimit+0x4c4/0x670 [ 2624.634873][T29379] ? __pfx____ratelimit+0x10/0x10 [ 2624.639926][T29379] dump_header+0xda/0x6a0 [ 2624.644275][T29379] oom_kill_process+0x3a7/0x930 [ 2624.649146][T29379] out_of_memory+0xf67/0x1320 [ 2624.653859][T29379] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2624.659595][T29379] ? __pfx___mutex_lock+0x10/0x10 [ 2624.664620][T29379] ? __pfx_out_of_memory+0x10/0x10 [ 2624.669735][T29379] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2624.675274][T29379] ? __pfx_lock_release+0x10/0x10 [ 2624.680294][T29379] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2624.686455][T29379] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2624.691653][T29379] ? mem_cgroup_iter+0x422/0x560 [ 2624.696821][T29379] try_charge_memcg+0xda2/0x18a0 [ 2624.701865][T29379] ? __pfx_try_charge_memcg+0x10/0x10 [ 2624.707231][T29379] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2624.712963][T29379] ? __pfx_lock_release+0x10/0x10 [ 2624.718010][T29379] ? memcg_account_kmem+0x1e7/0x210 [ 2624.723223][T29379] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2624.729034][T29379] __memcg_kmem_charge_page+0xe1/0x250 [ 2624.734518][T29379] memcg_charge_kernel_stack+0x304/0x550 [ 2624.740162][T29379] dup_task_struct+0x40d/0x7d0 [ 2624.744932][T29379] copy_process+0x5d5/0x3fc0 [ 2624.749539][T29379] ? __might_fault+0xa9/0x120 [ 2624.754217][T29379] ? __pfx_lock_release+0x10/0x10 [ 2624.759240][T29379] ? __lock_acquire+0x1345/0x1fd0 [ 2624.764260][T29379] ? __pfx_copy_process+0x10/0x10 [ 2624.769323][T29379] ? __might_fault+0xc5/0x120 [ 2624.773994][T29379] ? __asan_memset+0x23/0x50 [ 2624.778581][T29379] kernel_clone+0x21d/0x8d0 [ 2624.783083][T29379] ? __pfx_kernel_clone+0x10/0x10 [ 2624.788105][T29379] ? __pfx_lock_release+0x10/0x10 [ 2624.793139][T29379] __se_sys_clone3+0x2cb/0x350 [ 2624.797915][T29379] ? __might_fault+0xa9/0x120 [ 2624.802609][T29379] ? __pfx___se_sys_clone3+0x10/0x10 [ 2624.807924][T29379] ? rcu_is_watching+0x15/0xb0 [ 2624.812736][T29379] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2624.818735][T29379] ? exc_page_fault+0x587/0x870 [ 2624.823596][T29379] ? do_syscall_64+0xb4/0x240 [ 2624.828283][T29379] do_syscall_64+0xf9/0x240 [ 2624.832799][T29379] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2624.838695][T29379] RIP: 0033:0x7fdfb62a9b99 [ 2624.843103][T29379] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2624.862708][T29379] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2624.871123][T29379] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2624.879088][T29379] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2624.887050][T29379] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2624.895012][T29379] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2624.902977][T29379] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2624.911038][T29379] [ 2624.976330][T29379] memory: usage 307200kB, limit 307200kB, failcnt 39329 [ 2624.983308][T29379] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2625.006299][T29379] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2625.026293][T29379] Memory cgroup stats for /syz3: [ 2625.026423][T29379] cache 0 [ 2625.034330][T29379] rss 28672 [ 2625.056313][T29379] rss_huge 0 [ 2625.059566][T29379] shmem 0 [ 2625.062511][T29379] mapped_file 0 [ 2625.065976][T29379] dirty 0 [ 2625.096394][T29379] writeback 0 [ 2625.099734][T29379] workingset_refault_anon 15871 [ 2625.104601][T29379] workingset_refault_file 1 [ 2625.136340][T29379] swap 163840 [ 2625.141862][T29379] swapcached 0 [ 2625.145272][T29379] pgpgin 336680 [ 2625.156304][T29379] pgpgout 336673 [ 2625.159894][T29379] pgfault 813106 [ 2625.163533][T29379] pgmajfault 13380 [ 2625.176278][T29379] inactive_anon 0 [ 2625.179965][T29379] active_anon 28672 [ 2625.183795][T29379] inactive_file 0 [ 2625.206323][T29379] active_file 0 [ 2625.209916][T29379] unevictable 0 [ 2625.213401][T29379] hierarchical_memory_limit 314572800 [ 2625.226310][T29379] hierarchical_memsw_limit 9223372036854771712 [ 2625.232593][T29379] total_cache 0 [ 2625.236072][T29379] total_rss 28672 [ 2625.254470][T29379] total_rss_huge 0 [ 2625.266462][T29379] total_shmem 0 [ 2625.276518][T29379] total_mapped_file 0 [ 2625.280532][T29379] total_dirty 0 [ 2625.284001][T29379] total_writeback 0 [ 2625.306420][T29379] total_workingset_refault_anon 15871 [ 2625.316504][T29379] total_workingset_refault_file 1 [ 2625.321562][T29379] total_swap 188416 [ 2625.325381][T29379] total_swapcached 0 [ 2625.356360][T29379] total_pgpgin 346226 [ 2625.360389][T29379] total_pgpgout 346219 [ 2625.364462][T29379] total_pgfault 822693 [ 2625.394739][T29379] total_pgmajfault 13380 [ 2625.406509][T29379] total_inactive_anon 0 [ 2625.410707][T29379] total_active_anon 28672 [ 2625.415044][T29379] total_inactive_file 0 [ 2625.436631][T29379] total_active_file 0 [ 2625.440663][T29379] total_unevictable 0 [ 2625.444658][T29379] anon_cost 0 [ 2625.466549][T20857] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 2625.475912][T20857] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 2625.497706][T20857] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 2625.517917][T29379] file_cost 0 [ 2625.521378][T29379] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29379,uid=0 [ 2625.537173][T20857] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 2625.564576][ T5096] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 2625.565410][T29379] Memory cgroup out of memory: Killed process 29379 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2625.572412][ T5096] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 2625.608708][ T5096] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 10:24:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x7b, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2625.623195][ T5096] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 2625.634707][T28174] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 2625.647361][T28174] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 2625.655639][T28174] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 2625.663755][T28174] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 2625.934602][T29393] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2625.965371][T29393] CPU: 0 PID: 29393 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2625.975834][T29393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2625.985903][T29393] Call Trace: [ 2625.989177][T29393] [ 2625.992099][T29393] dump_stack_lvl+0x1e7/0x2e0 [ 2625.996824][T29393] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2626.002025][T29393] ? __pfx__printk+0x10/0x10 [ 2626.006620][T29393] ? ___ratelimit+0x4c4/0x670 [ 2626.011311][T29393] ? __pfx____ratelimit+0x10/0x10 [ 2626.016351][T29393] dump_header+0xda/0x6a0 [ 2626.020703][T29393] oom_kill_process+0x3a7/0x930 [ 2626.025557][T29393] out_of_memory+0xf67/0x1320 [ 2626.030261][T29393] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2626.035924][T29393] ? __pfx___mutex_lock+0x10/0x10 [ 2626.040945][T29393] ? __pfx_out_of_memory+0x10/0x10 [ 2626.046051][T29393] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2626.051588][T29393] ? __pfx_lock_release+0x10/0x10 [ 2626.056624][T29393] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2626.062708][T29393] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2626.067902][T29393] ? mem_cgroup_iter+0x422/0x560 [ 2626.072829][T29393] try_charge_memcg+0xda2/0x18a0 [ 2626.077767][T29393] ? __pfx_try_charge_memcg+0x10/0x10 [ 2626.083121][T29393] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2626.088913][T29393] ? __pfx_lock_release+0x10/0x10 [ 2626.093923][T29393] ? memcg_account_kmem+0x1e7/0x210 [ 2626.099117][T29393] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2626.105000][T29393] __memcg_kmem_charge_page+0xe1/0x250 [ 2626.110555][T29393] memcg_charge_kernel_stack+0x304/0x550 [ 2626.116210][T29393] dup_task_struct+0x15d/0x7d0 [ 2626.120985][T29393] copy_process+0x5d5/0x3fc0 [ 2626.125588][T29393] ? __might_fault+0xa9/0x120 [ 2626.130274][T29393] ? __pfx_lock_release+0x10/0x10 [ 2626.135301][T29393] ? __pfx_copy_process+0x10/0x10 [ 2626.140318][T29393] ? __might_fault+0xc5/0x120 [ 2626.144993][T29393] ? __asan_memset+0x23/0x50 [ 2626.149576][T29393] kernel_clone+0x21d/0x8d0 [ 2626.154093][T29393] ? __pfx_kernel_clone+0x10/0x10 [ 2626.159127][T29393] __se_sys_clone3+0x2cb/0x350 [ 2626.163899][T29393] ? __pfx___se_sys_clone3+0x10/0x10 [ 2626.169195][T29393] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2626.175195][T29393] ? exc_page_fault+0x587/0x870 [ 2626.180087][T29393] ? do_syscall_64+0xb4/0x240 [ 2626.184858][T29393] do_syscall_64+0xf9/0x240 [ 2626.189392][T29393] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2626.195304][T29393] RIP: 0033:0x7fdfb62a9b99 [ 2626.199718][T29393] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2626.219326][T29393] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2626.227745][T29393] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2626.235704][T29393] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2626.243749][T29393] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2626.251707][T29393] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2626.259664][T29393] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2626.267644][T29393] [ 2626.274575][T29393] memory: usage 307200kB, limit 307200kB, failcnt 39557 [ 2626.281710][T29393] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2626.289780][T29393] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2626.297192][T29393] Memory cgroup stats for /syz3: [ 2626.297315][T29393] cache 0 [ 2626.305183][T29393] rss 0 [ 2626.308064][T29393] rss_huge 0 [ 2626.311266][T29393] shmem 0 [ 2626.314206][T29393] mapped_file 0 [ 2626.317903][T29393] dirty 0 [ 2626.320851][T29393] writeback 0 [ 2626.324138][T29393] workingset_refault_anon 15955 [ 2626.329108][T29393] workingset_refault_file 1 [ 2626.333617][T29393] swap 192512 [ 2626.337053][T29393] swapcached 0 [ 2626.340438][T29393] pgpgin 336776 [ 2626.343920][T29393] pgpgout 336776 [ 2626.347570][T29393] pgfault 813255 [ 2626.351119][T29393] pgmajfault 13450 [ 2626.354837][T29393] inactive_anon 0 [ 2626.360452][T29393] active_anon 0 [ 2626.363933][T29393] inactive_file 0 [ 2626.367715][T29393] active_file 0 [ 2626.371183][T29393] unevictable 0 [ 2626.374642][T29393] hierarchical_memory_limit 314572800 [ 2626.380650][T29393] hierarchical_memsw_limit 9223372036854771712 [ 2626.386934][T29393] total_cache 0 [ 2626.390405][T29393] total_rss 0 [ 2626.393691][T29393] total_rss_huge 0 [ 2626.397539][T29393] total_shmem 0 [ 2626.401000][T29393] total_mapped_file 0 [ 2626.404982][T29393] total_dirty 0 [ 2626.408587][T29393] total_writeback 0 [ 2626.412412][T29393] total_workingset_refault_anon 15955 [ 2626.424381][T29393] total_workingset_refault_file 1 [ 2626.429846][T29393] total_swap 217088 [ 2626.433685][T29393] total_swapcached 0 [ 2626.438287][T29393] total_pgpgin 346322 [ 2626.442287][T29393] total_pgpgout 346322 [ 2626.446878][T29393] total_pgfault 822842 [ 2626.450959][T29393] total_pgmajfault 13450 [ 2626.455243][T29393] total_inactive_anon 0 [ 2626.460151][T29393] total_active_anon 0 [ 2626.464146][T29393] total_inactive_file 0 [ 2626.468892][T29393] total_active_file 0 [ 2626.472889][T29393] total_unevictable 0 [ 2626.477373][T29393] anon_cost 0 [ 2626.480677][T29393] file_cost 0 10:24:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x2, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2626.483972][T29393] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29393,uid=0 [ 2626.500440][T29393] Memory cgroup out of memory: Killed process 29393 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2626.588783][T20857] Bluetooth: hci5: command 0x0409 tx timeout [ 2627.407312][T29394] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2627.424126][T29394] CPU: 0 PID: 29394 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2627.434577][T29394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2627.444626][T29394] Call Trace: [ 2627.447912][T29394] [ 2627.450850][T29394] dump_stack_lvl+0x1e7/0x2e0 [ 2627.455522][T29394] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2627.460711][T29394] ? __pfx__printk+0x10/0x10 [ 2627.465286][T29394] ? ___ratelimit+0x4c4/0x670 [ 2627.469954][T29394] ? __pfx____ratelimit+0x10/0x10 [ 2627.474971][T29394] dump_header+0xda/0x6a0 [ 2627.479291][T29394] oom_kill_process+0x3a7/0x930 [ 2627.484130][T29394] out_of_memory+0xf67/0x1320 [ 2627.488818][T29394] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2627.494462][T29394] ? __pfx___mutex_lock+0x10/0x10 [ 2627.499478][T29394] ? __pfx_out_of_memory+0x10/0x10 [ 2627.504582][T29394] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2627.510120][T29394] ? __pfx_lock_release+0x10/0x10 [ 2627.515137][T29394] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2627.521204][T29394] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2627.526402][T29394] ? mem_cgroup_iter+0x422/0x560 [ 2627.531348][T29394] try_charge_memcg+0xda2/0x18a0 [ 2627.536290][T29394] ? __pfx_try_charge_memcg+0x10/0x10 [ 2627.541649][T29394] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2627.547376][T29394] ? __pfx_lock_release+0x10/0x10 [ 2627.552526][T29394] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2627.558349][T29394] __memcg_kmem_charge_page+0xe1/0x250 [ 2627.563803][T29394] memcg_charge_kernel_stack+0xa7/0x550 [ 2627.569359][T29394] dup_task_struct+0x15d/0x7d0 [ 2627.574151][T29394] copy_process+0x5d5/0x3fc0 [ 2627.578757][T29394] ? __might_fault+0xa9/0x120 [ 2627.583434][T29394] ? __pfx_lock_release+0x10/0x10 [ 2627.588470][T29394] ? __pfx_copy_process+0x10/0x10 [ 2627.593501][T29394] ? __might_fault+0xc5/0x120 [ 2627.598176][T29394] ? __asan_memset+0x23/0x50 [ 2627.602758][T29394] kernel_clone+0x21d/0x8d0 [ 2627.607265][T29394] ? __pfx_kernel_clone+0x10/0x10 [ 2627.612303][T29394] __se_sys_clone3+0x2cb/0x350 [ 2627.617057][T29394] ? __pfx___se_sys_clone3+0x10/0x10 [ 2627.622334][T29394] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2627.628328][T29394] ? exc_page_fault+0x587/0x870 [ 2627.633187][T29394] ? do_syscall_64+0xb4/0x240 [ 2627.637859][T29394] do_syscall_64+0xf9/0x240 [ 2627.642358][T29394] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2627.648255][T29394] RIP: 0033:0x7fdfb62a9b99 [ 2627.652673][T29394] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2627.672273][T29394] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2627.680849][T29394] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2627.688822][T29394] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2627.696807][T29394] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2627.704787][T29394] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2627.712765][T29394] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2627.721095][T29394] [ 2627.724939][T20857] Bluetooth: hci7: command 0x0409 tx timeout [ 2627.728139][T28174] Bluetooth: hci8: command 0x0409 tx timeout [ 2627.746264][T29394] memory: usage 307200kB, limit 307200kB, failcnt 40864 [ 2627.753244][T29394] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2627.761668][T29394] kmem: usage 307180kB, limit 9007199254740988kB, failcnt 0 [ 2627.769356][T29394] Memory cgroup stats for /syz3: [ 2627.769475][T29394] cache 0 [ 2627.777893][T29394] rss 4096 [ 2627.780932][T29394] rss_huge 0 [ 2627.784135][T29394] shmem 0 [ 2627.787740][T29394] mapped_file 0 [ 2627.791208][T29394] dirty 0 [ 2627.794156][T29394] writeback 0 [ 2627.798214][T29394] workingset_refault_anon 16391 [ 2627.803086][T29394] workingset_refault_file 1 [ 2627.808173][T29394] swap 188416 [ 2627.811495][T29394] swapcached 0 [ 2627.814875][T29394] pgpgin 337230 [ 2627.818523][T29394] pgpgout 337229 [ 2627.822078][T29394] pgfault 813841 [ 2627.825631][T29394] pgmajfault 13815 [ 2627.829772][T29394] inactive_anon 0 [ 2627.833417][T29394] active_anon 4096 [ 2627.837304][T29394] inactive_file 0 [ 2627.840947][T29394] active_file 0 [ 2627.844408][T29394] unevictable 0 [ 2627.848491][T29394] hierarchical_memory_limit 314572800 [ 2627.853877][T29394] hierarchical_memsw_limit 9223372036854771712 [ 2627.860388][T29394] total_cache 0 [ 2627.863867][T29394] total_rss 4096 [ 2627.867892][T29394] total_rss_huge 0 [ 2627.871632][T29394] total_shmem 0 [ 2627.875147][T29394] total_mapped_file 0 [ 2627.879296][T29394] total_dirty 0 [ 2627.882767][T29394] total_writeback 0 [ 2627.886630][T29394] total_workingset_refault_anon 16391 [ 2627.892001][T29394] total_workingset_refault_file 1 [ 2627.897176][T29394] total_swap 212992 [ 2627.900991][T29394] total_swapcached 0 [ 2627.904886][T29394] total_pgpgin 346776 [ 2627.908994][T29394] total_pgpgout 346775 [ 2627.913076][T29394] total_pgfault 823428 [ 2627.917230][T29394] total_pgmajfault 13815 [ 2627.921484][T29394] total_inactive_anon 0 [ 2627.925642][T29394] total_active_anon 4096 [ 2627.930028][T29394] total_inactive_file 0 [ 2627.934195][T29394] total_active_file 0 [ 2627.938616][T29394] total_unevictable 0 [ 2627.942613][T29394] anon_cost 0 [ 2627.945905][T29394] file_cost 0 [ 2627.950654][T29394] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29394,uid=0 [ 2627.966328][T29394] Memory cgroup out of memory: Killed process 29394 (syz-executor.3) total-vm:54508kB, anon-rss:128kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:54 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x4, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2628.168492][T29395] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2628.179177][T29395] CPU: 1 PID: 29395 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2628.189627][T29395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2628.199710][T29395] Call Trace: [ 2628.203001][T29395] [ 2628.205921][T29395] dump_stack_lvl+0x1e7/0x2e0 [ 2628.210594][T29395] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2628.215780][T29395] ? __pfx__printk+0x10/0x10 [ 2628.220396][T29395] ? ___ratelimit+0x4c4/0x670 [ 2628.225061][T29395] ? __pfx____ratelimit+0x10/0x10 [ 2628.230084][T29395] dump_header+0xda/0x6a0 [ 2628.234408][T29395] oom_kill_process+0x3a7/0x930 [ 2628.239269][T29395] out_of_memory+0xf67/0x1320 [ 2628.243972][T29395] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2628.249614][T29395] ? __pfx___mutex_lock+0x10/0x10 [ 2628.254642][T29395] ? __pfx_out_of_memory+0x10/0x10 [ 2628.259756][T29395] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2628.265299][T29395] ? __pfx_lock_release+0x10/0x10 [ 2628.270329][T29395] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2628.276420][T29395] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2628.281655][T29395] ? mem_cgroup_iter+0x422/0x560 [ 2628.286614][T29395] try_charge_memcg+0xda2/0x18a0 [ 2628.291867][T29395] ? __pfx_try_charge_memcg+0x10/0x10 [ 2628.297247][T29395] ? percpu_ref_tryget+0x14/0x180 [ 2628.302283][T29395] charge_memcg+0xa2/0x160 [ 2628.306698][T29395] __mem_cgroup_charge+0x27/0x80 [ 2628.311632][T29395] folio_prealloc+0x52/0x170 [ 2628.316219][T29395] do_wp_page+0x1222/0x4c90 [ 2628.320745][T29395] ? __pfx_do_wp_page+0x10/0x10 [ 2628.325601][T29395] ? __pfx_lock_acquire+0x10/0x10 [ 2628.330626][T29395] ? do_raw_spin_lock+0x14e/0x370 [ 2628.335687][T29395] __handle_mm_fault+0x26ad/0x72d0 [ 2628.340856][T29395] ? reacquire_held_locks+0x3eb/0x690 [ 2628.346243][T29395] ? __pfx___handle_mm_fault+0x10/0x10 [ 2628.351716][T29395] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2628.357467][T29395] ? mtree_range_walk+0x6fd/0x8e0 [ 2628.362534][T29395] ? lock_vma_under_rcu+0x18a/0x730 [ 2628.367738][T29395] ? __pfx_lock_release+0x10/0x10 [ 2628.372767][T29395] ? lock_vma_under_rcu+0x2f9/0x730 [ 2628.377987][T29395] ? lock_vma_under_rcu+0x18a/0x730 [ 2628.383190][T29395] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2628.388739][T29395] handle_mm_fault+0x3c1/0x8a0 [ 2628.393509][T29395] exc_page_fault+0x456/0x870 [ 2628.398191][T29395] asm_exc_page_fault+0x26/0x30 [ 2628.403031][T29395] RIP: 0033:0x7fdfb6236f11 [ 2628.407440][T29395] Code: 00 48 83 c4 20 83 fd 20 75 aa 48 8d 3d 0e 33 09 00 31 c0 e8 01 17 ff ff 90 41 57 41 56 41 55 41 54 55 53 48 81 ec f8 01 00 00 05 78 e7 c9 00 01 e8 43 dd ff ff 48 8b 05 b4 e7 c9 00 31 ff 48 [ 2628.427047][T29395] RSP: 002b:00007ffda0a70150 EFLAGS: 00010206 [ 2628.433108][T29395] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 2628.441072][T29395] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555555682788 [ 2628.449034][T29395] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 2628.456993][T29395] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 2628.464952][T29395] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 2628.472925][T29395] [ 2628.487040][T29395] memory: usage 307200kB, limit 307200kB, failcnt 41090 [ 2628.496791][T29395] memory+swap: usage 307420kB, limit 9007199254740988kB, failcnt 0 [ 2628.504710][T29395] kmem: usage 307172kB, limit 9007199254740988kB, failcnt 0 [ 2628.512553][T29395] Memory cgroup stats for /syz3: [ 2628.512697][T29395] cache 0 [ 2628.521078][T29395] rss 16384 [ 2628.524205][T29395] rss_huge 0 [ 2628.528415][T29395] shmem 0 [ 2628.531389][T29395] mapped_file 0 [ 2628.534899][T29395] dirty 0 [ 2628.538409][T29395] writeback 0 [ 2628.541703][T29395] workingset_refault_anon 16452 [ 2628.546980][T29395] workingset_refault_file 1 [ 2628.551497][T29395] swap 200704 [ 2628.554820][T29395] swapcached 4096 [ 2628.559066][T29395] pgpgin 337300 [ 2628.562542][T29395] pgpgout 337296 [ 2628.566086][T29395] pgfault 813951 [ 2628.570520][T29395] pgmajfault 13870 [ 2628.574552][T29395] inactive_anon 12288 [ 2628.579051][T29395] active_anon 4096 [ 2628.582783][T29395] inactive_file 0 [ 2628.590015][T29395] active_file 0 [ 2628.593498][T29395] unevictable 0 [ 2628.599110][T29395] hierarchical_memory_limit 314572800 [ 2628.604601][T29395] hierarchical_memsw_limit 9223372036854771712 [ 2628.611622][T29395] total_cache 0 [ 2628.615126][T29395] total_rss 16384 [ 2628.619037][T29395] total_rss_huge 0 [ 2628.622845][T29395] total_shmem 0 [ 2628.626823][T29395] total_mapped_file 0 [ 2628.630814][T29395] total_dirty 0 [ 2628.634299][T29395] total_writeback 0 [ 2628.638217][T29395] total_workingset_refault_anon 16452 [ 2628.643593][T29395] total_workingset_refault_file 1 [ 2628.648693][T29395] total_swap 225280 [ 2628.652509][T29395] total_swapcached 4096 [ 2628.656828][T29395] total_pgpgin 346846 [ 2628.660850][T29395] total_pgpgout 346842 [ 2628.664920][T29395] total_pgfault 823538 [ 2628.669141][T28174] Bluetooth: hci5: command 0x041b tx timeout [ 2628.675223][T29395] total_pgmajfault 13870 [ 2628.679564][T29395] total_inactive_anon 12288 [ 2628.684094][T29395] total_active_anon 4096 [ 2628.688439][T29395] total_inactive_file 0 [ 2628.692600][T29395] total_active_file 0 [ 2628.696679][T29395] total_unevictable 0 [ 2628.700667][T29395] anon_cost 0 [ 2628.703957][T29395] file_cost 0 10:24:54 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x5, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2628.707396][T29395] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29395,uid=0 [ 2628.723256][T29395] Memory cgroup out of memory: Killed process 29395 (syz-executor.3) total-vm:50536kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000 [ 2629.133933][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2629.157381][ T5088] CPU: 1 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2629.167752][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2629.177798][ T5088] Call Trace: [ 2629.181061][ T5088] [ 2629.184005][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2629.188684][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2629.193867][ T5088] ? __pfx__printk+0x10/0x10 [ 2629.198459][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2629.203153][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2629.208190][ T5088] dump_header+0xda/0x6a0 [ 2629.212514][ T5088] oom_kill_process+0x3a7/0x930 [ 2629.217360][ T5088] out_of_memory+0xf67/0x1320 [ 2629.222035][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2629.227654][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2629.232665][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2629.237771][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2629.243303][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2629.248314][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2629.254385][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2629.259587][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2629.264531][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2629.269479][ T5088] ? mark_lock+0x9a/0x350 [ 2629.273813][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2629.279187][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2629.285323][ T5088] charge_memcg+0xa2/0x160 [ 2629.289732][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2629.295784][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2629.301230][ T5088] ? mark_lock+0x9a/0x350 [ 2629.305550][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2629.311522][ T5088] swap_cluster_readahead+0x67c/0x810 [ 2629.316893][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2629.322785][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2629.327799][ T5088] ? xas_descend+0x37e/0x470 [ 2629.332379][ T5088] swapin_readahead+0x1ea/0x1070 [ 2629.337301][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2629.342406][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2629.347769][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2629.353044][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2629.358320][ T5088] do_swap_page+0x791/0x3f40 [ 2629.362896][ T5088] ? __lock_acquire+0x1345/0x1fd0 [ 2629.368000][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2629.372752][ T5088] ? mark_lock+0x9a/0x350 [ 2629.377067][ T5088] ? do_swap_page+0x154/0x3f40 [ 2629.381815][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2629.386821][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2629.392267][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2629.398060][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 2629.403244][ T5088] ? __lock_acquire+0x1345/0x1fd0 [ 2629.408258][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2629.413373][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2629.418827][ T5088] ? mt_find+0x226/0x850 [ 2629.423058][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2629.428105][ T5088] ? mt_find+0x62d/0x850 [ 2629.432335][ T5088] ? mt_find+0x226/0x850 [ 2629.436579][ T5088] ? find_vma+0x142/0x1c0 [ 2629.440894][ T5088] ? __pfx_find_vma+0x10/0x10 [ 2629.445560][ T5088] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2629.451539][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2629.456301][ T5088] exc_page_fault+0x2ad/0x870 [ 2629.460973][ T5088] asm_exc_page_fault+0x26/0x30 [ 2629.465804][ T5088] RIP: 0010:__put_user_8+0x11/0x20 [ 2629.470955][ T5088] Code: 84 00 00 00 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <48> 89 01 31 c9 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2629.490551][ T5088] RSP: 0000:ffffc90003fffd78 EFLAGS: 00050202 [ 2629.496607][ T5088] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000555555682da8 [ 2629.504562][ T5088] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2629.512518][ T5088] RBP: ffffc90003fffec0 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2629.520577][ T5088] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc90003fffe30 [ 2629.528562][ T5088] R13: ffffc90003ffffd8 R14: dffffc0000000000 R15: ffff88802746d0b8 [ 2629.536550][ T5088] __rseq_handle_notify_resume+0x651/0x1490 [ 2629.542444][ T5088] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2629.548768][ T5088] ? irqentry_exit_to_user_mode+0x52/0x270 [ 2629.554566][ T5088] irqentry_exit_to_user_mode+0xbb/0x270 [ 2629.560188][ T5088] exc_page_fault+0x587/0x870 [ 2629.564854][ T5088] asm_exc_page_fault+0x26/0x30 [ 2629.569797][ T5088] RIP: 0033:0x7fdfb623852f [ 2629.574499][ T5088] Code: 89 54 24 10 e8 52 1e 04 00 85 c0 0f 85 7f 08 00 00 48 b8 db 34 b6 d7 82 de 1b 43 48 f7 a4 24 c8 00 00 00 48 8b 05 a9 d1 c9 00 <48> 69 8c 24 c0 00 00 00 e8 03 00 00 48 c1 ea 12 48 01 ca 8b 08 48 [ 2629.594126][ T5088] RSP: 002b:00007ffda0a70380 EFLAGS: 00010a07 [ 2629.600292][ T5088] RAX: 0000001b31520000 RBX: 00000000000077a7 RCX: 0000000000000018 [ 2629.608260][ T5088] RDX: 00000000012b5cb2 RSI: 00007ffda0a70440 RDI: 7fffffffffffffff [ 2629.616242][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000010 R09: 00007ffda0b240b0 [ 2629.624221][ T5088] R10: 00007ffda0b24080 R11: 0000000000079a66 R12: 0000000000000032 [ 2629.632183][ T5088] R13: 0000000000281cb1 R14: 0000000000281cb1 R15: 0000000000000000 [ 2629.640157][ T5088] [ 2629.649839][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 41649 [ 2629.665579][ T5088] memory+swap: usage 307404kB, limit 9007199254740988kB, failcnt 0 [ 2629.673956][ T5088] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0 [ 2629.681871][ T5088] Memory cgroup stats for /syz3: [ 2629.682008][ T5088] cache 0 [ 2629.690374][ T5088] rss 8192 [ 2629.693426][ T5088] rss_huge 0 [ 2629.697106][ T5088] shmem 0 [ 2629.700342][ T5088] mapped_file 0 [ 2629.703806][ T5088] dirty 0 [ 2629.707475][ T5088] writeback 0 [ 2629.710771][ T5088] workingset_refault_anon 16646 [ 2629.715793][ T5088] workingset_refault_file 1 [ 2629.720856][ T5088] swap 184320 [ 2629.724156][ T5088] swapcached 0 [ 2629.727958][ T5088] pgpgin 337509 [ 2629.731442][ T5088] pgpgout 337507 [ 2629.735009][ T5088] pgfault 814215 [ 2629.739301][ T5088] pgmajfault 14026 [ 2629.743041][ T5088] inactive_anon 0 [ 2629.747173][ T5088] active_anon 8192 [ 2629.751841][ T5088] inactive_file 0 [ 2629.755487][ T5088] active_file 0 [ 2629.760745][ T5088] unevictable 0 [ 2629.764251][ T5088] hierarchical_memory_limit 314572800 [ 2629.770301][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2629.776879][ T5088] total_cache 0 [ 2629.780347][ T5088] total_rss 8192 [ 2629.785332][ T5088] total_rss_huge 0 [ 2629.794633][T28174] Bluetooth: hci7: command 0x041b tx timeout [ 2629.798223][ T5088] total_shmem 0 [ 2629.802246][T20857] Bluetooth: hci8: command 0x041b tx timeout [ 2629.812608][ T5088] total_mapped_file 0 [ 2629.818035][ T5088] total_dirty 0 [ 2629.822521][ T5088] total_writeback 0 [ 2629.830291][ T5088] total_workingset_refault_anon 16646 [ 2629.835700][ T5088] total_workingset_refault_file 1 [ 2629.841474][ T5088] total_swap 208896 [ 2629.845300][ T5088] total_swapcached 0 [ 2629.853350][ T5088] total_pgpgin 347055 [ 2629.857795][ T5088] total_pgpgout 347053 [ 2629.861881][ T5088] total_pgfault 823802 [ 2629.865950][ T5088] total_pgmajfault 14026 [ 2629.886431][ T5088] total_inactive_anon 0 [ 2629.890673][ T5088] total_active_anon 8192 [ 2629.894920][ T5088] total_inactive_file 0 [ 2629.900372][ T5088] total_active_file 0 [ 2629.904516][ T5088] total_unevictable 0 [ 2629.909489][ T5088] anon_cost 0 [ 2629.912798][ T5088] file_cost 0 [ 2629.916092][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29396,uid=0 10:24:56 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x7, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2629.932746][ T5088] Memory cgroup out of memory: Killed process 29396 (syz-executor.3) total-vm:54508kB, anon-rss:128kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2630.265716][T29397] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2630.283879][T29397] CPU: 0 PID: 29397 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2630.294345][T29397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2630.304429][T29397] Call Trace: [ 2630.307736][T29397] [ 2630.310690][T29397] dump_stack_lvl+0x1e7/0x2e0 [ 2630.315409][T29397] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2630.320644][T29397] ? __pfx__printk+0x10/0x10 [ 2630.325268][T29397] ? ___ratelimit+0x4c4/0x670 [ 2630.329992][T29397] ? __pfx____ratelimit+0x10/0x10 [ 2630.335053][T29397] dump_header+0xda/0x6a0 [ 2630.339417][T29397] oom_kill_process+0x3a7/0x930 [ 2630.344315][T29397] out_of_memory+0xf67/0x1320 [ 2630.349032][T29397] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2630.354699][T29397] ? __pfx___mutex_lock+0x10/0x10 [ 2630.359757][T29397] ? __pfx_out_of_memory+0x10/0x10 [ 2630.364911][T29397] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2630.370487][T29397] ? __pfx_lock_release+0x10/0x10 [ 2630.375558][T29397] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2630.381668][T29397] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2630.386901][T29397] ? mem_cgroup_iter+0x422/0x560 [ 2630.391879][T29397] try_charge_memcg+0xda2/0x18a0 [ 2630.396841][T29397] ? mark_lock+0x9a/0x350 [ 2630.401223][T29397] ? __pfx_try_charge_memcg+0x10/0x10 [ 2630.406659][T29397] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2630.412843][T29397] charge_memcg+0xa2/0x160 [ 2630.417307][T29397] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2630.423409][T29397] __read_swap_cache_async+0x480/0x8b0 [ 2630.428907][T29397] ? mark_lock+0x9a/0x350 [ 2630.433283][T29397] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2630.439316][T29397] swap_cluster_readahead+0x67c/0x810 [ 2630.444739][T29397] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2630.450678][T29397] ? __pfx_lock_release+0x10/0x10 [ 2630.455742][T29397] ? xas_descend+0x37e/0x470 [ 2630.460360][T29397] swapin_readahead+0x1ea/0x1070 [ 2630.465317][T29397] ? filemap_get_entry+0x127/0x4e0 [ 2630.470481][T29397] ? __pfx_swapin_readahead+0x10/0x10 [ 2630.475905][T29397] ? __filemap_get_folio+0x935/0xbc0 [ 2630.481232][T29397] ? swap_cache_get_folio+0x9f/0x570 [ 2630.486559][T29397] do_swap_page+0x791/0x3f40 [ 2630.491179][T29397] ? __lock_acquire+0x1345/0x1fd0 [ 2630.496239][T29397] ? rcu_is_watching+0x15/0xb0 [ 2630.501050][T29397] ? do_swap_page+0x154/0x3f40 [ 2630.505840][T29397] ? __pfx_do_swap_page+0x10/0x10 [ 2630.510980][T29397] ? pte_offset_map_nolock+0x137/0x1f0 [ 2630.516475][T29397] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2630.522313][T29397] ? __pfx_validate_chain+0x10/0x10 [ 2630.527548][T29397] __handle_mm_fault+0x15e8/0x72d0 [ 2630.532728][T29397] ? __pfx___handle_mm_fault+0x10/0x10 [ 2630.538237][T29397] ? mt_find+0x226/0x850 [ 2630.542519][T29397] ? __pfx_lock_release+0x10/0x10 [ 2630.547594][T29397] ? mt_find+0x62d/0x850 [ 2630.551874][T29397] ? mt_find+0x226/0x850 [ 2630.556172][T29397] ? find_vma+0x142/0x1c0 [ 2630.560524][T29397] ? __pfx_find_vma+0x10/0x10 [ 2630.565225][T29397] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2630.571247][T29397] handle_mm_fault+0x3c1/0x8a0 [ 2630.576057][T29397] exc_page_fault+0x2ad/0x870 [ 2630.580782][T29397] asm_exc_page_fault+0x26/0x30 [ 2630.585663][T29397] RIP: 0010:__get_user_8+0x11/0x20 [ 2630.590814][T29397] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2630.610799][T29397] RSP: 0000:ffffc9000364fd78 EFLAGS: 00050202 [ 2630.616898][T29397] RAX: 0000555555682da8 RBX: ffff8880259a1538 RCX: ffffc9000364fc03 [ 2630.624899][T29397] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2630.632901][T29397] RBP: ffffc9000364fec0 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2630.640906][T29397] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc9000364fd80 [ 2630.648916][T29397] R13: ffffc9000364ffd8 R14: dffffc0000000000 R15: ffff8880259a0000 [ 2630.657113][T29397] __rseq_handle_notify_resume+0x158/0x1490 [ 2630.663151][T29397] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2630.669532][T29397] ? irqentry_exit_to_user_mode+0x52/0x270 [ 2630.675383][T29397] irqentry_exit_to_user_mode+0xbb/0x270 [ 2630.681055][T29397] exc_page_fault+0x587/0x870 [ 2630.685780][T29397] asm_exc_page_fault+0x26/0x30 [ 2630.690664][T29397] RIP: 0033:0x7fdfb625b068 [ 2630.695114][T29397] Code: 00 0f b6 c0 48 85 c0 0f 85 cd 02 00 00 80 3d a6 f7 c7 00 00 0f 84 48 02 00 00 64 48 83 3c 25 b8 ff ff ff 00 0f 84 c8 02 00 00 <80> 3d 89 4e 12 00 00 0f 85 eb 00 00 00 48 c7 c0 c8 ff ff ff 64 4c [ 2630.714836][T29397] RSP: 002b:00007ffda0a6ffb0 EFLAGS: 00010202 [ 2630.720939][T29397] RAX: 0000000000000000 RBX: 0000000000000110 RCX: 00007fdfb627de67 [ 2630.728938][T29397] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000000000011 [ 2630.736938][T29397] RBP: 000000000000000f R08: 00000000ffffffff R09: 0000000000000000 [ 2630.744945][T29397] R10: 0000000000021000 R11: 0000000000000206 R12: 00007ffda0a702b0 [ 2630.752948][T29397] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 2630.760978][T29397] [ 2630.767091][T28174] Bluetooth: hci5: command 0x040f tx timeout [ 2630.777276][T29397] memory: usage 307200kB, limit 307200kB, failcnt 42843 [ 2630.794390][T29397] memory+swap: usage 307380kB, limit 9007199254740988kB, failcnt 0 [ 2630.814959][T29397] kmem: usage 307172kB, limit 9007199254740988kB, failcnt 0 [ 2630.828516][T29397] Memory cgroup stats for /syz3: [ 2630.829010][T29397] cache 0 [ 2630.837609][T29397] rss 16384 [ 2630.840740][T29397] rss_huge 0 [ 2630.843946][T29397] shmem 0 [ 2630.847741][T29397] mapped_file 0 [ 2630.851221][T29397] dirty 0 [ 2630.854168][T29397] writeback 0 [ 2630.858249][T29397] workingset_refault_anon 17115 [ 2630.863140][T29397] workingset_refault_file 1 [ 2630.872022][T29397] swap 172032 [ 2630.875344][T29397] swapcached 0 [ 2630.879559][T29397] pgpgin 337991 [ 2630.883044][T29397] pgpgout 337987 [ 2630.891835][T29397] pgfault 814771 [ 2630.895511][T29397] pgmajfault 14388 [ 2630.899544][T29397] inactive_anon 0 [ 2630.903227][T29397] active_anon 16384 [ 2630.907995][T29397] inactive_file 0 [ 2630.911703][T29397] active_file 0 [ 2630.915174][T29397] unevictable 0 [ 2630.919504][T29397] hierarchical_memory_limit 314572800 [ 2630.925015][T29397] hierarchical_memsw_limit 9223372036854771712 [ 2630.931997][T29397] total_cache 0 [ 2630.935481][T29397] total_rss 16384 [ 2630.939751][T29397] total_rss_huge 0 [ 2630.943575][T29397] total_shmem 0 [ 2630.947516][T29397] total_mapped_file 0 [ 2630.951597][T29397] total_dirty 0 [ 2630.955065][T29397] total_writeback 0 [ 2630.959500][T29397] total_workingset_refault_anon 17115 [ 2630.964910][T29397] total_workingset_refault_file 1 [ 2630.972869][T29397] total_swap 196608 [ 2630.977348][T29397] total_swapcached 0 [ 2630.984573][T29397] total_pgpgin 347537 [ 2630.993558][T29397] total_pgpgout 347533 [ 2631.002437][T29397] total_pgfault 824358 [ 2631.010226][T29397] total_pgmajfault 14388 [ 2631.014507][T29397] total_inactive_anon 0 [ 2631.018946][T29397] total_active_anon 16384 [ 2631.023295][T29397] total_inactive_file 0 [ 2631.027720][T29397] total_active_file 0 [ 2631.032150][T29397] total_unevictable 0 [ 2631.037676][T29397] anon_cost 0 [ 2631.041096][T29397] file_cost 0 [ 2631.044428][T29397] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29397,uid=0 10:24:57 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x8, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2631.061104][T29397] Memory cgroup out of memory: Killed process 29397 (syz-executor.3) total-vm:54508kB, anon-rss:128kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2631.204353][T29398] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2631.217030][T29398] CPU: 1 PID: 29398 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2631.227482][T29398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2631.237565][T29398] Call Trace: [ 2631.240875][T29398] [ 2631.243834][T29398] dump_stack_lvl+0x1e7/0x2e0 [ 2631.248555][T29398] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2631.253796][T29398] ? __pfx__printk+0x10/0x10 [ 2631.258416][T29398] ? ___ratelimit+0x4c4/0x670 [ 2631.263135][T29398] ? __pfx____ratelimit+0x10/0x10 [ 2631.268359][T29398] dump_header+0xda/0x6a0 [ 2631.272692][T29398] oom_kill_process+0x3a7/0x930 [ 2631.277539][T29398] out_of_memory+0xf67/0x1320 [ 2631.282215][T29398] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2631.287845][T29398] ? __pfx___mutex_lock+0x10/0x10 [ 2631.292865][T29398] ? __pfx_out_of_memory+0x10/0x10 [ 2631.297978][T29398] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2631.303603][T29398] ? __pfx_lock_release+0x10/0x10 [ 2631.308625][T29398] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2631.314689][T29398] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2631.319885][T29398] ? mem_cgroup_iter+0x422/0x560 [ 2631.324821][T29398] try_charge_memcg+0xda2/0x18a0 [ 2631.329748][T29398] ? mark_lock+0x9a/0x350 [ 2631.334085][T29398] ? __pfx_try_charge_memcg+0x10/0x10 [ 2631.339469][T29398] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2631.345616][T29398] charge_memcg+0xa2/0x160 [ 2631.350032][T29398] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2631.356092][T29398] __read_swap_cache_async+0x480/0x8b0 [ 2631.361550][T29398] ? mark_lock+0x9a/0x350 [ 2631.365877][T29398] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2631.371862][T29398] swap_cluster_readahead+0x67c/0x810 [ 2631.377240][T29398] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2631.383219][T29398] ? __pfx_lock_release+0x10/0x10 [ 2631.388242][T29398] ? xas_descend+0x37e/0x470 [ 2631.392838][T29398] swapin_readahead+0x1ea/0x1070 [ 2631.397771][T29398] ? filemap_get_entry+0x127/0x4e0 [ 2631.402888][T29398] ? __pfx_swapin_readahead+0x10/0x10 [ 2631.408264][T29398] ? __filemap_get_folio+0x935/0xbc0 [ 2631.413555][T29398] ? swap_cache_get_folio+0x9f/0x570 [ 2631.418860][T29398] do_swap_page+0x791/0x3f40 [ 2631.423451][T29398] ? rcu_is_watching+0x15/0xb0 [ 2631.428225][T29398] ? do_swap_page+0x154/0x3f40 [ 2631.432978][T29398] ? __pfx_do_swap_page+0x10/0x10 [ 2631.437996][T29398] ? pte_offset_map_nolock+0x137/0x1f0 [ 2631.443450][T29398] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2631.449250][T29398] ? __pfx_validate_chain+0x10/0x10 [ 2631.454443][T29398] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 2631.460773][T29398] __handle_mm_fault+0x15e8/0x72d0 [ 2631.466076][T29398] ? __pfx___handle_mm_fault+0x10/0x10 [ 2631.471534][T29398] ? mt_find+0x226/0x850 [ 2631.475775][T29398] ? __pfx_lock_release+0x10/0x10 [ 2631.480984][T29398] ? mt_find+0x62d/0x850 [ 2631.485223][T29398] ? mt_find+0x226/0x850 [ 2631.489476][T29398] ? find_vma+0x142/0x1c0 [ 2631.493798][T29398] ? __pfx_find_vma+0x10/0x10 [ 2631.498481][T29398] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2631.504488][T29398] handle_mm_fault+0x3c1/0x8a0 [ 2631.509270][T29398] exc_page_fault+0x2ad/0x870 [ 2631.513956][T29398] asm_exc_page_fault+0x26/0x30 [ 2631.518805][T29398] RIP: 0010:__get_user_8+0x11/0x20 [ 2631.523912][T29398] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2631.543510][T29398] RSP: 0000:ffffc9000364fd78 EFLAGS: 00050202 [ 2631.549571][T29398] RAX: 0000555555682da8 RBX: ffff888015bcd0b8 RCX: ffffc9000364fc03 [ 2631.557532][T29398] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2631.565495][T29398] RBP: ffffc9000364fec0 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2631.573459][T29398] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc9000364fd80 [ 2631.581445][T29398] R13: ffffc9000364ffd8 R14: dffffc0000000000 R15: ffff888015bcbb80 [ 2631.589433][T29398] __rseq_handle_notify_resume+0x158/0x1490 [ 2631.595348][T29398] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2631.601692][T29398] ? irqentry_exit_to_user_mode+0x52/0x270 [ 2631.607498][T29398] irqentry_exit_to_user_mode+0xbb/0x270 [ 2631.613131][T29398] exc_page_fault+0x587/0x870 [ 2631.617822][T29398] asm_exc_page_fault+0x26/0x30 [ 2631.622679][T29398] RIP: 0033:0x7fdfb6228266 [ 2631.627087][T29398] Code: 1f 44 00 00 48 8b 0d 91 d4 ca 00 4c 63 05 7a d4 ca 00 48 8b 05 7b d4 ca 00 49 01 c8 48 39 c8 72 13 4c 39 c0 73 0e 48 8d 50 04 <89> 38 48 89 15 61 d4 ca 00 c3 52 48 8d 35 c3 0e 0a 00 48 89 c2 48 [ 2631.646702][T29398] RSP: 002b:00007ffda0a70148 EFLAGS: 00010287 [ 2631.652762][T29398] RAX: 0000001b31520000 RBX: 0000000000000003 RCX: 0000001b31520000 [ 2631.660730][T29398] RDX: 0000001b31520004 RSI: 0000000000000000 RDI: 0000000000000000 [ 2631.668701][T29398] RBP: 0000000000000001 R08: 0000001b31920000 R09: 0000000000040000 [ 2631.676664][T29398] R10: 0000000000000011 R11: 0000000000000293 R12: 0000000000000000 [ 2631.684624][T29398] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 2631.692694][T29398] [ 2631.716434][T29398] memory: usage 307200kB, limit 307200kB, failcnt 43097 [ 2631.749875][T29398] memory+swap: usage 307420kB, limit 9007199254740988kB, failcnt 0 [ 2631.758246][T29398] kmem: usage 307184kB, limit 9007199254740988kB, failcnt 0 [ 2631.765555][T29398] Memory cgroup stats for /syz3: [ 2631.765683][T29398] cache 0 [ 2631.774190][T29398] rss 12288 [ 2631.777672][T29398] rss_huge 0 [ 2631.780900][T29398] shmem 0 [ 2631.783847][T29398] mapped_file 0 [ 2631.828289][T29398] dirty 0 [ 2631.831263][T29398] writeback 0 [ 2631.834559][T29398] workingset_refault_anon 17214 [ 2631.839934][T29398] workingset_refault_file 1 [ 2631.844449][T29398] swap 204800 [ 2631.849724][T29398] swapcached 0 [ 2631.853431][T29398] pgpgin 338100 [ 2631.857832][T29398] pgpgout 338097 [ 2631.861506][T29398] pgfault 814911 [ 2631.865093][T29398] pgmajfault 14459 [ 2631.869255][T28174] Bluetooth: hci8: command 0x040f tx timeout [ 2631.875671][T29398] inactive_anon 4096 [ 2631.879683][T28174] Bluetooth: hci7: command 0x040f tx timeout [ 2631.890623][T29398] active_anon 8192 [ 2631.906503][T29398] inactive_file 0 [ 2631.910322][T29398] active_file 0 [ 2631.913887][T29398] unevictable 0 [ 2631.918342][T29398] hierarchical_memory_limit 314572800 [ 2631.923829][T29398] hierarchical_memsw_limit 9223372036854771712 [ 2631.934772][T29398] total_cache 0 [ 2631.938689][T29398] total_rss 12288 [ 2631.943446][T29398] total_rss_huge 0 [ 2631.956088][T29398] total_shmem 0 [ 2631.961176][T29398] total_mapped_file 0 [ 2631.965322][T29398] total_dirty 0 [ 2631.969642][T29398] total_writeback 0 [ 2631.973662][T29398] total_workingset_refault_anon 17214 [ 2631.982405][T29398] total_workingset_refault_file 1 [ 2631.999712][T29398] total_swap 229376 [ 2632.004040][T29398] total_swapcached 0 [ 2632.008735][T29398] total_pgpgin 347646 [ 2632.012859][T29398] total_pgpgout 347643 [ 2632.017604][T29398] total_pgfault 824498 [ 2632.022396][T29398] total_pgmajfault 14459 [ 2632.027727][T29398] total_inactive_anon 4096 [ 2632.032251][T29398] total_active_anon 8192 [ 2632.037321][T29398] total_inactive_file 0 [ 2632.041628][T29398] total_active_file 0 [ 2632.045706][T29398] total_unevictable 0 [ 2632.050453][T29398] anon_cost 0 [ 2632.053838][T29398] file_cost 0 [ 2632.057753][T29398] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29398,uid=0 10:24:58 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x14, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2632.073826][T29398] Memory cgroup out of memory: Killed process 29398 (syz-executor.3) total-vm:54376kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:1000 [ 2632.565074][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2632.592516][ T5088] CPU: 0 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2632.602907][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2632.613169][ T5088] Call Trace: [ 2632.616474][ T5088] [ 2632.619424][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2632.624140][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2632.629378][ T5088] ? __pfx__printk+0x10/0x10 [ 2632.633970][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2632.638647][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2632.643672][ T5088] dump_header+0xda/0x6a0 [ 2632.648002][ T5088] oom_kill_process+0x3a7/0x930 [ 2632.652852][ T5088] out_of_memory+0xf67/0x1320 [ 2632.657527][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2632.663154][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2632.668182][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2632.673309][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2632.678851][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2632.683877][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2632.689940][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2632.695138][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2632.700076][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2632.705003][ T5088] ? mark_lock+0x9a/0x350 [ 2632.709343][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2632.714731][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2632.720878][ T5088] charge_memcg+0xa2/0x160 [ 2632.725296][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2632.731356][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2632.736811][ T5088] ? mark_lock+0x9a/0x350 [ 2632.741139][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2632.747127][ T5088] swap_cluster_readahead+0x67c/0x810 [ 2632.752506][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2632.758398][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2632.763422][ T5088] ? xas_descend+0x37e/0x470 [ 2632.768028][ T5088] swapin_readahead+0x1ea/0x1070 [ 2632.772965][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2632.778088][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2632.783461][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2632.788747][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2632.794030][ T5088] do_swap_page+0x791/0x3f40 [ 2632.798618][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2632.803388][ T5088] ? do_swap_page+0x154/0x3f40 [ 2632.808149][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2632.813168][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2632.818623][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2632.824431][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2632.829580][ T5088] ? reacquire_held_locks+0x3eb/0x690 [ 2632.834946][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2632.840409][ T5088] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2632.846132][ T5088] ? mtree_range_walk+0x6fd/0x8e0 [ 2632.851187][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2632.856377][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2632.861394][ T5088] ? lock_vma_under_rcu+0x2f9/0x730 [ 2632.866601][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2632.871793][ T5088] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2632.877422][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2632.882186][ T5088] exc_page_fault+0x456/0x870 [ 2632.886863][ T5088] asm_exc_page_fault+0x26/0x30 [ 2632.891703][ T5088] RIP: 0033:0x7fdfb62384dc [ 2632.896115][ T5088] Code: f5 ba 01 00 00 40 48 89 ee bf ff ff ff ff e8 ab 22 04 00 39 c3 0f 84 09 01 00 00 bf e8 03 00 00 e8 59 58 04 00 48 8b 74 24 08 <48> 8b 05 bd d1 c9 00 bf 01 00 00 00 4c 8b 25 b9 d1 c9 00 48 8d 14 [ 2632.915723][ T5088] RSP: 002b:00007ffda0a70380 EFLAGS: 00010206 [ 2632.921784][ T5088] RAX: 0000000000000000 RBX: 00000000000077aa RCX: 0000000000000000 [ 2632.929747][ T5088] RDX: 0000000000000000 RSI: 00007ffda0a70440 RDI: 0000555555682788 [ 2632.937709][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000000 R09: 00007ffda0b240b0 [ 2632.945667][ T5088] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2632.953626][ T5088] R13: 00000000002829c3 R14: 00000000002829c3 R15: 0000000000000000 [ 2632.961607][ T5088] [ 2632.966140][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 43937 [ 2632.973222][ T5088] memory+swap: usage 307404kB, limit 9007199254740988kB, failcnt 0 [ 2632.981578][ T5088] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0 [ 2632.989227][T28174] Bluetooth: hci5: command 0x0419 tx timeout [ 2632.995335][ T5088] Memory cgroup stats for /syz3: [ 2632.995450][ T5088] cache 0 [ 2633.003876][ T5088] rss 4096 [ 2633.007051][ T5088] rss_huge 0 [ 2633.010262][ T5088] shmem 0 [ 2633.013207][ T5088] mapped_file 0 [ 2633.016903][ T5088] dirty 0 [ 2633.019868][ T5088] writeback 0 [ 2633.023159][ T5088] workingset_refault_anon 17537 [ 2633.028205][ T5088] workingset_refault_file 1 [ 2633.032725][ T5088] swap 188416 [ 2633.036028][ T5088] swapcached 0 [ 2633.039524][ T5088] pgpgin 338436 [ 2633.042996][ T5088] pgpgout 338435 [ 2633.046655][ T5088] pgfault 815343 [ 2633.050217][ T5088] pgmajfault 14732 [ 2633.053947][ T5088] inactive_anon 4096 [ 2633.057958][ T5088] active_anon 0 [ 2633.061432][ T5088] inactive_file 0 [ 2633.065073][ T5088] active_file 0 [ 2633.069714][ T5088] unevictable 0 [ 2633.073212][ T5088] hierarchical_memory_limit 314572800 [ 2633.078711][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2633.084880][ T5088] total_cache 0 [ 2633.088406][ T5088] total_rss 4096 [ 2633.091958][ T5088] total_rss_huge 0 [ 2633.095687][ T5088] total_shmem 0 [ 2633.099246][ T5088] total_mapped_file 0 [ 2633.103412][ T5088] total_dirty 0 [ 2633.107057][ T5088] total_writeback 0 [ 2633.110878][ T5088] total_workingset_refault_anon 17537 [ 2633.116369][ T5088] total_workingset_refault_file 1 [ 2633.121445][ T5088] total_swap 212992 [ 2633.125266][ T5088] total_swapcached 0 [ 2633.129405][ T5088] total_pgpgin 347982 [ 2633.134093][ T5088] total_pgpgout 347981 [ 2633.138274][ T5088] total_pgfault 824930 [ 2633.142345][ T5088] total_pgmajfault 14732 [ 2633.146742][ T5088] total_inactive_anon 4096 [ 2633.151201][ T5088] total_active_anon 0 [ 2633.155190][ T5088] total_inactive_file 0 [ 2633.159479][ T5088] total_active_file 0 [ 2633.163494][ T5088] total_unevictable 0 [ 2633.167607][ T5088] anon_cost 0 [ 2633.170923][ T5088] file_cost 0 [ 2633.174222][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29399,uid=0 [ 2633.190522][ T5088] Memory cgroup out of memory: Killed process 29399 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:24:59 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0xc400, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2633.657460][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2633.668675][ T5088] CPU: 0 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2633.679033][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2633.689121][ T5088] Call Trace: [ 2633.692427][ T5088] [ 2633.695382][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2633.700103][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2633.705367][ T5088] ? __pfx__printk+0x10/0x10 [ 2633.710071][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2633.714817][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2633.719881][ T5088] dump_header+0xda/0x6a0 [ 2633.724264][ T5088] oom_kill_process+0x3a7/0x930 [ 2633.729170][ T5088] out_of_memory+0xf67/0x1320 [ 2633.733901][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2633.739613][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2633.744714][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2633.749907][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2633.755529][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2633.760643][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2633.766780][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2633.772024][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2633.776999][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2633.781954][ T5088] ? mark_lock+0x9a/0x350 [ 2633.786329][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2633.791763][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2633.797948][ T5088] charge_memcg+0xa2/0x160 [ 2633.802394][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2633.808492][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2633.814030][ T5088] ? mark_lock+0x9a/0x350 [ 2633.818448][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2633.824466][ T5088] swap_cluster_readahead+0x67c/0x810 [ 2633.829883][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2633.835841][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2633.840952][ T5088] ? xas_descend+0x37e/0x470 [ 2633.845578][ T5088] swapin_readahead+0x1ea/0x1070 [ 2633.850610][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2633.855823][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2633.861246][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2633.866567][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2633.871901][ T5088] do_swap_page+0x791/0x3f40 [ 2633.876530][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2633.881334][ T5088] ? do_swap_page+0x154/0x3f40 [ 2633.886119][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2633.891171][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2633.896666][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2633.902501][ T5088] ? __pfx_validate_chain+0x10/0x10 [ 2633.907739][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2633.913000][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2633.918506][ T5088] ? mt_find+0x226/0x850 [ 2633.922773][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2633.927843][ T5088] ? mt_find+0x62d/0x850 [ 2633.932120][ T5088] ? mt_find+0x226/0x850 [ 2633.936421][ T5088] ? find_vma+0x142/0x1c0 [ 2633.940776][ T5088] ? __pfx_find_vma+0x10/0x10 [ 2633.945470][ T5088] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2633.951483][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2633.956292][ T5088] exc_page_fault+0x2ad/0x870 [ 2633.961010][ T5088] asm_exc_page_fault+0x26/0x30 [ 2633.965899][ T5088] RIP: 0010:__get_user_8+0x11/0x20 [ 2633.971038][ T5088] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2633.990677][ T5088] RSP: 0000:ffffc90003fffd98 EFLAGS: 00050202 [ 2633.996781][ T5088] RAX: 0000555555682da8 RBX: ffff88802746d0b8 RCX: ffffc90003fffc03 [ 2634.004785][ T5088] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2634.005306][T28174] Bluetooth: hci7: command 0x0419 tx timeout [ 2634.012760][ T5088] RBP: ffffc90003fffec8 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2634.012776][ T5088] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc90003fffda0 [ 2634.012788][ T5088] R13: ffffc90003ffffd8 R14: dffffc0000000000 R15: ffff88802746bb80 [ 2634.012821][ T5088] __rseq_handle_notify_resume+0x158/0x1490 [ 2634.012864][ T5088] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2634.012896][ T5088] ? syscall_exit_to_user_mode+0xa2/0x360 [ 2634.012923][ T5088] syscall_exit_to_user_mode+0x113/0x360 [ 2634.019216][T20857] Bluetooth: hci8: command 0x0419 tx timeout [ 2634.026854][ T5088] do_syscall_64+0x108/0x240 [ 2634.026909][ T5088] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2634.026936][ T5088] RIP: 0033:0x7fdfb62a91b5 [ 2634.026953][ T5088] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 2634.026969][ T5088] RSP: 002b:00007ffda0a70310 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 2634.026991][ T5088] RAX: 0000000000000000 RBX: 00000000000077ab RCX: 00007fdfb62a91b5 [ 2634.027003][ T5088] RDX: 00007ffda0a70350 RSI: 0000000000000000 RDI: 0000000000000000 [ 2634.027014][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000000 R09: 00007ffda0b240b0 [ 2634.027025][ T5088] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2634.027037][ T5088] R13: 0000000000282e59 R14: 0000000000282e59 R15: 0000000000000000 [ 2634.027066][ T5088] [ 2634.048081][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 44913 [ 2634.169808][ T5088] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2634.178257][ T5088] kmem: usage 307180kB, limit 9007199254740988kB, failcnt 0 [ 2634.185570][ T5088] Memory cgroup stats for /syz3: [ 2634.185691][ T5088] cache 0 [ 2634.194876][ T5088] rss 0 [ 2634.198055][ T5088] rss_huge 0 [ 2634.201276][ T5088] shmem 0 [ 2634.204240][ T5088] mapped_file 0 [ 2634.208512][ T5088] dirty 0 [ 2634.211475][ T5088] writeback 0 [ 2634.214763][ T5088] workingset_refault_anon 17899 [ 2634.220258][ T5088] workingset_refault_file 1 [ 2634.224771][ T5088] swap 192512 [ 2634.228584][ T5088] swapcached 0 [ 2634.231980][ T5088] pgpgin 338814 [ 2634.235478][ T5088] pgpgout 338814 [ 2634.243618][ T5088] pgfault 815842 [ 2634.249618][ T5088] pgmajfault 15031 [ 2634.253352][ T5088] inactive_anon 0 [ 2634.261622][ T5088] active_anon 0 [ 2634.265100][ T5088] inactive_file 0 [ 2634.275537][ T5088] active_file 0 [ 2634.286253][ T5088] unevictable 0 [ 2634.289816][ T5088] hierarchical_memory_limit 314572800 [ 2634.295196][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2634.302330][ T5088] total_cache 0 [ 2634.305840][ T5088] total_rss 0 [ 2634.309657][ T5088] total_rss_huge 0 [ 2634.313429][ T5088] total_shmem 0 [ 2634.317632][ T5088] total_mapped_file 0 [ 2634.321629][ T5088] total_dirty 0 [ 2634.325095][ T5088] total_writeback 0 [ 2634.329502][ T5088] total_workingset_refault_anon 17899 [ 2634.334885][ T5088] total_workingset_refault_file 1 [ 2634.340462][ T5088] total_swap 217088 [ 2634.344284][ T5088] total_swapcached 0 [ 2634.350168][ T5088] total_pgpgin 348360 [ 2634.354184][ T5088] total_pgpgout 348360 [ 2634.358763][ T5088] total_pgfault 825429 [ 2634.362899][ T5088] total_pgmajfault 15031 [ 2634.367609][ T5088] total_inactive_anon 0 [ 2634.371779][ T5088] total_active_anon 0 [ 2634.375784][ T5088] total_inactive_file 0 [ 2634.380712][ T5088] total_active_file 0 [ 2634.384703][ T5088] total_unevictable 0 [ 2634.389723][ T5088] anon_cost 0 [ 2634.393025][ T5088] file_cost 0 [ 2634.397153][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29400,uid=0 [ 2634.413087][ T5088] Memory cgroup out of memory: Killed process 29400 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 10:25:00 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0xc500, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2634.966029][T29401] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2634.984217][T29401] CPU: 1 PID: 29401 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2634.994789][T29401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2635.004879][T29401] Call Trace: [ 2635.008186][T29401] [ 2635.011141][T29401] dump_stack_lvl+0x1e7/0x2e0 [ 2635.015860][T29401] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2635.021103][T29401] ? __pfx__printk+0x10/0x10 [ 2635.025723][T29401] ? ___ratelimit+0x4c4/0x670 [ 2635.030441][T29401] ? __pfx____ratelimit+0x10/0x10 [ 2635.035529][T29401] dump_header+0xda/0x6a0 [ 2635.039900][T29401] oom_kill_process+0x3a7/0x930 [ 2635.044795][T29401] out_of_memory+0xf67/0x1320 [ 2635.049518][T29401] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2635.055203][T29401] ? __pfx___mutex_lock+0x10/0x10 [ 2635.060267][T29401] ? __pfx_out_of_memory+0x10/0x10 [ 2635.065432][T29401] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2635.071032][T29401] ? __pfx_lock_release+0x10/0x10 [ 2635.076136][T29401] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2635.082242][T29401] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2635.087498][T29401] ? mem_cgroup_iter+0x422/0x560 [ 2635.092570][T29401] try_charge_memcg+0xda2/0x18a0 [ 2635.097632][T29401] ? mark_lock+0x9a/0x350 [ 2635.102025][T29401] ? __pfx_try_charge_memcg+0x10/0x10 [ 2635.107467][T29401] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2635.113652][T29401] charge_memcg+0xa2/0x160 [ 2635.118109][T29401] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2635.124227][T29401] __read_swap_cache_async+0x480/0x8b0 [ 2635.129728][T29401] ? mark_lock+0x9a/0x350 [ 2635.134106][T29401] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2635.140136][T29401] ? blk_start_plug+0x6f/0x1b0 [ 2635.144941][T29401] swap_cluster_readahead+0x398/0x810 [ 2635.150446][T29401] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2635.156387][T29401] ? __pfx_lock_release+0x10/0x10 [ 2635.161451][T29401] ? xas_descend+0x37e/0x470 [ 2635.166080][T29401] swapin_readahead+0x1ea/0x1070 [ 2635.171052][T29401] ? filemap_get_entry+0x127/0x4e0 [ 2635.176211][T29401] ? __pfx_swapin_readahead+0x10/0x10 [ 2635.181632][T29401] ? __filemap_get_folio+0x935/0xbc0 [ 2635.186966][T29401] ? swap_cache_get_folio+0x9f/0x570 [ 2635.192289][T29401] do_swap_page+0x791/0x3f40 [ 2635.196919][T29401] ? __lock_acquire+0x1345/0x1fd0 [ 2635.201977][T29401] ? rcu_is_watching+0x15/0xb0 [ 2635.206809][T29401] ? do_swap_page+0x154/0x3f40 [ 2635.211612][T29401] ? __pfx_do_swap_page+0x10/0x10 [ 2635.216683][T29401] ? pte_offset_map_nolock+0x137/0x1f0 [ 2635.222190][T29401] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2635.228037][T29401] ? __pfx_validate_chain+0x10/0x10 [ 2635.233377][T29401] __handle_mm_fault+0x15e8/0x72d0 [ 2635.238573][T29401] ? __pfx___handle_mm_fault+0x10/0x10 [ 2635.244251][T29401] ? mt_find+0x226/0x850 [ 2635.248504][T29401] ? __pfx_lock_release+0x10/0x10 [ 2635.253626][T29401] ? mt_find+0x62d/0x850 [ 2635.257866][T29401] ? mt_find+0x226/0x850 [ 2635.262118][T29401] ? find_vma+0x142/0x1c0 [ 2635.266449][T29401] ? __pfx_find_vma+0x10/0x10 [ 2635.271124][T29401] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2635.277107][T29401] handle_mm_fault+0x3c1/0x8a0 [ 2635.281882][T29401] exc_page_fault+0x2ad/0x870 [ 2635.286573][T29401] asm_exc_page_fault+0x26/0x30 [ 2635.291432][T29401] RIP: 0010:__get_user_8+0x11/0x20 [ 2635.296539][T29401] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2635.316138][T29401] RSP: 0000:ffffc9000390fd78 EFLAGS: 00050202 [ 2635.322215][T29401] RAX: 0000555555682da8 RBX: ffff88806d286e78 RCX: ffffc9000390fc03 [ 2635.330180][T29401] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6de0 [ 2635.338155][T29401] RBP: ffffc9000390fec0 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2635.346140][T29401] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: ffffc9000390fd80 [ 2635.354121][T29401] R13: ffffc9000390ffd8 R14: dffffc0000000000 R15: ffff88806d285940 [ 2635.362101][T29401] __rseq_handle_notify_resume+0x158/0x1490 [ 2635.368007][T29401] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2635.374346][T29401] ? irqentry_exit_to_user_mode+0x52/0x270 [ 2635.380153][T29401] irqentry_exit_to_user_mode+0xbb/0x270 [ 2635.385783][T29401] exc_page_fault+0x587/0x870 [ 2635.390466][T29401] asm_exc_page_fault+0x26/0x30 [ 2635.395312][T29401] RIP: 0033:0x7fdfb625edef [ 2635.399805][T29401] Code: fa 20 72 37 c5 fe 6f 06 48 83 fa 40 0f 87 b9 00 00 00 c5 fe 6f 4c 16 e0 c5 fe 7f 07 c5 fe 7f 4c 17 e0 0f 01 d6 75 04 c5 f8 77 c5 fc 77 c3 66 66 2e 0f 1f 84 00 00 00 00 00 90 83 fa 10 73 2d [ 2635.419404][T29401] RSP: 002b:00007ffda0a6ffa8 EFLAGS: 00010242 [ 2635.425461][T29401] RAX: 00007fdfb704a598 RBX: 0000000000000128 RCX: 0000555555683910 [ 2635.433423][T29401] RDX: 0000000000000020 RSI: 00007fdfb631d4f0 RDI: 00007fdfb704a578 [ 2635.441391][T29401] RBP: 0000000000000020 R08: 0000000000000001 R09: 0000000000000000 [ 2635.449353][T29401] R10: 0000000000021000 R11: 0000000000000149 R12: 0000000000000001 [ 2635.457312][T29401] R13: 00007fdfb6ed5b60 R14: 0000000000000000 R15: 0000000000000001 [ 2635.465282][T29401] [ 2635.474035][T29401] memory: usage 307196kB, limit 307200kB, failcnt 46060 [ 2635.481070][T29401] memory+swap: usage 307392kB, limit 9007199254740988kB, failcnt 0 [ 2635.489066][T29401] kmem: usage 307172kB, limit 9007199254740988kB, failcnt 0 [ 2635.496428][T29401] Memory cgroup stats for /syz3: [ 2635.496561][T29401] cache 0 [ 2635.504495][T29401] rss 4096 [ 2635.507630][T29401] rss_huge 0 [ 2635.510849][T29401] shmem 0 [ 2635.513795][T29401] mapped_file 0 [ 2635.517720][T29401] dirty 0 [ 2635.520667][T29401] writeback 0 [ 2635.523997][T29401] workingset_refault_anon 18290 [ 2635.528950][T29401] workingset_refault_file 1 [ 2635.533463][T29401] swap 184320 [ 2635.537144][T29401] swapcached 4096 [ 2635.540835][T29401] pgpgin 339222 [ 2635.544310][T29401] pgpgout 339220 [ 2635.547944][T29401] pgfault 816334 [ 2635.551498][T29401] pgmajfault 15340 [ 2635.555227][T29401] inactive_anon 0 [ 2635.558986][T29401] active_anon 8192 [ 2635.562767][T29401] inactive_file 0 [ 2635.566500][T29401] active_file 0 [ 2635.569964][T29401] unevictable 0 [ 2635.573431][T29401] hierarchical_memory_limit 314572800 [ 2635.579924][T29401] hierarchical_memsw_limit 9223372036854771712 [ 2635.586104][T29401] total_cache 0 [ 2635.606307][T29401] total_rss 4096 [ 2635.609956][T29401] total_rss_huge 0 [ 2635.613695][T29401] total_shmem 0 [ 2635.617571][T29401] total_mapped_file 0 [ 2635.626878][T29401] total_dirty 0 [ 2635.632095][T29401] total_writeback 0 [ 2635.636017][T29401] total_workingset_refault_anon 18290 [ 2635.642069][T29401] total_workingset_refault_file 1 [ 2635.647426][T29401] total_swap 208896 [ 2635.651332][T29401] total_swapcached 4096 [ 2635.655566][T29401] total_pgpgin 348768 [ 2635.659870][T29401] total_pgpgout 348766 [ 2635.664028][T29401] total_pgfault 825921 [ 2635.668260][T29401] total_pgmajfault 15340 [ 2635.672597][T29401] total_inactive_anon 0 [ 2635.677288][T29401] total_active_anon 8192 [ 2635.681634][T29401] total_inactive_file 0 [ 2635.685865][T29401] total_active_file 0 [ 2635.691297][T29401] total_unevictable 0 [ 2635.695373][T29401] anon_cost 0 [ 2635.699082][T29401] file_cost 0 [ 2635.702460][T29401] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29401,uid=0 10:25:01 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2635.724579][T29401] Memory cgroup out of memory: Killed process 29401 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2636.537063][T29402] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2636.552864][T29402] CPU: 1 PID: 29402 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2636.563320][T29402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2636.573388][T29402] Call Trace: [ 2636.576662][T29402] [ 2636.579582][T29402] dump_stack_lvl+0x1e7/0x2e0 [ 2636.584260][T29402] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2636.589445][T29402] ? __pfx__printk+0x10/0x10 [ 2636.594024][T29402] ? ___ratelimit+0x4c4/0x670 [ 2636.598690][T29402] ? __pfx____ratelimit+0x10/0x10 [ 2636.603703][T29402] dump_header+0xda/0x6a0 [ 2636.608047][T29402] oom_kill_process+0x3a7/0x930 [ 2636.612925][T29402] out_of_memory+0xf67/0x1320 [ 2636.617626][T29402] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2636.623276][T29402] ? __pfx___mutex_lock+0x10/0x10 [ 2636.628291][T29402] ? __pfx_out_of_memory+0x10/0x10 [ 2636.633395][T29402] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2636.638929][T29402] ? __pfx_lock_release+0x10/0x10 [ 2636.643940][T29402] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2636.649998][T29402] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2636.655187][T29402] ? mem_cgroup_iter+0x422/0x560 [ 2636.660125][T29402] try_charge_memcg+0xda2/0x18a0 [ 2636.665081][T29402] ? __pfx_try_charge_memcg+0x10/0x10 [ 2636.670447][T29402] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2636.676164][T29402] ? __pfx_lock_release+0x10/0x10 [ 2636.681197][T29402] ? memcg_account_kmem+0x1e7/0x210 [ 2636.686399][T29402] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2636.692209][T29402] __memcg_kmem_charge_page+0xe1/0x250 [ 2636.697668][T29402] memcg_charge_kernel_stack+0x28a/0x550 [ 2636.703300][T29402] dup_task_struct+0x15d/0x7d0 [ 2636.708063][T29402] copy_process+0x5d5/0x3fc0 [ 2636.712667][T29402] ? __might_fault+0xa9/0x120 [ 2636.717345][T29402] ? __pfx_lock_release+0x10/0x10 [ 2636.722374][T29402] ? __pfx_copy_process+0x10/0x10 [ 2636.727393][T29402] ? __might_fault+0xc5/0x120 [ 2636.732067][T29402] ? __asan_memset+0x23/0x50 [ 2636.737182][T29402] kernel_clone+0x21d/0x8d0 [ 2636.741685][T29402] ? __pfx_kernel_clone+0x10/0x10 [ 2636.746719][T29402] __se_sys_clone3+0x2cb/0x350 [ 2636.751483][T29402] ? __pfx___se_sys_clone3+0x10/0x10 [ 2636.756778][T29402] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2636.762768][T29402] ? exc_page_fault+0x587/0x870 [ 2636.767620][T29402] ? do_syscall_64+0xb4/0x240 [ 2636.772296][T29402] do_syscall_64+0xf9/0x240 [ 2636.776803][T29402] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2636.782696][T29402] RIP: 0033:0x7fdfb62a9b99 [ 2636.787107][T29402] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2636.806708][T29402] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2636.815118][T29402] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2636.823082][T29402] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2636.831048][T29402] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2636.839008][T29402] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2636.846972][T29402] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2636.854950][T29402] [ 2636.870084][T29402] memory: usage 307200kB, limit 307200kB, failcnt 47191 [ 2636.877192][T29402] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0 [ 2636.885101][T29402] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0 [ 2636.892920][T29402] Memory cgroup stats for /syz3: [ 2636.893022][T29402] cache 0 [ 2636.901638][T29402] rss 8192 [ 2636.904678][T29402] rss_huge 0 [ 2636.958974][T29402] shmem 0 [ 2636.961951][T29402] mapped_file 0 [ 2636.965419][T29402] dirty 0 [ 2636.970097][T29402] writeback 0 [ 2636.973729][T29402] workingset_refault_anon 18712 [ 2636.982075][T29402] workingset_refault_file 1 [ 2636.986937][T29402] swap 184320 [ 2636.990245][T29402] swapcached 0 [ 2636.993643][T29402] pgpgin 339659 [ 2636.997299][T29402] pgpgout 339657 [ 2637.000856][T29402] pgfault 816897 [ 2637.004423][T29402] pgmajfault 15693 [ 2637.008759][T29402] inactive_anon 0 [ 2637.012413][T29402] active_anon 4096 [ 2637.016511][T29402] inactive_file 0 [ 2637.020169][T29402] active_file 0 [ 2637.024217][T29402] unevictable 0 [ 2637.028091][T29402] hierarchical_memory_limit 314572800 [ 2637.033474][T29402] hierarchical_memsw_limit 9223372036854771712 [ 2637.040299][T29402] total_cache 0 [ 2637.043888][T29402] total_rss 8192 [ 2637.048113][T29402] total_rss_huge 0 [ 2637.051860][T29402] total_shmem 0 [ 2637.055325][T29402] total_mapped_file 0 [ 2637.060022][T29402] total_dirty 0 [ 2637.063558][T29402] total_writeback 0 [ 2637.067866][T29402] total_workingset_refault_anon 18712 [ 2637.073575][T29402] total_workingset_refault_file 1 [ 2637.080363][T29402] total_swap 208896 [ 2637.084191][T29402] total_swapcached 0 [ 2637.088595][T29402] total_pgpgin 349205 [ 2637.093402][T29402] total_pgpgout 349203 [ 2637.103475][T29402] total_pgfault 826484 [ 2637.107987][T29402] total_pgmajfault 15693 [ 2637.112245][T29402] total_inactive_anon 0 [ 2637.117115][T29402] total_active_anon 4096 [ 2637.121372][T29402] total_inactive_file 0 [ 2637.125533][T29402] total_active_file 0 [ 2637.130155][T29402] total_unevictable 0 [ 2637.134157][T29402] anon_cost 0 [ 2637.138108][T29402] file_cost 0 [ 2637.141427][T29402] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29402,uid=0 10:25:03 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x2, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2637.157492][T29402] Memory cgroup out of memory: Killed process 29402 (syz-executor.3) total-vm:54508kB, anon-rss:0kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2637.805070][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2637.816445][ T5088] CPU: 0 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2637.826806][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2637.836980][ T5088] Call Trace: [ 2637.840282][ T5088] [ 2637.843407][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2637.848125][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2637.853352][ T5088] ? __pfx__printk+0x10/0x10 [ 2637.857956][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2637.862633][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2637.867664][ T5088] dump_header+0xda/0x6a0 [ 2637.872027][ T5088] oom_kill_process+0x3a7/0x930 [ 2637.876904][ T5088] out_of_memory+0xf67/0x1320 [ 2637.881592][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2637.887225][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2637.892268][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2637.897410][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2637.902948][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2637.907987][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2637.914078][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2637.919285][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2637.924231][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2637.929178][ T5088] ? mark_lock+0x9a/0x350 [ 2637.933530][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2637.939008][ T5088] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2637.945157][ T5088] charge_memcg+0xa2/0x160 [ 2637.949586][ T5088] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2637.955659][ T5088] __read_swap_cache_async+0x480/0x8b0 [ 2637.961127][ T5088] ? mark_lock+0x9a/0x350 [ 2637.965493][ T5088] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2637.971607][ T5088] ? blk_start_plug+0x6f/0x1b0 [ 2637.976405][ T5088] swap_cluster_readahead+0x398/0x810 [ 2637.981800][ T5088] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2637.987702][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2637.992747][ T5088] ? xas_descend+0x37e/0x470 [ 2637.997363][ T5088] swapin_readahead+0x1ea/0x1070 [ 2638.002300][ T5088] ? filemap_get_entry+0x127/0x4e0 [ 2638.007429][ T5088] ? __pfx_swapin_readahead+0x10/0x10 [ 2638.013600][ T5088] ? __filemap_get_folio+0x935/0xbc0 [ 2638.018885][ T5088] ? swap_cache_get_folio+0x9f/0x570 [ 2638.024164][ T5088] do_swap_page+0x791/0x3f40 [ 2638.028769][ T5088] ? rcu_is_watching+0x15/0xb0 [ 2638.033582][ T5088] ? do_swap_page+0x154/0x3f40 [ 2638.038359][ T5088] ? __pfx_do_swap_page+0x10/0x10 [ 2638.043395][ T5088] ? pte_offset_map_nolock+0x137/0x1f0 [ 2638.048904][ T5088] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2638.054733][ T5088] __handle_mm_fault+0x15e8/0x72d0 [ 2638.059862][ T5088] ? reacquire_held_locks+0x3eb/0x690 [ 2638.065228][ T5088] ? __pfx___handle_mm_fault+0x10/0x10 [ 2638.070712][ T5088] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2638.076480][ T5088] ? mtree_range_walk+0x6fd/0x8e0 [ 2638.081516][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2638.086721][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2638.091760][ T5088] ? lock_vma_under_rcu+0x2f9/0x730 [ 2638.097001][ T5088] ? lock_vma_under_rcu+0x18a/0x730 [ 2638.102209][ T5088] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2638.107770][ T5088] handle_mm_fault+0x3c1/0x8a0 [ 2638.112577][ T5088] exc_page_fault+0x456/0x870 [ 2638.117377][ T5088] asm_exc_page_fault+0x26/0x30 [ 2638.122276][ T5088] RIP: 0033:0x7fdfb62a9163 [ 2638.126697][ T5088] Code: 00 00 00 00 00 66 90 31 c0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 <80> 3d 8e 6d 0d 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 c3 66 2e 0f [ 2638.146419][ T5088] RSP: 002b:00007ffda0a70338 EFLAGS: 00010293 [ 2638.152526][ T5088] RAX: 00000000fffffffa RBX: 00000000000077ae RCX: 0000000000000000 [ 2638.160516][ T5088] RDX: 00007ffda0a70350 RSI: 0000000000000000 RDI: 0000000000000000 [ 2638.168512][ T5088] RBP: 00007ffda0a703dc R08: 0000000000000000 R09: 00007ffda0b240b0 [ 2638.176505][ T5088] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2638.184502][ T5088] R13: 0000000000283dc5 R14: 0000000000283dc5 R15: 0000000000000000 [ 2638.192519][ T5088] [ 2638.197996][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 48227 [ 2638.205136][ T5088] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2638.213203][ T5088] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2638.220646][ T5088] Memory cgroup stats for /syz3: [ 2638.220784][ T5088] cache 0 [ 2638.228796][ T5088] rss 0 [ 2638.231574][ T5088] rss_huge 0 [ 2638.234784][ T5088] shmem 0 [ 2638.238098][ T5088] mapped_file 0 [ 2638.241572][ T5088] dirty 0 [ 2638.244514][ T5088] writeback 0 [ 2638.247942][ T5088] workingset_refault_anon 19074 [ 2638.252868][ T5088] workingset_refault_file 1 [ 2638.257989][ T5088] swap 192512 [ 2638.261377][ T5088] swapcached 0 [ 2638.264760][ T5088] pgpgin 340042 [ 2638.269271][ T5088] pgpgout 340042 [ 2638.272899][ T5088] pgfault 817377 [ 2638.276861][ T5088] pgmajfault 15989 [ 2638.280600][ T5088] inactive_anon 0 [ 2638.284321][ T5088] active_anon 0 [ 2638.288663][ T5088] inactive_file 0 [ 2638.292314][ T5088] active_file 0 [ 2638.295780][ T5088] unevictable 0 [ 2638.299780][ T5088] hierarchical_memory_limit 314572800 [ 2638.305163][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2638.318023][ T5088] total_cache 0 [ 2638.321514][ T5088] total_rss 0 [ 2638.324885][ T5088] total_rss_huge 0 [ 2638.334959][ T5088] total_shmem 0 [ 2638.340252][ T5088] total_mapped_file 0 [ 2638.344251][ T5088] total_dirty 0 [ 2638.353238][ T5088] total_writeback 0 [ 2638.359499][ T5088] total_workingset_refault_anon 19074 [ 2638.364906][ T5088] total_workingset_refault_file 1 [ 2638.376102][ T5088] total_swap 217088 [ 2638.380141][ T5088] total_swapcached 0 [ 2638.384047][ T5088] total_pgpgin 349588 [ 2638.388908][ T5088] total_pgpgout 349588 [ 2638.392993][ T5088] total_pgfault 826964 [ 2638.397626][ T5088] total_pgmajfault 15989 [ 2638.401888][ T5088] total_inactive_anon 0 [ 2638.406051][ T5088] total_active_anon 0 [ 2638.410707][ T5088] total_inactive_file 0 [ 2638.414875][ T5088] total_active_file 0 [ 2638.419682][ T5088] total_unevictable 0 [ 2638.423677][ T5088] anon_cost 0 [ 2638.434657][ T5088] file_cost 0 [ 2638.438331][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29403,uid=0 10:25:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x3, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2638.455117][ T5088] Memory cgroup out of memory: Killed process 29403 (syz-executor.3) total-vm:54508kB, anon-rss:128kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2639.265524][T29404] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2639.287848][T29404] CPU: 0 PID: 29404 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2639.298309][T29404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2639.308382][T29404] Call Trace: [ 2639.311673][T29404] [ 2639.314617][T29404] dump_stack_lvl+0x1e7/0x2e0 [ 2639.319368][T29404] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2639.324596][T29404] ? __pfx__printk+0x10/0x10 [ 2639.329197][T29404] ? ___ratelimit+0x4c4/0x670 [ 2639.333896][T29404] ? __pfx____ratelimit+0x10/0x10 [ 2639.338937][T29404] dump_header+0xda/0x6a0 [ 2639.343273][T29404] oom_kill_process+0x3a7/0x930 [ 2639.348126][T29404] out_of_memory+0xf67/0x1320 [ 2639.352796][T29404] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2639.358512][T29404] ? __pfx___mutex_lock+0x10/0x10 [ 2639.363536][T29404] ? __pfx_out_of_memory+0x10/0x10 [ 2639.368655][T29404] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2639.374196][T29404] ? __pfx_lock_release+0x10/0x10 [ 2639.379218][T29404] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2639.385275][T29404] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2639.390480][T29404] ? mem_cgroup_iter+0x422/0x560 [ 2639.395422][T29404] try_charge_memcg+0xda2/0x18a0 [ 2639.400381][T29404] ? __pfx_try_charge_memcg+0x10/0x10 [ 2639.405761][T29404] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2639.411473][T29404] ? __pfx_lock_release+0x10/0x10 [ 2639.416508][T29404] ? memcg_account_kmem+0x1e7/0x210 [ 2639.421702][T29404] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2639.427497][T29404] __memcg_kmem_charge_page+0xe1/0x250 [ 2639.432964][T29404] memcg_charge_kernel_stack+0x304/0x550 [ 2639.438609][T29404] dup_task_struct+0x40d/0x7d0 [ 2639.443384][T29404] copy_process+0x5d5/0x3fc0 [ 2639.448240][T29404] ? __might_fault+0xa9/0x120 [ 2639.452933][T29404] ? __pfx_lock_release+0x10/0x10 [ 2639.457977][T29404] ? __pfx_copy_process+0x10/0x10 [ 2639.463022][T29404] ? __might_fault+0xc5/0x120 [ 2639.467725][T29404] ? __asan_memset+0x23/0x50 [ 2639.472343][T29404] kernel_clone+0x21d/0x8d0 [ 2639.476851][T29404] ? __pfx_kernel_clone+0x10/0x10 [ 2639.481886][T29404] __se_sys_clone3+0x2cb/0x350 [ 2639.486646][T29404] ? __pfx___se_sys_clone3+0x10/0x10 [ 2639.491929][T29404] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2639.497912][T29404] ? exc_page_fault+0x587/0x870 [ 2639.502764][T29404] ? do_syscall_64+0xb4/0x240 [ 2639.507437][T29404] do_syscall_64+0xf9/0x240 [ 2639.511933][T29404] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2639.517819][T29404] RIP: 0033:0x7fdfb62a9b99 [ 2639.522222][T29404] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2639.542120][T29404] RSP: 002b:00007ffda0a6ff38 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2639.550528][T29404] RAX: ffffffffffffffda RBX: 00007fdfb6252270 RCX: 00007fdfb62a9b99 [ 2639.558499][T29404] RDX: 00007fdfb6252270 RSI: 0000000000000058 RDI: 00007ffda0a6ff80 [ 2639.566464][T29404] RBP: 00007fdfb704a6c0 R08: 00007fdfb704a6c0 R09: 00007ffda0a70067 [ 2639.574464][T29404] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2639.582428][T29404] R13: 000000000000000b R14: 00007ffda0a6ff80 R15: 00007ffda0a70068 [ 2639.590403][T29404] [ 2639.609634][T29404] memory: usage 307200kB, limit 307200kB, failcnt 49478 [ 2639.616661][T29404] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2639.624573][T29404] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2639.632659][T29404] Memory cgroup stats for /syz3: [ 2639.632777][T29404] cache 0 [ 2639.641432][T29404] rss 8192 [ 2639.644481][T29404] rss_huge 0 [ 2639.648176][T29404] shmem 0 [ 2639.651123][T29404] mapped_file 0 [ 2639.654586][T29404] dirty 0 [ 2639.658197][T29404] writeback 0 [ 2639.661499][T29404] workingset_refault_anon 19510 [ 2639.666851][T29404] workingset_refault_file 1 [ 2639.671364][T29404] swap 184320 [ 2639.674649][T29404] swapcached 0 [ 2639.678543][T29404] pgpgin 340495 [ 2639.682014][T29404] pgpgout 340493 [ 2639.685595][T29404] pgfault 817955 [ 2639.689288][T29404] pgmajfault 16360 [ 2639.693108][T29404] inactive_anon 0 [ 2639.697196][T29404] active_anon 4096 [ 2639.702489][T29404] inactive_file 0 [ 2639.706963][T29404] active_file 0 [ 2639.710512][T29404] unevictable 0 [ 2639.713974][T29404] hierarchical_memory_limit 314572800 [ 2639.720073][T29404] hierarchical_memsw_limit 9223372036854771712 [ 2639.726663][T29404] total_cache 0 [ 2639.730132][T29404] total_rss 8192 [ 2639.733686][T29404] total_rss_huge 0 [ 2639.745048][T29404] total_shmem 0 [ 2639.748877][T29404] total_mapped_file 0 [ 2639.752887][T29404] total_dirty 0 [ 2639.756910][T29404] total_writeback 0 [ 2639.760733][T29404] total_workingset_refault_anon 19510 [ 2639.766107][T29404] total_workingset_refault_file 1 [ 2639.771846][T29404] total_swap 208896 [ 2639.775682][T29404] total_swapcached 0 [ 2639.780053][T29404] total_pgpgin 350041 [ 2639.784051][T29404] total_pgpgout 350039 [ 2639.788846][T29404] total_pgfault 827542 [ 2639.792929][T29404] total_pgmajfault 16360 [ 2639.797683][T29404] total_inactive_anon 0 [ 2639.802020][T29404] total_active_anon 4096 [ 2639.807134][T29404] total_inactive_file 0 [ 2639.811311][T29404] total_active_file 0 10:25:05 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x4, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2639.815298][T29404] total_unevictable 0 [ 2639.819875][T29404] anon_cost 0 [ 2639.823176][T29404] file_cost 0 [ 2639.827021][T29404] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=29404,uid=0 [ 2639.842893][T29404] Memory cgroup out of memory: Killed process 29404 (syz-executor.3) total-vm:54508kB, anon-rss:128kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2639.932090][ T5088] syz-executor.3 invoked oom-killer: gfp_mask=0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=0 [ 2639.948214][ T5088] CPU: 0 PID: 5088 Comm: syz-executor.3 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2639.958590][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2639.968670][ T5088] Call Trace: [ 2639.971960][ T5088] [ 2639.974882][ T5088] dump_stack_lvl+0x1e7/0x2e0 [ 2639.979563][ T5088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2639.984768][ T5088] ? __pfx__printk+0x10/0x10 [ 2639.989366][ T5088] ? ___ratelimit+0x4c4/0x670 [ 2639.994049][ T5088] ? __pfx____ratelimit+0x10/0x10 [ 2639.999074][ T5088] dump_header+0xda/0x6a0 [ 2640.003407][ T5088] oom_kill_process+0x3a7/0x930 [ 2640.008286][ T5088] out_of_memory+0xf67/0x1320 [ 2640.012985][ T5088] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2640.018626][ T5088] ? __pfx___mutex_lock+0x10/0x10 [ 2640.023691][ T5088] ? __pfx_out_of_memory+0x10/0x10 [ 2640.028822][ T5088] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2640.034368][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2640.039476][ T5088] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2640.045544][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2640.050741][ T5088] ? mem_cgroup_iter+0x422/0x560 [ 2640.055685][ T5088] try_charge_memcg+0xda2/0x18a0 [ 2640.060636][ T5088] ? __pfx_try_charge_memcg+0x10/0x10 [ 2640.066008][ T5088] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2640.071726][ T5088] ? __pfx_lock_release+0x10/0x10 [ 2640.076770][ T5088] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2640.082569][ T5088] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2640.088372][ T5088] __memcg_kmem_charge_page+0xe1/0x250 [ 2640.093834][ T5088] __alloc_pages+0x28b/0x680 [ 2640.098510][ T5088] ? __pfx___alloc_pages+0x10/0x10 [ 2640.103614][ T5088] ? __lock_acquire+0x1345/0x1fd0 [ 2640.108740][ T5088] ? policy_nodemask+0x1ec/0x720 [ 2640.113693][ T5088] alloc_pages_mpol+0x3de/0x650 [ 2640.118545][ T5088] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 2640.123913][ T5088] ? __pmd_alloc+0x50b/0x630 [ 2640.128497][ T5088] ? alloc_pages+0xee/0x170 [ 2640.132998][ T5088] pte_alloc_one+0x88/0x5d0 [ 2640.137498][ T5088] ? __pfx_pte_alloc_one+0x10/0x10 [ 2640.142614][ T5088] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2640.147832][ T5088] __pte_alloc+0x79/0x3a0 [ 2640.152237][ T5088] ? __pfx___pte_alloc+0x10/0x10 [ 2640.157183][ T5088] copy_page_range+0x391d/0x4240 [ 2640.162111][ T5088] ? __lock_acquire+0x1345/0x1fd0 [ 2640.167174][ T5088] ? __pfx_copy_page_range+0x10/0x10 [ 2640.172554][ T5088] ? mas_wr_walk+0x58a/0x5d0 [ 2640.177139][ T5088] ? mas_wr_end_piv+0x271/0x8e0 [ 2640.181994][ T5088] ? mas_wr_store_entry+0x129/0x2c0 [ 2640.187189][ T5088] ? mas_store+0x577/0x670 [ 2640.191605][ T5088] ? __pfx_mas_store+0x10/0x10 [ 2640.196382][ T5088] copy_mm+0x12f4/0x21b0 [ 2640.200634][ T5088] ? __pfx_copy_mm+0x10/0x10 [ 2640.205425][ T5088] ? __init_rwsem+0x122/0x160 [ 2640.210124][ T5088] ? copy_signal+0x548/0x670 [ 2640.214727][ T5088] copy_process+0x1d73/0x3fc0 [ 2640.219430][ T5088] ? copy_process+0x9c3/0x3fc0 [ 2640.224200][ T5088] ? __pfx_copy_process+0x10/0x10 [ 2640.229233][ T5088] kernel_clone+0x21d/0x8d0 [ 2640.233782][ T5088] ? __pfx_kernel_clone+0x10/0x10 [ 2640.238829][ T5088] __x64_sys_clone+0x258/0x2a0 [ 2640.243590][ T5088] ? __pfx___x64_sys_clone+0x10/0x10 [ 2640.248956][ T5088] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2640.254945][ T5088] ? exc_page_fault+0x587/0x870 [ 2640.259795][ T5088] ? do_syscall_64+0xb4/0x240 [ 2640.264471][ T5088] do_syscall_64+0xf9/0x240 [ 2640.268978][ T5088] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2640.274873][ T5088] RIP: 0033:0x7fdfb627add3 [ 2640.279284][ T5088] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 2640.298970][ T5088] RSP: 002b:00007ffda0a70278 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2640.307384][ T5088] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdfb627add3 [ 2640.315351][ T5088] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2640.323317][ T5088] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 2640.331297][ T5088] R10: 0000555555682750 R11: 0000000000000246 R12: 0000000000000000 [ 2640.339300][ T5088] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 2640.347284][ T5088] [ 2640.359401][ T5088] memory: usage 307200kB, limit 307200kB, failcnt 49569 [ 2640.374855][ T5088] memory+swap: usage 307396kB, limit 9007199254740988kB, failcnt 0 [ 2640.383102][ T5088] kmem: usage 307164kB, limit 9007199254740988kB, failcnt 0 [ 2640.391054][ T5088] Memory cgroup stats for /syz3: [ 2640.391328][ T5088] cache 0 [ 2640.400058][ T5088] rss 12288 [ 2640.403193][ T5088] rss_huge 0 [ 2640.406486][ T5088] shmem 0 [ 2640.409767][ T5088] mapped_file 0 [ 2640.413240][ T5088] dirty 0 [ 2640.416825][ T5088] writeback 0 [ 2640.420231][ T5088] workingset_refault_anon 19528 [ 2640.425087][ T5088] workingset_refault_file 1 [ 2640.430280][ T5088] swap 176128 [ 2640.433584][ T5088] swapcached 0 [ 2640.437510][ T5088] pgpgin 340513 [ 2640.441001][ T5088] pgpgout 340510 [ 2640.444552][ T5088] pgfault 817987 [ 2640.448759][ T5088] pgmajfault 16375 [ 2640.452498][ T5088] inactive_anon 0 [ 2640.456137][ T5088] active_anon 0 [ 2640.460512][ T5088] inactive_file 0 [ 2640.464163][ T5088] active_file 0 [ 2640.468165][ T5088] unevictable 0 [ 2640.471699][ T5088] hierarchical_memory_limit 314572800 [ 2640.477622][ T5088] hierarchical_memsw_limit 9223372036854771712 [ 2640.483829][ T5088] total_cache 0 [ 2640.493274][ T5088] total_rss 12288 [ 2640.497331][ T5088] total_rss_huge 0 [ 2640.501098][ T5088] total_shmem 0 [ 2640.504566][ T5088] total_mapped_file 0 [ 2640.509650][ T5088] total_dirty 0 [ 2640.513131][ T5088] total_writeback 0 [ 2640.517462][ T5088] total_workingset_refault_anon 19528 [ 2640.522858][ T5088] total_workingset_refault_file 1 [ 2640.528480][ T5088] total_swap 200704 [ 2640.532298][ T5088] total_swapcached 0 [ 2640.536828][ T5088] total_pgpgin 350059 [ 2640.540825][ T5088] total_pgpgout 350056 [ 2640.544900][ T5088] total_pgfault 827574 [ 2640.549532][ T5088] total_pgmajfault 16375 [ 2640.554050][ T5088] total_inactive_anon 0 [ 2640.558784][ T5088] total_active_anon 0 [ 2640.562784][ T5088] total_inactive_file 0 [ 2640.567727][ T5088] total_active_file 0 [ 2640.571943][ T5088] total_unevictable 0 [ 2640.575984][ T5088] anon_cost 0 [ 2640.579946][ T5088] file_cost 0 [ 2640.583276][ T5088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=5088,uid=0 [ 2640.599662][ T5088] Memory cgroup out of memory: Killed process 5088 (syz-executor.3) total-vm:50536kB, anon-rss:120kB, file-rss:8960kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:0 [ 2652.278731][ T1237] ieee802154 phy0 wpan0: encryption failed: -22 [ 2652.285102][ T1237] ieee802154 phy1 wpan1: encryption failed: -22 10:25:31 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x5, 0x0, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_OIF={0x8, 0x5, r3}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x2}}]}, 0x30}}, 0x0) [ 2666.564871][T28174] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 2666.575497][T28174] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 2666.584436][T28174] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 2666.592804][T28174] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 2666.601796][T28174] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 2666.609518][T28174] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 2668.666631][T20857] Bluetooth: hci2: command 0x0409 tx timeout [ 2669.706755][T20857] Bluetooth: hci6: command 0x0406 tx timeout [ 2670.746354][T28174] Bluetooth: hci2: command 0x041b tx timeout [ 2672.826648][T28174] Bluetooth: hci2: command 0x040f tx timeout [ 2674.917328][T28174] Bluetooth: hci2: command 0x0419 tx timeout [ 2676.201612][T20857] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 2676.221186][T20857] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 2676.230884][T20857] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 2676.239682][T20857] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 2676.249253][T20857] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 2676.256699][T20857] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 2678.346346][T20857] Bluetooth: hci9: command 0x0409 tx timeout [ 2680.426431][T20857] Bluetooth: hci9: command 0x041b tx timeout [ 2682.506604][T20857] Bluetooth: hci9: command 0x040f tx timeout [ 2684.586395][T20857] Bluetooth: hci9: command 0x0419 tx timeout [ 2690.561017][T28174] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 2690.571201][T28174] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 2690.584182][T28174] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 2690.595709][T28174] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 2690.605103][T28174] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 2690.614462][T28174] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 2691.019451][T28174] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 2691.031900][T28174] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 2691.042178][T28174] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 2691.050549][T28174] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 2691.059834][T28174] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 2691.073292][T28174] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 2691.310760][T28174] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 2691.320282][T28174] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 2691.328821][T28174] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 2691.339885][T28174] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 2691.349569][T28174] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 2691.358665][T28174] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 2692.666779][T20857] Bluetooth: hci10: command 0x0409 tx timeout [ 2693.146504][T20857] Bluetooth: hci11: command 0x0409 tx timeout [ 2693.386772][T20857] Bluetooth: hci12: command 0x0409 tx timeout [ 2694.746852][T20857] Bluetooth: hci10: command 0x041b tx timeout [ 2695.226468][T20857] Bluetooth: hci11: command 0x041b tx timeout [ 2695.466566][T20857] Bluetooth: hci12: command 0x041b tx timeout [ 2696.826846][T20857] Bluetooth: hci10: command 0x040f tx timeout [ 2697.306548][T20857] Bluetooth: hci11: command 0x040f tx timeout [ 2697.546808][T20857] Bluetooth: hci12: command 0x040f tx timeout [ 2698.916513][T20857] Bluetooth: hci10: command 0x0419 tx timeout [ 2699.386320][T20857] Bluetooth: hci11: command 0x0419 tx timeout [ 2699.636716][T20857] Bluetooth: hci12: command 0x0419 tx timeout [ 2713.728490][ T1237] ieee802154 phy0 wpan0: encryption failed: -22 [ 2713.734854][ T1237] ieee802154 phy1 wpan1: encryption failed: -22 [ 2732.866421][T28174] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 2732.877123][T28174] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 2732.885872][T28174] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 2732.894623][T28174] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 2732.903565][T28174] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 2732.912305][T28174] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 2734.987032][T28174] Bluetooth: hci13: command 0x0409 tx timeout [ 2736.276369][T28174] Bluetooth: hci1: command 0x0406 tx timeout [ 2737.076329][T20857] Bluetooth: hci13: command 0x041b tx timeout [ 2739.146557][T20857] Bluetooth: hci13: command 0x040f tx timeout [ 2741.229892][T20857] Bluetooth: hci13: command 0x0419 tx timeout [ 2742.503095][T28174] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 2742.513266][T28174] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 2742.523844][T28174] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 2742.532235][T28174] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 2742.541059][T28174] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 2742.550143][T28174] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 2744.586372][T20857] Bluetooth: hci14: command 0x0409 tx timeout [ 2746.666344][T20857] Bluetooth: hci14: command 0x041b tx timeout [ 2748.746335][T20857] Bluetooth: hci14: command 0x040f tx timeout [ 2750.826548][T29389] Bluetooth: hci14: command 0x0419 tx timeout [ 2751.626375][T29391] Bluetooth: hci7: command 0x0406 tx timeout [ 2751.632732][T29391] Bluetooth: hci5: command 0x0406 tx timeout [ 2751.640294][T29389] Bluetooth: hci8: command 0x0406 tx timeout [ 2753.386607][ T29] INFO: task kworker/1:1:8138 blocked for more than 143 seconds. [ 2753.394382][ T29] Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2753.402883][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2753.411927][ T29] task:kworker/1:1 state:D stack:20912 pid:8138 tgid:8138 ppid:2 flags:0x00004000 [ 2753.422915][ T29] Workqueue: ipv6_addrconf addrconf_dad_work [ 2753.429344][ T29] Call Trace: [ 2753.432631][ T29] [ 2753.435612][ T29] __schedule+0x17d1/0x49f0 [ 2753.441029][ T29] ? __pfx___schedule+0x10/0x10 [ 2753.445937][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2753.454404][ T29] ? __pfx_lock_release+0x10/0x10 [ 2753.459787][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 2753.465007][ T29] ? lockdep_hardirqs_on+0x98/0x140 [ 2753.470394][ T29] ? schedule+0x8e/0x260 [ 2753.474665][ T29] schedule+0x149/0x260 [ 2753.479117][ T29] schedule_preempt_disabled+0x13/0x30 [ 2753.484593][ T29] __mutex_lock+0x6a3/0xd70 [ 2753.489284][ T29] ? mark_lock+0x9a/0x350 [ 2753.493640][ T29] ? __mutex_lock+0x526/0xd70 [ 2753.498387][ T29] ? addrconf_dad_work+0xd0/0x16f0 [ 2753.503675][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 2753.508839][ T29] addrconf_dad_work+0xd0/0x16f0 [ 2753.513995][ T29] ? __pfx_addrconf_dad_work+0x10/0x10 [ 2753.519547][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2753.525911][ T29] ? process_scheduled_works+0x825/0x1420 [ 2753.531720][ T29] process_scheduled_works+0x913/0x1420 [ 2753.537407][ T29] ? __pfx_process_scheduled_works+0x10/0x10 [ 2753.543424][ T29] ? assign_work+0x364/0x3d0 [ 2753.549194][ T29] worker_thread+0xa5f/0x1000 [ 2753.553926][ T29] ? __pfx_worker_thread+0x10/0x10 [ 2753.559123][ T29] kthread+0x2ef/0x390 [ 2753.563205][ T29] ? __pfx_worker_thread+0x10/0x10 [ 2753.568656][ T29] ? __pfx_kthread+0x10/0x10 [ 2753.573315][ T29] ret_from_fork+0x4b/0x80 [ 2753.577818][ T29] ? __pfx_kthread+0x10/0x10 [ 2753.582430][ T29] ret_from_fork_asm+0x1b/0x30 [ 2753.587345][ T29] [ 2753.590410][ T29] INFO: task kworker/0:2:30198 blocked for more than 143 seconds. [ 2753.598257][ T29] Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2753.605960][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2753.614675][ T29] task:kworker/0:2 state:D stack:22928 pid:30198 tgid:30198 ppid:2 flags:0x00004000 [ 2753.625187][ T29] Workqueue: ipv6_addrconf addrconf_dad_work [ 2753.631257][ T29] Call Trace: [ 2753.634548][ T29] [ 2753.637569][ T29] __schedule+0x17d1/0x49f0 [ 2753.642111][ T29] ? __pfx___schedule+0x10/0x10 [ 2753.647065][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2753.653072][ T29] ? __pfx_lock_release+0x10/0x10 [ 2753.659584][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 2753.664848][ T29] ? lockdep_hardirqs_on+0x98/0x140 [ 2753.670235][ T29] ? schedule+0x8e/0x260 [ 2753.674539][ T29] schedule+0x149/0x260 [ 2753.678841][ T29] schedule_preempt_disabled+0x13/0x30 [ 2753.684331][ T29] __mutex_lock+0x6a3/0xd70 [ 2753.688995][ T29] ? mark_lock+0x9a/0x350 [ 2753.693357][ T29] ? __mutex_lock+0x526/0xd70 [ 2753.698197][ T29] ? addrconf_dad_work+0xd0/0x16f0 [ 2753.703369][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 2753.708820][ T29] addrconf_dad_work+0xd0/0x16f0 [ 2753.713814][ T29] ? __pfx_addrconf_dad_work+0x10/0x10 [ 2753.719402][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2753.725774][ T29] ? process_scheduled_works+0x825/0x1420 [ 2753.731605][ T29] process_scheduled_works+0x913/0x1420 [ 2753.737312][ T29] ? __pfx_process_scheduled_works+0x10/0x10 [ 2753.743325][ T29] ? assign_work+0x364/0x3d0 [ 2753.748029][ T29] worker_thread+0xa5f/0x1000 [ 2753.752761][ T29] ? __pfx_worker_thread+0x10/0x10 [ 2753.757952][ T29] kthread+0x2ef/0x390 [ 2753.762012][ T29] ? __pfx_worker_thread+0x10/0x10 [ 2753.768371][ T29] ? __pfx_kthread+0x10/0x10 [ 2753.772988][ T29] ret_from_fork+0x4b/0x80 [ 2753.777532][ T29] ? __pfx_kthread+0x10/0x10 [ 2753.782142][ T29] ret_from_fork_asm+0x1b/0x30 [ 2753.787032][ T29] [ 2753.790057][ T29] INFO: task kworker/1:5:8799 blocked for more than 143 seconds. [ 2753.797914][ T29] Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2753.805486][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2753.814388][ T29] task:kworker/1:5 state:D stack:22104 pid:8799 tgid:8799 ppid:2 flags:0x00004000 [ 2753.824659][ T29] Workqueue: events switchdev_deferred_process_work [ 2753.831567][ T29] Call Trace: [ 2753.834861][ T29] [ 2753.838059][ T29] __schedule+0x17d1/0x49f0 [ 2753.842641][ T29] ? __pfx___schedule+0x10/0x10 [ 2753.847565][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2753.853559][ T29] ? __pfx_lock_release+0x10/0x10 [ 2753.858765][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 2753.863993][ T29] ? lockdep_hardirqs_on+0x98/0x140 [ 2753.869407][ T29] ? schedule+0x8e/0x260 [ 2753.873683][ T29] schedule+0x149/0x260 [ 2753.878775][ T29] schedule_preempt_disabled+0x13/0x30 [ 2753.884283][ T29] __mutex_lock+0x6a3/0xd70 [ 2753.889426][ T29] ? __mutex_lock+0x526/0xd70 [ 2753.894231][ T29] ? switchdev_deferred_process_work+0xe/0x20 [ 2753.900490][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 2753.905538][ T29] ? process_scheduled_works+0x825/0x1420 [ 2753.911460][ T29] switchdev_deferred_process_work+0xe/0x20 [ 2753.917543][ T29] process_scheduled_works+0x913/0x1420 [ 2753.923238][ T29] ? __pfx_process_scheduled_works+0x10/0x10 [ 2753.929345][ T29] ? assign_work+0x364/0x3d0 [ 2753.934477][ T29] worker_thread+0xa5f/0x1000 [ 2753.939302][ T29] ? __pfx_worker_thread+0x10/0x10 [ 2753.944435][ T29] kthread+0x2ef/0x390 [ 2753.948718][ T29] ? __pfx_worker_thread+0x10/0x10 [ 2753.953865][ T29] ? __pfx_kthread+0x10/0x10 [ 2753.958589][ T29] ret_from_fork+0x4b/0x80 [ 2753.963211][ T29] ? __pfx_kthread+0x10/0x10 [ 2753.967936][ T29] ret_from_fork_asm+0x1b/0x30 [ 2753.972743][ T29] [ 2753.977150][ T29] INFO: task syz-executor.4:28065 blocked for more than 143 seconds. [ 2753.985237][ T29] Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2753.996197][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2754.004923][ T29] task:syz-executor.4 state:D stack:20912 pid:28065 tgid:28065 ppid:1 flags:0x00004006 [ 2754.017719][ T29] Call Trace: [ 2754.021043][ T29] [ 2754.023985][ T29] __schedule+0x17d1/0x49f0 [ 2754.033647][ T29] ? __pfx___schedule+0x10/0x10 [ 2754.039157][ T29] ? __pfx_lock_release+0x10/0x10 [ 2754.044243][ T29] ? __mutex_trylock_common+0x91/0x2e0 [ 2754.050290][ T29] ? schedule+0x8e/0x260 [ 2754.054564][ T29] schedule+0x149/0x260 [ 2754.059263][ T29] schedule_preempt_disabled+0x13/0x30 [ 2754.064752][ T29] __mutex_lock+0x6a3/0xd70 [ 2754.069701][ T29] ? __mutex_lock+0x526/0xd70 [ 2754.074397][ T29] ? rtnetlink_rcv_msg+0x82c/0x1040 [ 2754.080314][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 2754.085381][ T29] rtnetlink_rcv_msg+0x82c/0x1040 [ 2754.090574][ T29] ? rtnetlink_rcv_msg+0x208/0x1040 [ 2754.096064][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2754.102066][ T29] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 2754.108765][ T29] ? __pfx_validate_chain+0x10/0x10 [ 2754.114008][ T29] ? __pfx_validate_chain+0x10/0x10 [ 2754.119893][ T29] ? mark_lock+0x9a/0x350 [ 2754.124253][ T29] ? __pfx_validate_chain+0x10/0x10 [ 2754.130728][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 2754.135812][ T29] ? mark_lock+0x9a/0x350 [ 2754.140217][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 2754.145282][ T29] netlink_rcv_skb+0x1e3/0x430 [ 2754.150113][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2754.155591][ T29] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2754.161035][ T29] ? netlink_deliver_tap+0x2e/0x1b0 [ 2754.166490][ T29] netlink_unicast+0x7ea/0x980 [ 2754.171556][ T29] ? __pfx_netlink_unicast+0x10/0x10 [ 2754.176941][ T29] ? __virt_addr_valid+0x44e/0x520 [ 2754.182090][ T29] ? __phys_addr_symbol+0x2f/0x70 [ 2754.187287][ T29] ? __check_object_size+0x4bb/0xa00 [ 2754.192723][ T29] ? bpf_lsm_netlink_send+0x9/0x10 [ 2754.197921][ T29] netlink_sendmsg+0xa3b/0xd70 [ 2754.202808][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2754.208197][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2754.214217][ T29] ? aa_sock_msg_perm+0x91/0x160 [ 2754.219499][ T29] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2754.224806][ T29] ? security_socket_sendmsg+0x87/0xb0 [ 2754.230402][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2754.235807][ T29] __sock_sendmsg+0x221/0x270 [ 2754.240868][ T29] __sys_sendto+0x3a4/0x4f0 [ 2754.245410][ T29] ? __pfx___sys_sendto+0x10/0x10 [ 2754.253264][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2754.259552][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2754.265970][ T29] __x64_sys_sendto+0xde/0x100 [ 2754.271277][ T29] do_syscall_64+0xf9/0x240 [ 2754.275814][ T29] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2754.281943][ T29] RIP: 0033:0x7fae77c7fa9c [ 2754.286466][ T29] RSP: 002b:00007ffe2c832470 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 2754.294893][ T29] RAX: ffffffffffffffda RBX: 00007fae788d4620 RCX: 00007fae77c7fa9c [ 2754.302988][ T29] RDX: 0000000000000020 RSI: 00007fae788d4670 RDI: 0000000000000003 [ 2754.311026][ T29] RBP: 0000000000000000 R08: 00007ffe2c8324c4 R09: 000000000000000c [ 2754.319487][ T29] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 2754.327900][ T29] R13: 0000000000000000 R14: 00007fae788d4670 R15: 0000000000000000 [ 2754.335924][ T29] [ 2754.339114][ T29] INFO: task syz-executor.2:29347 blocked for more than 144 seconds. [ 2754.347499][ T29] Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2754.355043][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2754.364124][ T29] task:syz-executor.2 state:D stack:25784 pid:29347 tgid:29344 ppid:5089 flags:0x00004006 [ 2754.374501][ T29] Call Trace: [ 2754.377912][ T29] [ 2754.380864][ T29] __schedule+0x17d1/0x49f0 [ 2754.385406][ T29] ? __pfx___schedule+0x10/0x10 [ 2754.390355][ T29] ? __pfx_lock_release+0x10/0x10 [ 2754.395487][ T29] ? __mutex_trylock_common+0x91/0x2e0 [ 2754.401112][ T29] ? schedule+0x8e/0x260 [ 2754.405416][ T29] schedule+0x149/0x260 [ 2754.409710][ T29] schedule_preempt_disabled+0x13/0x30 [ 2754.415187][ T29] __mutex_lock+0x6a3/0xd70 [ 2754.419752][ T29] ? __mutex_lock+0x526/0xd70 [ 2754.424445][ T29] ? rtnetlink_rcv_msg+0x82c/0x1040 [ 2754.429741][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 2754.434877][ T29] rtnetlink_rcv_msg+0x82c/0x1040 [ 2754.440306][ T29] ? rtnetlink_rcv_msg+0x208/0x1040 [ 2754.445538][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2754.451178][ T29] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 2754.457449][ T29] ? __pfx_validate_chain+0x10/0x10 [ 2754.462676][ T29] ? __pfx_validate_chain+0x10/0x10 [ 2754.468198][ T29] ? mark_lock+0x9a/0x350 [ 2754.472637][ T29] ? __pfx_validate_chain+0x10/0x10 [ 2754.478002][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 2754.483235][ T29] ? mark_lock+0x9a/0x350 [ 2754.487681][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 2754.492751][ T29] netlink_rcv_skb+0x1e3/0x430 [ 2754.497627][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2754.503111][ T29] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2754.508526][ T29] ? netlink_deliver_tap+0x2e/0x1b0 [ 2754.514176][ T29] netlink_unicast+0x7ea/0x980 [ 2754.519095][ T29] ? __pfx_netlink_unicast+0x10/0x10 [ 2754.524401][ T29] ? __virt_addr_valid+0x44e/0x520 [ 2754.529607][ T29] ? __phys_addr_symbol+0x2f/0x70 [ 2754.534653][ T29] ? __check_object_size+0x4bb/0xa00 [ 2754.540017][ T29] ? bpf_lsm_netlink_send+0x9/0x10 [ 2754.545145][ T29] netlink_sendmsg+0xa3b/0xd70 [ 2754.550321][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2754.555655][ T29] ? __import_iovec+0x552/0x890 [ 2754.560744][ T29] ? aa_sock_msg_perm+0x91/0x160 [ 2754.565714][ T29] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2754.571348][ T29] ? security_socket_sendmsg+0x87/0xb0 [ 2754.576964][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2754.582275][ T29] __sock_sendmsg+0x221/0x270 [ 2754.587561][ T29] ____sys_sendmsg+0x525/0x7d0 [ 2754.592376][ T29] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2754.597837][ T29] __sys_sendmsg+0x2b0/0x3a0 [ 2754.602459][ T29] ? __pfx___sys_sendmsg+0x10/0x10 [ 2754.607745][ T29] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 2754.613668][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2754.620128][ T29] ? do_syscall_64+0x108/0x240 [ 2754.624913][ T29] ? do_syscall_64+0xb4/0x240 [ 2754.629680][ T29] do_syscall_64+0xf9/0x240 [ 2754.634202][ T29] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2754.640257][ T29] RIP: 0033:0x7f3f3f67dda9 [ 2754.644684][ T29] RSP: 002b:00007f3f3e9de0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2754.653172][ T29] RAX: ffffffffffffffda RBX: 00007f3f3f7ac050 RCX: 00007f3f3f67dda9 [ 2754.661389][ T29] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003 [ 2754.691954][ T29] RBP: 00007f3f3f6ca47a R08: 0000000000000000 R09: 0000000000000000 [ 2754.700086][ T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2754.708104][ T29] R13: 000000000000006e R14: 00007f3f3f7ac050 R15: 00007ffeea079348 [ 2754.716084][ T29] [ 2754.723133][ T29] INFO: task syz-executor.0:29348 blocked for more than 144 seconds. [ 2754.734327][ T29] Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2754.746194][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2754.754894][ T29] task:syz-executor.0 state:D stack:26768 pid:29348 tgid:29346 ppid:5092 flags:0x00004006 [ 2754.766082][ T29] Call Trace: [ 2754.769699][ T29] [ 2754.772660][ T29] __schedule+0x17d1/0x49f0 [ 2754.777600][ T29] ? __pfx___schedule+0x10/0x10 [ 2754.782452][ T29] ? __pfx_lock_release+0x10/0x10 [ 2754.787988][ T29] ? __mutex_trylock_common+0x91/0x2e0 [ 2754.793573][ T29] ? schedule+0x8e/0x260 [ 2754.798240][ T29] schedule+0x149/0x260 [ 2754.802513][ T29] schedule_preempt_disabled+0x13/0x30 [ 2754.808618][ T29] __mutex_lock+0x6a3/0xd70 [ 2754.813152][ T29] ? __mutex_lock+0x526/0xd70 [ 2754.818994][ T29] ? rtnetlink_rcv_msg+0x82c/0x1040 [ 2754.824208][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 2754.829775][ T29] rtnetlink_rcv_msg+0x82c/0x1040 [ 2754.835100][ T29] ? rtnetlink_rcv_msg+0x208/0x1040 [ 2754.841464][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2754.847037][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2754.853035][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2754.859508][ T29] ? __local_bh_enable_ip+0x168/0x200 [ 2754.864900][ T29] ? lockdep_hardirqs_on+0x98/0x140 [ 2754.870167][ T29] ? __local_bh_enable_ip+0x168/0x200 [ 2754.875569][ T29] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2754.880879][ T29] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 2754.886693][ T29] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2754.891827][ T29] ? __dev_queue_xmit+0x15fd/0x3b10 [ 2754.897151][ T29] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2754.902301][ T29] ? ref_tracker_free+0x643/0x7e0 [ 2754.907472][ T29] netlink_rcv_skb+0x1e3/0x430 [ 2754.912272][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2754.917911][ T29] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2754.923268][ T29] ? netlink_deliver_tap+0x2e/0x1b0 [ 2754.928892][ T29] netlink_unicast+0x7ea/0x980 [ 2754.933732][ T29] ? __pfx_netlink_unicast+0x10/0x10 [ 2754.942800][ T29] ? __virt_addr_valid+0x44e/0x520 [ 2754.948031][ T29] ? __phys_addr_symbol+0x2f/0x70 [ 2754.953047][ T29] ? __check_object_size+0x4bb/0xa00 [ 2754.958696][ T29] ? bpf_lsm_netlink_send+0x9/0x10 [ 2754.963841][ T29] netlink_sendmsg+0xa3b/0xd70 [ 2754.968710][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2754.974012][ T29] ? __import_iovec+0x552/0x890 [ 2754.978978][ T29] ? aa_sock_msg_perm+0x91/0x160 [ 2754.983929][ T29] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2754.989547][ T29] ? security_socket_sendmsg+0x87/0xb0 [ 2754.995028][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2755.000530][ T29] __sock_sendmsg+0x221/0x270 [ 2755.005230][ T29] ____sys_sendmsg+0x525/0x7d0 [ 2755.010082][ T29] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2755.015413][ T29] __sys_sendmsg+0x2b0/0x3a0 [ 2755.020150][ T29] ? __pfx___sys_sendmsg+0x10/0x10 [ 2755.025316][ T29] ? restore_fpregs_from_fpstate+0x100/0x250 [ 2755.031552][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2755.038613][ T29] ? do_syscall_64+0x108/0x240 [ 2755.043401][ T29] ? do_syscall_64+0xb4/0x240 [ 2755.048175][ T29] do_syscall_64+0xf9/0x240 [ 2755.052724][ T29] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2755.058727][ T29] RIP: 0033:0x7f4351a7dda9 [ 2755.063172][ T29] RSP: 002b:00007f43528d80c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2755.072263][ T29] RAX: ffffffffffffffda RBX: 00007f4351babf80 RCX: 00007f4351a7dda9 [ 2755.081698][ T29] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2755.089809][ T29] RBP: 00007f4351aca47a R08: 0000000000000000 R09: 0000000000000000 [ 2755.098202][ T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2755.106464][ T29] R13: 000000000000000b R14: 00007f4351babf80 R15: 00007ffe42cdd908 [ 2755.114654][ T29] [ 2755.118393][ T29] INFO: task syz-executor.0:29350 blocked for more than 145 seconds. [ 2755.128571][ T29] Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2755.139883][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2755.149095][ T29] task:syz-executor.0 state:D stack:26768 pid:29350 tgid:29346 ppid:5092 flags:0x00004006 [ 2755.159778][ T29] Call Trace: [ 2755.163062][ T29] [ 2755.166084][ T29] __schedule+0x17d1/0x49f0 [ 2755.171337][ T29] ? __pfx___schedule+0x10/0x10 [ 2755.176654][ T29] ? __pfx_lock_release+0x10/0x10 [ 2755.181708][ T29] ? __mutex_trylock_common+0x91/0x2e0 [ 2755.187732][ T29] ? schedule+0x8e/0x260 [ 2755.192005][ T29] schedule+0x149/0x260 [ 2755.197664][ T29] schedule_preempt_disabled+0x13/0x30 [ 2755.203175][ T29] __mutex_lock+0x6a3/0xd70 [ 2755.208575][ T29] ? __mutex_lock+0x526/0xd70 [ 2755.213287][ T29] ? rtnetlink_rcv_msg+0x82c/0x1040 [ 2755.218916][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 2755.224574][ T29] rtnetlink_rcv_msg+0x82c/0x1040 [ 2755.230151][ T29] ? rtnetlink_rcv_msg+0x208/0x1040 [ 2755.235378][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2755.243689][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2755.249899][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2755.256385][ T29] ? __local_bh_enable_ip+0x168/0x200 [ 2755.261795][ T29] ? lockdep_hardirqs_on+0x98/0x140 [ 2755.267198][ T29] ? __local_bh_enable_ip+0x168/0x200 [ 2755.272579][ T29] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2755.278901][ T29] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 2755.284679][ T29] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2755.289838][ T29] ? __dev_queue_xmit+0x15fd/0x3b10 [ 2755.295069][ T29] ? __dev_queue_xmit+0x2c4/0x3b10 [ 2755.300399][ T29] ? ref_tracker_free+0x643/0x7e0 [ 2755.305449][ T29] netlink_rcv_skb+0x1e3/0x430 [ 2755.310290][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2755.315766][ T29] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2755.321208][ T29] ? netlink_deliver_tap+0x2e/0x1b0 [ 2755.326468][ T29] netlink_unicast+0x7ea/0x980 [ 2755.331257][ T29] ? __pfx_netlink_unicast+0x10/0x10 [ 2755.336652][ T29] ? __virt_addr_valid+0x44e/0x520 [ 2755.341880][ T29] ? __phys_addr_symbol+0x2f/0x70 [ 2755.347507][ T29] ? __check_object_size+0x4bb/0xa00 [ 2755.352813][ T29] ? bpf_lsm_netlink_send+0x9/0x10 [ 2755.358063][ T29] netlink_sendmsg+0xa3b/0xd70 [ 2755.362861][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2755.368244][ T29] ? __import_iovec+0x552/0x890 [ 2755.373124][ T29] ? aa_sock_msg_perm+0x91/0x160 [ 2755.379330][ T29] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2755.384682][ T29] ? security_socket_sendmsg+0x87/0xb0 [ 2755.396395][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2755.401746][ T29] __sock_sendmsg+0x221/0x270 [ 2755.418909][ T29] ____sys_sendmsg+0x525/0x7d0 [ 2755.423753][ T29] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2755.429637][ T29] __sys_sendmsg+0x2b0/0x3a0 [ 2755.434275][ T29] ? __pfx___sys_sendmsg+0x10/0x10 [ 2755.447769][ T29] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 2755.454045][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2755.466330][ T29] ? do_syscall_64+0x108/0x240 [ 2755.471171][ T29] ? do_syscall_64+0xb4/0x240 [ 2755.475891][ T29] do_syscall_64+0xf9/0x240 [ 2755.489198][ T29] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2755.495176][ T29] RIP: 0033:0x7f4351a7dda9 [ 2755.505444][ T29] RSP: 002b:00007f43528b70c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2755.522489][ T29] RAX: ffffffffffffffda RBX: 00007f4351bac050 RCX: 00007f4351a7dda9 [ 2755.531216][ T29] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003 [ 2755.547205][ T29] RBP: 00007f4351aca47a R08: 0000000000000000 R09: 0000000000000000 [ 2755.555245][ T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2755.571714][ T29] R13: 000000000000006e R14: 00007f4351bac050 R15: 00007ffe42cdd908 [ 2755.580265][ T29] [ 2755.585211][ T29] INFO: task syz-executor.1:29351 blocked for more than 145 seconds. [ 2755.596393][ T29] Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2755.604091][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2755.625658][ T29] task:syz-executor.1 state:D stack:26768 pid:29351 tgid:29349 ppid:5085 flags:0x00004006 [ 2755.645833][ T29] Call Trace: [ 2755.649541][ T29] [ 2755.652503][ T29] __schedule+0x17d1/0x49f0 [ 2755.657976][ T29] ? __pfx___schedule+0x10/0x10 [ 2755.663715][ T29] ? __pfx_lock_release+0x10/0x10 [ 2755.683901][ T29] ? __mutex_trylock_common+0x91/0x2e0 [ 2755.689866][ T29] ? schedule+0x8e/0x260 [ 2755.694173][ T29] schedule+0x149/0x260 [ 2755.706314][ T29] schedule_preempt_disabled+0x13/0x30 [ 2755.711848][ T29] __mutex_lock+0x6a3/0xd70 [ 2755.726233][ T29] ? __mutex_lock+0x526/0xd70 [ 2755.731090][ T29] ? rtnetlink_rcv_msg+0x82c/0x1040 [ 2755.745656][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 2755.751196][ T29] rtnetlink_rcv_msg+0x82c/0x1040 [ 2755.756975][ T29] ? rtnetlink_rcv_msg+0x208/0x1040 [ 2755.762239][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2755.777924][ T29] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 2755.784137][ T29] ? __pfx_validate_chain+0x10/0x10 [ 2755.796299][ T29] ? __pfx_validate_chain+0x10/0x10 [ 2755.801639][ T29] ? mark_lock+0x9a/0x350 [ 2755.805980][ T29] ? __pfx_validate_chain+0x10/0x10 [ 2755.812461][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 2755.817810][ T29] ? mark_lock+0x9a/0x350 [ 2755.822144][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 2755.828184][ T29] netlink_rcv_skb+0x1e3/0x430 [ 2755.832980][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2755.838940][ T29] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2755.844315][ T29] ? netlink_deliver_tap+0x2e/0x1b0 [ 2755.850269][ T29] netlink_unicast+0x7ea/0x980 [ 2755.855197][ T29] ? __pfx_netlink_unicast+0x10/0x10 [ 2755.861208][ T29] ? __virt_addr_valid+0x44e/0x520 [ 2755.876500][ T29] ? __phys_addr_symbol+0x2f/0x70 [ 2755.881606][ T29] ? __check_object_size+0x4bb/0xa00 [ 2755.896275][ T29] ? bpf_lsm_netlink_send+0x9/0x10 [ 2755.901827][ T29] netlink_sendmsg+0xa3b/0xd70 [ 2755.915032][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2755.920851][ T29] ? __import_iovec+0x552/0x890 [ 2755.925758][ T29] ? aa_sock_msg_perm+0x91/0x160 [ 2755.941293][ T29] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2755.957147][ T29] ? security_socket_sendmsg+0x87/0xb0 [ 2755.962697][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2755.975467][ T29] __sock_sendmsg+0x221/0x270 [ 2755.980790][ T29] ____sys_sendmsg+0x525/0x7d0 [ 2755.985620][ T29] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2755.996309][ T29] __sys_sendmsg+0x2b0/0x3a0 [ 2756.000975][ T29] ? __pfx___sys_sendmsg+0x10/0x10 [ 2756.013611][ T29] ? restore_fpregs_from_fpstate+0x100/0x250 [ 2756.019951][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2756.034607][ T29] ? do_syscall_64+0x108/0x240 [ 2756.040070][ T29] ? do_syscall_64+0xb4/0x240 [ 2756.044855][ T29] do_syscall_64+0xf9/0x240 [ 2756.050143][ T29] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2756.056098][ T29] RIP: 0033:0x7fa71707dda9 [ 2756.068860][ T29] RSP: 002b:00007fa717dc70c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2756.082355][ T29] RAX: ffffffffffffffda RBX: 00007fa7171abf80 RCX: 00007fa71707dda9 [ 2756.090923][ T29] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2756.115808][ T29] RBP: 00007fa7170ca47a R08: 0000000000000000 R09: 0000000000000000 [ 2756.136349][ T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2756.144410][ T29] R13: 000000000000000b R14: 00007fa7171abf80 R15: 00007ffd15bcabf8 [ 2756.167375][ T29] [ 2756.183306][ T29] INFO: task syz-executor.1:29352 blocked for more than 146 seconds. [ 2756.194367][ T29] Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2756.214488][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2756.223813][ T29] task:syz-executor.1 state:D stack:26768 pid:29352 tgid:29349 ppid:5085 flags:0x00004006 [ 2756.241870][ T29] Call Trace: [ 2756.245199][ T29] [ 2756.252502][ T29] __schedule+0x17d1/0x49f0 [ 2756.258021][ T29] ? __pfx___schedule+0x10/0x10 [ 2756.263048][ T29] ? __pfx_lock_release+0x10/0x10 [ 2756.276677][ T29] ? __mutex_trylock_common+0x91/0x2e0 [ 2756.282226][ T29] ? schedule+0x8e/0x260 [ 2756.296701][ T29] schedule+0x149/0x260 [ 2756.301025][ T29] schedule_preempt_disabled+0x13/0x30 [ 2756.315194][ T29] __mutex_lock+0x6a3/0xd70 [ 2756.320647][ T29] ? __mutex_lock+0x526/0xd70 [ 2756.325375][ T29] ? rtnetlink_rcv_msg+0x82c/0x1040 [ 2756.336279][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 2756.341390][ T29] rtnetlink_rcv_msg+0x82c/0x1040 [ 2756.354496][ T29] ? rtnetlink_rcv_msg+0x208/0x1040 [ 2756.360253][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2756.365779][ T29] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 2756.372709][ T29] ? __pfx_validate_chain+0x10/0x10 [ 2756.386048][ T29] ? __pfx_validate_chain+0x10/0x10 [ 2756.391777][ T29] ? mark_lock+0x9a/0x350 [ 2756.396804][ T29] ? __pfx_validate_chain+0x10/0x10 [ 2756.402063][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 2756.415457][ T29] ? mark_lock+0x9a/0x350 [ 2756.420325][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 2756.425422][ T29] netlink_rcv_skb+0x1e3/0x430 [ 2756.436291][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2756.441853][ T29] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2756.456022][ T29] ? netlink_deliver_tap+0x2e/0x1b0 [ 2756.461820][ T29] netlink_unicast+0x7ea/0x980 [ 2756.467317][ T29] ? __pfx_netlink_unicast+0x10/0x10 [ 2756.472838][ T29] ? __virt_addr_valid+0x44e/0x520 [ 2756.485928][ T29] ? __phys_addr_symbol+0x2f/0x70 [ 2756.491517][ T29] ? __check_object_size+0x4bb/0xa00 [ 2756.505168][ T29] ? bpf_lsm_netlink_send+0x9/0x10 [ 2756.510763][ T29] netlink_sendmsg+0xa3b/0xd70 [ 2756.515609][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2756.521811][ T29] ? __import_iovec+0x552/0x890 [ 2756.534007][ T29] ? aa_sock_msg_perm+0x91/0x160 [ 2756.541003][ T29] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2756.547254][ T29] ? security_socket_sendmsg+0x87/0xb0 [ 2756.552874][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2756.576387][ T29] __sock_sendmsg+0x221/0x270 [ 2756.581154][ T29] ____sys_sendmsg+0x525/0x7d0 [ 2756.585972][ T29] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2756.605305][ T29] __sys_sendmsg+0x2b0/0x3a0 [ 2756.616284][ T29] ? __pfx___sys_sendmsg+0x10/0x10 [ 2756.621596][ T29] ? restore_fpregs_from_fpstate+0x100/0x250 [ 2756.631374][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2756.643270][ T29] ? do_syscall_64+0x108/0x240 [ 2756.648854][ T29] ? do_syscall_64+0xb4/0x240 [ 2756.653589][ T29] do_syscall_64+0xf9/0x240 [ 2756.658407][ T29] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2756.664635][ T29] RIP: 0033:0x7fa71707dda9 [ 2756.669321][ T29] RSP: 002b:00007fa717da60c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2756.678198][ T29] RAX: ffffffffffffffda RBX: 00007fa7171ac050 RCX: 00007fa71707dda9 [ 2756.686253][ T29] RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003 [ 2756.694359][ T29] RBP: 00007fa7170ca47a R08: 0000000000000000 R09: 0000000000000000 [ 2756.702691][ T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2756.711350][ T29] R13: 000000000000006e R14: 00007fa7171ac050 R15: 00007ffd15bcabf8 [ 2756.719634][ T29] [ 2756.722733][ T29] [ 2756.722733][ T29] Showing all locks held in the system: [ 2756.730704][ T29] 1 lock held by khungtaskd/29: [ 2756.735562][ T29] #0: ffffffff8e130be0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 2756.745553][ T29] 2 locks held by getty/4819: [ 2756.750339][ T29] #0: ffff88802a43c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 2756.760916][ T29] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b4/0x1e10 [ 2756.771815][ T29] 1 lock held by syz-executor.3/5088: [ 2756.777527][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 2756.787239][ T29] 2 locks held by kworker/0:10/11628: [ 2756.792833][ T29] #0: ffff888014c7a538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 2756.804934][ T29] #1: ffffc9000a437d20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 2756.818004][ T29] 3 locks held by kworker/1:1/8138: [ 2756.823377][ T29] #0: ffff888029993538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 2756.836479][ T29] #1: ffffc90013e7fd20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 2756.850176][ T29] #2: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 2756.860201][ T29] 3 locks held by kworker/0:2/30198: [ 2756.865598][ T29] #0: ffff888029993538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 2756.878210][ T29] #1: ffffc9000a497d20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 2756.900713][ T29] #2: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 2756.911249][ T29] 3 locks held by kworker/1:5/8799: [ 2756.917039][ T29] #0: ffff888014c78938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 2756.928583][ T29] #1: ffffc9000318fd20 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 2756.940164][ T29] #2: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 2756.951127][ T29] 5 locks held by kworker/u4:0/10507: [ 2756.957127][ T29] #0: ffff888015ea4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 2756.968821][ T29] #1: ffffc900066ffd20 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 2756.979979][ T29] #2: ffffffff8f369750 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf5/0xb90 [ 2756.990341][ T29] #3: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe8/0x9d0 [ 2757.001005][ T29] #4: ffffffff8e136578 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3a3/0x890 [ 2757.012367][ T29] 2 locks held by kworker/u4:1/21068: [ 2757.018262][ T29] 1 lock held by syz-executor.4/28065: [ 2757.023746][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.042276][ T29] 1 lock held by syz-executor.2/29347: [ 2757.048225][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.058623][ T29] 1 lock held by syz-executor.0/29348: [ 2757.064194][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.074320][ T29] 1 lock held by syz-executor.0/29350: [ 2757.080334][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.090414][ T29] 1 lock held by syz-executor.1/29351: [ 2757.095909][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.106410][ T29] 1 lock held by syz-executor.1/29352: [ 2757.111906][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.122076][ T29] 1 lock held by syz-executor.4/29366: [ 2757.127901][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.137993][ T29] 1 lock held by syz-executor.2/29381: [ 2757.143491][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.165835][ T29] 1 lock held by syz-executor.1/29386: [ 2757.181251][T20857] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 2757.186945][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.200948][ T29] 1 lock held by syz-executor.0/29388: [ 2757.202215][T20857] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 2757.214929][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.216513][T20857] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 2757.225092][ T29] 1 lock held by syz-executor.3/29414: [ 2757.239601][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.239815][T20857] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 2757.250031][ T29] 1 lock held by syz-executor.4/29419: [ 2757.263704][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.264029][T20857] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 2757.274275][ T29] 1 lock held by syz-executor.2/29423: [ 2757.286966][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.296815][ T29] 1 lock held by syz-executor.0/29427: [ 2757.302314][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.312950][T20857] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 2757.321269][ T29] 1 lock held by syz-executor.1/29430: [ 2757.327217][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.337316][ T29] 1 lock held by syz-executor.3/29433: [ 2757.342791][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.352888][ T29] 1 lock held by syz-executor.4/29438: [ 2757.358440][ T29] #0: ffffffff8f375cc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 2757.385876][ T29] [ 2757.388431][ T29] ============================================= [ 2757.388431][ T29] [ 2757.401339][ T29] NMI backtrace for cpu 0 [ 2757.405796][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2757.415701][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2757.425949][ T29] Call Trace: [ 2757.429239][ T29] [ 2757.432183][ T29] dump_stack_lvl+0x1e7/0x2e0 [ 2757.436972][ T29] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2757.442200][ T29] ? __pfx__printk+0x10/0x10 [ 2757.446821][ T29] ? vprintk_emit+0x607/0x720 [ 2757.451527][ T29] ? __pfx_vprintk_emit+0x10/0x10 [ 2757.456676][ T29] nmi_cpu_backtrace+0x49c/0x4d0 [ 2757.461646][ T29] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 2757.467128][ T29] ? _printk+0xd5/0x120 [ 2757.471305][ T29] ? __pfx__printk+0x10/0x10 [ 2757.475894][ T29] ? __wake_up_klogd+0xcc/0x110 [ 2757.480748][ T29] ? __pfx__printk+0x10/0x10 [ 2757.485333][ T29] ? __rcu_read_unlock+0xa0/0x110 [ 2757.490362][ T29] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 2757.496468][ T29] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 2757.502704][ T29] watchdog+0xfaf/0xff0 [ 2757.506884][ T29] ? watchdog+0x1e9/0xff0 [ 2757.511214][ T29] ? __pfx_watchdog+0x10/0x10 [ 2757.515886][ T29] kthread+0x2ef/0x390 [ 2757.520035][ T29] ? __pfx_watchdog+0x10/0x10 [ 2757.524712][ T29] ? __pfx_kthread+0x10/0x10 [ 2757.529292][ T29] ret_from_fork+0x4b/0x80 [ 2757.533882][ T29] ? __pfx_kthread+0x10/0x10 [ 2757.538468][ T29] ret_from_fork_asm+0x1b/0x30 [ 2757.543256][ T29] [ 2757.546996][ T29] Sending NMI from CPU 0 to CPUs 1: [ 2757.552235][ C1] NMI backtrace for cpu 1 [ 2757.552246][ C1] CPU: 1 PID: 2901 Comm: kworker/u4:10 Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2757.552264][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2757.552273][ C1] Workqueue: bat_events batadv_nc_worker [ 2757.552359][ C1] RIP: 0010:rcu_is_watching+0x3a/0xb0 [ 2757.552382][ C1] Code: e8 eb 88 ec 09 89 c3 83 f8 08 73 7a 49 bf 00 00 00 00 00 fc ff df 4c 8d 34 dd 40 29 ae 8d 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 <74> 08 4c 89 f7 e8 ec b7 7a 00 48 c7 c3 88 6d 03 00 49 03 1e 48 89 [ 2757.552394][ C1] RSP: 0018:ffffc9000b507a00 EFLAGS: 00000246 [ 2757.552406][ C1] RAX: 1ffffffff1b5c529 RBX: 0000000000000001 RCX: ffffffff81711744 [ 2757.552418][ C1] RDX: 0000000000000000 RSI: ffffffff8bfe6dc0 RDI: ffffffff8bfe6d80 [ 2757.552429][ C1] RBP: ffffc9000b507b80 R08: ffffffff8f856baf R09: 1ffffffff1f0ad75 [ 2757.552440][ C1] R10: dffffc0000000000 R11: fffffbfff1f0ad76 R12: 1ffff920016a0f4c [ 2757.552451][ C1] R13: dffffc0000000000 R14: ffffffff8dae2948 R15: dffffc0000000000 [ 2757.552463][ C1] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 2757.552477][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2757.552488][ C1] CR2: 00007f17ac5ac018 CR3: 000000000df32000 CR4: 00000000003506f0 [ 2757.552501][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2757.552510][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2757.552520][ C1] Call Trace: [ 2757.552527][ C1] [ 2757.552534][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 2757.552551][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 2757.552573][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 2757.552589][ C1] ? nmi_handle+0x2a/0x580 [ 2757.552617][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 2757.552634][ C1] ? nmi_handle+0x14f/0x580 [ 2757.552648][ C1] ? nmi_handle+0x2a/0x580 [ 2757.552662][ C1] ? rcu_is_watching+0x3a/0xb0 [ 2757.552680][ C1] ? default_do_nmi+0x63/0x160 [ 2757.552697][ C1] ? exc_nmi+0x123/0x1f0 [ 2757.552712][ C1] ? end_repeat_nmi+0xf/0x60 [ 2757.552731][ C1] ? lock_acquire+0xd4/0x530 [ 2757.552751][ C1] ? rcu_is_watching+0x3a/0xb0 [ 2757.552770][ C1] ? rcu_is_watching+0x3a/0xb0 [ 2757.552797][ C1] ? rcu_is_watching+0x3a/0xb0 [ 2757.552815][ C1] [ 2757.552820][ C1] [ 2757.552826][ C1] lock_acquire+0xe3/0x530 [ 2757.552849][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 2757.552869][ C1] ? batadv_nc_worker+0xcb/0x610 [ 2757.552885][ C1] ? __pfx_lock_release+0x10/0x10 [ 2757.552906][ C1] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2757.552929][ C1] batadv_nc_worker+0xec/0x610 [ 2757.552946][ C1] ? batadv_nc_worker+0xcb/0x610 [ 2757.552962][ C1] ? batadv_nc_worker+0xcb/0x610 [ 2757.552980][ C1] ? process_scheduled_works+0x825/0x1420 [ 2757.553000][ C1] process_scheduled_works+0x913/0x1420 [ 2757.553032][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 2757.553056][ C1] ? assign_work+0x364/0x3d0 [ 2757.553078][ C1] worker_thread+0xa5f/0x1000 [ 2757.553108][ C1] ? __pfx_worker_thread+0x10/0x10 [ 2757.553128][ C1] kthread+0x2ef/0x390 [ 2757.553142][ C1] ? __pfx_worker_thread+0x10/0x10 [ 2757.553161][ C1] ? __pfx_kthread+0x10/0x10 [ 2757.553176][ C1] ret_from_fork+0x4b/0x80 [ 2757.553194][ C1] ? __pfx_kthread+0x10/0x10 [ 2757.553209][ C1] ret_from_fork_asm+0x1b/0x30 [ 2757.553236][ C1] [ 2757.588492][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 2757.588510][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.8.0-rc6-syzkaller-00130-g948abb59ebd3 #0 [ 2757.588530][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2757.588541][ T29] Call Trace: [ 2757.588548][ T29] [ 2757.588555][ T29] dump_stack_lvl+0x1e7/0x2e0 [ 2757.588590][ T29] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2757.588614][ T29] ? __pfx__printk+0x10/0x10 [ 2757.588644][ T29] ? vscnprintf+0x5d/0x90 [ 2757.588664][ T29] panic+0x349/0x860 [ 2757.588689][ T29] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 2757.588709][ T29] ? __pfx_panic+0x10/0x10 [ 2757.588729][ T29] ? tick_nohz_tick_stopped+0x7b/0xc0 [ 2757.588749][ T29] ? __irq_work_queue_local+0x137/0x3e0 [ 2757.588783][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 2757.588802][ T29] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 2757.588820][ T29] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 2757.588842][ T29] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 2757.588864][ T29] watchdog+0xfee/0xff0 [ 2757.588890][ T29] ? watchdog+0x1e9/0xff0 [ 2757.588918][ T29] ? __pfx_watchdog+0x10/0x10 [ 2757.588941][ T29] kthread+0x2ef/0x390 [ 2757.588960][ T29] ? __pfx_watchdog+0x10/0x10 [ 2757.588981][ T29] ? __pfx_kthread+0x10/0x10 [ 2757.589000][ T29] ret_from_fork+0x4b/0x80 [ 2757.589024][ T29] ? __pfx_kthread+0x10/0x10 [ 2757.589042][ T29] ret_from_fork_asm+0x1b/0x30 [ 2757.589078][ T29] [ 2757.592324][ T29] Kernel Offset: disabled [ 2758.031969][ T29] Rebooting in 86400 seconds..