x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xde4, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1939.305370][T12305] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
17:36:58 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, 0xffffffffffffffff, 0x8000000)
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r6, r7, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:36:58 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1939.560506][T12308] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1939.801414][T12308] CPU: 0 PID: 12308 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1939.811852][T12308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1939.821894][T12308] Call Trace:
[ 1939.825168][T12308]  <TASK>
[ 1939.828109][T12308]  dump_stack_lvl+0xcd/0x134
[ 1939.832729][T12308]  dump_header+0x10b/0x85f
[ 1939.837162][T12308]  oom_kill_process.cold+0x10/0x15
[ 1939.842291][T12308]  out_of_memory+0x358/0x14a0
[ 1939.846994][T12308]  ? __mod_timer+0x83c/0xe30
[ 1939.851609][T12308]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1939.857103][T12308]  ? lock_acquire+0x4fc/0x630
[ 1939.861802][T12308]  ? oom_killer_disable+0x270/0x270
[ 1939.867026][T12308]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1939.872511][T12308]  ? lock_release+0x5cb/0x810
[ 1939.877191][T12308]  ? rcu_read_unlock+0x9/0x60
[ 1939.881871][T12308]  ? lock_downgrade+0x6e0/0x6e0
[ 1939.886725][T12308]  mem_cgroup_out_of_memory+0x206/0x270
[ 1939.892274][T12308]  ? mem_cgroup_margin+0x130/0x130
[ 1939.897386][T12308]  ? lock_downgrade+0x6e0/0x6e0
[ 1939.902239][T12308]  try_charge_memcg+0xef8/0x12f0
[ 1939.907183][T12308]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1939.913170][T12308]  ? lock_release+0x5cb/0x810
[ 1939.917843][T12308]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1939.923563][T12308]  ? lock_downgrade+0x6e0/0x6e0
[ 1939.928409][T12308]  ? lock_release+0x5cb/0x810
[ 1939.933085][T12308]  ? rcu_read_unlock+0x9/0x60
[ 1939.937762][T12308]  ? lock_downgrade+0x6e0/0x6e0
[ 1939.942615][T12308]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1939.948167][T12308]  __alloc_pages+0x1ef/0x5a0
[ 1939.952757][T12308]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1939.959524][T12308]  ? lock_release+0x5cb/0x810
[ 1939.964204][T12308]  alloc_pages+0x1a6/0x270
[ 1939.968631][T12308]  pte_alloc_one+0x16/0x230
[ 1939.973140][T12308]  __pte_alloc+0x69/0x250
[ 1939.977469][T12308]  ? pmd_install+0x150/0x150
[ 1939.982055][T12308]  ? hugepage_vma_check+0x24a/0x830
[ 1939.987263][T12308]  __handle_mm_fault+0x3527/0x3a40
[ 1939.992377][T12308]  ? lock_acquire+0x4fc/0x630
[ 1939.997052][T12308]  ? vm_iomap_memory+0x180/0x180
[ 1940.001988][T12308]  ? lock_release+0x810/0x810
[ 1940.006671][T12308]  handle_mm_fault+0x1c8/0x780
[ 1940.011440][T12308]  do_user_addr_fault+0x475/0x1210
[ 1940.016559][T12308]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1940.022026][T12308]  exc_page_fault+0x94/0x170
[ 1940.026617][T12308]  asm_exc_page_fault+0x22/0x30
[ 1940.031473][T12308] RIP: 0023:0xf6e1cd58
[ 1940.035536][T12308] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1940.055140][T12308] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1940.061219][T12308] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1940.069188][T12308] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1940.077157][T12308] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1940.085127][T12308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1940.093092][T12308] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1940.101063][T12308]  </TASK>
17:36:58 executing program 1:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = dup(0xffffffffffffffff)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1940.327193][T12308] memory: usage 307188kB, limit 307200kB, failcnt 40275
[ 1940.345265][T12308] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1940.360058][T12308] Memory cgroup stats for /syz2:
[ 1940.360182][T12308] anon 98304
[ 1940.360182][T12308] file 266240
[ 1940.360182][T12308] kernel 314195968
[ 1940.360182][T12308] kernel_stack 65536
[ 1940.360182][T12308] pagetables 65536
[ 1940.360182][T12308] sec_pagetables 0
[ 1940.360182][T12308] percpu 5359968
[ 1940.360182][T12308] sock 0
[ 1940.360182][T12308] vmalloc 8192
[ 1940.360182][T12308] shmem 266240
[ 1940.360182][T12308] zswap 0
[ 1940.360182][T12308] zswapped 0
[ 1940.360182][T12308] file_mapped 266240
[ 1940.360182][T12308] file_dirty 0
[ 1940.360182][T12308] file_writeback 0
[ 1940.360182][T12308] swapcached 0
[ 1940.360182][T12308] anon_thp 0
[ 1940.360182][T12308] file_thp 0
[ 1940.360182][T12308] shmem_thp 0
[ 1940.360182][T12308] inactive_anon 98304
[ 1940.360182][T12308] active_anon 266240
[ 1940.360182][T12308] inactive_file 0
[ 1940.360182][T12308] active_file 0
[ 1940.360182][T12308] unevictable 0
[ 1940.360182][T12308] slab_reclaimable 12224
[ 1940.360182][T12308] slab_unreclaimable 308662592
17:36:59 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, 0xffffffffffffffff, 0x8000000)
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r6, r7, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1940.561811][T12316] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
17:36:59 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x0, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1941.040895][T12308] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12308,uid=0
17:36:59 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0)={0x0, 0x5}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100))
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x8, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r1, r4, &(0x7f0000000080)=@IORING_OP_WRITE={0x17, 0x10, 0x2000, @fd_index, 0x8001, &(0x7f0000000340)="915def8ae096428ca187de4b064163f620d12264659548fb6c60b008808c5807a2c33a29e7100d29f5ac29a709ef129f2d4dc09f895feb5f93d5135f782ea5dc81df577fdcf4eca41e8114ed6669ba9fbf93cd9ef0dfb9538db6ba7debfe695e487c8a82e0a9b42246eda29061408df595c909c347047c281cbafa30b3f5ba06cfdcbf04c8d29e4aab5e2eb04409096384692419be341c5ea4051fdf48a7d2a16501addd10989aaac3a354e8809bd2bbb1b92e104577ffdd20ae6f342fb65b9ee380039e42ddf1c309a1649b9851a635f80c3f04ed56685e67d01cd9f4f1630c1c6bdefdccb91da34e137bb2c0ab2fde4c99f55536ff40f9d62f2d1624b79f64b3471a060c8c2045f0499b67006cb4518ce91ac31813b7df517fe14d84c1a05935a70b6d1dba3b170ee0144803d6e02660bffb824bdf87d99bda480fdd388c76c33c65aa784a2ab42085a5d41c9d62ea8b6dbde44bfff49a035d23c92a5d02bbff9ff62c19b3b78c3139b86f20798fae70b28c47ed23a0af8828d335b80d3a1c654b60a11bf1d3c1da1709079b66915608fc933d0be7f96e00a73b6bf4c3ec0eca67d5a79f39eacffa5b0e6a668c77f58b3da458beca4338d760f3eba734e9c917d941d6886d4f1afd43b03d8e06feef8affab0977e74af4e2464495ad3496a3f8cb9b6487d0b604b929a13c48e9b414218a91c63c71657f861df0d862fbbba44b60e35e79a7948a51d5daee689a851ad41a270565fe4c2c5d7cc521336d68d757923b3179e3a619625f432c4b1d60336173e9b1f6e3bb1207b361d86960365c31f85919a37930e22fb0fefde58f068eec5ef9f84c462fb26df7c0e8bd07d2f3477bf79d7a8e8c9621e1a9290b8d53238d21045bc262ae24ece24138fc78803172aadc7458fb4c965cb2d0dd25cbad686925ebea0006516797ed77813640421335607b6f31f88c17f01495a2d5ae62aca29805c686598c7885b4d8fa69cfeac07115bf840173ed8a2679f0542b34297e92209d88da05966cd4f8746432490dcdcc490474db1532f65310f7899eb6981a0d1ce45998a42e5b0ad908e9e31a8b1915ce67a15fd61b2922db06707334b76d5d7a7029d57985b538c10909a5c439699ad8b869e256c155cdc2185d73d9a360e397972888e1410ee97e38371eae2a7d9e4070b66a1487092683662184993e82f5274e9018e37206115cc622b584f3bad6066405846d8b1ffc095ec05471595fdd613e0fb1316ddd15022f2eebabe688ca988f2116fe7abd04012b440fdc9ee1f16d2c2753dfd4e870a5c1ad15b24170a4cfd063352bba72ed3cc2931f982acd80f244c76f2692907513debfffd76a624b99c51e7a3ee5beb13e24f873f87d5a73fe5dada7a12376b2f9afa96266518fcaf3c2b87aadc77084dd000fcac49f16ca6087105cd484329e8e7ceb4d8bc56381e2c38492837329b618436e765a0f1656b926266ca30ff28916c7ada55dfece469e50f997259383f9e9fe9810a3b4c36846e130512d4aa49c1258c592097d9b2b7efb1ff93fe6fb378aba8021d2c24c073007ad28d0930e26165bc81d403d8ae3d985c737ac6ec4dbeb4b2fbd3b9ec8d4fd0bc904d199e99cc12a912ebc48b1f21993b7f2584bd03c582f7b4c4bde48fcb44a8605d110827166da95a44538d0d94b86d0a083c103986ea3a73c1c402dcf9ec71caa64dd2869ad247f9bf28c71487790bf56fbbcb4721e3dea4c52fbf7834ff487812962d2a1f2762071f32af0054f72b5a8f437802883d6d4740fcebab5b6ddc2becb155e5efb5f36500dd8d57645cfb808e8eb75473330519aaf3768fb87a94add1ffbf8de8f13ac3e601b812c163e2799592d356c7a6bf3e1cedc90eee4262bfe2d91677b6d4d31e11e71810d6dbabd4683239eb4939cf67b2a238ab710d894c3289af0d440749e9bacebd71a6ed1678443fab6e92c87cefdd5ad9a0553025b40bd62a785e5f5f0f4f6a439a08d67ee1fc62766acb41e9d6bd11d2c4889421b993466344e748f4d2976c97d896d6bb59a8cda3605d7885e2ee3c82ef727db9fb3138ad2605e91582b30d6173333a44c8a3584d931c86e79f1f5516ad3868742f1c3d8d2b7a24d299633dac59013710a85fbe767d3cc3685fc10d51b5d3277c6947cdca825ea31ec86b580738a851a12ed783e029b208f7ecf7bda59c8ba0d3edf9b79618926f2302905128301c0a62389c3ddad36028887a5bcbb8e8089c3e6c9bdd0e02f1b23cd59335ea683b09ca0d9c69e15457c7c18f581343be1947d1792cab5c12d307fe982418da56d7b956b173652510918afeaf9abc3429140943d0b933683ccb0d92c2cfba3f438554d9a80d4405b90837d0594a8b90d8082bdb81b6a6ac379047ab0a7e86d49ab44a83b5b802f9ebf09f5b120ebc2d0ad911a93862d9a004d60a0a69e6c6dab087dee134c22d766beac8e4e94caf8aa153ffca81d231f219a5c599d3639a64383673e7a9a3c94142ae61d9975757bd67ada9976dc967d58cead61dbcb35e1ae66e402174a56807417c8916e08c7e24f1151a2c477cba1a7b0c0a02a715bed23d1597a633a9c4feb7fc6103f8224fc96d2f648274cec957ea0ad22f97ad0acc1def33e6bda013df86405ef97dd28ee135d61735a6cee24fd10a4b3cd25ce56aa81b14d86ff7e40fcf45e821a99b9aa892d16c5738b132e30e01cc5ed4b142def58cf682e9739c8a2fd37a3bbfb088c91d85f814cc8113bbcc8deb45f24052ac77a3b40033b3f091e5715fbf6dbca72245a83d86b64f57004de34a7905e0cc3dd3f7ff89ed780e4842dd42f9d7b4c0672ff0ad82fd0aec95c4bb39c8244380499387c2d1c6e448acbd6b8fac56f5366efccc582d8ae0070e289ba3446103ef20543e5903303b6cd8330560c90be9463d8d54283b62ad428e1d3a821bd9ededf1682b69e2cf9fca4d3701e399120c2c5c0aa589b6b27126e068dccefa6725dea8da94301ce223353694bd6331f0a50eb09f355b9d2e8b6a962e395f2764c5d9b7898777361d3aaf0bf1e9f23824800271f658ef02d2178dfc922e78eac1fab3cab4ad3394e3668c0653368a36aaa06a3ad781bb532eb6719f7be2105fdee59af104274ff5a126627813845f7aae058410b5bf852d2cef100364fd7ff7d376870df9fefeff0a2b6467a1c8e1ea03c214f551ed4bd03310d03b13507015b991e403fc84ca55903110959dfc9b9302bfe45841cf5354987d80803cf5069a1addc9d11347501dd58de9f2fec7f6b5531d30ea0965e7816619db71ae4d0fcaafc2c3f6b56c455d0d8013ae78d61f6b5889789f4567f5ebb4f181d3e2fcabc6fcbc7064927e9d235a7bb2799edaa66641bee34646842b9dd64a08c2217adb2fe55ebfe52eef56d0328692bc12b7403fa3e2fadadca3b3beb2c7452a07fbeca94de3524f878dff22aca71645e8f332611d11c410fa292fa863acce7601255621e3a56c782a0b687903328607dfdadb8e225dd6d0c71b6cf6b4936643825eb121c783702c2bca87e52500eedf594d2f19836e1f29ef665637a03d0e72797e17b6ab56911a7248703543cfab001e8d9c2fd6325b0199e4a986d6b3fcdd1389429dd3655c6c0bf5cf9708890f75f19ca46446c2001f7950ce065d3c9e37d639410c961f5b04e208efc4f964522e4ef136e78f7039f3f762ff3257ea15e869a29e43bee8c30c171849ccd00dae3f3f72a8f2bc331b7d20faac18136179eb05322f076a30ef3784af876bc943124bc78233d7092b9c4d49572ac97d8514afe694d32a1d91d463063686735e7d147c2bfb950ea56a4f6ce50134a193d3977f12b7fd9986ebba9ea52a4611db98e36333745756c6e2660bbd75a897047dd8b4313ef240540c1550683e517a3163af582d8486e5b1da0566851add6a0ca2fd710dc227e1144738d3c712fb39ae3c4361a8f3a4c2571591689c3dab9eebc56f26e22eed6b1571336f28e9ea4aad492c006162f3f0935776121b8122fc86289c6473619477eaddd00a1e784fc821c1a43ff0c82354cebb04ace22dd922e5d9af757ebf06f08963842678c1c88f73787fb3d4f535a103a33114db7a6cd24a508deb34461cb3d086043eb4810881a60d5478a30be772249b1af89d6c30ed75a4b4c088d75ce399cd2251a98ea4285991338d7606002ba3962129cb0c224b74e0510778c7c281cb25ced1eb72348f2d564d2659b91e4f587a220122d0c82c5be46b04de0ea44ca586d794eb1445db2d9729fb7b816ea6234ee6f2041bfd0441868da7541a2dd4c914198ce4744d7a0112e8e674303334f2d858230cf6bb5ee66cb254870f259877c39dbb6404b6aed171cd4f01cdbd1fc8ec41fa7a85d0aeee138cae5f2294cb841383a1eca37647fd64f7e5a1928b17e5f9f7bf6064affff530341dae188edebb5fc586f552531cf290e9ce030aeeed32d4651e1b22489f336045934d27831916600f4d1a9b01655b49d67f77d8aa5375d0958d8f728765ce34353ab1f4088d918f9ffcf18d312a51d7d2f3b1cfcedc53c3b129c4a8c10c027f799d301459cf047692483204d8f249132f807a11ba7eb4d692ffcc979a47f0a731525878b0787047a1b6b0aa3c916f7e20229711d5ad7841c410fc05ddc360424710804ebb8c4807a1ed288a9f4b815602a9a2e918d33f18710e9e2925d14d98920bae71d9ca20bd770d5d430896f7d9dfe5d8ee55ec8aedcf4b310cabcb1cba360e7e041e011bee4caa28dc0012028d7bba22e60846a5898a08bcba1d72eafae605b7d9839f6f1eddbec25bae4e2c4891dd1152ead5e44cb851b490f14ee261c7cbfce076045e66339df7f57cf5d86f60a706411826708c722ade3d87978df7be49e10c50852155daa3f5cf3ab927627425f2e548c738962c822acab02703f14d41b2c8b0484fe7fa39eb8d38447482335e9275c55d72459b7db29ed71352c6fe53c696d58b04c9054770d5193045451fe45e4ffae5039b304f22e197b246143eb909f3f57f7aaa937daf903e3764a3dfbd16907a6f1269216ce94ad6042bd25d7b71657ad3f90dfa6c70d2b843379abeebb4ccb1323442ce99ee257f547b52debde47d3b0b635282ba5f86e7d96236a5a19fecaa414ff2d040c615d041988034cfc450bad15abf167e8d0a341e95d3e16a45eb1e7667b741dab58dba84bade9d28ec36fb52a972082c667b4fd2c0afb0c999a9f03ef09060be23d8a45b09651dcfd99b1cac4a043e5ede4475850c85ed6fdc6c24368f29054b18a5bf3ff96b80224e71b40416fe2d21e48de7b2b7edcf405c91a5f32cb4f6055c341c7ba4ca257086158edbbd7182b608c404326d2946762c70ea5b6baa4694ba083ad7648a7fd1d856cd8c64a39831dc541bf98a1917e078d8d059433bc4581670ac30a6ee310fd1705f8ed5b4a15371b23d1f274b62d79d2be42fba9c0dc6f40b2aa8ea68ed176475452179d6097f441ab6ded2ab8575cfba1aa34d37737ec03d5a581ba95735f04b68e248f1e008db556161979b39d7a8ed33f9f9dbbdb497b2eb71a727df8fdc1fb53f33eec49f2dbe24b25e9ab466073223764078cd493902365c8cf6be2ecda7ab1c2d3d4a898a33eaa6d8751f30b5e1e1b225c41cfb18fbc7607ff29b9549500b83555ce7d7a6b6f3eb889b48917529579850df5fe1b2d5ccca147fb9bc30c2a5f4696052fe0ac929f4db15712bc1ae4bff683fac50e3905b923a1b6337828cf61ba1465e4c53f4c16249e8b062b7211df6229125b2fc8c7b1ffad76acaa9391110313d75afd", 0x1000, 0x4, 0x1}, 0xf21)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1941.240954][T12308] Memory cgroup out of memory: Killed process 12308 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:00 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x21a5)

17:37:00 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x0, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:00 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xde8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:00 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, 0xffffffffffffffff, 0x8000000)
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r6, r7, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:00 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x21a6)

[ 1941.657549][T12328] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000
[ 1941.727302][T12328] CPU: 0 PID: 12328 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1941.737730][T12328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1941.747768][T12328] Call Trace:
[ 1941.751034][T12328]  <TASK>
[ 1941.753957][T12328]  dump_stack_lvl+0xcd/0x134
[ 1941.758543][T12328]  dump_header+0x10b/0x85f
[ 1941.762950][T12328]  oom_kill_process.cold+0x10/0x15
[ 1941.768049][T12328]  out_of_memory+0x358/0x14a0
[ 1941.772716][T12328]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1941.778184][T12328]  ? __mod_timer+0x83c/0xe30
[ 1941.782799][T12328]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1941.788272][T12328]  ? lock_acquire+0x4fc/0x630
[ 1941.792951][T12328]  ? oom_killer_disable+0x270/0x270
[ 1941.798155][T12328]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1941.803623][T12328]  ? lock_release+0x5cb/0x810
[ 1941.808300][T12328]  ? rcu_read_unlock+0x9/0x60
[ 1941.812978][T12328]  ? lock_downgrade+0x6e0/0x6e0
[ 1941.817830][T12328]  mem_cgroup_out_of_memory+0x206/0x270
[ 1941.823382][T12328]  ? mem_cgroup_margin+0x130/0x130
[ 1941.828498][T12328]  ? lock_downgrade+0x6e0/0x6e0
[ 1941.833357][T12328]  try_charge_memcg+0xef8/0x12f0
[ 1941.838302][T12328]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1941.844287][T12328]  ? lock_acquire+0x4fc/0x630
[ 1941.848962][T12328]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1941.854687][T12328]  ? lock_downgrade+0x6e0/0x6e0
[ 1941.859536][T12328]  ? lock_release+0x5cb/0x810
[ 1941.864216][T12328]  ? obj_cgroup_charge+0x244/0x5e0
[ 1941.869331][T12328]  ? lock_downgrade+0x6e0/0x6e0
[ 1941.874180][T12328]  ? lock_release+0x5cb/0x810
[ 1941.878859][T12328]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1941.884332][T12328]  ? rcu_read_unlock+0x9/0x60
[ 1941.889017][T12328]  obj_cgroup_charge+0x2ab/0x5e0
[ 1941.893968][T12328]  kmem_cache_alloc_node+0xa1/0x400
[ 1941.899174][T12328]  ? copy_process+0x5c2/0x7190
[ 1941.903942][T12328]  copy_process+0x5c2/0x7190
[ 1941.908532][T12328]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1941.914003][T12328]  ? lock_acquire+0x4fc/0x630
[ 1941.918679][T12328]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1941.924143][T12328]  ? lock_release+0x5cb/0x810
[ 1941.928815][T12328]  ? lock_release+0x5cb/0x810
[ 1941.933490][T12328]  ? folio_add_lru+0x341/0x680
[ 1941.938250][T12328]  ? lock_downgrade+0x6e0/0x6e0
[ 1941.943097][T12328]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1941.948572][T12328]  ? __cleanup_sighand+0xb0/0xb0
[ 1941.953515][T12328]  ? folio_add_lru+0x377/0x680
[ 1941.958281][T12328]  ? do_raw_spin_unlock+0x171/0x230
[ 1941.963480][T12328]  kernel_clone+0xe7/0x980
[ 1941.967898][T12328]  ? lock_acquire+0x4fc/0x630
[ 1941.972573][T12328]  ? create_io_thread+0xe0/0xe0
[ 1941.977424][T12328]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1941.982890][T12328]  ? lock_acquire+0x4fc/0x630
[ 1941.987568][T12328]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1941.993033][T12328]  ? lock_release+0x5cb/0x810
[ 1941.997715][T12328]  ? __ct_user_exit+0xff/0x150
[ 1942.002479][T12328]  ? lock_downgrade+0x6e0/0x6e0
[ 1942.007331][T12328]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 1942.012886][T12328]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 1942.018788][T12328]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1942.024679][T12328]  ? trace_hardirqs_on+0x2d/0x160
[ 1942.029702][T12328]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1942.035593][T12328]  do_int80_syscall_32+0x46/0x90
[ 1942.040536][T12328]  entry_INT80_compat+0x8b/0x90
[ 1942.045396][T12328] RIP: 0023:0xf6e5ba74
[ 1942.049458][T12328] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 1942.069065][T12328] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 1942.077475][T12328] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f2b7a4
[ 1942.085443][T12328] RDX: 00000000f7f2bba8 RSI: 00000000f74afa7c RDI: 00000000f7f2bba8
[ 1942.093410][T12328] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 1942.101379][T12328] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1942.109346][T12328] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1942.117318][T12328]  </TASK>
[ 1942.296727][T12328] memory: usage 307200kB, limit 307200kB, failcnt 40363
[ 1942.337236][T12328] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1942.370355][T12328] Memory cgroup stats for /syz2:
[ 1942.370511][T12328] anon 106496
[ 1942.370511][T12328] file 266240
[ 1942.370511][T12328] kernel 314200064
[ 1942.370511][T12328] kernel_stack 65536
[ 1942.370511][T12328] pagetables 69632
[ 1942.370511][T12328] sec_pagetables 0
[ 1942.370511][T12328] percpu 5359968
[ 1942.370511][T12328] sock 0
[ 1942.370511][T12328] vmalloc 8192
[ 1942.370511][T12328] shmem 266240
[ 1942.370511][T12328] zswap 0
[ 1942.370511][T12328] zswapped 0
[ 1942.370511][T12328] file_mapped 266240
[ 1942.370511][T12328] file_dirty 0
[ 1942.370511][T12328] file_writeback 0
[ 1942.370511][T12328] swapcached 0
[ 1942.370511][T12328] anon_thp 0
[ 1942.370511][T12328] file_thp 0
17:37:01 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x0, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1942.370511][T12328] shmem_thp 0
[ 1942.370511][T12328] inactive_anon 106496
[ 1942.370511][T12328] active_anon 266240
[ 1942.370511][T12328] inactive_file 0
[ 1942.370511][T12328] active_file 0
[ 1942.370511][T12328] unevictable 0
[ 1942.370511][T12328] slab_reclaimable 10296
[ 1942.370511][T12328] slab_unreclaimable 308662792
[ 1942.534492][T12328] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12328,uid=0
17:37:01 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1942.706621][T12328] Memory cgroup out of memory: Killed process 12328 (syz-executor.2) total-vm:54496kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000
17:37:01 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0)={0x0, 0x5}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100))
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x8, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r1, r4, &(0x7f0000000080)=@IORING_OP_WRITE={0x17, 0x10, 0x2000, @fd_index, 0x8001, &(0x7f0000000340)="915def8ae096428ca187de4b064163f620d12264659548fb6c60b008808c5807a2c33a29e7100d29f5ac29a709ef129f2d4dc09f895feb5f93d5135f782ea5dc81df577fdcf4eca41e8114ed6669ba9fbf93cd9ef0dfb9538db6ba7debfe695e487c8a82e0a9b42246eda29061408df595c909c347047c281cbafa30b3f5ba06cfdcbf04c8d29e4aab5e2eb04409096384692419be341c5ea4051fdf48a7d2a16501addd10989aaac3a354e8809bd2bbb1b92e104577ffdd20ae6f342fb65b9ee380039e42ddf1c309a1649b9851a635f80c3f04ed56685e67d01cd9f4f1630c1c6bdefdccb91da34e137bb2c0ab2fde4c99f55536ff40f9d62f2d1624b79f64b3471a060c8c2045f0499b67006cb4518ce91ac31813b7df517fe14d84c1a05935a70b6d1dba3b170ee0144803d6e02660bffb824bdf87d99bda480fdd388c76c33c65aa784a2ab42085a5d41c9d62ea8b6dbde44bfff49a035d23c92a5d02bbff9ff62c19b3b78c3139b86f20798fae70b28c47ed23a0af8828d335b80d3a1c654b60a11bf1d3c1da1709079b66915608fc933d0be7f96e00a73b6bf4c3ec0eca67d5a79f39eacffa5b0e6a668c77f58b3da458beca4338d760f3eba734e9c917d941d6886d4f1afd43b03d8e06feef8affab0977e74af4e2464495ad3496a3f8cb9b6487d0b604b929a13c48e9b414218a91c63c71657f861df0d862fbbba44b60e35e79a7948a51d5daee689a851ad41a270565fe4c2c5d7cc521336d68d757923b3179e3a619625f432c4b1d60336173e9b1f6e3bb1207b361d86960365c31f85919a37930e22fb0fefde58f068eec5ef9f84c462fb26df7c0e8bd07d2f3477bf79d7a8e8c9621e1a9290b8d53238d21045bc262ae24ece24138fc78803172aadc7458fb4c965cb2d0dd25cbad686925ebea0006516797ed77813640421335607b6f31f88c17f01495a2d5ae62aca29805c686598c7885b4d8fa69cfeac07115bf840173ed8a2679f0542b34297e92209d88da05966cd4f8746432490dcdcc490474db1532f65310f7899eb6981a0d1ce45998a42e5b0ad908e9e31a8b1915ce67a15fd61b2922db06707334b76d5d7a7029d57985b538c10909a5c439699ad8b869e256c155cdc2185d73d9a360e397972888e1410ee97e38371eae2a7d9e4070b66a1487092683662184993e82f5274e9018e37206115cc622b584f3bad6066405846d8b1ffc095ec05471595fdd613e0fb1316ddd15022f2eebabe688ca988f2116fe7abd04012b440fdc9ee1f16d2c2753dfd4e870a5c1ad15b24170a4cfd063352bba72ed3cc2931f982acd80f244c76f2692907513debfffd76a624b99c51e7a3ee5beb13e24f873f87d5a73fe5dada7a12376b2f9afa96266518fcaf3c2b87aadc77084dd000fcac49f16ca6087105cd484329e8e7ceb4d8bc56381e2c38492837329b618436e765a0f1656b926266ca30ff28916c7ada55dfece469e50f997259383f9e9fe9810a3b4c36846e130512d4aa49c1258c592097d9b2b7efb1ff93fe6fb378aba8021d2c24c073007ad28d0930e26165bc81d403d8ae3d985c737ac6ec4dbeb4b2fbd3b9ec8d4fd0bc904d199e99cc12a912ebc48b1f21993b7f2584bd03c582f7b4c4bde48fcb44a8605d110827166da95a44538d0d94b86d0a083c103986ea3a73c1c402dcf9ec71caa64dd2869ad247f9bf28c71487790bf56fbbcb4721e3dea4c52fbf7834ff487812962d2a1f2762071f32af0054f72b5a8f437802883d6d4740fcebab5b6ddc2becb155e5efb5f36500dd8d57645cfb808e8eb75473330519aaf3768fb87a94add1ffbf8de8f13ac3e601b812c163e2799592d356c7a6bf3e1cedc90eee4262bfe2d91677b6d4d31e11e71810d6dbabd4683239eb4939cf67b2a238ab710d894c3289af0d440749e9bacebd71a6ed1678443fab6e92c87cefdd5ad9a0553025b40bd62a785e5f5f0f4f6a439a08d67ee1fc62766acb41e9d6bd11d2c4889421b993466344e748f4d2976c97d896d6bb59a8cda3605d7885e2ee3c82ef727db9fb3138ad2605e91582b30d6173333a44c8a3584d931c86e79f1f5516ad3868742f1c3d8d2b7a24d299633dac59013710a85fbe767d3cc3685fc10d51b5d3277c6947cdca825ea31ec86b580738a851a12ed783e029b208f7ecf7bda59c8ba0d3edf9b79618926f2302905128301c0a62389c3ddad36028887a5bcbb8e8089c3e6c9bdd0e02f1b23cd59335ea683b09ca0d9c69e15457c7c18f581343be1947d1792cab5c12d307fe982418da56d7b956b173652510918afeaf9abc3429140943d0b933683ccb0d92c2cfba3f438554d9a80d4405b90837d0594a8b90d8082bdb81b6a6ac379047ab0a7e86d49ab44a83b5b802f9ebf09f5b120ebc2d0ad911a93862d9a004d60a0a69e6c6dab087dee134c22d766beac8e4e94caf8aa153ffca81d231f219a5c599d3639a64383673e7a9a3c94142ae61d9975757bd67ada9976dc967d58cead61dbcb35e1ae66e402174a56807417c8916e08c7e24f1151a2c477cba1a7b0c0a02a715bed23d1597a633a9c4feb7fc6103f8224fc96d2f648274cec957ea0ad22f97ad0acc1def33e6bda013df86405ef97dd28ee135d61735a6cee24fd10a4b3cd25ce56aa81b14d86ff7e40fcf45e821a99b9aa892d16c5738b132e30e01cc5ed4b142def58cf682e9739c8a2fd37a3bbfb088c91d85f814cc8113bbcc8deb45f24052ac77a3b40033b3f091e5715fbf6dbca72245a83d86b64f57004de34a7905e0cc3dd3f7ff89ed780e4842dd42f9d7b4c0672ff0ad82fd0aec95c4bb39c8244380499387c2d1c6e448acbd6b8fac56f5366efccc582d8ae0070e289ba3446103ef20543e5903303b6cd8330560c90be9463d8d54283b62ad428e1d3a821bd9ededf1682b69e2cf9fca4d3701e399120c2c5c0aa589b6b27126e068dccefa6725dea8da94301ce223353694bd6331f0a50eb09f355b9d2e8b6a962e395f2764c5d9b7898777361d3aaf0bf1e9f23824800271f658ef02d2178dfc922e78eac1fab3cab4ad3394e3668c0653368a36aaa06a3ad781bb532eb6719f7be2105fdee59af104274ff5a126627813845f7aae058410b5bf852d2cef100364fd7ff7d376870df9fefeff0a2b6467a1c8e1ea03c214f551ed4bd03310d03b13507015b991e403fc84ca55903110959dfc9b9302bfe45841cf5354987d80803cf5069a1addc9d11347501dd58de9f2fec7f6b5531d30ea0965e7816619db71ae4d0fcaafc2c3f6b56c455d0d8013ae78d61f6b5889789f4567f5ebb4f181d3e2fcabc6fcbc7064927e9d235a7bb2799edaa66641bee34646842b9dd64a08c2217adb2fe55ebfe52eef56d0328692bc12b7403fa3e2fadadca3b3beb2c7452a07fbeca94de3524f878dff22aca71645e8f332611d11c410fa292fa863acce7601255621e3a56c782a0b687903328607dfdadb8e225dd6d0c71b6cf6b4936643825eb121c783702c2bca87e52500eedf594d2f19836e1f29ef665637a03d0e72797e17b6ab56911a7248703543cfab001e8d9c2fd6325b0199e4a986d6b3fcdd1389429dd3655c6c0bf5cf9708890f75f19ca46446c2001f7950ce065d3c9e37d639410c961f5b04e208efc4f964522e4ef136e78f7039f3f762ff3257ea15e869a29e43bee8c30c171849ccd00dae3f3f72a8f2bc331b7d20faac18136179eb05322f076a30ef3784af876bc943124bc78233d7092b9c4d49572ac97d8514afe694d32a1d91d463063686735e7d147c2bfb950ea56a4f6ce50134a193d3977f12b7fd9986ebba9ea52a4611db98e36333745756c6e2660bbd75a897047dd8b4313ef240540c1550683e517a3163af582d8486e5b1da0566851add6a0ca2fd710dc227e1144738d3c712fb39ae3c4361a8f3a4c2571591689c3dab9eebc56f26e22eed6b1571336f28e9ea4aad492c006162f3f0935776121b8122fc86289c6473619477eaddd00a1e784fc821c1a43ff0c82354cebb04ace22dd922e5d9af757ebf06f08963842678c1c88f73787fb3d4f535a103a33114db7a6cd24a508deb34461cb3d086043eb4810881a60d5478a30be772249b1af89d6c30ed75a4b4c088d75ce399cd2251a98ea4285991338d7606002ba3962129cb0c224b74e0510778c7c281cb25ced1eb72348f2d564d2659b91e4f587a220122d0c82c5be46b04de0ea44ca586d794eb1445db2d9729fb7b816ea6234ee6f2041bfd0441868da7541a2dd4c914198ce4744d7a0112e8e674303334f2d858230cf6bb5ee66cb254870f259877c39dbb6404b6aed171cd4f01cdbd1fc8ec41fa7a85d0aeee138cae5f2294cb841383a1eca37647fd64f7e5a1928b17e5f9f7bf6064affff530341dae188edebb5fc586f552531cf290e9ce030aeeed32d4651e1b22489f336045934d27831916600f4d1a9b01655b49d67f77d8aa5375d0958d8f728765ce34353ab1f4088d918f9ffcf18d312a51d7d2f3b1cfcedc53c3b129c4a8c10c027f799d301459cf047692483204d8f249132f807a11ba7eb4d692ffcc979a47f0a731525878b0787047a1b6b0aa3c916f7e20229711d5ad7841c410fc05ddc360424710804ebb8c4807a1ed288a9f4b815602a9a2e918d33f18710e9e2925d14d98920bae71d9ca20bd770d5d430896f7d9dfe5d8ee55ec8aedcf4b310cabcb1cba360e7e041e011bee4caa28dc0012028d7bba22e60846a5898a08bcba1d72eafae605b7d9839f6f1eddbec25bae4e2c4891dd1152ead5e44cb851b490f14ee261c7cbfce076045e66339df7f57cf5d86f60a706411826708c722ade3d87978df7be49e10c50852155daa3f5cf3ab927627425f2e548c738962c822acab02703f14d41b2c8b0484fe7fa39eb8d38447482335e9275c55d72459b7db29ed71352c6fe53c696d58b04c9054770d5193045451fe45e4ffae5039b304f22e197b246143eb909f3f57f7aaa937daf903e3764a3dfbd16907a6f1269216ce94ad6042bd25d7b71657ad3f90dfa6c70d2b843379abeebb4ccb1323442ce99ee257f547b52debde47d3b0b635282ba5f86e7d96236a5a19fecaa414ff2d040c615d041988034cfc450bad15abf167e8d0a341e95d3e16a45eb1e7667b741dab58dba84bade9d28ec36fb52a972082c667b4fd2c0afb0c999a9f03ef09060be23d8a45b09651dcfd99b1cac4a043e5ede4475850c85ed6fdc6c24368f29054b18a5bf3ff96b80224e71b40416fe2d21e48de7b2b7edcf405c91a5f32cb4f6055c341c7ba4ca257086158edbbd7182b608c404326d2946762c70ea5b6baa4694ba083ad7648a7fd1d856cd8c64a39831dc541bf98a1917e078d8d059433bc4581670ac30a6ee310fd1705f8ed5b4a15371b23d1f274b62d79d2be42fba9c0dc6f40b2aa8ea68ed176475452179d6097f441ab6ded2ab8575cfba1aa34d37737ec03d5a581ba95735f04b68e248f1e008db556161979b39d7a8ed33f9f9dbbdb497b2eb71a727df8fdc1fb53f33eec49f2dbe24b25e9ab466073223764078cd493902365c8cf6be2ecda7ab1c2d3d4a898a33eaa6d8751f30b5e1e1b225c41cfb18fbc7607ff29b9549500b83555ce7d7a6b6f3eb889b48917529579850df5fe1b2d5ccca147fb9bc30c2a5f4696052fe0ac929f4db15712bc1ae4bff683fac50e3905b923a1b6337828cf61ba1465e4c53f4c16249e8b062b7211df6229125b2fc8c7b1ffad76acaa9391110313d75afd", 0x1000, 0x4, 0x1}, 0xf21)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:01 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xdec, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:01 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x21a6)

[ 1943.047447][T12347] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1943.068866][T12347] CPU: 1 PID: 12347 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1943.079328][T12347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1943.089380][T12347] Call Trace:
[ 1943.092645][T12347]  <TASK>
[ 1943.095575][T12347]  dump_stack_lvl+0xcd/0x134
[ 1943.100190][T12347]  dump_header+0x10b/0x85f
[ 1943.104610][T12347]  oom_kill_process.cold+0x10/0x15
[ 1943.109737][T12347]  out_of_memory+0x358/0x14a0
[ 1943.114408][T12347]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1943.119885][T12347]  ? __mod_timer+0x83c/0xe30
[ 1943.124473][T12347]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1943.129954][T12347]  ? lock_acquire+0x4fc/0x630
[ 1943.134631][T12347]  ? oom_killer_disable+0x270/0x270
[ 1943.139841][T12347]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1943.145302][T12347]  ? lock_release+0x5cb/0x810
[ 1943.149982][T12347]  ? rcu_read_unlock+0x9/0x60
[ 1943.154653][T12347]  ? lock_downgrade+0x6e0/0x6e0
[ 1943.159514][T12347]  mem_cgroup_out_of_memory+0x206/0x270
[ 1943.165069][T12347]  ? mem_cgroup_margin+0x130/0x130
[ 1943.170194][T12347]  ? lock_downgrade+0x6e0/0x6e0
[ 1943.175054][T12347]  try_charge_memcg+0xef8/0x12f0
[ 1943.180010][T12347]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1943.185990][T12347]  ? lock_acquire+0x4fc/0x630
[ 1943.190656][T12347]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1943.196372][T12347]  ? lock_downgrade+0x6e0/0x6e0
[ 1943.201214][T12347]  ? lock_release+0x5cb/0x810
[ 1943.205883][T12347]  ? obj_cgroup_charge+0x244/0x5e0
[ 1943.210994][T12347]  ? lock_downgrade+0x6e0/0x6e0
[ 1943.215835][T12347]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1943.221294][T12347]  obj_cgroup_charge+0x2ab/0x5e0
[ 1943.226234][T12347]  kmem_cache_alloc_lru+0x13d/0x730
[ 1943.231425][T12347]  ? sock_alloc_inode+0x23/0x1d0
[ 1943.236357][T12347]  sock_alloc_inode+0x23/0x1d0
[ 1943.241112][T12347]  ? sock_free_inode+0x20/0x20
[ 1943.245867][T12347]  alloc_inode+0x61/0x230
[ 1943.250192][T12347]  new_inode_pseudo+0x13/0x80
[ 1943.254873][T12347]  sock_alloc+0x3c/0x260
[ 1943.259127][T12347]  __sock_create+0xb9/0x790
[ 1943.263625][T12347]  ? lock_downgrade+0x6e0/0x6e0
[ 1943.268475][T12347]  __sys_socket+0x12f/0x240
[ 1943.273068][T12347]  ? __sys_socket_file+0x1f0/0x1f0
[ 1943.278194][T12347]  ? vtime_user_exit+0x218/0x6c0
[ 1943.283143][T12347]  __ia32_sys_socket+0x6f/0xb0
[ 1943.287924][T12347]  ? syscall_enter_from_user_mode_prepare+0x19/0x80
[ 1943.294513][T12347]  __do_fast_syscall_32+0x65/0xf0
[ 1943.299560][T12347]  do_fast_syscall_32+0x2f/0x70
[ 1943.304409][T12347]  entry_SYSENTER_compat_after_hwframe+0x70/0x82
[ 1943.310760][T12347] RIP: 0023:0xf7f51549
[ 1943.314825][T12347] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1943.334447][T12347] RSP: 002b:00000000f7f4c5cc EFLAGS: 00000296 ORIG_RAX: 0000000000000167
[ 1943.342871][T12347] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000000003
[ 1943.350836][T12347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1943.358800][T12347] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1943.366798][T12347] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1943.374761][T12347] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1943.382738][T12347]  </TASK>
17:37:02 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:02 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x21a5)

17:37:02 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1943.597691][T12347] memory: usage 307196kB, limit 307200kB, failcnt 40486
[ 1943.761122][T12347] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1943.769676][T12347] Memory cgroup stats for /syz2:
[ 1943.769848][T12347] anon 106496
[ 1943.769848][T12347] file 266240
[ 1943.769848][T12347] kernel 314200064
[ 1943.769848][T12347] kernel_stack 65536
[ 1943.769848][T12347] pagetables 69632
[ 1943.769848][T12347] sec_pagetables 0
[ 1943.769848][T12347] percpu 5359968
[ 1943.769848][T12347] sock 0
[ 1943.769848][T12347] vmalloc 8192
[ 1943.769848][T12347] shmem 266240
[ 1943.769848][T12347] zswap 0
[ 1943.769848][T12347] zswapped 0
[ 1943.769848][T12347] file_mapped 266240
[ 1943.769848][T12347] file_dirty 0
[ 1943.769848][T12347] file_writeback 0
[ 1943.769848][T12347] swapcached 0
[ 1943.769848][T12347] anon_thp 0
[ 1943.769848][T12347] file_thp 0
[ 1943.769848][T12347] shmem_thp 0
[ 1943.769848][T12347] inactive_anon 102400
[ 1943.769848][T12347] active_anon 266240
[ 1943.769848][T12347] inactive_file 0
[ 1943.769848][T12347] active_file 0
[ 1943.769848][T12347] unevictable 0
[ 1943.769848][T12347] slab_reclaimable 10296
[ 1943.769848][T12347] slab_unreclaimable 308662792
[ 1943.885893][T12347] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12346,uid=0
[ 1943.968674][T12347] Memory cgroup out of memory: Killed process 12346 (syz-executor.2) total-vm:54496kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000
17:37:02 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xdf0, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:02 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:03 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0)={0x0, 0x5}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100))
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x8, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r1, r4, &(0x7f0000000080)=@IORING_OP_WRITE={0x17, 0x10, 0x2000, @fd_index, 0x8001, &(0x7f0000000340)="915def8ae096428ca187de4b064163f620d12264659548fb6c60b008808c5807a2c33a29e7100d29f5ac29a709ef129f2d4dc09f895feb5f93d5135f782ea5dc81df577fdcf4eca41e8114ed6669ba9fbf93cd9ef0dfb9538db6ba7debfe695e487c8a82e0a9b42246eda29061408df595c909c347047c281cbafa30b3f5ba06cfdcbf04c8d29e4aab5e2eb04409096384692419be341c5ea4051fdf48a7d2a16501addd10989aaac3a354e8809bd2bbb1b92e104577ffdd20ae6f342fb65b9ee380039e42ddf1c309a1649b9851a635f80c3f04ed56685e67d01cd9f4f1630c1c6bdefdccb91da34e137bb2c0ab2fde4c99f55536ff40f9d62f2d1624b79f64b3471a060c8c2045f0499b67006cb4518ce91ac31813b7df517fe14d84c1a05935a70b6d1dba3b170ee0144803d6e02660bffb824bdf87d99bda480fdd388c76c33c65aa784a2ab42085a5d41c9d62ea8b6dbde44bfff49a035d23c92a5d02bbff9ff62c19b3b78c3139b86f20798fae70b28c47ed23a0af8828d335b80d3a1c654b60a11bf1d3c1da1709079b66915608fc933d0be7f96e00a73b6bf4c3ec0eca67d5a79f39eacffa5b0e6a668c77f58b3da458beca4338d760f3eba734e9c917d941d6886d4f1afd43b03d8e06feef8affab0977e74af4e2464495ad3496a3f8cb9b6487d0b604b929a13c48e9b414218a91c63c71657f861df0d862fbbba44b60e35e79a7948a51d5daee689a851ad41a270565fe4c2c5d7cc521336d68d757923b3179e3a619625f432c4b1d60336173e9b1f6e3bb1207b361d86960365c31f85919a37930e22fb0fefde58f068eec5ef9f84c462fb26df7c0e8bd07d2f3477bf79d7a8e8c9621e1a9290b8d53238d21045bc262ae24ece24138fc78803172aadc7458fb4c965cb2d0dd25cbad686925ebea0006516797ed77813640421335607b6f31f88c17f01495a2d5ae62aca29805c686598c7885b4d8fa69cfeac07115bf840173ed8a2679f0542b34297e92209d88da05966cd4f8746432490dcdcc490474db1532f65310f7899eb6981a0d1ce45998a42e5b0ad908e9e31a8b1915ce67a15fd61b2922db06707334b76d5d7a7029d57985b538c10909a5c439699ad8b869e256c155cdc2185d73d9a360e397972888e1410ee97e38371eae2a7d9e4070b66a1487092683662184993e82f5274e9018e37206115cc622b584f3bad6066405846d8b1ffc095ec05471595fdd613e0fb1316ddd15022f2eebabe688ca988f2116fe7abd04012b440fdc9ee1f16d2c2753dfd4e870a5c1ad15b24170a4cfd063352bba72ed3cc2931f982acd80f244c76f2692907513debfffd76a624b99c51e7a3ee5beb13e24f873f87d5a73fe5dada7a12376b2f9afa96266518fcaf3c2b87aadc77084dd000fcac49f16ca6087105cd484329e8e7ceb4d8bc56381e2c38492837329b618436e765a0f1656b926266ca30ff28916c7ada55dfece469e50f997259383f9e9fe9810a3b4c36846e130512d4aa49c1258c592097d9b2b7efb1ff93fe6fb378aba8021d2c24c073007ad28d0930e26165bc81d403d8ae3d985c737ac6ec4dbeb4b2fbd3b9ec8d4fd0bc904d199e99cc12a912ebc48b1f21993b7f2584bd03c582f7b4c4bde48fcb44a8605d110827166da95a44538d0d94b86d0a083c103986ea3a73c1c402dcf9ec71caa64dd2869ad247f9bf28c71487790bf56fbbcb4721e3dea4c52fbf7834ff487812962d2a1f2762071f32af0054f72b5a8f437802883d6d4740fcebab5b6ddc2becb155e5efb5f36500dd8d57645cfb808e8eb75473330519aaf3768fb87a94add1ffbf8de8f13ac3e601b812c163e2799592d356c7a6bf3e1cedc90eee4262bfe2d91677b6d4d31e11e71810d6dbabd4683239eb4939cf67b2a238ab710d894c3289af0d440749e9bacebd71a6ed1678443fab6e92c87cefdd5ad9a0553025b40bd62a785e5f5f0f4f6a439a08d67ee1fc62766acb41e9d6bd11d2c4889421b993466344e748f4d2976c97d896d6bb59a8cda3605d7885e2ee3c82ef727db9fb3138ad2605e91582b30d6173333a44c8a3584d931c86e79f1f5516ad3868742f1c3d8d2b7a24d299633dac59013710a85fbe767d3cc3685fc10d51b5d3277c6947cdca825ea31ec86b580738a851a12ed783e029b208f7ecf7bda59c8ba0d3edf9b79618926f2302905128301c0a62389c3ddad36028887a5bcbb8e8089c3e6c9bdd0e02f1b23cd59335ea683b09ca0d9c69e15457c7c18f581343be1947d1792cab5c12d307fe982418da56d7b956b173652510918afeaf9abc3429140943d0b933683ccb0d92c2cfba3f438554d9a80d4405b90837d0594a8b90d8082bdb81b6a6ac379047ab0a7e86d49ab44a83b5b802f9ebf09f5b120ebc2d0ad911a93862d9a004d60a0a69e6c6dab087dee134c22d766beac8e4e94caf8aa153ffca81d231f219a5c599d3639a64383673e7a9a3c94142ae61d9975757bd67ada9976dc967d58cead61dbcb35e1ae66e402174a56807417c8916e08c7e24f1151a2c477cba1a7b0c0a02a715bed23d1597a633a9c4feb7fc6103f8224fc96d2f648274cec957ea0ad22f97ad0acc1def33e6bda013df86405ef97dd28ee135d61735a6cee24fd10a4b3cd25ce56aa81b14d86ff7e40fcf45e821a99b9aa892d16c5738b132e30e01cc5ed4b142def58cf682e9739c8a2fd37a3bbfb088c91d85f814cc8113bbcc8deb45f24052ac77a3b40033b3f091e5715fbf6dbca72245a83d86b64f57004de34a7905e0cc3dd3f7ff89ed780e4842dd42f9d7b4c0672ff0ad82fd0aec95c4bb39c8244380499387c2d1c6e448acbd6b8fac56f5366efccc582d8ae0070e289ba3446103ef20543e5903303b6cd8330560c90be9463d8d54283b62ad428e1d3a821bd9ededf1682b69e2cf9fca4d3701e399120c2c5c0aa589b6b27126e068dccefa6725dea8da94301ce223353694bd6331f0a50eb09f355b9d2e8b6a962e395f2764c5d9b7898777361d3aaf0bf1e9f23824800271f658ef02d2178dfc922e78eac1fab3cab4ad3394e3668c0653368a36aaa06a3ad781bb532eb6719f7be2105fdee59af104274ff5a126627813845f7aae058410b5bf852d2cef100364fd7ff7d376870df9fefeff0a2b6467a1c8e1ea03c214f551ed4bd03310d03b13507015b991e403fc84ca55903110959dfc9b9302bfe45841cf5354987d80803cf5069a1addc9d11347501dd58de9f2fec7f6b5531d30ea0965e7816619db71ae4d0fcaafc2c3f6b56c455d0d8013ae78d61f6b5889789f4567f5ebb4f181d3e2fcabc6fcbc7064927e9d235a7bb2799edaa66641bee34646842b9dd64a08c2217adb2fe55ebfe52eef56d0328692bc12b7403fa3e2fadadca3b3beb2c7452a07fbeca94de3524f878dff22aca71645e8f332611d11c410fa292fa863acce7601255621e3a56c782a0b687903328607dfdadb8e225dd6d0c71b6cf6b4936643825eb121c783702c2bca87e52500eedf594d2f19836e1f29ef665637a03d0e72797e17b6ab56911a7248703543cfab001e8d9c2fd6325b0199e4a986d6b3fcdd1389429dd3655c6c0bf5cf9708890f75f19ca46446c2001f7950ce065d3c9e37d639410c961f5b04e208efc4f964522e4ef136e78f7039f3f762ff3257ea15e869a29e43bee8c30c171849ccd00dae3f3f72a8f2bc331b7d20faac18136179eb05322f076a30ef3784af876bc943124bc78233d7092b9c4d49572ac97d8514afe694d32a1d91d463063686735e7d147c2bfb950ea56a4f6ce50134a193d3977f12b7fd9986ebba9ea52a4611db98e36333745756c6e2660bbd75a897047dd8b4313ef240540c1550683e517a3163af582d8486e5b1da0566851add6a0ca2fd710dc227e1144738d3c712fb39ae3c4361a8f3a4c2571591689c3dab9eebc56f26e22eed6b1571336f28e9ea4aad492c006162f3f0935776121b8122fc86289c6473619477eaddd00a1e784fc821c1a43ff0c82354cebb04ace22dd922e5d9af757ebf06f08963842678c1c88f73787fb3d4f535a103a33114db7a6cd24a508deb34461cb3d086043eb4810881a60d5478a30be772249b1af89d6c30ed75a4b4c088d75ce399cd2251a98ea4285991338d7606002ba3962129cb0c224b74e0510778c7c281cb25ced1eb72348f2d564d2659b91e4f587a220122d0c82c5be46b04de0ea44ca586d794eb1445db2d9729fb7b816ea6234ee6f2041bfd0441868da7541a2dd4c914198ce4744d7a0112e8e674303334f2d858230cf6bb5ee66cb254870f259877c39dbb6404b6aed171cd4f01cdbd1fc8ec41fa7a85d0aeee138cae5f2294cb841383a1eca37647fd64f7e5a1928b17e5f9f7bf6064affff530341dae188edebb5fc586f552531cf290e9ce030aeeed32d4651e1b22489f336045934d27831916600f4d1a9b01655b49d67f77d8aa5375d0958d8f728765ce34353ab1f4088d918f9ffcf18d312a51d7d2f3b1cfcedc53c3b129c4a8c10c027f799d301459cf047692483204d8f249132f807a11ba7eb4d692ffcc979a47f0a731525878b0787047a1b6b0aa3c916f7e20229711d5ad7841c410fc05ddc360424710804ebb8c4807a1ed288a9f4b815602a9a2e918d33f18710e9e2925d14d98920bae71d9ca20bd770d5d430896f7d9dfe5d8ee55ec8aedcf4b310cabcb1cba360e7e041e011bee4caa28dc0012028d7bba22e60846a5898a08bcba1d72eafae605b7d9839f6f1eddbec25bae4e2c4891dd1152ead5e44cb851b490f14ee261c7cbfce076045e66339df7f57cf5d86f60a706411826708c722ade3d87978df7be49e10c50852155daa3f5cf3ab927627425f2e548c738962c822acab02703f14d41b2c8b0484fe7fa39eb8d38447482335e9275c55d72459b7db29ed71352c6fe53c696d58b04c9054770d5193045451fe45e4ffae5039b304f22e197b246143eb909f3f57f7aaa937daf903e3764a3dfbd16907a6f1269216ce94ad6042bd25d7b71657ad3f90dfa6c70d2b843379abeebb4ccb1323442ce99ee257f547b52debde47d3b0b635282ba5f86e7d96236a5a19fecaa414ff2d040c615d041988034cfc450bad15abf167e8d0a341e95d3e16a45eb1e7667b741dab58dba84bade9d28ec36fb52a972082c667b4fd2c0afb0c999a9f03ef09060be23d8a45b09651dcfd99b1cac4a043e5ede4475850c85ed6fdc6c24368f29054b18a5bf3ff96b80224e71b40416fe2d21e48de7b2b7edcf405c91a5f32cb4f6055c341c7ba4ca257086158edbbd7182b608c404326d2946762c70ea5b6baa4694ba083ad7648a7fd1d856cd8c64a39831dc541bf98a1917e078d8d059433bc4581670ac30a6ee310fd1705f8ed5b4a15371b23d1f274b62d79d2be42fba9c0dc6f40b2aa8ea68ed176475452179d6097f441ab6ded2ab8575cfba1aa34d37737ec03d5a581ba95735f04b68e248f1e008db556161979b39d7a8ed33f9f9dbbdb497b2eb71a727df8fdc1fb53f33eec49f2dbe24b25e9ab466073223764078cd493902365c8cf6be2ecda7ab1c2d3d4a898a33eaa6d8751f30b5e1e1b225c41cfb18fbc7607ff29b9549500b83555ce7d7a6b6f3eb889b48917529579850df5fe1b2d5ccca147fb9bc30c2a5f4696052fe0ac929f4db15712bc1ae4bff683fac50e3905b923a1b6337828cf61ba1465e4c53f4c16249e8b062b7211df6229125b2fc8c7b1ffad76acaa9391110313d75afd", 0x1000, 0x4, 0x1}, 0xf21)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1944.424257][T12360] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1944.496026][T12360] CPU: 1 PID: 12360 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1944.506472][T12360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1944.516543][T12360] Call Trace:
[ 1944.519820][T12360]  <TASK>
[ 1944.522741][T12360]  dump_stack_lvl+0xcd/0x134
[ 1944.527329][T12360]  dump_header+0x10b/0x85f
[ 1944.531740][T12360]  oom_kill_process.cold+0x10/0x15
[ 1944.536850][T12360]  out_of_memory+0x358/0x14a0
[ 1944.541525][T12360]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1944.546983][T12360]  ? __mod_timer+0x83c/0xe30
[ 1944.551573][T12360]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1944.557036][T12360]  ? lock_acquire+0x4fc/0x630
[ 1944.561706][T12360]  ? oom_killer_disable+0x270/0x270
[ 1944.566905][T12360]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1944.572371][T12360]  ? lock_release+0x5cb/0x810
[ 1944.577051][T12360]  ? rcu_read_unlock+0x9/0x60
[ 1944.581739][T12360]  ? lock_downgrade+0x6e0/0x6e0
[ 1944.586583][T12360]  mem_cgroup_out_of_memory+0x206/0x270
[ 1944.592122][T12360]  ? mem_cgroup_margin+0x130/0x130
[ 1944.597229][T12360]  ? lock_downgrade+0x6e0/0x6e0
[ 1944.602073][T12360]  try_charge_memcg+0xef8/0x12f0
[ 1944.607022][T12360]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1944.612995][T12360]  ? lock_release+0x5cb/0x810
[ 1944.617660][T12360]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1944.623373][T12360]  ? lock_downgrade+0x6e0/0x6e0
[ 1944.628211][T12360]  ? lock_release+0x5cb/0x810
[ 1944.632874][T12360]  ? rcu_read_unlock+0x9/0x60
[ 1944.637545][T12360]  ? lock_downgrade+0x6e0/0x6e0
[ 1944.642403][T12360]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1944.647947][T12360]  __alloc_pages+0x1ef/0x5a0
[ 1944.652524][T12360]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1944.659277][T12360]  ? lock_release+0x5cb/0x810
[ 1944.664316][T12360]  ? psi_task_change+0x1bb/0x2f0
[ 1944.669255][T12360]  alloc_pages+0x1a6/0x270
[ 1944.673668][T12360]  pte_alloc_one+0x16/0x230
[ 1944.678167][T12360]  __pte_alloc+0x69/0x250
[ 1944.682485][T12360]  ? pmd_install+0x150/0x150
[ 1944.687061][T12360]  ? hugepage_vma_check+0x24a/0x830
[ 1944.692254][T12360]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1944.697711][T12360]  __handle_mm_fault+0x3527/0x3a40
[ 1944.702815][T12360]  ? lock_acquire+0x4fc/0x630
[ 1944.707480][T12360]  ? vm_iomap_memory+0x180/0x180
[ 1944.712412][T12360]  handle_mm_fault+0x1c8/0x780
[ 1944.717168][T12360]  do_user_addr_fault+0x475/0x1210
[ 1944.722274][T12360]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1944.727729][T12360]  exc_page_fault+0x94/0x170
[ 1944.732309][T12360]  asm_exc_page_fault+0x22/0x30
[ 1944.737155][T12360] RIP: 0023:0xf6e1cd58
[ 1944.741214][T12360] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1944.760823][T12360] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1944.767356][T12360] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1944.775325][T12360] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1944.783306][T12360] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1944.791270][T12360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1944.799234][T12360] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1944.807205][T12360]  </TASK>
17:37:03 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:03 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1945.045330][T12360] memory: usage 307188kB, limit 307200kB, failcnt 40622
[ 1945.105963][T12360] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1945.152759][T12360] Memory cgroup stats for /syz2:
[ 1945.156827][T12360] anon 98304
[ 1945.156827][T12360] file 266240
[ 1945.156827][T12360] kernel 314195968
[ 1945.156827][T12360] kernel_stack 65536
[ 1945.156827][T12360] pagetables 65536
[ 1945.156827][T12360] sec_pagetables 0
[ 1945.156827][T12360] percpu 5359968
[ 1945.156827][T12360] sock 0
[ 1945.156827][T12360] vmalloc 8192
[ 1945.156827][T12360] shmem 266240
[ 1945.156827][T12360] zswap 0
[ 1945.156827][T12360] zswapped 0
[ 1945.156827][T12360] file_mapped 266240
[ 1945.156827][T12360] file_dirty 0
[ 1945.156827][T12360] file_writeback 0
[ 1945.156827][T12360] swapcached 0
[ 1945.156827][T12360] anon_thp 0
[ 1945.156827][T12360] file_thp 0
[ 1945.156827][T12360] shmem_thp 0
[ 1945.156827][T12360] inactive_anon 98304
[ 1945.156827][T12360] active_anon 266240
[ 1945.156827][T12360] inactive_file 0
[ 1945.156827][T12360] active_file 0
[ 1945.156827][T12360] unevictable 0
[ 1945.156827][T12360] slab_reclaimable 10296
[ 1945.156827][T12360] slab_unreclaimable 308661944
17:37:03 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(0xffffffffffffffff)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:04 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1945.649928][T12360] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12360,uid=0
[ 1945.720453][T12360] Memory cgroup out of memory: Killed process 12360 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:04 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xdf4, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:04 executing program 4:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:04 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(0xffffffffffffffff)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:04 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:04 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(0xffffffffffffffff)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1946.260162][T12380] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=1, oom_score_adj=1000
[ 1946.475631][T12380] CPU: 0 PID: 12380 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1946.486090][T12380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1946.496131][T12380] Call Trace:
[ 1946.499397][T12380]  <TASK>
[ 1946.502324][T12380]  dump_stack_lvl+0xcd/0x134
[ 1946.506910][T12380]  dump_header+0x10b/0x85f
[ 1946.511317][T12380]  oom_kill_process.cold+0x10/0x15
[ 1946.516415][T12380]  out_of_memory+0x358/0x14a0
[ 1946.521086][T12380]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1946.526539][T12380]  ? __mod_timer+0x83c/0xe30
[ 1946.531119][T12380]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1946.536582][T12380]  ? lock_acquire+0x4fc/0x630
[ 1946.541275][T12380]  ? oom_killer_disable+0x270/0x270
[ 1946.546489][T12380]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1946.551957][T12380]  ? lock_release+0x5cb/0x810
[ 1946.556637][T12380]  ? rcu_read_unlock+0x9/0x60
[ 1946.561320][T12380]  ? lock_downgrade+0x6e0/0x6e0
[ 1946.566172][T12380]  mem_cgroup_out_of_memory+0x206/0x270
[ 1946.571720][T12380]  ? mem_cgroup_margin+0x130/0x130
[ 1946.576830][T12380]  ? lock_downgrade+0x6e0/0x6e0
[ 1946.581683][T12380]  try_charge_memcg+0xef8/0x12f0
[ 1946.586638][T12380]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1946.592640][T12380]  ? lock_acquire+0x4fc/0x630
[ 1946.597319][T12380]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1946.603045][T12380]  ? lock_downgrade+0x6e0/0x6e0
[ 1946.607893][T12380]  ? lock_release+0x5cb/0x810
[ 1946.612570][T12380]  ? obj_cgroup_charge+0x244/0x5e0
[ 1946.617687][T12380]  ? lock_downgrade+0x6e0/0x6e0
[ 1946.622535][T12380]  ? lock_release+0x5cb/0x810
[ 1946.627210][T12380]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1946.632677][T12380]  ? rcu_read_unlock+0x9/0x60
[ 1946.637358][T12380]  obj_cgroup_charge+0x2ab/0x5e0
[ 1946.642306][T12380]  kmem_cache_alloc_node+0xa1/0x400
[ 1946.647506][T12380]  ? copy_process+0x5c2/0x7190
[ 1946.652274][T12380]  copy_process+0x5c2/0x7190
[ 1946.656870][T12380]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1946.662337][T12380]  ? lock_acquire+0x4fc/0x630
[ 1946.667014][T12380]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1946.672480][T12380]  ? lock_release+0x5cb/0x810
[ 1946.677154][T12380]  ? lock_release+0x5cb/0x810
[ 1946.681826][T12380]  ? folio_add_lru+0x341/0x680
[ 1946.686586][T12380]  ? lock_downgrade+0x6e0/0x6e0
[ 1946.691436][T12380]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1946.696904][T12380]  ? __cleanup_sighand+0xb0/0xb0
[ 1946.701844][T12380]  ? folio_add_lru+0x377/0x680
[ 1946.706605][T12380]  ? do_raw_spin_unlock+0x171/0x230
[ 1946.711805][T12380]  kernel_clone+0xe7/0x980
[ 1946.716223][T12380]  ? lock_acquire+0x4fc/0x630
[ 1946.720900][T12380]  ? create_io_thread+0xe0/0xe0
[ 1946.725753][T12380]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1946.731220][T12380]  ? lock_acquire+0x4fc/0x630
[ 1946.735893][T12380]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1946.741360][T12380]  ? lock_release+0x5cb/0x810
[ 1946.746034][T12380]  ? __ct_user_exit+0xff/0x150
[ 1946.750810][T12380]  ? lock_downgrade+0x6e0/0x6e0
[ 1946.755681][T12380]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 1946.761254][T12380]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 1946.767178][T12380]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1946.773073][T12380]  ? trace_hardirqs_on+0x2d/0x160
[ 1946.778098][T12380]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1946.783992][T12380]  do_int80_syscall_32+0x46/0x90
[ 1946.788937][T12380]  entry_INT80_compat+0x8b/0x90
[ 1946.793793][T12380] RIP: 0023:0xf6e5ba74
[ 1946.797856][T12380] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 1946.817460][T12380] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
17:37:05 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x0, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1946.825869][T12380] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f2b7a4
[ 1946.833836][T12380] RDX: 00000000f7f2bba8 RSI: 00000000f74afa7c RDI: 00000000f7f2bba8
[ 1946.841803][T12380] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 1946.849769][T12380] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1946.857735][T12380] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1946.865708][T12380]  </TASK>
17:37:05 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x405, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1947.143557][T12391] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1947.173229][T12391] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
17:37:05 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
dup(r4)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1947.246695][T12392] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
17:37:05 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1947.422245][T12380] memory: usage 307200kB, limit 307200kB, failcnt 40724
[ 1947.500359][T12380] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1947.522604][T12391] bridge231: port 1(vlan92) entered blocking state
[ 1947.541999][T12380] Memory cgroup stats for /syz2:
[ 1947.542186][T12380] anon 106496
[ 1947.542186][T12380] file 266240
[ 1947.542186][T12380] kernel 314200064
[ 1947.542186][T12380] kernel_stack 65536
[ 1947.542186][T12380] pagetables 69632
[ 1947.542186][T12380] sec_pagetables 0
[ 1947.542186][T12380] percpu 5359968
[ 1947.542186][T12380] sock 0
[ 1947.542186][T12380] vmalloc 8192
[ 1947.542186][T12380] shmem 266240
[ 1947.542186][T12380] zswap 0
[ 1947.542186][T12380] zswapped 0
[ 1947.542186][T12380] file_mapped 266240
[ 1947.542186][T12380] file_dirty 0
[ 1947.542186][T12380] file_writeback 0
[ 1947.542186][T12380] swapcached 0
[ 1947.542186][T12380] anon_thp 0
[ 1947.542186][T12380] file_thp 0
[ 1947.542186][T12380] shmem_thp 0
[ 1947.542186][T12380] inactive_anon 106496
[ 1947.542186][T12380] active_anon 266240
[ 1947.542186][T12380] inactive_file 0
[ 1947.542186][T12380] active_file 0
[ 1947.542186][T12380] unevictable 0
[ 1947.542186][T12380] slab_reclaimable 10296
[ 1947.542186][T12380] slab_unreclaimable 308662792
17:37:06 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x21a1)

[ 1947.656766][T12391] bridge231: port 1(vlan92) entered disabled state
17:37:06 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x21a0)

[ 1947.769492][T12391] device bridge232 entered promiscuous mode
[ 1947.833935][T12391] bridge231: port 1(vlan92) entered blocking state
[ 1947.840525][T12391] bridge231: port 1(vlan92) entered forwarding state
17:37:06 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
dup(r4)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1948.465374][T12380] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12380,uid=0
[ 1948.517962][T12380] Memory cgroup out of memory: Killed process 12380 (syz-executor.2) total-vm:54496kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000
17:37:07 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xdf8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:07 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
dup(r4)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:07 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:07 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x219e)

[ 1948.905294][T12415] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1948.946386][T12415] CPU: 0 PID: 12415 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1948.956829][T12415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1948.966873][T12415] Call Trace:
[ 1948.970137][T12415]  <TASK>
[ 1948.973061][T12415]  dump_stack_lvl+0xcd/0x134
[ 1948.977645][T12415]  dump_header+0x10b/0x85f
[ 1948.982049][T12415]  oom_kill_process.cold+0x10/0x15
[ 1948.987161][T12415]  out_of_memory+0x358/0x14a0
[ 1948.991857][T12415]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1948.997324][T12415]  ? __mod_timer+0x83c/0xe30
[ 1949.001910][T12415]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1949.007380][T12415]  ? lock_acquire+0x4fc/0x630
[ 1949.012085][T12415]  ? oom_killer_disable+0x270/0x270
[ 1949.017307][T12415]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1949.022778][T12415]  ? lock_release+0x5cb/0x810
[ 1949.027453][T12415]  ? rcu_read_unlock+0x9/0x60
[ 1949.032129][T12415]  ? lock_downgrade+0x6e0/0x6e0
[ 1949.036986][T12415]  mem_cgroup_out_of_memory+0x206/0x270
[ 1949.042538][T12415]  ? mem_cgroup_margin+0x130/0x130
[ 1949.047658][T12415]  ? lock_downgrade+0x6e0/0x6e0
[ 1949.052523][T12415]  try_charge_memcg+0xef8/0x12f0
[ 1949.057477][T12415]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1949.063464][T12415]  ? lock_acquire+0x4fc/0x630
[ 1949.068137][T12415]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1949.073604][T12415]  ? lock_release+0x5cb/0x810
[ 1949.078277][T12415]  ? rcu_read_unlock+0x9/0x60
[ 1949.082952][T12415]  ? lock_downgrade+0x6e0/0x6e0
[ 1949.087801][T12415]  ? lock_release+0x5cb/0x810
[ 1949.092473][T12415]  ? trace_hardirqs_on+0x2d/0x160
[ 1949.097494][T12415]  ? wp_page_copy+0xa14/0x1c90
[ 1949.102257][T12415]  ? lock_downgrade+0x6e0/0x6e0
[ 1949.107110][T12415]  charge_memcg+0x99/0x3b0
[ 1949.111534][T12415]  __mem_cgroup_charge+0x27/0x90
[ 1949.116481][T12415]  wp_page_copy+0x2bf/0x1c90
[ 1949.121071][T12415]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1949.126548][T12415]  ? lock_release+0x5cb/0x810
[ 1949.131223][T12415]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 1949.137809][T12415]  ? lock_downgrade+0x6e0/0x6e0
[ 1949.142661][T12415]  ? vm_normal_page+0x146/0x2a0
[ 1949.147513][T12415]  ? __pte_alloc_kernel+0x110/0x110
[ 1949.152712][T12415]  ? lock_release+0x5cb/0x810
[ 1949.157389][T12415]  do_wp_page+0x1d1/0x1930
[ 1949.161809][T12415]  __handle_mm_fault+0x181b/0x3a40
[ 1949.166936][T12415]  ? lock_acquire+0x4fc/0x630
[ 1949.171629][T12415]  ? vm_iomap_memory+0x180/0x180
[ 1949.176581][T12415]  ? lock_release+0x810/0x810
[ 1949.181278][T12415]  handle_mm_fault+0x1c8/0x780
[ 1949.186051][T12415]  do_user_addr_fault+0x475/0x1210
[ 1949.191171][T12415]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1949.196640][T12415]  exc_page_fault+0x94/0x170
[ 1949.201233][T12415]  asm_exc_page_fault+0x22/0x30
[ 1949.206086][T12415] RIP: 0023:0xf6e1f998
[ 1949.210154][T12415] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00
[ 1949.229760][T12415] RSP: 002b:00000000f74afa70 EFLAGS: 00010246
[ 1949.235826][T12415] RAX: 00000000f6f70000 RBX: 00000000410d3273 RCX: 0000000000001273
17:37:07 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1949.243795][T12415] RDX: 0000000000000000 RSI: 00000000f6f4a000 RDI: 0000000081a47b19
[ 1949.251764][T12415] RBP: 00000000f6f70000 R08: 0000000000000000 R09: 0000000000000000
[ 1949.259732][T12415] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1949.267698][T12415] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1949.275669][T12415]  </TASK>
[ 1949.470597][T12415] memory: usage 307200kB, limit 307200kB, failcnt 40813
[ 1949.478409][T12415] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1949.496161][T12415] Memory cgroup stats for /syz2:
[ 1949.496287][T12415] anon 106496
[ 1949.496287][T12415] file 266240
[ 1949.496287][T12415] kernel 314200064
[ 1949.496287][T12415] kernel_stack 65536
[ 1949.496287][T12415] pagetables 69632
[ 1949.496287][T12415] sec_pagetables 0
[ 1949.496287][T12415] percpu 5359968
[ 1949.496287][T12415] sock 0
[ 1949.496287][T12415] vmalloc 8192
[ 1949.496287][T12415] shmem 266240
[ 1949.496287][T12415] zswap 0
[ 1949.496287][T12415] zswapped 0
[ 1949.496287][T12415] file_mapped 266240
[ 1949.496287][T12415] file_dirty 0
[ 1949.496287][T12415] file_writeback 0
[ 1949.496287][T12415] swapcached 0
[ 1949.496287][T12415] anon_thp 0
[ 1949.496287][T12415] file_thp 0
[ 1949.496287][T12415] shmem_thp 0
[ 1949.496287][T12415] inactive_anon 106496
17:37:08 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x21a1)

[ 1949.496287][T12415] active_anon 266240
[ 1949.496287][T12415] inactive_file 0
[ 1949.496287][T12415] active_file 0
[ 1949.496287][T12415] unevictable 0
[ 1949.496287][T12415] slab_reclaimable 12224
[ 1949.496287][T12415] slab_unreclaimable 308662592
17:37:08 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:08 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x570d0000)

[ 1949.746190][T12415] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12415,uid=0
[ 1949.800692][T12415] Memory cgroup out of memory: Killed process 12415 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000
17:37:08 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xdfc, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1950.069729][T12428] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
17:37:08 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:08 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:09 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:09 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x219e)

[ 1950.875439][T12428] CPU: 1 PID: 12428 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1950.885901][T12428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1950.895970][T12428] Call Trace:
[ 1950.899238][T12428]  <TASK>
[ 1950.902157][T12428]  dump_stack_lvl+0xcd/0x134
[ 1950.906759][T12428]  dump_header+0x10b/0x85f
[ 1950.911184][T12428]  oom_kill_process.cold+0x10/0x15
[ 1950.916286][T12428]  out_of_memory+0x358/0x14a0
[ 1950.920959][T12428]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1950.926424][T12428]  ? __mod_timer+0x83c/0xe30
[ 1950.931023][T12428]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1950.936481][T12428]  ? lock_acquire+0x4fc/0x630
[ 1950.941144][T12428]  ? oom_killer_disable+0x270/0x270
[ 1950.946346][T12428]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1950.951825][T12428]  ? lock_release+0x5cb/0x810
[ 1950.956499][T12428]  ? rcu_read_unlock+0x9/0x60
[ 1950.961168][T12428]  ? lock_downgrade+0x6e0/0x6e0
[ 1950.966022][T12428]  mem_cgroup_out_of_memory+0x206/0x270
[ 1950.971582][T12428]  ? mem_cgroup_margin+0x130/0x130
[ 1950.976686][T12428]  ? lock_downgrade+0x6e0/0x6e0
[ 1950.981531][T12428]  try_charge_memcg+0xef8/0x12f0
[ 1950.986476][T12428]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1950.992480][T12428]  ? lock_release+0x5cb/0x810
[ 1950.997156][T12428]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1951.002879][T12428]  ? lock_downgrade+0x6e0/0x6e0
[ 1951.007735][T12428]  ? lock_release+0x5cb/0x810
[ 1951.012400][T12428]  ? rcu_read_unlock+0x9/0x60
[ 1951.017067][T12428]  ? lock_downgrade+0x6e0/0x6e0
17:37:09 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1951.021908][T12428]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1951.027478][T12428]  __alloc_pages+0x1ef/0x5a0
[ 1951.032068][T12428]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1951.038842][T12428]  ? lock_release+0x5cb/0x810
[ 1951.043522][T12428]  ? psi_task_change+0x1bb/0x2f0
[ 1951.048485][T12428]  alloc_pages+0x1a6/0x270
[ 1951.052925][T12428]  pte_alloc_one+0x16/0x230
[ 1951.057463][T12428]  __pte_alloc+0x69/0x250
[ 1951.061817][T12428]  ? pmd_install+0x150/0x150
[ 1951.066435][T12428]  ? hugepage_vma_check+0x24a/0x830
[ 1951.071666][T12428]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1951.077157][T12428]  __handle_mm_fault+0x3527/0x3a40
[ 1951.082289][T12428]  ? lock_acquire+0x4fc/0x630
[ 1951.086968][T12428]  ? vm_iomap_memory+0x180/0x180
[ 1951.091908][T12428]  handle_mm_fault+0x1c8/0x780
[ 1951.096673][T12428]  do_user_addr_fault+0x475/0x1210
[ 1951.101780][T12428]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1951.107237][T12428]  exc_page_fault+0x94/0x170
[ 1951.111816][T12428]  asm_exc_page_fault+0x22/0x30
[ 1951.116659][T12428] RIP: 0023:0xf6e1cd58
[ 1951.120710][T12428] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1951.140303][T12428] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1951.146358][T12428] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1951.154318][T12428] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1951.162279][T12428] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1951.170248][T12428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1951.178210][T12428] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1951.186175][T12428]  </TASK>
17:37:10 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x21a1)

[ 1951.815382][T12428] memory: usage 307188kB, limit 307200kB, failcnt 40916
[ 1951.822475][T12428] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1951.832075][T12428] Memory cgroup stats for /syz2:
[ 1951.832240][T12428] anon 98304
[ 1951.832240][T12428] file 266240
[ 1951.832240][T12428] kernel 314195968
[ 1951.832240][T12428] kernel_stack 65536
[ 1951.832240][T12428] pagetables 65536
[ 1951.832240][T12428] sec_pagetables 0
[ 1951.832240][T12428] percpu 5359968
[ 1951.832240][T12428] sock 0
[ 1951.832240][T12428] vmalloc 8192
[ 1951.832240][T12428] shmem 266240
[ 1951.832240][T12428] zswap 0
[ 1951.832240][T12428] zswapped 0
[ 1951.832240][T12428] file_mapped 266240
[ 1951.832240][T12428] file_dirty 0
[ 1951.832240][T12428] file_writeback 0
[ 1951.832240][T12428] swapcached 0
[ 1951.832240][T12428] anon_thp 0
[ 1951.832240][T12428] file_thp 0
[ 1951.832240][T12428] shmem_thp 0
[ 1951.832240][T12428] inactive_anon 98304
[ 1951.832240][T12428] active_anon 266240
[ 1951.832240][T12428] inactive_file 0
[ 1951.832240][T12428] active_file 0
[ 1951.832240][T12428] unevictable 0
[ 1951.832240][T12428] slab_reclaimable 10296
[ 1951.832240][T12428] slab_unreclaimable 308661944
17:37:10 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:10 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:10 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1952.183387][T12428] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12428,uid=0
[ 1952.310625][T12428] Memory cgroup out of memory: Killed process 12428 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:10 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe00, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:11 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x219d)

[ 1952.799140][T12454] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1952.818302][T12454] CPU: 0 PID: 12454 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1952.828728][T12454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1952.838789][T12454] Call Trace:
[ 1952.842075][T12454]  <TASK>
[ 1952.845017][T12454]  dump_stack_lvl+0xcd/0x134
[ 1952.849637][T12454]  dump_header+0x10b/0x85f
[ 1952.854077][T12454]  oom_kill_process.cold+0x10/0x15
[ 1952.859213][T12454]  out_of_memory+0x358/0x14a0
[ 1952.863924][T12454]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1952.869420][T12454]  ? __mod_timer+0x83c/0xe30
[ 1952.874045][T12454]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1952.879545][T12454]  ? lock_acquire+0x4fc/0x630
[ 1952.884242][T12454]  ? oom_killer_disable+0x270/0x270
[ 1952.889464][T12454]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1952.894943][T12454]  ? lock_release+0x5cb/0x810
[ 1952.899628][T12454]  ? rcu_read_unlock+0x9/0x60
[ 1952.904310][T12454]  ? lock_downgrade+0x6e0/0x6e0
[ 1952.909163][T12454]  mem_cgroup_out_of_memory+0x206/0x270
[ 1952.914712][T12454]  ? mem_cgroup_margin+0x130/0x130
[ 1952.919822][T12454]  ? lock_downgrade+0x6e0/0x6e0
[ 1952.924689][T12454]  try_charge_memcg+0xef8/0x12f0
[ 1952.929655][T12454]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1952.935647][T12454]  ? lock_acquire+0x4fc/0x630
[ 1952.940322][T12454]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1952.945790][T12454]  ? lock_release+0x5cb/0x810
[ 1952.950464][T12454]  ? rcu_read_unlock+0x9/0x60
[ 1952.955143][T12454]  ? lock_downgrade+0x6e0/0x6e0
[ 1952.959998][T12454]  charge_memcg+0x99/0x3b0
[ 1952.964425][T12454]  __mem_cgroup_charge+0x27/0x90
[ 1952.969370][T12454]  wp_page_copy+0x2bf/0x1c90
[ 1952.973963][T12454]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1952.979429][T12454]  ? lock_release+0x5cb/0x810
[ 1952.984104][T12454]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 1952.990696][T12454]  ? lock_downgrade+0x6e0/0x6e0
[ 1952.995545][T12454]  ? vm_normal_page+0x146/0x2a0
[ 1953.000398][T12454]  ? __pte_alloc_kernel+0x110/0x110
[ 1953.005598][T12454]  ? lock_release+0x5cb/0x810
[ 1953.010275][T12454]  do_wp_page+0x1d1/0x1930
[ 1953.014692][T12454]  __handle_mm_fault+0x181b/0x3a40
[ 1953.019804][T12454]  ? lock_acquire+0x4fc/0x630
[ 1953.024481][T12454]  ? vm_iomap_memory+0x180/0x180
[ 1953.029419][T12454]  ? lock_release+0x810/0x810
[ 1953.034101][T12454]  handle_mm_fault+0x1c8/0x780
[ 1953.038870][T12454]  do_user_addr_fault+0x475/0x1210
[ 1953.043987][T12454]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1953.049455][T12454]  exc_page_fault+0x94/0x170
[ 1953.054050][T12454]  asm_exc_page_fault+0x22/0x30
[ 1953.058906][T12454] RIP: 0023:0xf6e1f998
[ 1953.062972][T12454] Code: 39 dd 75 ee 8b 44 24 58 89 28 83 c4 3c 5b 5e 5f 5d c3 8b 7c 24 18 e9 9a fd ff ff 8d b4 26 00 00 00 00 8b 44 24 24 8b 7c 24 18 <89> 1c 88 e9 70 fe ff ff 8b 7c 24 50 39 54 24 0c 0f 84 80 00 00 00
[ 1953.082578][T12454] RSP: 002b:00000000f74afa70 EFLAGS: 00010246
[ 1953.088642][T12454] RAX: 00000000f6f70000 RBX: 00000000410d3273 RCX: 0000000000001273
17:37:11 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1953.096610][T12454] RDX: 0000000000000000 RSI: 00000000f6f4a000 RDI: 0000000081a47b19
[ 1953.104578][T12454] RBP: 00000000f6f70000 R08: 0000000000000000 R09: 0000000000000000
[ 1953.112547][T12454] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1953.120511][T12454] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1953.128481][T12454]  </TASK>
17:37:11 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x219e)

[ 1953.204663][T12454] memory: usage 307200kB, limit 307200kB, failcnt 41002
[ 1953.212146][T12454] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1953.299864][T12454] Memory cgroup stats for /syz2:
[ 1953.300015][T12454] anon 106496
[ 1953.300015][T12454] file 266240
[ 1953.300015][T12454] kernel 314200064
[ 1953.300015][T12454] kernel_stack 65536
[ 1953.300015][T12454] pagetables 69632
[ 1953.300015][T12454] sec_pagetables 0
[ 1953.300015][T12454] percpu 5359968
[ 1953.300015][T12454] sock 0
[ 1953.300015][T12454] vmalloc 8192
[ 1953.300015][T12454] shmem 266240
[ 1953.300015][T12454] zswap 0
[ 1953.300015][T12454] zswapped 0
[ 1953.300015][T12454] file_mapped 266240
[ 1953.300015][T12454] file_dirty 0
[ 1953.300015][T12454] file_writeback 0
[ 1953.300015][T12454] swapcached 0
[ 1953.300015][T12454] anon_thp 0
[ 1953.300015][T12454] file_thp 0
[ 1953.300015][T12454] shmem_thp 0
[ 1953.300015][T12454] inactive_anon 106496
[ 1953.300015][T12454] active_anon 266240
[ 1953.300015][T12454] inactive_file 0
[ 1953.300015][T12454] active_file 0
[ 1953.300015][T12454] unevictable 0
[ 1953.300015][T12454] slab_reclaimable 12224
[ 1953.300015][T12454] slab_unreclaimable 308662592
17:37:11 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r2 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r2, 0x8000000)
r8 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r2, 0x10000000)
syz_io_uring_submit(r7, r8, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r2, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1953.483462][T12454] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12454,uid=0
[ 1953.728368][T12454] Memory cgroup out of memory: Killed process 12454 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000
17:37:12 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x219b)

17:37:12 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe10, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:12 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1954.399899][T12471] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1954.456406][T12471] CPU: 0 PID: 12471 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1954.466851][T12471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1954.476903][T12471] Call Trace:
[ 1954.480168][T12471]  <TASK>
[ 1954.483087][T12471]  dump_stack_lvl+0xcd/0x134
[ 1954.487677][T12471]  dump_header+0x10b/0x85f
[ 1954.492081][T12471]  oom_kill_process.cold+0x10/0x15
[ 1954.497179][T12471]  out_of_memory+0x358/0x14a0
[ 1954.501847][T12471]  ? __mod_timer+0x83c/0xe30
[ 1954.506427][T12471]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1954.511879][T12471]  ? lock_acquire+0x4fc/0x630
[ 1954.516555][T12471]  ? oom_killer_disable+0x270/0x270
[ 1954.521791][T12471]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1954.527270][T12471]  ? lock_release+0x5cb/0x810
[ 1954.531931][T12471]  ? rcu_read_unlock+0x9/0x60
[ 1954.536594][T12471]  ? lock_downgrade+0x6e0/0x6e0
[ 1954.541430][T12471]  mem_cgroup_out_of_memory+0x206/0x270
[ 1954.546978][T12471]  ? mem_cgroup_margin+0x130/0x130
[ 1954.552078][T12471]  ? lock_downgrade+0x6e0/0x6e0
[ 1954.556920][T12471]  try_charge_memcg+0xef8/0x12f0
[ 1954.561848][T12471]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1954.567832][T12471]  ? lock_release+0x5cb/0x810
[ 1954.572520][T12471]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1954.578237][T12471]  ? lock_downgrade+0x6e0/0x6e0
[ 1954.583074][T12471]  ? lock_release+0x5cb/0x810
[ 1954.587738][T12471]  ? rcu_read_unlock+0x9/0x60
[ 1954.592404][T12471]  ? lock_downgrade+0x6e0/0x6e0
[ 1954.597248][T12471]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1954.602792][T12471]  __alloc_pages+0x1ef/0x5a0
[ 1954.607368][T12471]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1954.614116][T12471]  ? io_schedule_timeout+0x140/0x140
[ 1954.619408][T12471]  alloc_pages+0x1a6/0x270
[ 1954.623841][T12471]  pte_alloc_one+0x16/0x230
[ 1954.628338][T12471]  __pte_alloc+0x69/0x250
[ 1954.632652][T12471]  ? pmd_install+0x150/0x150
[ 1954.637229][T12471]  ? hugepage_vma_check+0x24a/0x830
[ 1954.642417][T12471]  __handle_mm_fault+0x3527/0x3a40
[ 1954.647518][T12471]  ? lock_acquire+0x4fc/0x630
[ 1954.652183][T12471]  ? vm_iomap_memory+0x180/0x180
[ 1954.657114][T12471]  ? lock_release+0x810/0x810
[ 1954.661795][T12471]  handle_mm_fault+0x1c8/0x780
[ 1954.666566][T12471]  do_user_addr_fault+0x475/0x1210
[ 1954.671698][T12471]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1954.677161][T12471]  exc_page_fault+0x94/0x170
[ 1954.681747][T12471]  asm_exc_page_fault+0x22/0x30
[ 1954.686597][T12471] RIP: 0023:0xf6e1cd58
[ 1954.690652][T12471] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1954.710250][T12471] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1954.716315][T12471] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1954.724290][T12471] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1954.732248][T12471] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1954.740202][T12471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1954.748156][T12471] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1954.756119][T12471]  </TASK>
[ 1954.860157][T12471] memory: usage 307188kB, limit 307200kB, failcnt 41098
[ 1954.884057][T12471] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1954.927809][T12471] Memory cgroup stats for /syz2:
[ 1954.927942][T12471] anon 98304
[ 1954.927942][T12471] file 266240
[ 1954.927942][T12471] kernel 314195968
[ 1954.927942][T12471] kernel_stack 65536
[ 1954.927942][T12471] pagetables 65536
[ 1954.927942][T12471] sec_pagetables 0
[ 1954.927942][T12471] percpu 5359968
[ 1954.927942][T12471] sock 0
[ 1954.927942][T12471] vmalloc 8192
[ 1954.927942][T12471] shmem 266240
[ 1954.927942][T12471] zswap 0
[ 1954.927942][T12471] zswapped 0
[ 1954.927942][T12471] file_mapped 266240
17:37:13 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r2 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r2, 0x8000000)
r8 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r2, 0x10000000)
syz_io_uring_submit(r7, r8, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r2, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1954.927942][T12471] file_dirty 0
[ 1954.927942][T12471] file_writeback 0
[ 1954.927942][T12471] swapcached 0
[ 1954.927942][T12471] anon_thp 0
[ 1954.927942][T12471] file_thp 0
[ 1954.927942][T12471] shmem_thp 0
[ 1954.927942][T12471] inactive_anon 90112
[ 1954.927942][T12471] active_anon 266240
[ 1954.927942][T12471] inactive_file 0
[ 1954.927942][T12471] active_file 0
[ 1954.927942][T12471] unevictable 0
[ 1954.927942][T12471] slab_reclaimable 10296
[ 1954.927942][T12471] slab_unreclaimable 308661944
17:37:13 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:13 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r0=>0x0, &(0x7f0000000100)=<r1=>0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x0, 0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000080)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x1, 0x4000, @fd_index=0x4, 0x8, 0x0, 0x0, 0x0, 0x0, {0x1}}, 0x101)
ioctl$SNDRV_PCM_IOCTL_STATUS64(r4, 0x80804120, &(0x7f0000000100))
r5 = dup(r4)
getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f0000000340)={{{@in=@local, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in6=@private0}, 0x0, @in6=@private2}}, &(0x7f0000000440)=0xe4)
mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300), 0x2, &(0x7f0000000480)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@allow_other}, {@allow_other}], [{@seclabel}, {@context={'context', 0x3d, 'user_u'}}, {@smackfsroot={'smackfsroot', 0x3d, 'batadv\x00'}}, {@smackfshat}, {@smackfsroot={'smackfsroot', 0x3d, ')\'$\b]!%'}}]}})
io_uring_enter(r5, 0x6cd1, 0x23fe, 0x0, 0x0, 0x0)

[ 1955.317444][T12471] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12471,uid=0
17:37:13 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x11, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1955.516639][T12471] Memory cgroup out of memory: Killed process 12471 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:14 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe14, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1955.560611][T12486] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1955.673235][T12486] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
17:37:14 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x219b)

[ 1955.801044][T12488] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1955.856078][T12487] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1955.948019][T12487] CPU: 1 PID: 12487 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1955.958472][T12487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1955.968521][T12487] Call Trace:
[ 1955.971788][T12487]  <TASK>
[ 1955.974715][T12487]  dump_stack_lvl+0xcd/0x134
[ 1955.979326][T12487]  dump_header+0x10b/0x85f
[ 1955.983733][T12487]  oom_kill_process.cold+0x10/0x15
[ 1955.988836][T12487]  out_of_memory+0x358/0x14a0
[ 1955.993507][T12487]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1955.998962][T12487]  ? __mod_timer+0x83c/0xe30
[ 1956.003546][T12487]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1956.009011][T12487]  ? lock_acquire+0x4fc/0x630
[ 1956.013678][T12487]  ? oom_killer_disable+0x270/0x270
[ 1956.018869][T12487]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1956.024324][T12487]  ? lock_release+0x5cb/0x810
[ 1956.028988][T12487]  ? rcu_read_unlock+0x9/0x60
[ 1956.033653][T12487]  ? lock_downgrade+0x6e0/0x6e0
[ 1956.038495][T12487]  mem_cgroup_out_of_memory+0x206/0x270
[ 1956.044030][T12487]  ? mem_cgroup_margin+0x130/0x130
[ 1956.049130][T12487]  ? lock_downgrade+0x6e0/0x6e0
[ 1956.053975][T12487]  try_charge_memcg+0xef8/0x12f0
[ 1956.058914][T12487]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1956.064898][T12487]  ? lock_release+0x5cb/0x810
[ 1956.069578][T12487]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1956.075295][T12487]  ? lock_downgrade+0x6e0/0x6e0
[ 1956.080148][T12487]  ? lock_release+0x5cb/0x810
[ 1956.084821][T12487]  ? rcu_read_unlock+0x9/0x60
[ 1956.089511][T12487]  ? lock_downgrade+0x6e0/0x6e0
[ 1956.094355][T12487]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1956.099896][T12487]  __alloc_pages+0x1ef/0x5a0
[ 1956.104480][T12487]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1956.111248][T12487]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1956.116706][T12487]  ? lock_acquire+0x4fc/0x630
[ 1956.121383][T12487]  ? psi_task_switch+0x212/0x930
[ 1956.126313][T12487]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1956.131765][T12487]  ? lock_acquire+0x4fc/0x630
[ 1956.136429][T12487]  alloc_pages+0x1a6/0x270
[ 1956.140837][T12487]  pte_alloc_one+0x16/0x230
[ 1956.145340][T12487]  __pte_alloc+0x69/0x250
[ 1956.149671][T12487]  ? pmd_install+0x150/0x150
[ 1956.154251][T12487]  ? hugepage_vma_check+0x24a/0x830
[ 1956.159448][T12487]  __handle_mm_fault+0x3527/0x3a40
[ 1956.164560][T12487]  ? lock_acquire+0x4fc/0x630
[ 1956.169246][T12487]  ? vm_iomap_memory+0x180/0x180
[ 1956.174172][T12487]  ? lock_release+0x810/0x810
[ 1956.178841][T12487]  handle_mm_fault+0x1c8/0x780
[ 1956.183596][T12487]  do_user_addr_fault+0x475/0x1210
[ 1956.188704][T12487]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1956.194166][T12487]  exc_page_fault+0x94/0x170
[ 1956.198748][T12487]  asm_exc_page_fault+0x22/0x30
[ 1956.203592][T12487] RIP: 0023:0xf6e1cd58
[ 1956.207643][T12487] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1956.227240][T12487] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1956.233292][T12487] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1956.241248][T12487] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1956.249208][T12487] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1956.257176][T12487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1956.265150][T12487] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1956.273129][T12487]  </TASK>
17:37:14 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:15 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r2 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r2, 0x8000000)
r8 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r2, 0x10000000)
syz_io_uring_submit(r7, r8, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r2, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:15 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x11, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1956.625879][T12500] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1956.674492][T12500] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
17:37:15 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x2199)

[ 1956.792310][T12502] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1956.911732][T12487] memory: usage 307188kB, limit 307200kB, failcnt 41193
[ 1956.951414][T12487] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1957.015499][T12487] Memory cgroup stats for /syz2:
[ 1957.015662][T12487] anon 98304
[ 1957.015662][T12487] file 266240
[ 1957.015662][T12487] kernel 314195968
[ 1957.015662][T12487] kernel_stack 65536
[ 1957.015662][T12487] pagetables 65536
[ 1957.015662][T12487] sec_pagetables 0
[ 1957.015662][T12487] percpu 5359968
[ 1957.015662][T12487] sock 0
[ 1957.015662][T12487] vmalloc 8192
[ 1957.015662][T12487] shmem 266240
[ 1957.015662][T12487] zswap 0
[ 1957.015662][T12487] zswapped 0
[ 1957.015662][T12487] file_mapped 266240
[ 1957.015662][T12487] file_dirty 0
[ 1957.015662][T12487] file_writeback 0
[ 1957.015662][T12487] swapcached 0
[ 1957.015662][T12487] anon_thp 0
[ 1957.015662][T12487] file_thp 0
[ 1957.015662][T12487] shmem_thp 0
[ 1957.015662][T12487] inactive_anon 98304
[ 1957.015662][T12487] active_anon 266240
[ 1957.015662][T12487] inactive_file 0
[ 1957.015662][T12487] active_file 0
[ 1957.015662][T12487] unevictable 0
[ 1957.015662][T12487] slab_reclaimable 10296
[ 1957.015662][T12487] slab_unreclaimable 308661944
17:37:15 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0xf, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1957.244287][T12487] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12487,uid=0
17:37:15 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1957.308860][T12508] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1957.363392][T12508] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
17:37:15 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe18, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1957.423446][T12487] Memory cgroup out of memory: Killed process 12487 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:16 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1957.628790][T12513] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1957.650322][T12511] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1957.717745][T12513] CPU: 0 PID: 12513 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1957.728194][T12513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1957.738237][T12513] Call Trace:
[ 1957.741502][T12513]  <TASK>
[ 1957.744427][T12513]  dump_stack_lvl+0xcd/0x134
[ 1957.749024][T12513]  dump_header+0x10b/0x85f
[ 1957.753432][T12513]  oom_kill_process.cold+0x10/0x15
[ 1957.758534][T12513]  out_of_memory+0x358/0x14a0
[ 1957.763209][T12513]  ? __mod_timer+0x83c/0xe30
[ 1957.767817][T12513]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1957.773298][T12513]  ? lock_acquire+0x4fc/0x630
[ 1957.777967][T12513]  ? oom_killer_disable+0x270/0x270
[ 1957.783157][T12513]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1957.788612][T12513]  ? lock_release+0x5cb/0x810
[ 1957.793276][T12513]  ? rcu_read_unlock+0x9/0x60
[ 1957.797940][T12513]  ? lock_downgrade+0x6e0/0x6e0
[ 1957.802780][T12513]  mem_cgroup_out_of_memory+0x206/0x270
[ 1957.808319][T12513]  ? mem_cgroup_margin+0x130/0x130
[ 1957.813417][T12513]  ? lock_downgrade+0x6e0/0x6e0
[ 1957.818272][T12513]  try_charge_memcg+0xef8/0x12f0
[ 1957.823210][T12513]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1957.829190][T12513]  ? lock_release+0x5cb/0x810
[ 1957.833853][T12513]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1957.839561][T12513]  ? lock_downgrade+0x6e0/0x6e0
[ 1957.844408][T12513]  ? lock_release+0x5cb/0x810
[ 1957.849091][T12513]  ? rcu_read_unlock+0x9/0x60
[ 1957.853756][T12513]  ? lock_downgrade+0x6e0/0x6e0
[ 1957.858627][T12513]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1957.864179][T12513]  __alloc_pages+0x1ef/0x5a0
[ 1957.868780][T12513]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1957.875537][T12513]  ? lock_release+0x5cb/0x810
[ 1957.880202][T12513]  ? psi_task_change+0x1bb/0x2f0
[ 1957.885134][T12513]  alloc_pages+0x1a6/0x270
[ 1957.889544][T12513]  pte_alloc_one+0x16/0x230
[ 1957.894040][T12513]  __pte_alloc+0x69/0x250
[ 1957.898364][T12513]  ? pmd_install+0x150/0x150
[ 1957.902938][T12513]  ? hugepage_vma_check+0x24a/0x830
[ 1957.908128][T12513]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1957.913580][T12513]  __handle_mm_fault+0x3527/0x3a40
[ 1957.918685][T12513]  ? lock_acquire+0x4fc/0x630
[ 1957.923350][T12513]  ? vm_iomap_memory+0x180/0x180
[ 1957.928282][T12513]  handle_mm_fault+0x1c8/0x780
[ 1957.933036][T12513]  do_user_addr_fault+0x475/0x1210
[ 1957.938145][T12513]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1957.943597][T12513]  exc_page_fault+0x94/0x170
[ 1957.948176][T12513]  asm_exc_page_fault+0x22/0x30
[ 1957.953021][T12513] RIP: 0023:0xf6e1cd58
[ 1957.957076][T12513] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1957.976687][T12513] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1957.982759][T12513] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1957.990713][T12513] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1957.998668][T12513] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1958.006623][T12513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1958.014583][T12513] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1958.022561][T12513]  </TASK>
17:37:16 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0xe, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:16 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:16 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x2199)

[ 1958.295470][T12513] memory: usage 307192kB, limit 307200kB, failcnt 41311
[ 1958.317833][T12521] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
17:37:16 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x219b)

[ 1958.401050][T12513] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1958.452135][T12513] Memory cgroup stats for /syz2:
[ 1958.452257][T12513] anon 98304
[ 1958.452257][T12513] file 266240
[ 1958.452257][T12513] kernel 314200064
[ 1958.452257][T12513] kernel_stack 65536
[ 1958.452257][T12513] pagetables 65536
[ 1958.452257][T12513] sec_pagetables 0
[ 1958.452257][T12513] percpu 5359968
[ 1958.452257][T12513] sock 0
[ 1958.452257][T12513] vmalloc 8192
[ 1958.452257][T12513] shmem 266240
[ 1958.452257][T12513] zswap 0
[ 1958.452257][T12513] zswapped 0
[ 1958.452257][T12513] file_mapped 266240
[ 1958.452257][T12513] file_dirty 0
[ 1958.452257][T12513] file_writeback 0
[ 1958.452257][T12513] swapcached 0
[ 1958.452257][T12513] anon_thp 0
[ 1958.452257][T12513] file_thp 0
[ 1958.452257][T12513] shmem_thp 0
[ 1958.452257][T12513] inactive_anon 98304
[ 1958.452257][T12513] active_anon 266240
[ 1958.452257][T12513] inactive_file 0
[ 1958.452257][T12513] active_file 0
[ 1958.452257][T12513] unevictable 0
[ 1958.452257][T12513] slab_reclaimable 12224
[ 1958.452257][T12513] slab_unreclaimable 308662592
17:37:17 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:17 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x7, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1958.859623][T12536] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1958.913390][T12536] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1958.945753][T12513] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12513,uid=0
17:37:17 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe1c, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1959.065271][T12513] Memory cgroup out of memory: Killed process 12513 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1959.127001][T12537] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
17:37:17 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1959.217474][T12539] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1959.262657][T12539] CPU: 1 PID: 12539 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1959.273121][T12539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1959.283176][T12539] Call Trace:
[ 1959.286451][T12539]  <TASK>
[ 1959.289374][T12539]  dump_stack_lvl+0xcd/0x134
[ 1959.293963][T12539]  dump_header+0x10b/0x85f
[ 1959.298380][T12539]  oom_kill_process.cold+0x10/0x15
[ 1959.303501][T12539]  out_of_memory+0x358/0x14a0
[ 1959.308185][T12539]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1959.313641][T12539]  ? __mod_timer+0x83c/0xe30
[ 1959.318227][T12539]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1959.323684][T12539]  ? lock_acquire+0x4fc/0x630
[ 1959.328351][T12539]  ? oom_killer_disable+0x270/0x270
[ 1959.333540][T12539]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1959.339001][T12539]  ? lock_release+0x5cb/0x810
[ 1959.343670][T12539]  ? rcu_read_unlock+0x9/0x60
[ 1959.348340][T12539]  ? lock_downgrade+0x6e0/0x6e0
[ 1959.353185][T12539]  mem_cgroup_out_of_memory+0x206/0x270
[ 1959.358735][T12539]  ? mem_cgroup_margin+0x130/0x130
[ 1959.363841][T12539]  ? lock_downgrade+0x6e0/0x6e0
[ 1959.368695][T12539]  try_charge_memcg+0xef8/0x12f0
[ 1959.373633][T12539]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1959.379612][T12539]  ? lock_release+0x5cb/0x810
[ 1959.384286][T12539]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1959.390015][T12539]  ? lock_downgrade+0x6e0/0x6e0
[ 1959.394870][T12539]  ? lock_release+0x5cb/0x810
[ 1959.399562][T12539]  ? rcu_read_unlock+0x9/0x60
[ 1959.404237][T12539]  ? lock_downgrade+0x6e0/0x6e0
[ 1959.409085][T12539]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1959.414636][T12539]  __alloc_pages+0x1ef/0x5a0
[ 1959.419230][T12539]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1959.425981][T12539]  ? try_to_wake_up+0x107/0x20f0
[ 1959.430907][T12539]  ? sched_core_balance+0xac0/0xac0
[ 1959.436096][T12539]  ? lock_downgrade+0x6e0/0x6e0
[ 1959.440934][T12539]  ? do_raw_spin_lock+0x120/0x2a0
[ 1959.445948][T12539]  alloc_pages+0x1a6/0x270
[ 1959.450358][T12539]  pte_alloc_one+0x16/0x230
[ 1959.454866][T12539]  __pte_alloc+0x69/0x250
[ 1959.459210][T12539]  ? pmd_install+0x150/0x150
[ 1959.463787][T12539]  ? hugepage_vma_check+0x24a/0x830
[ 1959.468984][T12539]  __handle_mm_fault+0x3527/0x3a40
[ 1959.474086][T12539]  ? lock_acquire+0x4fc/0x630
[ 1959.478753][T12539]  ? vm_iomap_memory+0x180/0x180
[ 1959.483680][T12539]  ? lock_release+0x810/0x810
[ 1959.488353][T12539]  handle_mm_fault+0x1c8/0x780
[ 1959.493108][T12539]  do_user_addr_fault+0x475/0x1210
[ 1959.498215][T12539]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1959.503671][T12539]  exc_page_fault+0x94/0x170
[ 1959.508252][T12539]  asm_exc_page_fault+0x22/0x30
[ 1959.513095][T12539] RIP: 0023:0xf6e1cd58
[ 1959.517156][T12539] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1959.536759][T12539] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1959.542816][T12539] RAX: 0000000000000001 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1959.550783][T12539] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
17:37:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x7, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1959.558754][T12539] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1959.566721][T12539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1959.574686][T12539] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1959.582664][T12539]  </TASK>
[ 1959.693117][T12539] memory: usage 307192kB, limit 307200kB, failcnt 41401
[ 1959.701055][T12539] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1959.711168][T12539] Memory cgroup stats for /syz2:
[ 1959.715542][T12539] anon 98304
[ 1959.715542][T12539] file 266240
[ 1959.715542][T12539] kernel 314195968
[ 1959.715542][T12539] kernel_stack 65536
[ 1959.715542][T12539] pagetables 65536
[ 1959.715542][T12539] sec_pagetables 0
[ 1959.715542][T12539] percpu 5359968
[ 1959.715542][T12539] sock 0
[ 1959.715542][T12539] vmalloc 8192
[ 1959.715542][T12539] shmem 266240
[ 1959.715542][T12539] zswap 0
[ 1959.715542][T12539] zswapped 0
[ 1959.715542][T12539] file_mapped 266240
[ 1959.715542][T12539] file_dirty 0
[ 1959.715542][T12539] file_writeback 0
[ 1959.715542][T12539] swapcached 0
[ 1959.715542][T12539] anon_thp 0
[ 1959.715542][T12539] file_thp 0
[ 1959.715542][T12539] shmem_thp 0
[ 1959.715542][T12539] inactive_anon 98304
[ 1959.715542][T12539] active_anon 266240
[ 1959.715542][T12539] inactive_file 0
[ 1959.715542][T12539] active_file 0
[ 1959.715542][T12539] unevictable 0
[ 1959.715542][T12539] slab_reclaimable 12224
[ 1959.715542][T12539] slab_unreclaimable 308662592
[ 1959.824017][T12544] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
[ 1959.868287][T12544] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
17:37:18 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1959.909696][T12539] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12539,uid=0
17:37:18 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x7, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:18 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x1200)

[ 1959.992775][T12539] Memory cgroup out of memory: Killed process 12539 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:18 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe20, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1960.049880][T12549] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
17:37:18 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140), 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:18 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x1200)

[ 1960.280966][T12553] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1960.397302][T12553] CPU: 0 PID: 12553 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1960.407763][T12553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1960.417812][T12553] Call Trace:
[ 1960.421079][T12553]  <TASK>
[ 1960.424010][T12553]  dump_stack_lvl+0xcd/0x134
[ 1960.428593][T12553]  dump_header+0x10b/0x85f
[ 1960.433002][T12553]  oom_kill_process.cold+0x10/0x15
[ 1960.438099][T12553]  out_of_memory+0x358/0x14a0
[ 1960.442764][T12553]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1960.448231][T12553]  ? __mod_timer+0x83c/0xe30
[ 1960.452832][T12553]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1960.458294][T12553]  ? lock_acquire+0x4fc/0x630
[ 1960.462961][T12553]  ? oom_killer_disable+0x270/0x270
[ 1960.468155][T12553]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1960.473616][T12553]  ? lock_release+0x5cb/0x810
[ 1960.478281][T12553]  ? rcu_read_unlock+0x9/0x60
[ 1960.482947][T12553]  ? lock_downgrade+0x6e0/0x6e0
[ 1960.487794][T12553]  mem_cgroup_out_of_memory+0x206/0x270
[ 1960.493342][T12553]  ? mem_cgroup_margin+0x130/0x130
[ 1960.498457][T12553]  ? lock_downgrade+0x6e0/0x6e0
[ 1960.503320][T12553]  try_charge_memcg+0xef8/0x12f0
[ 1960.508252][T12553]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1960.514225][T12553]  ? lock_release+0x5cb/0x810
[ 1960.518892][T12553]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1960.524600][T12553]  ? lock_downgrade+0x6e0/0x6e0
[ 1960.529437][T12553]  ? lock_release+0x5cb/0x810
[ 1960.534097][T12553]  ? rcu_read_unlock+0x9/0x60
[ 1960.538761][T12553]  ? lock_downgrade+0x6e0/0x6e0
[ 1960.543600][T12553]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1960.549160][T12553]  __alloc_pages+0x1ef/0x5a0
[ 1960.553759][T12553]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1960.560510][T12553]  ? lock_release+0x5cb/0x810
[ 1960.565172][T12553]  ? psi_task_change+0x1bb/0x2f0
[ 1960.570106][T12553]  alloc_pages+0x1a6/0x270
[ 1960.574517][T12553]  pte_alloc_one+0x16/0x230
[ 1960.579012][T12553]  __pte_alloc+0x69/0x250
[ 1960.583329][T12553]  ? pmd_install+0x150/0x150
[ 1960.587908][T12553]  ? hugepage_vma_check+0x24a/0x830
[ 1960.593098][T12553]  __handle_mm_fault+0x3527/0x3a40
[ 1960.598216][T12553]  ? lock_acquire+0x4fc/0x630
[ 1960.602901][T12553]  ? vm_iomap_memory+0x180/0x180
[ 1960.607828][T12553]  ? lock_release+0x810/0x810
[ 1960.612497][T12553]  handle_mm_fault+0x1c8/0x780
[ 1960.617250][T12553]  do_user_addr_fault+0x475/0x1210
[ 1960.622354][T12553]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1960.627813][T12553]  exc_page_fault+0x94/0x170
[ 1960.632390][T12553]  asm_exc_page_fault+0x22/0x30
[ 1960.637230][T12553] RIP: 0023:0xf6e1cd58
[ 1960.641279][T12553] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1960.660883][T12553] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1960.666936][T12553] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1960.674889][T12553] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1960.682843][T12553] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1960.690799][T12553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1960.698771][T12553] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1960.706752][T12553]  </TASK>
17:37:19 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x7, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1960.872760][T12566] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1960.942463][T12566] __nla_validate_parse: 3 callbacks suppressed
[ 1960.942581][T12566] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1960.944104][T12553] memory: usage 307200kB, limit 307200kB, failcnt 41496
17:37:19 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:19 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140), 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1961.233844][T12567] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1961.331969][T12553] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1961.341983][T12553] Memory cgroup stats for /syz2:
[ 1961.342326][T12553] anon 98304
[ 1961.342326][T12553] file 266240
[ 1961.342326][T12553] kernel 314195968
[ 1961.342326][T12553] kernel_stack 65536
[ 1961.342326][T12553] pagetables 65536
[ 1961.342326][T12553] sec_pagetables 0
[ 1961.342326][T12553] percpu 5359968
[ 1961.342326][T12553] sock 0
[ 1961.342326][T12553] vmalloc 8192
[ 1961.342326][T12553] shmem 266240
[ 1961.342326][T12553] zswap 0
[ 1961.342326][T12553] zswapped 0
[ 1961.342326][T12553] file_mapped 266240
[ 1961.342326][T12553] file_dirty 0
[ 1961.342326][T12553] file_writeback 0
[ 1961.342326][T12553] swapcached 0
[ 1961.342326][T12553] anon_thp 0
[ 1961.342326][T12553] file_thp 0
[ 1961.342326][T12553] shmem_thp 0
[ 1961.342326][T12553] inactive_anon 98304
[ 1961.342326][T12553] active_anon 266240
[ 1961.342326][T12553] inactive_file 0
[ 1961.342326][T12553] active_file 0
[ 1961.342326][T12553] unevictable 0
[ 1961.342326][T12553] slab_reclaimable 10296
[ 1961.342326][T12553] slab_unreclaimable 308661944
17:37:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x7ffff000, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1961.463531][T12553] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12553,uid=0
[ 1961.530303][T12553] Memory cgroup out of memory: Killed process 12553 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:20 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0xec0, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1961.646843][T12577] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
17:37:20 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe24, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1961.700200][T12577] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
17:37:20 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0xc0, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1961.870561][T12580] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1961.888824][T12579] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1961.921734][T12580] CPU: 1 PID: 12580 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1961.932181][T12580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1961.942223][T12580] Call Trace:
[ 1961.945499][T12580]  <TASK>
[ 1961.948430][T12580]  dump_stack_lvl+0xcd/0x134
[ 1961.953020][T12580]  dump_header+0x10b/0x85f
[ 1961.957428][T12580]  oom_kill_process.cold+0x10/0x15
[ 1961.962527][T12580]  out_of_memory+0x358/0x14a0
[ 1961.967203][T12580]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1961.972683][T12580]  ? __mod_timer+0x83c/0xe30
[ 1961.977279][T12580]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1961.982767][T12580]  ? lock_acquire+0x4fc/0x630
[ 1961.987451][T12580]  ? oom_killer_disable+0x270/0x270
[ 1961.992641][T12580]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1961.998095][T12580]  ? lock_release+0x5cb/0x810
[ 1962.002757][T12580]  ? rcu_read_unlock+0x9/0x60
[ 1962.007424][T12580]  ? lock_downgrade+0x6e0/0x6e0
[ 1962.012261][T12580]  mem_cgroup_out_of_memory+0x206/0x270
[ 1962.017798][T12580]  ? mem_cgroup_margin+0x130/0x130
[ 1962.022896][T12580]  ? lock_downgrade+0x6e0/0x6e0
[ 1962.027737][T12580]  try_charge_memcg+0xef8/0x12f0
[ 1962.032668][T12580]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1962.038641][T12580]  ? lock_release+0x5cb/0x810
[ 1962.043305][T12580]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1962.049020][T12580]  ? lock_downgrade+0x6e0/0x6e0
[ 1962.053858][T12580]  ? lock_release+0x5cb/0x810
[ 1962.058524][T12580]  ? rcu_read_unlock+0x9/0x60
[ 1962.063192][T12580]  ? lock_downgrade+0x6e0/0x6e0
[ 1962.068034][T12580]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1962.073574][T12580]  __alloc_pages+0x1ef/0x5a0
[ 1962.078154][T12580]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1962.084913][T12580]  ? try_to_wake_up+0x107/0x20f0
[ 1962.089859][T12580]  ? sched_core_balance+0xac0/0xac0
[ 1962.095052][T12580]  ? lock_downgrade+0x6e0/0x6e0
[ 1962.099903][T12580]  ? do_raw_spin_lock+0x120/0x2a0
[ 1962.104924][T12580]  alloc_pages+0x1a6/0x270
[ 1962.109353][T12580]  pte_alloc_one+0x16/0x230
[ 1962.113855][T12580]  __pte_alloc+0x69/0x250
[ 1962.118170][T12580]  ? pmd_install+0x150/0x150
[ 1962.122744][T12580]  ? hugepage_vma_check+0x24a/0x830
[ 1962.127935][T12580]  __handle_mm_fault+0x3527/0x3a40
[ 1962.133052][T12580]  ? lock_acquire+0x4fc/0x630
[ 1962.137716][T12580]  ? vm_iomap_memory+0x180/0x180
[ 1962.142641][T12580]  ? lock_release+0x810/0x810
[ 1962.147309][T12580]  handle_mm_fault+0x1c8/0x780
[ 1962.152064][T12580]  do_user_addr_fault+0x475/0x1210
[ 1962.157171][T12580]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1962.162630][T12580]  exc_page_fault+0x94/0x170
[ 1962.167211][T12580]  asm_exc_page_fault+0x22/0x30
[ 1962.172055][T12580] RIP: 0023:0xf6e1cd58
[ 1962.176110][T12580] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1962.195710][T12580] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1962.201764][T12580] RAX: 0000000000000001 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1962.209732][T12580] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1962.217696][T12580] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1962.225656][T12580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1962.233613][T12580] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1962.241578][T12580]  </TASK>
[ 1962.306697][T12580] memory: usage 307188kB, limit 307200kB, failcnt 41604
[ 1962.314243][T12580] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1962.321964][T12580] Memory cgroup stats for /syz2:
[ 1962.322112][T12580] anon 98304
[ 1962.322112][T12580] file 266240
[ 1962.322112][T12580] kernel 314195968
[ 1962.322112][T12580] kernel_stack 65536
[ 1962.322112][T12580] pagetables 65536
[ 1962.322112][T12580] sec_pagetables 0
[ 1962.322112][T12580] percpu 5359968
[ 1962.322112][T12580] sock 0
[ 1962.322112][T12580] vmalloc 8192
[ 1962.322112][T12580] shmem 266240
[ 1962.322112][T12580] zswap 0
[ 1962.322112][T12580] zswapped 0
[ 1962.322112][T12580] file_mapped 266240
[ 1962.322112][T12580] file_dirty 0
[ 1962.322112][T12580] file_writeback 0
[ 1962.322112][T12580] swapcached 0
[ 1962.322112][T12580] anon_thp 0
[ 1962.322112][T12580] file_thp 0
[ 1962.322112][T12580] shmem_thp 0
[ 1962.322112][T12580] inactive_anon 98304
[ 1962.322112][T12580] active_anon 266240
[ 1962.322112][T12580] inactive_file 0
[ 1962.322112][T12580] active_file 0
[ 1962.322112][T12580] unevictable 0
[ 1962.322112][T12580] slab_reclaimable 10296
[ 1962.322112][T12580] slab_unreclaimable 308661944
[ 1962.323739][T12582] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 1962.329854][T12580] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12580,uid=0
17:37:21 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:21 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140), 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1962.442315][T12582] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
17:37:21 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe28, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1962.494065][T12580] Memory cgroup out of memory: Killed process 12580 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:21 executing program 4:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1962.585553][T12584] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1962.612606][T12598] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1962.732870][T12598] CPU: 0 PID: 12598 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1962.743320][T12598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1962.753362][T12598] Call Trace:
[ 1962.756627][T12598]  <TASK>
[ 1962.759545][T12598]  dump_stack_lvl+0xcd/0x134
[ 1962.764132][T12598]  dump_header+0x10b/0x85f
[ 1962.768538][T12598]  oom_kill_process.cold+0x10/0x15
[ 1962.773635][T12598]  out_of_memory+0x358/0x14a0
[ 1962.778304][T12598]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1962.783757][T12598]  ? __mod_timer+0x83c/0xe30
[ 1962.788353][T12598]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1962.793838][T12598]  ? lock_acquire+0x4fc/0x630
[ 1962.798528][T12598]  ? oom_killer_disable+0x270/0x270
[ 1962.803754][T12598]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1962.809245][T12598]  ? lock_release+0x5cb/0x810
[ 1962.813911][T12598]  ? rcu_read_unlock+0x9/0x60
[ 1962.818573][T12598]  ? lock_downgrade+0x6e0/0x6e0
[ 1962.823409][T12598]  mem_cgroup_out_of_memory+0x206/0x270
[ 1962.828944][T12598]  ? mem_cgroup_margin+0x130/0x130
[ 1962.834041][T12598]  ? lock_downgrade+0x6e0/0x6e0
[ 1962.838884][T12598]  try_charge_memcg+0xef8/0x12f0
[ 1962.843817][T12598]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1962.849792][T12598]  ? lock_acquire+0x4fc/0x630
[ 1962.854460][T12598]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1962.859912][T12598]  ? lock_release+0x5cb/0x810
[ 1962.864575][T12598]  ? rcu_read_unlock+0x9/0x60
[ 1962.869241][T12598]  ? lock_downgrade+0x6e0/0x6e0
[ 1962.874081][T12598]  charge_memcg+0x99/0x3b0
[ 1962.878489][T12598]  __mem_cgroup_charge+0x27/0x90
[ 1962.883417][T12598]  wp_page_copy+0x2bf/0x1c90
[ 1962.888007][T12598]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1962.893484][T12598]  ? lock_release+0x5cb/0x810
[ 1962.898149][T12598]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 1962.904723][T12598]  ? lock_downgrade+0x6e0/0x6e0
[ 1962.909559][T12598]  ? vm_normal_page+0x146/0x2a0
[ 1962.914396][T12598]  ? __pte_alloc_kernel+0x110/0x110
[ 1962.919593][T12598]  ? lock_release+0x5cb/0x810
[ 1962.924255][T12598]  do_wp_page+0x538/0x1930
[ 1962.928658][T12598]  __handle_mm_fault+0x181b/0x3a40
[ 1962.933756][T12598]  ? lock_acquire+0x4fc/0x630
[ 1962.938435][T12598]  ? vm_iomap_memory+0x180/0x180
[ 1962.943386][T12598]  handle_mm_fault+0x1c8/0x780
[ 1962.948140][T12598]  do_user_addr_fault+0x475/0x1210
[ 1962.953245][T12598]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1962.958699][T12598]  exc_page_fault+0x94/0x170
[ 1962.963280][T12598]  asm_exc_page_fault+0x22/0x30
[ 1962.968124][T12598] RIP: 0023:0xf6e1ccde
[ 1962.972179][T12598] Code: 18 8b 7c 24 0c 89 70 14 8b b4 24 94 00 00 00 89 70 20 8b b4 24 90 00 00 00 89 73 24 8b 74 24 40 89 73 28 8b b4 24 a0 00 00 00 <89> 70 50 8b 74 24 38 0f b6 84 24 9f 00 00 00 01 f2 88 84 37 14 10
[ 1962.991793][T12598] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1962.997867][T12598] RAX: 00000000f6f7afc0 RBX: 00000000f6f7afc0 RCX: 00000000f6f7afc8
[ 1963.005824][T12598] RDX: 00000000f6f7afc0 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1963.013784][T12598] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1963.021738][T12598] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1963.029691][T12598] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1963.037666][T12598]  </TASK>
[ 1963.051613][T12586] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1963.062008][T12586] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1963.136797][T12587] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
17:37:21 executing program 3:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:21 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffffff, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1963.338014][T12604] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1963.375388][T12598] memory: usage 307196kB, limit 307200kB, failcnt 41681
17:37:21 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:21 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1963.388167][T12598] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1963.417682][T12606] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1963.516188][T12606] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1963.586263][T12598] Memory cgroup stats for /syz2:
[ 1963.586449][T12598] anon 94208
[ 1963.586449][T12598] file 266240
[ 1963.586449][T12598] kernel 314208256
[ 1963.586449][T12598] kernel_stack 65536
[ 1963.586449][T12598] pagetables 65536
[ 1963.586449][T12598] sec_pagetables 0
[ 1963.586449][T12598] percpu 5359968
[ 1963.586449][T12598] sock 0
[ 1963.586449][T12598] vmalloc 8192
[ 1963.586449][T12598] shmem 266240
[ 1963.586449][T12598] zswap 0
[ 1963.586449][T12598] zswapped 0
[ 1963.586449][T12598] file_mapped 266240
[ 1963.586449][T12598] file_dirty 0
[ 1963.586449][T12598] file_writeback 0
[ 1963.586449][T12598] swapcached 0
[ 1963.586449][T12598] anon_thp 0
[ 1963.586449][T12598] file_thp 0
[ 1963.586449][T12598] shmem_thp 0
[ 1963.586449][T12598] inactive_anon 94208
[ 1963.586449][T12598] active_anon 266240
[ 1963.586449][T12598] inactive_file 0
[ 1963.586449][T12598] active_file 0
[ 1963.586449][T12598] unevictable 0
[ 1963.586449][T12598] slab_reclaimable 10296
[ 1963.586449][T12598] slab_unreclaimable 308673344
[ 1963.735409][T12598] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12598,uid=0
[ 1963.753602][T12611] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1963.857037][T12598] Memory cgroup out of memory: Killed process 12598 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:22 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe2c, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:22 executing program 4:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1964.076425][T12614] bridge248: port 1(vlan93) entered blocking state
[ 1964.126550][T12614] bridge248: port 1(vlan93) entered disabled state
[ 1964.170341][T12618] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1964.195608][T12618] CPU: 0 PID: 12618 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1964.206048][T12618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1964.216094][T12618] Call Trace:
[ 1964.219360][T12618]  <TASK>
[ 1964.222275][T12618]  dump_stack_lvl+0xcd/0x134
[ 1964.226862][T12618]  dump_header+0x10b/0x85f
[ 1964.231267][T12618]  oom_kill_process.cold+0x10/0x15
[ 1964.236368][T12618]  out_of_memory+0x358/0x14a0
[ 1964.241038][T12618]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1964.246492][T12618]  ? __mod_timer+0x83c/0xe30
[ 1964.251075][T12618]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1964.256545][T12618]  ? lock_acquire+0x4fc/0x630
[ 1964.261331][T12618]  ? oom_killer_disable+0x270/0x270
[ 1964.266549][T12618]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1964.272047][T12618]  ? lock_release+0x5cb/0x810
[ 1964.276746][T12618]  ? rcu_read_unlock+0x9/0x60
[ 1964.281417][T12618]  ? lock_downgrade+0x6e0/0x6e0
[ 1964.286258][T12618]  mem_cgroup_out_of_memory+0x206/0x270
[ 1964.291798][T12618]  ? mem_cgroup_margin+0x130/0x130
[ 1964.296900][T12618]  ? lock_downgrade+0x6e0/0x6e0
[ 1964.301746][T12618]  try_charge_memcg+0xef8/0x12f0
[ 1964.306701][T12618]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1964.312711][T12618]  ? lock_acquire+0x4fc/0x630
[ 1964.317388][T12618]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1964.323103][T12618]  ? lock_downgrade+0x6e0/0x6e0
[ 1964.327940][T12618]  ? lock_release+0x5cb/0x810
[ 1964.332602][T12618]  ? obj_cgroup_charge+0x244/0x5e0
[ 1964.337706][T12618]  ? lock_downgrade+0x6e0/0x6e0
[ 1964.342541][T12618]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1964.347997][T12618]  obj_cgroup_charge+0x2ab/0x5e0
[ 1964.352931][T12618]  kmem_cache_alloc_lru+0x13d/0x730
[ 1964.358140][T12618]  ? sock_alloc_inode+0x23/0x1d0
[ 1964.363097][T12618]  sock_alloc_inode+0x23/0x1d0
[ 1964.367859][T12618]  ? sock_free_inode+0x20/0x20
[ 1964.372618][T12618]  alloc_inode+0x61/0x230
[ 1964.376963][T12618]  new_inode_pseudo+0x13/0x80
[ 1964.381648][T12618]  sock_alloc+0x3c/0x260
[ 1964.385886][T12618]  __sock_create+0xb9/0x790
[ 1964.390394][T12618]  ? lock_downgrade+0x6e0/0x6e0
[ 1964.395248][T12618]  __sys_socket+0x12f/0x240
[ 1964.399755][T12618]  ? __sys_socket_file+0x1f0/0x1f0
[ 1964.404892][T12618]  ? vtime_user_exit+0x218/0x6c0
[ 1964.409861][T12618]  __ia32_sys_socket+0x6f/0xb0
[ 1964.414624][T12618]  ? syscall_enter_from_user_mode_prepare+0x19/0x80
[ 1964.421211][T12618]  __do_fast_syscall_32+0x65/0xf0
[ 1964.426237][T12618]  do_fast_syscall_32+0x2f/0x70
[ 1964.431087][T12618]  entry_SYSENTER_compat_after_hwframe+0x70/0x82
[ 1964.437412][T12618] RIP: 0023:0xf7f51549
[ 1964.441472][T12618] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1964.461081][T12618] RSP: 002b:00000000f7f4c5cc EFLAGS: 00000296 ORIG_RAX: 0000000000000167
[ 1964.469489][T12618] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000000003
[ 1964.477447][T12618] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1964.485408][T12618] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1964.493367][T12618] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1964.501341][T12618] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1964.509413][T12618]  </TASK>
17:37:23 executing program 5:
alarm(0x6)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1964.545508][T12614] device bridge249 entered promiscuous mode
[ 1964.605653][T12618] memory: usage 307188kB, limit 307200kB, failcnt 41782
[ 1964.612716][T12618] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1964.625375][T12618] Memory cgroup stats for /syz2:
[ 1964.625577][T12618] anon 98304
[ 1964.625577][T12618] file 266240
[ 1964.625577][T12618] kernel 314195968
[ 1964.625577][T12618] kernel_stack 65536
[ 1964.625577][T12618] pagetables 65536
[ 1964.625577][T12618] sec_pagetables 0
[ 1964.625577][T12618] percpu 5359968
[ 1964.625577][T12618] sock 0
[ 1964.625577][T12618] vmalloc 8192
[ 1964.625577][T12618] shmem 266240
[ 1964.625577][T12618] zswap 0
[ 1964.625577][T12618] zswapped 0
[ 1964.625577][T12618] file_mapped 266240
[ 1964.625577][T12618] file_dirty 0
[ 1964.625577][T12618] file_writeback 0
[ 1964.625577][T12618] swapcached 0
[ 1964.625577][T12618] anon_thp 0
[ 1964.625577][T12618] file_thp 0
[ 1964.625577][T12618] shmem_thp 0
[ 1964.625577][T12618] inactive_anon 65536
[ 1964.625577][T12618] active_anon 266240
[ 1964.625577][T12618] inactive_file 0
[ 1964.625577][T12618] active_file 0
[ 1964.625577][T12618] unevictable 0
[ 1964.625577][T12618] slab_reclaimable 10296
[ 1964.625577][T12618] slab_unreclaimable 308661944
[ 1964.632780][T12614] bridge248: port 1(vlan93) entered blocking state
[ 1964.725505][T12614] bridge248: port 1(vlan93) entered forwarding state
17:37:23 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1964.759370][T12618] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12617,uid=0
[ 1964.853702][T12618] Memory cgroup out of memory: Killed process 12617 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:23 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffffff, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:23 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0xbe0)

17:37:23 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe30, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfffffffc, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1965.252809][T12632] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1965.264557][T12636] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
[ 1965.280200][T12632] CPU: 1 PID: 12632 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1965.290631][T12632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1965.300676][T12632] Call Trace:
[ 1965.303942][T12632]  <TASK>
[ 1965.306861][T12632]  dump_stack_lvl+0xcd/0x134
[ 1965.311448][T12632]  dump_header+0x10b/0x85f
[ 1965.315852][T12632]  oom_kill_process.cold+0x10/0x15
[ 1965.320950][T12632]  out_of_memory+0x358/0x14a0
[ 1965.325619][T12632]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1965.331073][T12632]  ? __mod_timer+0x83c/0xe30
[ 1965.335653][T12632]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1965.341107][T12632]  ? lock_acquire+0x4fc/0x630
[ 1965.345773][T12632]  ? oom_killer_disable+0x270/0x270
[ 1965.350961][T12632]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1965.356418][T12632]  ? lock_release+0x5cb/0x810
[ 1965.361084][T12632]  ? rcu_read_unlock+0x9/0x60
[ 1965.365750][T12632]  ? lock_downgrade+0x6e0/0x6e0
[ 1965.370589][T12632]  mem_cgroup_out_of_memory+0x206/0x270
[ 1965.376126][T12632]  ? mem_cgroup_margin+0x130/0x130
[ 1965.381228][T12632]  ? lock_downgrade+0x6e0/0x6e0
[ 1965.386071][T12632]  try_charge_memcg+0xef8/0x12f0
[ 1965.391003][T12632]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1965.396983][T12632]  ? lock_acquire+0x4fc/0x630
[ 1965.401661][T12632]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1965.407128][T12632]  ? lock_release+0x5cb/0x810
[ 1965.411797][T12632]  ? rcu_read_unlock+0x9/0x60
[ 1965.416466][T12632]  ? lock_downgrade+0x6e0/0x6e0
[ 1965.421306][T12632]  charge_memcg+0x99/0x3b0
[ 1965.425730][T12632]  __mem_cgroup_charge+0x27/0x90
[ 1965.430696][T12632]  wp_page_copy+0x2bf/0x1c90
[ 1965.435293][T12632]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1965.440792][T12632]  ? lock_release+0x5cb/0x810
[ 1965.445485][T12632]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 1965.452091][T12632]  ? lock_downgrade+0x6e0/0x6e0
[ 1965.456939][T12632]  ? vm_normal_page+0x146/0x2a0
[ 1965.461790][T12632]  ? __pte_alloc_kernel+0x110/0x110
[ 1965.466993][T12632]  ? lock_release+0x5cb/0x810
[ 1965.471673][T12632]  do_wp_page+0x538/0x1930
[ 1965.476094][T12632]  __handle_mm_fault+0x181b/0x3a40
[ 1965.481202][T12632]  ? lock_acquire+0x4fc/0x630
[ 1965.485876][T12632]  ? vm_iomap_memory+0x180/0x180
[ 1965.490819][T12632]  ? lock_release+0x810/0x810
[ 1965.495499][T12632]  handle_mm_fault+0x1c8/0x780
[ 1965.500257][T12632]  do_user_addr_fault+0x475/0x1210
[ 1965.505373][T12632]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1965.510860][T12632]  exc_page_fault+0x94/0x170
[ 1965.515447][T12632]  asm_exc_page_fault+0x22/0x30
[ 1965.520294][T12632] RIP: 0023:0xf6e1ccde
[ 1965.524346][T12632] Code: 18 8b 7c 24 0c 89 70 14 8b b4 24 94 00 00 00 89 70 20 8b b4 24 90 00 00 00 89 73 24 8b 74 24 40 89 73 28 8b b4 24 a0 00 00 00 <89> 70 50 8b 74 24 38 0f b6 84 24 9f 00 00 00 01 f2 88 84 37 14 10
[ 1965.543942][T12632] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1965.550003][T12632] RAX: 00000000f6f7afc0 RBX: 00000000f6f7afc0 RCX: 00000000f6f7afc8
[ 1965.557970][T12632] RDX: 00000000f6f7afc0 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1965.565932][T12632] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1965.573890][T12632] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1965.581853][T12632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1965.589821][T12632]  </TASK>
[ 1965.661363][T12632] memory: usage 307196kB, limit 307200kB, failcnt 41854
[ 1965.669150][T12632] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1965.676878][T12632] Memory cgroup stats for /syz2:
[ 1965.677078][T12632] anon 94208
[ 1965.677078][T12632] file 266240
[ 1965.677078][T12632] kernel 314208256
[ 1965.677078][T12632] kernel_stack 65536
[ 1965.677078][T12632] pagetables 65536
[ 1965.677078][T12632] sec_pagetables 0
[ 1965.677078][T12632] percpu 5359968
[ 1965.677078][T12632] sock 0
[ 1965.677078][T12632] vmalloc 8192
[ 1965.677078][T12632] shmem 266240
[ 1965.677078][T12632] zswap 0
[ 1965.677078][T12632] zswapped 0
[ 1965.677078][T12632] file_mapped 266240
[ 1965.677078][T12632] file_dirty 0
[ 1965.677078][T12632] file_writeback 0
[ 1965.677078][T12632] swapcached 0
[ 1965.677078][T12632] anon_thp 0
[ 1965.677078][T12632] file_thp 0
[ 1965.677078][T12632] shmem_thp 0
[ 1965.677078][T12632] inactive_anon 94208
[ 1965.677078][T12632] active_anon 266240
[ 1965.677078][T12632] inactive_file 0
[ 1965.677078][T12632] active_file 0
[ 1965.677078][T12632] unevictable 0
17:37:24 executing program 5:
alarm(0x6)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1965.677078][T12632] slab_reclaimable 10296
[ 1965.677078][T12632] slab_unreclaimable 308673344
[ 1965.808009][T12638] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
17:37:24 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(0x0, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1965.965717][T12637] __nla_validate_parse: 2 callbacks suppressed
[ 1965.965896][T12637] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1966.047034][T12632] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12632,uid=0
[ 1966.204325][T12639] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
17:37:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfffffffc, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1966.263141][T12632] Memory cgroup out of memory: Killed process 12632 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:25 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe34, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1966.540382][T12642] bridge250: port 1(vlan94) entered blocking state
[ 1966.579859][T12642] bridge250: port 1(vlan94) entered disabled state
[ 1966.585940][T12654] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1966.600794][T12642] device bridge251 entered promiscuous mode
[ 1966.641790][T12642] bridge250: port 1(vlan94) entered blocking state
[ 1966.648379][T12642] bridge250: port 1(vlan94) entered forwarding state
17:37:25 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffffff, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1966.688770][T12651] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
[ 1966.709486][T12651] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1966.721428][T12654] CPU: 0 PID: 12654 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1966.731876][T12654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1966.741933][T12654] Call Trace:
[ 1966.745197][T12654]  <TASK>
[ 1966.748118][T12654]  dump_stack_lvl+0xcd/0x134
[ 1966.752706][T12654]  dump_header+0x10b/0x85f
[ 1966.757112][T12654]  oom_kill_process.cold+0x10/0x15
[ 1966.762211][T12654]  out_of_memory+0x358/0x14a0
[ 1966.766890][T12654]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1966.772374][T12654]  ? __mod_timer+0x83c/0xe30
[ 1966.776974][T12654]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1966.782449][T12654]  ? lock_acquire+0x4fc/0x630
[ 1966.787130][T12654]  ? oom_killer_disable+0x270/0x270
[ 1966.792335][T12654]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1966.797802][T12654]  ? lock_release+0x5cb/0x810
[ 1966.802476][T12654]  ? rcu_read_unlock+0x9/0x60
[ 1966.807153][T12654]  ? lock_downgrade+0x6e0/0x6e0
[ 1966.812005][T12654]  mem_cgroup_out_of_memory+0x206/0x270
[ 1966.817562][T12654]  ? mem_cgroup_margin+0x130/0x130
[ 1966.822688][T12654]  ? lock_downgrade+0x6e0/0x6e0
[ 1966.827547][T12654]  try_charge_memcg+0xef8/0x12f0
[ 1966.832497][T12654]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1966.838483][T12654]  ? lock_release+0x5cb/0x810
[ 1966.843157][T12654]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1966.848891][T12654]  ? lock_downgrade+0x6e0/0x6e0
[ 1966.853741][T12654]  ? lock_release+0x5cb/0x810
[ 1966.858417][T12654]  ? rcu_read_unlock+0x9/0x60
[ 1966.863097][T12654]  ? lock_downgrade+0x6e0/0x6e0
[ 1966.867956][T12654]  ? memcg_slab_post_alloc_hook+0x249/0x480
[ 1966.873870][T12654]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1966.879427][T12654]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 1966.885590][T12654]  copy_process+0x73e/0x7190
[ 1966.890185][T12654]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1966.895650][T12654]  ? lock_release+0x5cb/0x810
[ 1966.900334][T12654]  ? __cleanup_sighand+0xb0/0xb0
[ 1966.905270][T12654]  ? trace_hardirqs_off+0xe/0x150
[ 1966.910296][T12654]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[ 1966.915934][T12654]  ? trace_hardirqs_on+0x2d/0x160
[ 1966.920957][T12654]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[ 1966.926598][T12654]  kernel_clone+0xe7/0x980
[ 1966.931019][T12654]  ? lock_release+0x810/0x810
[ 1966.935695][T12654]  ? create_io_thread+0xe0/0xe0
[ 1966.940549][T12654]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 1966.946791][T12654]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1966.952258][T12654]  ? lock_acquire+0x4fc/0x630
[ 1966.956935][T12654]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1966.962401][T12654]  ? lock_release+0x5cb/0x810
[ 1966.967079][T12654]  ? __ct_user_exit+0xff/0x150
[ 1966.971841][T12654]  ? lock_downgrade+0x6e0/0x6e0
[ 1966.976694][T12654]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 1966.982250][T12654]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 1966.988154][T12654]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1966.994047][T12654]  ? trace_hardirqs_on+0x2d/0x160
[ 1966.999068][T12654]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1967.004960][T12654]  do_int80_syscall_32+0x46/0x90
[ 1967.009904][T12654]  entry_INT80_compat+0x8b/0x90
[ 1967.014762][T12654] RIP: 0023:0xf6e5ba74
[ 1967.018827][T12654] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 1967.038436][T12654] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 1967.046847][T12654] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 1967.054817][T12654] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 1967.062783][T12654] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 1967.070749][T12654] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1967.078727][T12654] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1967.086715][T12654]  </TASK>
17:37:25 executing program 5:
alarm(0x6)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1967.144623][T12652] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1967.165663][T12654] memory: usage 307152kB, limit 307200kB, failcnt 41926
[ 1967.177999][T12654] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1967.202311][T12654] Memory cgroup stats for /syz2:
[ 1967.202491][T12654] anon 94208
[ 1967.202491][T12654] file 266240
[ 1967.202491][T12654] kernel 314163200
[ 1967.202491][T12654] kernel_stack 32768
[ 1967.202491][T12654] pagetables 65536
[ 1967.202491][T12654] sec_pagetables 0
[ 1967.202491][T12654] percpu 5359968
[ 1967.202491][T12654] sock 0
[ 1967.202491][T12654] vmalloc 8192
[ 1967.202491][T12654] shmem 266240
[ 1967.202491][T12654] zswap 0
[ 1967.202491][T12654] zswapped 0
[ 1967.202491][T12654] file_mapped 266240
17:37:25 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0xbe0)

[ 1967.202491][T12654] file_dirty 0
[ 1967.202491][T12654] file_writeback 0
[ 1967.202491][T12654] swapcached 0
[ 1967.202491][T12654] anon_thp 0
[ 1967.202491][T12654] file_thp 0
[ 1967.202491][T12654] shmem_thp 0
[ 1967.202491][T12654] inactive_anon 94208
[ 1967.202491][T12654] active_anon 266240
[ 1967.202491][T12654] inactive_file 0
[ 1967.202491][T12654] active_file 0
[ 1967.202491][T12654] unevictable 0
[ 1967.202491][T12654] slab_reclaimable 10296
[ 1967.202491][T12654] slab_unreclaimable 308661480
[ 1967.322297][T12654] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12654,uid=0
[ 1967.346380][T12654] Memory cgroup out of memory: Killed process 12654 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:25 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100))
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:26 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe38, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1967.526578][T12653] bridge322: port 1(vlan143) entered blocking state
[ 1967.597427][T12653] bridge322: port 1(vlan143) entered disabled state
[ 1967.718214][T12653] device bridge323 entered promiscuous mode
[ 1967.744360][T12669] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1967.790649][T12669] CPU: 0 PID: 12669 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1967.801090][T12669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1967.811135][T12669] Call Trace:
[ 1967.814401][T12669]  <TASK>
[ 1967.817330][T12669]  dump_stack_lvl+0xcd/0x134
[ 1967.821914][T12669]  dump_header+0x10b/0x85f
[ 1967.826323][T12669]  oom_kill_process.cold+0x10/0x15
[ 1967.831424][T12669]  out_of_memory+0x358/0x14a0
[ 1967.836106][T12669]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1967.841583][T12669]  ? __mod_timer+0x83c/0xe30
[ 1967.846174][T12669]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1967.851640][T12669]  ? lock_acquire+0x4fc/0x630
[ 1967.856318][T12669]  ? oom_killer_disable+0x270/0x270
[ 1967.861517][T12669]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1967.866994][T12669]  ? lock_release+0x5cb/0x810
[ 1967.871676][T12669]  ? rcu_read_unlock+0x9/0x60
[ 1967.876342][T12669]  ? lock_downgrade+0x6e0/0x6e0
[ 1967.881179][T12669]  mem_cgroup_out_of_memory+0x206/0x270
[ 1967.886731][T12669]  ? mem_cgroup_margin+0x130/0x130
[ 1967.891855][T12669]  ? lock_downgrade+0x6e0/0x6e0
[ 1967.896705][T12669]  try_charge_memcg+0xef8/0x12f0
[ 1967.901642][T12669]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1967.907614][T12669]  ? lock_release+0x5cb/0x810
[ 1967.912277][T12669]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1967.917995][T12669]  ? lock_downgrade+0x6e0/0x6e0
[ 1967.922847][T12669]  ? lock_release+0x5cb/0x810
[ 1967.927512][T12669]  ? rcu_read_unlock+0x9/0x60
[ 1967.932176][T12669]  ? lock_downgrade+0x6e0/0x6e0
[ 1967.937031][T12669]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1967.942593][T12669]  __alloc_pages+0x1ef/0x5a0
[ 1967.947176][T12669]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1967.953927][T12669]  ? lock_release+0x5cb/0x810
[ 1967.958591][T12669]  ? psi_task_change+0x1bb/0x2f0
[ 1967.963523][T12669]  alloc_pages+0x1a6/0x270
[ 1967.967933][T12669]  pte_alloc_one+0x16/0x230
[ 1967.972430][T12669]  __pte_alloc+0x69/0x250
[ 1967.976754][T12669]  ? pmd_install+0x150/0x150
[ 1967.981330][T12669]  ? hugepage_vma_check+0x24a/0x830
[ 1967.986539][T12669]  __handle_mm_fault+0x3527/0x3a40
[ 1967.991679][T12669]  ? lock_acquire+0x4fc/0x630
[ 1967.996354][T12669]  ? vm_iomap_memory+0x180/0x180
[ 1968.001279][T12669]  ? lock_release+0x810/0x810
[ 1968.005946][T12669]  handle_mm_fault+0x1c8/0x780
[ 1968.010701][T12669]  do_user_addr_fault+0x475/0x1210
[ 1968.015807][T12669]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1968.021260][T12669]  exc_page_fault+0x94/0x170
[ 1968.025837][T12669]  asm_exc_page_fault+0x22/0x30
[ 1968.030701][T12669] RIP: 0023:0xf6e1cd58
[ 1968.034765][T12669] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1968.054383][T12669] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1968.060451][T12669] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1968.068412][T12669] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1968.076369][T12669] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1968.084326][T12669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1968.092292][T12669] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1968.100257][T12669]  </TASK>
[ 1968.122275][T12653] bridge322: port 1(vlan143) entered blocking state
[ 1968.128945][T12653] bridge322: port 1(vlan143) entered forwarding state
[ 1968.179072][T12669] memory: usage 307200kB, limit 307200kB, failcnt 42034
[ 1968.209353][T12669] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1968.238757][T12656] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1968.248605][T12669] Memory cgroup stats for /syz2:
[ 1968.248767][T12669] anon 98304
[ 1968.248767][T12669] file 266240
[ 1968.248767][T12669] kernel 314208256
[ 1968.248767][T12669] kernel_stack 65536
[ 1968.248767][T12669] pagetables 65536
[ 1968.248767][T12669] sec_pagetables 0
[ 1968.248767][T12669] percpu 5359968
[ 1968.248767][T12669] sock 0
[ 1968.248767][T12669] vmalloc 8192
[ 1968.248767][T12669] shmem 266240
[ 1968.248767][T12669] zswap 0
[ 1968.248767][T12669] zswapped 0
[ 1968.248767][T12669] file_mapped 266240
[ 1968.248767][T12669] file_dirty 0
[ 1968.248767][T12669] file_writeback 0
[ 1968.248767][T12669] swapcached 0
[ 1968.248767][T12669] anon_thp 0
[ 1968.248767][T12669] file_thp 0
[ 1968.248767][T12669] shmem_thp 0
[ 1968.248767][T12669] inactive_anon 81920
[ 1968.248767][T12669] active_anon 266240
[ 1968.248767][T12669] inactive_file 0
[ 1968.248767][T12669] active_file 0
[ 1968.248767][T12669] unevictable 0
[ 1968.248767][T12669] slab_reclaimable 10296
17:37:26 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfffffff5, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1968.248767][T12669] slab_unreclaimable 308673344
[ 1968.257706][T12656] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
17:37:26 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100))
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1968.418039][T12657] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1968.500984][T12660] bridge252: port 1(vlan95) entered blocking state
[ 1968.517129][T12660] bridge252: port 1(vlan95) entered disabled state
[ 1968.528366][T12660] device bridge253 entered promiscuous mode
[ 1968.537823][T12660] bridge252: port 1(vlan95) entered blocking state
[ 1968.544364][T12660] bridge252: port 1(vlan95) entered forwarding state
17:37:27 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:27 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfffffff0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1968.605707][T12673] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
17:37:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe3c, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1968.662217][T12669] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12669,uid=0
[ 1968.684053][T12673] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1968.689124][T12669] Memory cgroup out of memory: Killed process 12669 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1968.820476][T12676] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1968.899603][T12684] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1968.971098][T12684] CPU: 1 PID: 12684 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1968.981563][T12684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1968.991637][T12684] Call Trace:
[ 1968.994929][T12684]  <TASK>
[ 1968.997870][T12684]  dump_stack_lvl+0xcd/0x134
[ 1969.002485][T12684]  dump_header+0x10b/0x85f
[ 1969.006915][T12684]  oom_kill_process.cold+0x10/0x15
[ 1969.012053][T12684]  out_of_memory+0x358/0x14a0
[ 1969.016752][T12684]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1969.022227][T12684]  ? __mod_timer+0x83c/0xe30
[ 1969.026814][T12684]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1969.032267][T12684]  ? lock_acquire+0x4fc/0x630
[ 1969.036933][T12684]  ? oom_killer_disable+0x270/0x270
[ 1969.042120][T12684]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1969.047572][T12684]  ? lock_release+0x5cb/0x810
[ 1969.052237][T12684]  ? rcu_read_unlock+0x9/0x60
[ 1969.056903][T12684]  ? lock_downgrade+0x6e0/0x6e0
[ 1969.061741][T12684]  mem_cgroup_out_of_memory+0x206/0x270
[ 1969.067274][T12684]  ? mem_cgroup_margin+0x130/0x130
[ 1969.072372][T12684]  ? lock_downgrade+0x6e0/0x6e0
[ 1969.077213][T12684]  try_charge_memcg+0xef8/0x12f0
[ 1969.082144][T12684]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1969.088117][T12684]  ? lock_release+0x5cb/0x810
[ 1969.092777][T12684]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1969.098495][T12684]  ? lock_downgrade+0x6e0/0x6e0
[ 1969.103334][T12684]  ? lock_release+0x5cb/0x810
[ 1969.107997][T12684]  ? rcu_read_unlock+0x9/0x60
[ 1969.112664][T12684]  ? lock_downgrade+0x6e0/0x6e0
[ 1969.117507][T12684]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1969.123048][T12684]  __alloc_pages+0x1ef/0x5a0
[ 1969.127625][T12684]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1969.134374][T12684]  ? lock_release+0x5cb/0x810
[ 1969.139044][T12684]  ? psi_task_change+0x1bb/0x2f0
[ 1969.143976][T12684]  alloc_pages+0x1a6/0x270
[ 1969.148387][T12684]  pte_alloc_one+0x16/0x230
[ 1969.152885][T12684]  __pte_alloc+0x69/0x250
[ 1969.157202][T12684]  ? pmd_install+0x150/0x150
[ 1969.161781][T12684]  ? hugepage_vma_check+0x24a/0x830
[ 1969.166976][T12684]  __handle_mm_fault+0x3527/0x3a40
[ 1969.172078][T12684]  ? lock_acquire+0x4fc/0x630
[ 1969.176742][T12684]  ? vm_iomap_memory+0x180/0x180
[ 1969.181669][T12684]  ? lock_release+0x810/0x810
[ 1969.186340][T12684]  handle_mm_fault+0x1c8/0x780
[ 1969.191097][T12684]  do_user_addr_fault+0x475/0x1210
[ 1969.196207][T12684]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1969.201661][T12684]  exc_page_fault+0x94/0x170
[ 1969.206240][T12684]  asm_exc_page_fault+0x22/0x30
[ 1969.211080][T12684] RIP: 0023:0xf6e1cd58
[ 1969.215142][T12684] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1969.234760][T12684] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1969.240831][T12684] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1969.248797][T12684] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1969.256763][T12684] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1969.264732][T12684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1969.272965][T12684] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1969.280938][T12684]  </TASK>
17:37:27 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffffe4, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1969.346609][T12684] memory: usage 307200kB, limit 307200kB, failcnt 42116
[ 1969.353658][T12684] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1969.362466][T12684] Memory cgroup stats for /syz2:
[ 1969.362617][T12684] anon 98304
[ 1969.362617][T12684] file 266240
[ 1969.362617][T12684] kernel 314208256
[ 1969.362617][T12684] kernel_stack 65536
[ 1969.362617][T12684] pagetables 65536
[ 1969.362617][T12684] sec_pagetables 0
[ 1969.362617][T12684] percpu 5359968
[ 1969.362617][T12684] sock 0
[ 1969.362617][T12684] vmalloc 8192
[ 1969.362617][T12684] shmem 266240
[ 1969.362617][T12684] zswap 0
[ 1969.362617][T12684] zswapped 0
[ 1969.362617][T12684] file_mapped 266240
[ 1969.362617][T12684] file_dirty 0
[ 1969.362617][T12684] file_writeback 0
[ 1969.362617][T12684] swapcached 0
[ 1969.362617][T12684] anon_thp 0
[ 1969.362617][T12684] file_thp 0
[ 1969.362617][T12684] shmem_thp 0
[ 1969.362617][T12684] inactive_anon 98304
[ 1969.362617][T12684] active_anon 266240
[ 1969.362617][T12684] inactive_file 0
[ 1969.362617][T12684] active_file 0
17:37:28 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100))
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1969.362617][T12684] unevictable 0
[ 1969.362617][T12684] slab_reclaimable 10296
[ 1969.362617][T12684] slab_unreclaimable 308673344
[ 1969.485945][T12678] bridge324: port 1(vlan144) entered blocking state
[ 1969.551929][T12678] bridge324: port 1(vlan144) entered disabled state
[ 1969.659007][T12678] device bridge325 entered promiscuous mode
[ 1969.696460][T12678] bridge324: port 1(vlan144) entered blocking state
[ 1969.703174][T12678] bridge324: port 1(vlan144) entered forwarding state
17:37:28 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100))
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1969.731906][T12681] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1969.749931][T12681] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1969.846286][T12684] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12684,uid=0
[ 1969.862828][T12684] Memory cgroup out of memory: Killed process 12684 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:28 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:28 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe40, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1969.900620][T12683] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1970.129017][T12701] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1970.130284][T12686] bridge254: port 1(vlan96) entered blocking state
[ 1970.160080][T12686] bridge254: port 1(vlan96) entered disabled state
[ 1970.186075][T12701] CPU: 1 PID: 12701 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1970.196531][T12701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1970.206589][T12701] Call Trace:
[ 1970.209868][T12701]  <TASK>
[ 1970.212785][T12701]  dump_stack_lvl+0xcd/0x134
[ 1970.217375][T12701]  dump_header+0x10b/0x85f
[ 1970.221781][T12701]  oom_kill_process.cold+0x10/0x15
[ 1970.226894][T12701]  out_of_memory+0x358/0x14a0
[ 1970.231582][T12701]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1970.237040][T12701]  ? __mod_timer+0x83c/0xe30
[ 1970.241623][T12701]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1970.247079][T12701]  ? lock_acquire+0x4fc/0x630
[ 1970.251745][T12701]  ? oom_killer_disable+0x270/0x270
[ 1970.256935][T12701]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1970.262389][T12701]  ? lock_release+0x5cb/0x810
[ 1970.267082][T12701]  ? rcu_read_unlock+0x9/0x60
[ 1970.271779][T12701]  ? lock_downgrade+0x6e0/0x6e0
[ 1970.276627][T12701]  mem_cgroup_out_of_memory+0x206/0x270
[ 1970.282184][T12701]  ? mem_cgroup_margin+0x130/0x130
[ 1970.287298][T12701]  ? lock_downgrade+0x6e0/0x6e0
[ 1970.292160][T12701]  try_charge_memcg+0xef8/0x12f0
[ 1970.297113][T12701]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1970.303104][T12701]  ? lock_release+0x5cb/0x810
[ 1970.307784][T12701]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1970.313501][T12701]  ? lock_downgrade+0x6e0/0x6e0
[ 1970.318349][T12701]  ? lock_release+0x5cb/0x810
[ 1970.323019][T12701]  ? rcu_read_unlock+0x9/0x60
[ 1970.327688][T12701]  ? lock_downgrade+0x6e0/0x6e0
[ 1970.332541][T12701]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1970.338085][T12701]  __alloc_pages+0x1ef/0x5a0
[ 1970.342666][T12701]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1970.349428][T12701]  ? lock_release+0x5cb/0x810
[ 1970.354101][T12701]  alloc_pages+0x1a6/0x270
[ 1970.358522][T12701]  pte_alloc_one+0x16/0x230
[ 1970.363023][T12701]  __pte_alloc+0x69/0x250
[ 1970.367346][T12701]  ? pmd_install+0x150/0x150
[ 1970.371922][T12701]  ? hugepage_vma_check+0x24a/0x830
[ 1970.377116][T12701]  __handle_mm_fault+0x3527/0x3a40
[ 1970.382219][T12701]  ? lock_acquire+0x4fc/0x630
[ 1970.386884][T12701]  ? vm_iomap_memory+0x180/0x180
[ 1970.391812][T12701]  ? lock_release+0x810/0x810
[ 1970.396492][T12701]  handle_mm_fault+0x1c8/0x780
[ 1970.401257][T12701]  do_user_addr_fault+0x475/0x1210
[ 1970.406372][T12701]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1970.411831][T12701]  exc_page_fault+0x94/0x170
[ 1970.416412][T12701]  asm_exc_page_fault+0x22/0x30
[ 1970.421256][T12701] RIP: 0023:0xf6e1cd58
[ 1970.425313][T12701] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1970.444919][T12701] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1970.450989][T12701] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1970.458948][T12701] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1970.466909][T12701] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1970.474872][T12701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1970.482840][T12701] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1970.490806][T12701]  </TASK>
[ 1970.512871][T12686] device bridge255 entered promiscuous mode
17:37:29 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780))
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1970.547820][T12686] bridge254: port 1(vlan96) entered blocking state
[ 1970.554383][T12686] bridge254: port 1(vlan96) entered forwarding state
[ 1970.572498][T12701] memory: usage 307200kB, limit 307200kB, failcnt 42209
17:37:29 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfffffff0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1970.668812][T12690] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 1970.684268][T12701] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1970.807020][T12701] Memory cgroup stats for /syz2:
[ 1970.807162][T12701] anon 98304
[ 1970.807162][T12701] file 266240
[ 1970.807162][T12701] kernel 314195968
[ 1970.807162][T12701] kernel_stack 65536
[ 1970.807162][T12701] pagetables 65536
[ 1970.807162][T12701] sec_pagetables 0
[ 1970.807162][T12701] percpu 5359968
[ 1970.807162][T12701] sock 0
[ 1970.807162][T12701] vmalloc 8192
[ 1970.807162][T12701] shmem 266240
[ 1970.807162][T12701] zswap 0
[ 1970.807162][T12701] zswapped 0
[ 1970.807162][T12701] file_mapped 266240
[ 1970.807162][T12701] file_dirty 0
[ 1970.807162][T12701] file_writeback 0
[ 1970.807162][T12701] swapcached 0
[ 1970.807162][T12701] anon_thp 0
[ 1970.807162][T12701] file_thp 0
[ 1970.807162][T12701] shmem_thp 0
[ 1970.807162][T12701] inactive_anon 98304
[ 1970.807162][T12701] active_anon 266240
[ 1970.807162][T12701] inactive_file 0
[ 1970.807162][T12701] active_file 0
[ 1970.807162][T12701] unevictable 0
[ 1970.807162][T12701] slab_reclaimable 10296
[ 1970.807162][T12701] slab_unreclaimable 308662248
[ 1970.917142][T12694] bridge189: port 1(vlan77) entered blocking state
[ 1970.941984][T12694] bridge189: port 1(vlan77) entered disabled state
17:37:29 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1970.981044][T12694] device bridge190 entered promiscuous mode
[ 1971.031006][T12694] bridge189: port 1(vlan77) entered blocking state
[ 1971.037618][T12694] bridge189: port 1(vlan77) entered forwarding state
17:37:29 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffffe4, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1971.095799][T12708] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1971.118961][T12708] __nla_validate_parse: 2 callbacks suppressed
[ 1971.118980][T12708] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1971.188037][T12709] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
17:37:29 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe44, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1971.245525][T12701] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12701,uid=0
[ 1971.322628][T12701] Memory cgroup out of memory: Killed process 12701 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:30 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780))
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1971.498758][T12719] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1971.556654][T12710] bridge256: port 1(vlan97) entered blocking state
[ 1971.596991][T12719] CPU: 1 PID: 12719 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1971.607430][T12719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1971.617476][T12719] Call Trace:
[ 1971.620742][T12719]  <TASK>
[ 1971.623660][T12719]  dump_stack_lvl+0xcd/0x134
[ 1971.628249][T12719]  dump_header+0x10b/0x85f
[ 1971.632655][T12719]  oom_kill_process.cold+0x10/0x15
[ 1971.637759][T12719]  out_of_memory+0x358/0x14a0
[ 1971.642427][T12719]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1971.647879][T12719]  ? __mod_timer+0x83c/0xe30
[ 1971.652459][T12719]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1971.657911][T12719]  ? lock_acquire+0x4fc/0x630
[ 1971.662574][T12719]  ? oom_killer_disable+0x270/0x270
[ 1971.667764][T12719]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1971.673218][T12719]  ? lock_release+0x5cb/0x810
[ 1971.677885][T12719]  ? rcu_read_unlock+0x9/0x60
[ 1971.682549][T12719]  ? lock_downgrade+0x6e0/0x6e0
[ 1971.687390][T12719]  mem_cgroup_out_of_memory+0x206/0x270
[ 1971.692925][T12719]  ? mem_cgroup_margin+0x130/0x130
[ 1971.698024][T12719]  ? lock_downgrade+0x6e0/0x6e0
[ 1971.702865][T12719]  try_charge_memcg+0xef8/0x12f0
[ 1971.707797][T12719]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1971.713769][T12719]  ? lock_release+0x5cb/0x810
[ 1971.718445][T12719]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1971.724153][T12719]  ? lock_downgrade+0x6e0/0x6e0
[ 1971.728990][T12719]  ? lock_release+0x5cb/0x810
[ 1971.733652][T12719]  ? rcu_read_unlock+0x9/0x60
[ 1971.738318][T12719]  ? lock_downgrade+0x6e0/0x6e0
[ 1971.743157][T12719]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1971.748699][T12719]  __alloc_pages+0x1ef/0x5a0
[ 1971.753275][T12719]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1971.760029][T12719]  ? lock_release+0x5cb/0x810
[ 1971.764709][T12719]  ? psi_task_change+0x1bb/0x2f0
[ 1971.769656][T12719]  alloc_pages+0x1a6/0x270
[ 1971.774078][T12719]  pte_alloc_one+0x16/0x230
[ 1971.778597][T12719]  __pte_alloc+0x69/0x250
[ 1971.782914][T12719]  ? pmd_install+0x150/0x150
[ 1971.787494][T12719]  ? hugepage_vma_check+0x24a/0x830
[ 1971.792690][T12719]  __handle_mm_fault+0x3527/0x3a40
[ 1971.797795][T12719]  ? lock_acquire+0x4fc/0x630
[ 1971.802484][T12719]  ? vm_iomap_memory+0x180/0x180
[ 1971.807412][T12719]  ? lock_release+0x810/0x810
[ 1971.812081][T12719]  handle_mm_fault+0x1c8/0x780
[ 1971.816838][T12719]  do_user_addr_fault+0x475/0x1210
[ 1971.821941][T12719]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1971.827393][T12719]  exc_page_fault+0x94/0x170
[ 1971.831971][T12719]  asm_exc_page_fault+0x22/0x30
[ 1971.836858][T12719] RIP: 0023:0xf6e1cd58
[ 1971.840926][T12719] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1971.860545][T12719] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1971.866605][T12719] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1971.874572][T12719] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1971.882548][T12719] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1971.890514][T12719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
17:37:30 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100))
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1971.898474][T12719] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1971.906443][T12719]  </TASK>
[ 1971.959643][T12710] bridge256: port 1(vlan97) entered disabled state
[ 1972.009275][T12710] device bridge257 entered promiscuous mode
[ 1972.023529][T12710] bridge256: port 1(vlan97) entered blocking state
[ 1972.030102][T12710] bridge256: port 1(vlan97) entered forwarding state
17:37:30 executing program 5:
alarm(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1972.081106][T12715] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 1972.099666][T12719] memory: usage 307188kB, limit 307200kB, failcnt 42272
[ 1972.107684][T12719] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1972.118261][T12719] Memory cgroup stats for /syz2:
[ 1972.118445][T12719] anon 98304
[ 1972.118445][T12719] file 266240
[ 1972.118445][T12719] kernel 314195968
[ 1972.118445][T12719] kernel_stack 65536
[ 1972.118445][T12719] pagetables 65536
[ 1972.118445][T12719] sec_pagetables 0
[ 1972.118445][T12719] percpu 5359968
[ 1972.118445][T12719] sock 0
[ 1972.118445][T12719] vmalloc 8192
[ 1972.118445][T12719] shmem 266240
[ 1972.118445][T12719] zswap 0
[ 1972.118445][T12719] zswapped 0
[ 1972.118445][T12719] file_mapped 266240
[ 1972.118445][T12719] file_dirty 0
[ 1972.118445][T12719] file_writeback 0
[ 1972.118445][T12719] swapcached 0
[ 1972.118445][T12719] anon_thp 0
[ 1972.118445][T12719] file_thp 0
[ 1972.118445][T12719] shmem_thp 0
[ 1972.118445][T12719] inactive_anon 98304
[ 1972.118445][T12719] active_anon 266240
[ 1972.118445][T12719] inactive_file 0
[ 1972.118445][T12719] active_file 0
[ 1972.118445][T12719] unevictable 0
[ 1972.118445][T12719] slab_reclaimable 10296
[ 1972.118445][T12719] slab_unreclaimable 308661944
[ 1972.217863][T12715] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
17:37:30 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1972.315343][T12717] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
17:37:31 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe48, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1972.396430][T12719] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12719,uid=0
[ 1972.413295][T12719] Memory cgroup out of memory: Killed process 12719 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1972.510229][T12718] bridge191: port 1(vlan78) entered blocking state
[ 1972.545502][T12718] bridge191: port 1(vlan78) entered disabled state
[ 1972.588753][T12718] device bridge192 entered promiscuous mode
[ 1972.628199][T12718] bridge191: port 1(vlan78) entered blocking state
[ 1972.634803][T12718] bridge191: port 1(vlan78) entered forwarding state
17:37:31 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffffe4, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1972.698370][T12734] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1972.716925][T12732] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1972.787356][T12738] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 1972.830420][T12738] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1972.991174][T12734] CPU: 1 PID: 12734 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1973.001630][T12734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1973.011680][T12734] Call Trace:
[ 1973.014955][T12734]  <TASK>
[ 1973.017894][T12734]  dump_stack_lvl+0xcd/0x134
[ 1973.022496][T12734]  dump_header+0x10b/0x85f
[ 1973.026902][T12734]  oom_kill_process.cold+0x10/0x15
[ 1973.032002][T12734]  out_of_memory+0x358/0x14a0
[ 1973.036671][T12734]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1973.042124][T12734]  ? __mod_timer+0x83c/0xe30
[ 1973.046706][T12734]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1973.052162][T12734]  ? lock_acquire+0x4fc/0x630
[ 1973.056828][T12734]  ? oom_killer_disable+0x270/0x270
[ 1973.062017][T12734]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1973.067473][T12734]  ? lock_release+0x5cb/0x810
[ 1973.072136][T12734]  ? rcu_read_unlock+0x9/0x60
[ 1973.076802][T12734]  ? lock_downgrade+0x6e0/0x6e0
[ 1973.081641][T12734]  mem_cgroup_out_of_memory+0x206/0x270
[ 1973.087178][T12734]  ? mem_cgroup_margin+0x130/0x130
[ 1973.092278][T12734]  ? lock_downgrade+0x6e0/0x6e0
[ 1973.097121][T12734]  try_charge_memcg+0xef8/0x12f0
[ 1973.102054][T12734]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1973.108030][T12734]  ? lock_release+0x5cb/0x810
[ 1973.112722][T12734]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1973.118434][T12734]  ? lock_downgrade+0x6e0/0x6e0
[ 1973.123274][T12734]  ? lock_release+0x5cb/0x810
[ 1973.127938][T12734]  ? rcu_read_unlock+0x9/0x60
[ 1973.132603][T12734]  ? lock_downgrade+0x6e0/0x6e0
[ 1973.137444][T12734]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1973.142983][T12734]  __alloc_pages+0x1ef/0x5a0
[ 1973.147563][T12734]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1973.154317][T12734]  ? lock_release+0x5cb/0x810
[ 1973.158989][T12734]  alloc_pages+0x1a6/0x270
[ 1973.163402][T12734]  pte_alloc_one+0x16/0x230
[ 1973.167902][T12734]  __pte_alloc+0x69/0x250
[ 1973.172219][T12734]  ? pmd_install+0x150/0x150
[ 1973.176797][T12734]  ? hugepage_vma_check+0x24a/0x830
[ 1973.181987][T12734]  __handle_mm_fault+0x3527/0x3a40
[ 1973.187094][T12734]  ? lock_acquire+0x4fc/0x630
[ 1973.191758][T12734]  ? vm_iomap_memory+0x180/0x180
[ 1973.196687][T12734]  ? lock_release+0x810/0x810
[ 1973.201361][T12734]  handle_mm_fault+0x1c8/0x780
[ 1973.206118][T12734]  do_user_addr_fault+0x475/0x1210
[ 1973.211226][T12734]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1973.216687][T12734]  exc_page_fault+0x94/0x170
[ 1973.221270][T12734]  asm_exc_page_fault+0x22/0x30
[ 1973.226141][T12734] RIP: 0023:0xf6e1cd58
[ 1973.230196][T12734] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1973.249798][T12734] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1973.255856][T12734] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1973.263824][T12734] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1973.271802][T12734] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1973.279767][T12734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1973.287730][T12734] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1973.295697][T12734]  </TASK>
17:37:31 executing program 5:
alarm(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:31 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100))
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1973.342773][T12734] memory: usage 307200kB, limit 307200kB, failcnt 42365
[ 1973.360696][T12739] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1973.410855][T12734] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1973.469482][T12734] Memory cgroup stats for /syz2:
[ 1973.470878][T12734] anon 98304
[ 1973.470878][T12734] file 266240
[ 1973.470878][T12734] kernel 314195968
[ 1973.470878][T12734] kernel_stack 65536
[ 1973.470878][T12734] pagetables 65536
[ 1973.470878][T12734] sec_pagetables 0
[ 1973.470878][T12734] percpu 5359968
[ 1973.470878][T12734] sock 0
[ 1973.470878][T12734] vmalloc 8192
[ 1973.470878][T12734] shmem 266240
[ 1973.470878][T12734] zswap 0
[ 1973.470878][T12734] zswapped 0
[ 1973.470878][T12734] file_mapped 266240
[ 1973.470878][T12734] file_dirty 0
[ 1973.470878][T12734] file_writeback 0
[ 1973.470878][T12734] swapcached 0
[ 1973.470878][T12734] anon_thp 0
[ 1973.470878][T12734] file_thp 0
[ 1973.470878][T12734] shmem_thp 0
[ 1973.470878][T12734] inactive_anon 98304
[ 1973.470878][T12734] active_anon 266240
[ 1973.470878][T12734] inactive_file 0
[ 1973.470878][T12734] active_file 0
[ 1973.470878][T12734] unevictable 0
[ 1973.470878][T12734] slab_reclaimable 10296
[ 1973.470878][T12734] slab_unreclaimable 308662248
17:37:32 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780))
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1973.747051][T12734] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12734,uid=0
[ 1973.764070][T12734] Memory cgroup out of memory: Killed process 12734 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1973.830423][T12740] bridge193: port 1(vlan79) entered blocking state
[ 1973.841249][T12740] bridge193: port 1(vlan79) entered disabled state
[ 1973.851962][T12740] device bridge194 entered promiscuous mode
[ 1973.871799][T12740] bridge193: port 1(vlan79) entered blocking state
[ 1973.878378][T12740] bridge193: port 1(vlan79) entered forwarding state
17:37:32 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffff7f, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:32 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:32 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe4c, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1974.130368][T12753] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 1974.177867][T12753] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1974.232920][T12755] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1974.301355][T12755] CPU: 0 PID: 12755 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1974.311817][T12755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1974.321874][T12755] Call Trace:
[ 1974.325137][T12755]  <TASK>
[ 1974.328054][T12755]  dump_stack_lvl+0xcd/0x134
[ 1974.332639][T12755]  dump_header+0x10b/0x85f
[ 1974.337045][T12755]  oom_kill_process.cold+0x10/0x15
[ 1974.342145][T12755]  out_of_memory+0x358/0x14a0
[ 1974.346824][T12755]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1974.352305][T12755]  ? __mod_timer+0x83c/0xe30
[ 1974.356889][T12755]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1974.362355][T12755]  ? lock_acquire+0x4fc/0x630
[ 1974.367040][T12755]  ? oom_killer_disable+0x270/0x270
[ 1974.372240][T12755]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1974.377699][T12755]  ? lock_release+0x5cb/0x810
[ 1974.382366][T12755]  ? rcu_read_unlock+0x9/0x60
[ 1974.387032][T12755]  ? lock_downgrade+0x6e0/0x6e0
[ 1974.391869][T12755]  mem_cgroup_out_of_memory+0x206/0x270
[ 1974.397420][T12755]  ? mem_cgroup_margin+0x130/0x130
[ 1974.402553][T12755]  ? lock_downgrade+0x6e0/0x6e0
[ 1974.407412][T12755]  try_charge_memcg+0xef8/0x12f0
[ 1974.412359][T12755]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1974.418345][T12755]  ? lock_release+0x5cb/0x810
[ 1974.423022][T12755]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1974.428743][T12755]  ? lock_downgrade+0x6e0/0x6e0
[ 1974.433594][T12755]  ? lock_release+0x5cb/0x810
[ 1974.438268][T12755]  ? rcu_read_unlock+0x9/0x60
[ 1974.442946][T12755]  ? lock_downgrade+0x6e0/0x6e0
[ 1974.447814][T12755]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1974.453384][T12755]  __alloc_pages+0x1ef/0x5a0
[ 1974.457974][T12755]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1974.464738][T12755]  ? lock_release+0x5cb/0x810
[ 1974.469413][T12755]  ? psi_task_change+0x1bb/0x2f0
[ 1974.474358][T12755]  alloc_pages+0x1a6/0x270
[ 1974.478782][T12755]  pte_alloc_one+0x16/0x230
[ 1974.483294][T12755]  __pte_alloc+0x69/0x250
[ 1974.487625][T12755]  ? pmd_install+0x150/0x150
[ 1974.492230][T12755]  ? hugepage_vma_check+0x24a/0x830
[ 1974.497455][T12755]  __handle_mm_fault+0x3527/0x3a40
[ 1974.502588][T12755]  ? lock_acquire+0x4fc/0x630
[ 1974.507271][T12755]  ? vm_iomap_memory+0x180/0x180
[ 1974.512215][T12755]  ? lock_release+0x810/0x810
[ 1974.516898][T12755]  handle_mm_fault+0x1c8/0x780
[ 1974.521666][T12755]  do_user_addr_fault+0x475/0x1210
[ 1974.526785][T12755]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1974.532253][T12755]  exc_page_fault+0x94/0x170
[ 1974.536843][T12755]  asm_exc_page_fault+0x22/0x30
[ 1974.541698][T12755] RIP: 0023:0xf6e1cd58
[ 1974.545761][T12755] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1974.565369][T12755] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1974.571447][T12755] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1974.579415][T12755] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1974.587404][T12755] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1974.595372][T12755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1974.603337][T12755] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1974.611309][T12755]  </TASK>
[ 1974.657850][T12754] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1974.667431][T12759] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
17:37:33 executing program 5:
alarm(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:33 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780))
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1974.756041][T12755] memory: usage 307188kB, limit 307200kB, failcnt 42468
[ 1974.786828][T12755] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1974.829362][T12755] Memory cgroup stats for /syz2:
[ 1974.829581][T12755] anon 98304
[ 1974.829581][T12755] file 266240
[ 1974.829581][T12755] kernel 314195968
[ 1974.829581][T12755] kernel_stack 65536
[ 1974.829581][T12755] pagetables 65536
[ 1974.829581][T12755] sec_pagetables 0
[ 1974.829581][T12755] percpu 5359968
[ 1974.829581][T12755] sock 0
[ 1974.829581][T12755] vmalloc 8192
[ 1974.829581][T12755] shmem 266240
[ 1974.829581][T12755] zswap 0
[ 1974.829581][T12755] zswapped 0
[ 1974.829581][T12755] file_mapped 266240
[ 1974.829581][T12755] file_dirty 0
[ 1974.829581][T12755] file_writeback 0
[ 1974.829581][T12755] swapcached 0
[ 1974.829581][T12755] anon_thp 0
[ 1974.829581][T12755] file_thp 0
[ 1974.829581][T12755] shmem_thp 0
[ 1974.829581][T12755] inactive_anon 98304
[ 1974.829581][T12755] active_anon 266240
[ 1974.829581][T12755] inactive_file 0
[ 1974.829581][T12755] active_file 0
[ 1974.829581][T12755] unevictable 0
[ 1974.829581][T12755] slab_reclaimable 10296
[ 1974.829581][T12755] slab_unreclaimable 308661944
[ 1975.104317][T12753] bridge195: port 1(vlan80) entered blocking state
[ 1975.142277][T12753] bridge195: port 1(vlan80) entered disabled state
17:37:33 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffff7f, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1975.302676][T12753] device bridge196 entered promiscuous mode
[ 1975.350732][T12753] bridge195: port 1(vlan80) entered blocking state
[ 1975.357311][T12753] bridge195: port 1(vlan80) entered forwarding state
17:37:34 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffff7f, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1975.403817][T12767] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
[ 1975.412767][T12755] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12755,uid=0
[ 1975.430187][T12767] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1975.477711][T12755] Memory cgroup out of memory: Killed process 12755 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1975.587888][T12768] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
17:37:34 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe50, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1975.679517][ T1240] ieee802154 phy0 wpan0: encryption failed: -22
[ 1975.695572][ T1240] ieee802154 phy1 wpan1: encryption failed: -22
[ 1975.786690][T12774] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1975.800783][T12774] CPU: 1 PID: 12774 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1975.811224][T12774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1975.821280][T12774] Call Trace:
[ 1975.824552][T12774]  <TASK>
[ 1975.827482][T12774]  dump_stack_lvl+0xcd/0x134
[ 1975.832078][T12774]  dump_header+0x10b/0x85f
[ 1975.836498][T12774]  oom_kill_process.cold+0x10/0x15
[ 1975.841603][T12774]  out_of_memory+0x358/0x14a0
[ 1975.846280][T12774]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1975.851734][T12774]  ? __mod_timer+0x83c/0xe30
[ 1975.856324][T12774]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1975.861808][T12774]  ? lock_acquire+0x4fc/0x630
[ 1975.866497][T12774]  ? oom_killer_disable+0x270/0x270
[ 1975.871709][T12774]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1975.877172][T12774]  ? lock_release+0x5cb/0x810
[ 1975.881840][T12774]  ? rcu_read_unlock+0x9/0x60
[ 1975.886510][T12774]  ? lock_downgrade+0x6e0/0x6e0
[ 1975.891367][T12774]  mem_cgroup_out_of_memory+0x206/0x270
[ 1975.896911][T12774]  ? mem_cgroup_margin+0x130/0x130
[ 1975.902015][T12774]  ? lock_downgrade+0x6e0/0x6e0
[ 1975.906858][T12774]  try_charge_memcg+0xef8/0x12f0
[ 1975.911792][T12774]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1975.917770][T12774]  ? lock_release+0x5cb/0x810
[ 1975.922433][T12774]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1975.928145][T12774]  ? lock_downgrade+0x6e0/0x6e0
[ 1975.932992][T12774]  ? lock_release+0x5cb/0x810
[ 1975.937673][T12774]  ? rcu_read_unlock+0x9/0x60
[ 1975.942338][T12774]  ? lock_downgrade+0x6e0/0x6e0
[ 1975.947193][T12774]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1975.952767][T12774]  __alloc_pages+0x1ef/0x5a0
[ 1975.957381][T12774]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1975.964160][T12774]  ? lock_release+0x5cb/0x810
[ 1975.968855][T12774]  ? lock_downgrade+0x6e0/0x6e0
[ 1975.973732][T12774]  alloc_pages+0x1a6/0x270
[ 1975.978177][T12774]  pte_alloc_one+0x16/0x230
[ 1975.982699][T12774]  __pte_alloc+0x69/0x250
[ 1975.987025][T12774]  ? pmd_install+0x150/0x150
[ 1975.991604][T12774]  ? hugepage_vma_check+0x24a/0x830
[ 1975.996809][T12774]  __handle_mm_fault+0x3527/0x3a40
[ 1976.001935][T12774]  ? lock_acquire+0x4fc/0x630
[ 1976.006604][T12774]  ? vm_iomap_memory+0x180/0x180
[ 1976.011532][T12774]  ? lock_release+0x810/0x810
[ 1976.016204][T12774]  handle_mm_fault+0x1c8/0x780
[ 1976.020970][T12774]  do_user_addr_fault+0x475/0x1210
[ 1976.026085][T12774]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1976.031542][T12774]  exc_page_fault+0x94/0x170
[ 1976.036126][T12774]  asm_exc_page_fault+0x22/0x30
[ 1976.040966][T12774] RIP: 0023:0xf6e1cd58
[ 1976.045029][T12774] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1976.064656][T12774] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1976.070727][T12774] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1976.078692][T12774] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
17:37:34 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1976.086655][T12774] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1976.094622][T12774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1976.102597][T12774] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1976.110569][T12774]  </TASK>
[ 1976.129122][T12769] bridge326: port 1(vlan145) entered blocking state
17:37:34 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780))
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

17:37:34 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1976.235239][T12769] bridge326: port 1(vlan145) entered disabled state
[ 1976.259253][T12769] device bridge327 entered promiscuous mode
[ 1976.360784][T12769] bridge326: port 1(vlan145) entered blocking state
[ 1976.367495][T12769] bridge326: port 1(vlan145) entered forwarding state
[ 1976.437148][T12774] memory: usage 307188kB, limit 307200kB, failcnt 42547
[ 1976.475563][T12771] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 1976.487515][T12774] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1976.502735][T12771] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1976.519556][T12774] Memory cgroup stats for /syz2:
[ 1976.519899][T12774] anon 98304
[ 1976.519899][T12774] file 266240
[ 1976.519899][T12774] kernel 314195968
[ 1976.519899][T12774] kernel_stack 65536
[ 1976.519899][T12774] pagetables 65536
[ 1976.519899][T12774] sec_pagetables 0
[ 1976.519899][T12774] percpu 5359968
[ 1976.519899][T12774] sock 0
[ 1976.519899][T12774] vmalloc 8192
[ 1976.519899][T12774] shmem 266240
[ 1976.519899][T12774] zswap 0
[ 1976.519899][T12774] zswapped 0
[ 1976.519899][T12774] file_mapped 266240
[ 1976.519899][T12774] file_dirty 0
[ 1976.519899][T12774] file_writeback 0
[ 1976.519899][T12774] swapcached 0
[ 1976.519899][T12774] anon_thp 0
[ 1976.519899][T12774] file_thp 0
[ 1976.519899][T12774] shmem_thp 0
[ 1976.519899][T12774] inactive_anon 98304
[ 1976.519899][T12774] active_anon 266240
[ 1976.519899][T12774] inactive_file 0
[ 1976.519899][T12774] active_file 0
[ 1976.519899][T12774] unevictable 0
[ 1976.519899][T12774] slab_reclaimable 10296
[ 1976.519899][T12774] slab_unreclaimable 308661944
17:37:35 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffa888, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1976.648991][T12774] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12774,uid=0
[ 1976.697181][T12772] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1976.786616][T12774] Memory cgroup out of memory: Killed process 12774 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:35 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe54, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1976.919771][T12773] bridge197: port 1(vlan81) entered blocking state
[ 1976.969332][T12773] bridge197: port 1(vlan81) entered disabled state
[ 1977.020195][T12773] device bridge198 entered promiscuous mode
[ 1977.058701][T12773] bridge197: port 1(vlan81) entered blocking state
[ 1977.065307][T12773] bridge197: port 1(vlan81) entered forwarding state
[ 1977.108080][T12791] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1977.142503][T12787] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
17:37:35 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffff7f, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:35 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:35 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780))
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1977.162247][T12787] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1977.209376][T12791] CPU: 0 PID: 12791 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1977.219839][T12791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1977.229896][T12791] Call Trace:
[ 1977.233165][T12791]  <TASK>
[ 1977.236082][T12791]  dump_stack_lvl+0xcd/0x134
[ 1977.240667][T12791]  dump_header+0x10b/0x85f
[ 1977.245074][T12791]  oom_kill_process.cold+0x10/0x15
[ 1977.250175][T12791]  out_of_memory+0x358/0x14a0
[ 1977.254855][T12791]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1977.260337][T12791]  ? __mod_timer+0x83c/0xe30
[ 1977.264934][T12791]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1977.270417][T12791]  ? lock_acquire+0x4fc/0x630
[ 1977.275103][T12791]  ? oom_killer_disable+0x270/0x270
[ 1977.280299][T12791]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1977.285785][T12791]  ? lock_release+0x5cb/0x810
[ 1977.290450][T12791]  ? rcu_read_unlock+0x9/0x60
[ 1977.295119][T12791]  ? lock_downgrade+0x6e0/0x6e0
[ 1977.299960][T12791]  mem_cgroup_out_of_memory+0x206/0x270
[ 1977.305521][T12791]  ? mem_cgroup_margin+0x130/0x130
[ 1977.310651][T12791]  ? lock_downgrade+0x6e0/0x6e0
[ 1977.315499][T12791]  try_charge_memcg+0xef8/0x12f0
[ 1977.320435][T12791]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1977.326414][T12791]  ? lock_acquire+0x4fc/0x630
[ 1977.331080][T12791]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1977.336789][T12791]  ? lock_downgrade+0x6e0/0x6e0
[ 1977.341638][T12791]  ? lock_release+0x5cb/0x810
[ 1977.346315][T12791]  ? obj_cgroup_charge+0x244/0x5e0
[ 1977.351421][T12791]  ? lock_downgrade+0x6e0/0x6e0
[ 1977.356271][T12791]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1977.361766][T12791]  obj_cgroup_charge+0x2ab/0x5e0
[ 1977.366704][T12791]  kmem_cache_alloc_lru+0x13d/0x730
[ 1977.371907][T12791]  ? sock_alloc_inode+0x23/0x1d0
[ 1977.376848][T12791]  sock_alloc_inode+0x23/0x1d0
[ 1977.381620][T12791]  ? sock_free_inode+0x20/0x20
[ 1977.386404][T12791]  alloc_inode+0x61/0x230
[ 1977.390758][T12791]  new_inode_pseudo+0x13/0x80
[ 1977.395435][T12791]  sock_alloc+0x3c/0x260
[ 1977.399672][T12791]  __sock_create+0xb9/0x790
[ 1977.404174][T12791]  ? lock_downgrade+0x6e0/0x6e0
[ 1977.409030][T12791]  __sys_socket+0x12f/0x240
[ 1977.413532][T12791]  ? __sys_socket_file+0x1f0/0x1f0
[ 1977.418635][T12791]  ? vtime_user_exit+0x218/0x6c0
[ 1977.423568][T12791]  __ia32_sys_socket+0x6f/0xb0
[ 1977.428324][T12791]  ? syscall_enter_from_user_mode_prepare+0x19/0x80
[ 1977.434902][T12791]  __do_fast_syscall_32+0x65/0xf0
[ 1977.439921][T12791]  do_fast_syscall_32+0x2f/0x70
[ 1977.444766][T12791]  entry_SYSENTER_compat_after_hwframe+0x70/0x82
[ 1977.451098][T12791] RIP: 0023:0xf7f51549
[ 1977.455179][T12791] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1977.474817][T12791] RSP: 002b:00000000f7f4c5cc EFLAGS: 00000296 ORIG_RAX: 0000000000000167
[ 1977.483234][T12791] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000000003
[ 1977.491199][T12791] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1977.499271][T12791] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1977.507248][T12791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1977.515229][T12791] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1977.523191][T12791]  </TASK>
[ 1977.565715][T12791] memory: usage 307200kB, limit 307200kB, failcnt 42633
[ 1977.612282][T12791] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1977.648237][T12788] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1977.667838][T12791] Memory cgroup stats for /syz2:
[ 1977.667981][T12791] anon 98304
[ 1977.667981][T12791] file 266240
[ 1977.667981][T12791] kernel 314195968
[ 1977.667981][T12791] kernel_stack 65536
[ 1977.667981][T12791] pagetables 65536
[ 1977.667981][T12791] sec_pagetables 0
[ 1977.667981][T12791] percpu 5359968
[ 1977.667981][T12791] sock 0
[ 1977.667981][T12791] vmalloc 8192
[ 1977.667981][T12791] shmem 266240
[ 1977.667981][T12791] zswap 0
[ 1977.667981][T12791] zswapped 0
[ 1977.667981][T12791] file_mapped 266240
[ 1977.667981][T12791] file_dirty 0
[ 1977.667981][T12791] file_writeback 0
[ 1977.667981][T12791] swapcached 0
[ 1977.667981][T12791] anon_thp 0
[ 1977.667981][T12791] file_thp 0
[ 1977.667981][T12791] shmem_thp 0
[ 1977.667981][T12791] inactive_anon 98304
[ 1977.667981][T12791] active_anon 266240
[ 1977.667981][T12791] inactive_file 0
[ 1977.667981][T12791] active_file 0
[ 1977.667981][T12791] unevictable 0
[ 1977.667981][T12791] slab_reclaimable 10296
[ 1977.667981][T12791] slab_unreclaimable 308661944
[ 1977.968810][T12789] bridge328: port 1(vlan146) entered blocking state
[ 1978.007018][T12789] bridge328: port 1(vlan146) entered disabled state
[ 1978.064255][T12789] device bridge329 entered promiscuous mode
17:37:36 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffa888, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1978.122391][T12789] bridge328: port 1(vlan146) entered blocking state
[ 1978.129075][T12789] bridge328: port 1(vlan146) entered forwarding state
17:37:36 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1978.179900][T12800] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
17:37:36 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffa888, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1978.243124][T12791] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12790,uid=0
[ 1978.261350][T12800] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1978.293013][T12791] Memory cgroup out of memory: Killed process 12790 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:36 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe58, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1978.355647][T12810] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
[ 1978.389717][T12810] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
17:37:37 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1978.428410][T12801] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1978.520886][T12802] bridge199: port 1(vlan82) entered blocking state
[ 1978.533041][T12815] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1978.546332][T12802] bridge199: port 1(vlan82) entered disabled state
[ 1978.552968][T12815] CPU: 1 PID: 12815 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1978.563382][T12815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1978.573431][T12815] Call Trace:
[ 1978.576709][T12815]  <TASK>
[ 1978.579638][T12815]  dump_stack_lvl+0xcd/0x134
[ 1978.584243][T12815]  dump_header+0x10b/0x85f
[ 1978.588666][T12815]  oom_kill_process.cold+0x10/0x15
[ 1978.593781][T12815]  out_of_memory+0x358/0x14a0
[ 1978.598464][T12815]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1978.603932][T12815]  ? __mod_timer+0x83c/0xe30
[ 1978.608526][T12815]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1978.613997][T12815]  ? lock_acquire+0x4fc/0x630
[ 1978.618675][T12815]  ? oom_killer_disable+0x270/0x270
[ 1978.623878][T12815]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1978.629345][T12815]  ? lock_release+0x5cb/0x810
[ 1978.634025][T12815]  ? rcu_read_unlock+0x9/0x60
[ 1978.638701][T12815]  ? lock_downgrade+0x6e0/0x6e0
[ 1978.643551][T12815]  mem_cgroup_out_of_memory+0x206/0x270
[ 1978.649110][T12815]  ? mem_cgroup_margin+0x130/0x130
[ 1978.654227][T12815]  ? lock_downgrade+0x6e0/0x6e0
[ 1978.659083][T12815]  try_charge_memcg+0xef8/0x12f0
[ 1978.664031][T12815]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1978.670018][T12815]  ? lock_acquire+0x4fc/0x630
[ 1978.674693][T12815]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1978.680160][T12815]  ? lock_release+0x5cb/0x810
[ 1978.684834][T12815]  ? rcu_read_unlock+0x9/0x60
[ 1978.689509][T12815]  ? lock_downgrade+0x6e0/0x6e0
[ 1978.694366][T12815]  charge_memcg+0x99/0x3b0
[ 1978.698791][T12815]  __mem_cgroup_charge+0x27/0x90
[ 1978.703740][T12815]  wp_page_copy+0x2bf/0x1c90
[ 1978.708334][T12815]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1978.713806][T12815]  ? lock_release+0x5cb/0x810
[ 1978.718482][T12815]  ? page_try_dup_anon_rmap.constprop.0+0xd10/0xd10
[ 1978.725068][T12815]  ? lock_downgrade+0x6e0/0x6e0
[ 1978.729916][T12815]  ? vm_normal_page+0x146/0x2a0
[ 1978.734763][T12815]  ? __pte_alloc_kernel+0x110/0x110
[ 1978.739961][T12815]  ? lock_release+0x5cb/0x810
[ 1978.744639][T12815]  do_wp_page+0x538/0x1930
[ 1978.749058][T12815]  __handle_mm_fault+0x181b/0x3a40
[ 1978.754177][T12815]  ? lock_acquire+0x4fc/0x630
[ 1978.758854][T12815]  ? vm_iomap_memory+0x180/0x180
[ 1978.763793][T12815]  ? lock_release+0x810/0x810
[ 1978.768474][T12815]  handle_mm_fault+0x1c8/0x780
[ 1978.773239][T12815]  do_user_addr_fault+0x475/0x1210
[ 1978.778361][T12815]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1978.783828][T12815]  exc_page_fault+0x94/0x170
[ 1978.788422][T12815]  asm_exc_page_fault+0x22/0x30
[ 1978.793277][T12815] RIP: 0023:0xf6e1ccde
[ 1978.797341][T12815] Code: 18 8b 7c 24 0c 89 70 14 8b b4 24 94 00 00 00 89 70 20 8b b4 24 90 00 00 00 89 73 24 8b 74 24 40 89 73 28 8b b4 24 a0 00 00 00 <89> 70 50 8b 74 24 38 0f b6 84 24 9f 00 00 00 01 f2 88 84 37 14 10
[ 1978.816952][T12815] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1978.823017][T12815] RAX: 00000000f6f7afc0 RBX: 00000000f6f7afc0 RCX: 00000000f6f7afc8
[ 1978.830983][T12815] RDX: 00000000f6f7afc0 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1978.838949][T12815] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1978.846912][T12815] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1978.854878][T12815] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1978.862852][T12815]  </TASK>
[ 1978.905762][T12815] memory: usage 307196kB, limit 307200kB, failcnt 42710
[ 1978.923122][T12815] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1978.931422][T12802] device bridge200 entered promiscuous mode
[ 1978.948924][T12815] Memory cgroup stats for /syz2:
[ 1978.949125][T12815] anon 94208
[ 1978.949125][T12815] file 266240
[ 1978.949125][T12815] kernel 314208256
[ 1978.949125][T12815] kernel_stack 65536
[ 1978.949125][T12815] pagetables 65536
[ 1978.949125][T12815] sec_pagetables 0
[ 1978.949125][T12815] percpu 5359968
[ 1978.949125][T12815] sock 0
[ 1978.949125][T12815] vmalloc 8192
[ 1978.949125][T12815] shmem 266240
[ 1978.949125][T12815] zswap 0
[ 1978.949125][T12815] zswapped 0
[ 1978.949125][T12815] file_mapped 266240
[ 1978.949125][T12815] file_dirty 0
[ 1978.949125][T12815] file_writeback 0
[ 1978.949125][T12815] swapcached 0
[ 1978.949125][T12815] anon_thp 0
[ 1978.949125][T12815] file_thp 0
[ 1978.949125][T12815] shmem_thp 0
[ 1978.949125][T12815] inactive_anon 69632
[ 1978.949125][T12815] active_anon 266240
[ 1978.949125][T12815] inactive_file 0
[ 1978.949125][T12815] active_file 0
[ 1978.949125][T12815] unevictable 0
[ 1978.949125][T12815] slab_reclaimable 10296
[ 1978.949125][T12815] slab_unreclaimable 308673344
[ 1979.054202][T12802] bridge199: port 1(vlan82) entered blocking state
[ 1979.060790][T12802] bridge199: port 1(vlan82) entered forwarding state
[ 1979.078748][T12815] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12815,uid=0
17:37:37 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:37 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffff0300, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1979.138767][T12815] Memory cgroup out of memory: Killed process 12815 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1979.155219][T12807] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1979.164077][T12807] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
17:37:37 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe5c, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1979.232166][T12811] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1979.361693][T12827] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1979.373429][T12827] CPU: 1 PID: 12827 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1979.383881][T12827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1979.393958][T12827] Call Trace:
[ 1979.397244][T12827]  <TASK>
[ 1979.400170][T12827]  dump_stack_lvl+0xcd/0x134
[ 1979.404771][T12827]  dump_header+0x10b/0x85f
[ 1979.409203][T12827]  oom_kill_process.cold+0x10/0x15
[ 1979.414317][T12827]  out_of_memory+0x358/0x14a0
[ 1979.419009][T12827]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1979.424483][T12827]  ? __mod_timer+0x83c/0xe30
[ 1979.429083][T12827]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1979.434560][T12827]  ? lock_acquire+0x4fc/0x630
[ 1979.439247][T12827]  ? oom_killer_disable+0x270/0x270
[ 1979.444452][T12827]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1979.449934][T12827]  ? lock_release+0x5cb/0x810
[ 1979.454625][T12827]  ? rcu_read_unlock+0x9/0x60
[ 1979.459325][T12827]  ? lock_downgrade+0x6e0/0x6e0
[ 1979.464184][T12827]  mem_cgroup_out_of_memory+0x206/0x270
[ 1979.469737][T12827]  ? mem_cgroup_margin+0x130/0x130
[ 1979.474850][T12827]  ? lock_downgrade+0x6e0/0x6e0
[ 1979.479707][T12827]  try_charge_memcg+0xef8/0x12f0
[ 1979.484655][T12827]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1979.490644][T12827]  ? lock_release+0x5cb/0x810
[ 1979.495317][T12827]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1979.501038][T12827]  ? lock_downgrade+0x6e0/0x6e0
[ 1979.505886][T12827]  ? lock_release+0x5cb/0x810
[ 1979.510561][T12827]  ? rcu_read_unlock+0x9/0x60
[ 1979.515235][T12827]  ? lock_downgrade+0x6e0/0x6e0
[ 1979.520082][T12827]  ? lock_release+0x5cb/0x810
[ 1979.524759][T12827]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1979.530310][T12827]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 1979.536468][T12827]  copy_process+0x15ed/0x7190
[ 1979.541148][T12827]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1979.546616][T12827]  ? lock_release+0x5cb/0x810
[ 1979.551296][T12827]  ? psi_task_change+0x1bb/0x2f0
[ 1979.556237][T12827]  ? lock_downgrade+0x6e0/0x6e0
[ 1979.561088][T12827]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1979.566552][T12827]  ? lock_acquire+0x4fc/0x630
[ 1979.571230][T12827]  ? __cleanup_sighand+0xb0/0xb0
[ 1979.576169][T12827]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1979.581637][T12827]  ? lock_release+0x5cb/0x810
[ 1979.586312][T12827]  ? psi_memstall_leave+0x170/0x250
[ 1979.591515][T12827]  ? lock_repin_lock+0x350/0x350
[ 1979.596450][T12827]  kernel_clone+0xe7/0x980
[ 1979.600869][T12827]  ? lock_release+0x810/0x810
[ 1979.605556][T12827]  ? create_io_thread+0xe0/0xe0
[ 1979.610408][T12827]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 1979.616656][T12827]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1979.622146][T12827]  ? lock_acquire+0x4fc/0x630
[ 1979.626822][T12827]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1979.632286][T12827]  ? lock_release+0x5cb/0x810
[ 1979.636980][T12827]  ? __ct_user_exit+0xff/0x150
[ 1979.641743][T12827]  ? lock_downgrade+0x6e0/0x6e0
[ 1979.646594][T12827]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 1979.652154][T12827]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 1979.658057][T12827]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1979.663948][T12827]  ? trace_hardirqs_on+0x2d/0x160
[ 1979.668973][T12827]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1979.674864][T12827]  do_int80_syscall_32+0x46/0x90
[ 1979.679809][T12827]  entry_INT80_compat+0x8b/0x90
[ 1979.684675][T12827] RIP: 0023:0xf6e5ba74
[ 1979.688738][T12827] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 1979.708343][T12827] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 1979.716752][T12827] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 1979.724720][T12827] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 1979.732688][T12827] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 1979.740651][T12827] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1979.748616][T12827] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1979.756595][T12827]  </TASK>
[ 1979.772390][T12827] memory: usage 307192kB, limit 307200kB, failcnt 42790
[ 1979.777437][T12812] bridge258: port 1(vlan98) entered blocking state
[ 1979.780012][T12827] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1979.795152][T12812] bridge258: port 1(vlan98) entered disabled state
[ 1979.810648][T12827] Memory cgroup stats for /syz2:
[ 1979.810835][T12827] anon 94208
[ 1979.810835][T12827] file 266240
[ 1979.810835][T12827] kernel 314204160
[ 1979.810835][T12827] kernel_stack 32768
[ 1979.810835][T12827] pagetables 65536
[ 1979.810835][T12827] sec_pagetables 0
[ 1979.810835][T12827] percpu 5359968
[ 1979.810835][T12827] sock 0
[ 1979.810835][T12827] vmalloc 8192
[ 1979.810835][T12827] shmem 266240
[ 1979.810835][T12827] zswap 0
[ 1979.810835][T12827] zswapped 0
[ 1979.810835][T12827] file_mapped 266240
[ 1979.810835][T12827] file_dirty 0
[ 1979.810835][T12827] file_writeback 0
[ 1979.810835][T12827] swapcached 0
[ 1979.810835][T12827] anon_thp 0
17:37:38 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1979.810835][T12827] file_thp 0
[ 1979.810835][T12827] shmem_thp 0
[ 1979.810835][T12827] inactive_anon 94208
[ 1979.810835][T12827] active_anon 266240
[ 1979.810835][T12827] inactive_file 0
[ 1979.810835][T12827] active_file 0
[ 1979.810835][T12827] unevictable 0
[ 1979.810835][T12827] slab_reclaimable 10296
[ 1979.810835][T12827] slab_unreclaimable 308673528
[ 1979.940273][T12812] device bridge259 entered promiscuous mode
[ 1979.976201][T12812] bridge258: port 1(vlan98) entered blocking state
[ 1979.982789][T12812] bridge258: port 1(vlan98) entered forwarding state
17:37:38 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffa888, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1980.026492][T12827] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12827,uid=0
[ 1980.043286][T12810] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
17:37:38 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe60, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1980.093341][T12827] Memory cgroup out of memory: Killed process 12827 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1980.159987][T12816] bridge330: port 1(vlan147) entered blocking state
[ 1980.186093][T12816] bridge330: port 1(vlan147) entered disabled state
[ 1980.211249][T12816] device bridge331 entered promiscuous mode
[ 1980.222467][T12835] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1980.238525][T12816] bridge330: port 1(vlan147) entered blocking state
[ 1980.245210][T12816] bridge330: port 1(vlan147) entered forwarding state
[ 1980.255813][T12835] CPU: 1 PID: 12835 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1980.266254][T12835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1980.276300][T12835] Call Trace:
[ 1980.279564][T12835]  <TASK>
[ 1980.282482][T12835]  dump_stack_lvl+0xcd/0x134
[ 1980.287070][T12835]  dump_header+0x10b/0x85f
[ 1980.291478][T12835]  oom_kill_process.cold+0x10/0x15
[ 1980.296577][T12835]  out_of_memory+0x358/0x14a0
[ 1980.301247][T12835]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1980.306700][T12835]  ? __mod_timer+0x83c/0xe30
[ 1980.311281][T12835]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1980.316741][T12835]  ? lock_acquire+0x4fc/0x630
[ 1980.321424][T12835]  ? oom_killer_disable+0x270/0x270
[ 1980.326615][T12835]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1980.332068][T12835]  ? lock_release+0x5cb/0x810
[ 1980.336733][T12835]  ? rcu_read_unlock+0x9/0x60
[ 1980.341395][T12835]  ? lock_downgrade+0x6e0/0x6e0
[ 1980.346244][T12835]  mem_cgroup_out_of_memory+0x206/0x270
[ 1980.351814][T12835]  ? mem_cgroup_margin+0x130/0x130
[ 1980.356941][T12835]  ? lock_downgrade+0x6e0/0x6e0
[ 1980.361787][T12835]  try_charge_memcg+0xef8/0x12f0
[ 1980.366722][T12835]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1980.372697][T12835]  ? lock_release+0x5cb/0x810
[ 1980.377367][T12835]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1980.383093][T12835]  ? lock_downgrade+0x6e0/0x6e0
[ 1980.387940][T12835]  ? lock_release+0x5cb/0x810
[ 1980.392610][T12835]  ? rcu_read_unlock+0x9/0x60
[ 1980.397285][T12835]  ? lock_downgrade+0x6e0/0x6e0
[ 1980.402135][T12835]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1980.407680][T12835]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 1980.413832][T12835]  copy_process+0x73e/0x7190
[ 1980.418414][T12835]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1980.423868][T12835]  ? lock_acquire+0x4fc/0x630
[ 1980.428536][T12835]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1980.433989][T12835]  ? lock_release+0x5cb/0x810
[ 1980.438651][T12835]  ? lock_release+0x5cb/0x810
[ 1980.443313][T12835]  ? folio_add_lru+0x341/0x680
[ 1980.448094][T12835]  ? __cleanup_sighand+0xb0/0xb0
[ 1980.453042][T12835]  ? folio_add_lru+0x377/0x680
[ 1980.457810][T12835]  ? do_raw_spin_unlock+0x171/0x230
[ 1980.463005][T12835]  kernel_clone+0xe7/0x980
[ 1980.467415][T12835]  ? lock_acquire+0x4fc/0x630
[ 1980.472087][T12835]  ? create_io_thread+0xe0/0xe0
[ 1980.476933][T12835]  ? lock_release+0x810/0x810
[ 1980.481604][T12835]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1980.487063][T12835]  ? lock_acquire+0x4fc/0x630
[ 1980.491731][T12835]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1980.497188][T12835]  ? lock_release+0x5cb/0x810
[ 1980.501856][T12835]  ? __ct_user_exit+0xff/0x150
[ 1980.506617][T12835]  ? lock_downgrade+0x6e0/0x6e0
[ 1980.511463][T12835]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 1980.517005][T12835]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 1980.522901][T12835]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1980.528783][T12835]  ? trace_hardirqs_on+0x2d/0x160
[ 1980.533796][T12835]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1980.539680][T12835]  do_int80_syscall_32+0x46/0x90
[ 1980.544623][T12835]  entry_INT80_compat+0x8b/0x90
[ 1980.549489][T12835] RIP: 0023:0xf6e5ba74
[ 1980.553549][T12835] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 1980.573154][T12835] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 1980.581563][T12835] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 1980.589532][T12835] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 1980.597499][T12835] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 1980.605464][T12835] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
17:37:39 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1980.613422][T12835] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1980.621385][T12835]  </TASK>
[ 1980.645322][T12822] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
17:37:39 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffa888, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1980.729539][T12826] bridge201: port 1(vlan83) entered blocking state
[ 1980.737520][T12826] bridge201: port 1(vlan83) entered disabled state
[ 1980.759611][T12826] device bridge202 entered promiscuous mode
[ 1980.779674][T12826] bridge201: port 1(vlan83) entered blocking state
[ 1980.786309][T12826] bridge201: port 1(vlan83) entered forwarding state
17:37:39 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffff0300, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1980.830923][T12835] memory: usage 307184kB, limit 307200kB, failcnt 42865
[ 1980.837979][T12832] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
17:37:39 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3d1b, 0x2400, 0x0, 0x0, 0x5000000)

[ 1980.871389][T12835] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1980.905458][T12835] Memory cgroup stats for /syz2:
[ 1980.905665][T12835] anon 94208
[ 1980.905665][T12835] file 266240
[ 1980.905665][T12835] kernel 314195968
[ 1980.905665][T12835] kernel_stack 32768
[ 1980.905665][T12835] pagetables 65536
[ 1980.905665][T12835] sec_pagetables 0
[ 1980.905665][T12835] percpu 5359968
[ 1980.905665][T12835] sock 0
[ 1980.905665][T12835] vmalloc 8192
[ 1980.905665][T12835] shmem 266240
[ 1980.905665][T12835] zswap 0
[ 1980.905665][T12835] zswapped 0
[ 1980.905665][T12835] file_mapped 266240
[ 1980.905665][T12835] file_dirty 0
[ 1980.905665][T12835] file_writeback 0
[ 1980.905665][T12835] swapcached 0
[ 1980.905665][T12835] anon_thp 0
[ 1980.905665][T12835] file_thp 0
[ 1980.905665][T12835] shmem_thp 0
[ 1980.905665][T12835] inactive_anon 94208
[ 1980.905665][T12835] active_anon 266240
[ 1980.905665][T12835] inactive_file 0
[ 1980.905665][T12835] active_file 0
[ 1980.905665][T12835] unevictable 0
[ 1980.905665][T12835] slab_reclaimable 10296
[ 1980.905665][T12835] slab_unreclaimable 308672880
[ 1981.040317][T12835] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12835,uid=0
[ 1981.085459][T12835] Memory cgroup out of memory: Killed process 12835 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:39 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe64, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1981.220488][T12836] bridge260: port 1(vlan99) entered blocking state
[ 1981.227951][T12836] bridge260: port 1(vlan99) entered disabled state
[ 1981.242563][T12853] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1981.282852][T12853] CPU: 0 PID: 12853 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1981.293305][T12853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1981.303353][T12853] Call Trace:
[ 1981.306621][T12853]  <TASK>
[ 1981.309540][T12853]  dump_stack_lvl+0xcd/0x134
[ 1981.314127][T12853]  dump_header+0x10b/0x85f
[ 1981.318530][T12853]  oom_kill_process.cold+0x10/0x15
[ 1981.323628][T12853]  out_of_memory+0x358/0x14a0
[ 1981.328310][T12853]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1981.333787][T12853]  ? __mod_timer+0x83c/0xe30
[ 1981.338380][T12853]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1981.343846][T12853]  ? lock_acquire+0x4fc/0x630
[ 1981.348524][T12853]  ? oom_killer_disable+0x270/0x270
[ 1981.353726][T12853]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1981.359193][T12853]  ? lock_release+0x5cb/0x810
[ 1981.363869][T12853]  ? rcu_read_unlock+0x9/0x60
[ 1981.368546][T12853]  ? lock_downgrade+0x6e0/0x6e0
[ 1981.373396][T12853]  mem_cgroup_out_of_memory+0x206/0x270
[ 1981.378952][T12853]  ? mem_cgroup_margin+0x130/0x130
[ 1981.384071][T12853]  ? lock_downgrade+0x6e0/0x6e0
[ 1981.388925][T12853]  try_charge_memcg+0xef8/0x12f0
[ 1981.393875][T12853]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1981.399878][T12853]  ? lock_release+0x5cb/0x810
[ 1981.404571][T12853]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1981.410311][T12853]  ? lock_downgrade+0x6e0/0x6e0
[ 1981.415164][T12853]  ? lock_release+0x5cb/0x810
[ 1981.419841][T12853]  ? rcu_read_unlock+0x9/0x60
[ 1981.424517][T12853]  ? lock_downgrade+0x6e0/0x6e0
[ 1981.429367][T12853]  ? lock_release+0x5cb/0x810
[ 1981.434046][T12853]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1981.439602][T12853]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 1981.445765][T12853]  copy_process+0x15ed/0x7190
[ 1981.450446][T12853]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1981.455919][T12853]  ? lock_release+0x5cb/0x810
[ 1981.460592][T12853]  ? psi_task_change+0x1bb/0x2f0
[ 1981.465535][T12853]  ? lock_downgrade+0x6e0/0x6e0
[ 1981.470385][T12853]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1981.475853][T12853]  ? lock_acquire+0x4fc/0x630
[ 1981.480533][T12853]  ? __cleanup_sighand+0xb0/0xb0
[ 1981.485471][T12853]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1981.490938][T12853]  ? lock_release+0x5cb/0x810
[ 1981.495614][T12853]  ? psi_memstall_leave+0x170/0x250
[ 1981.500822][T12853]  ? lock_repin_lock+0x350/0x350
[ 1981.505759][T12853]  kernel_clone+0xe7/0x980
[ 1981.510176][T12853]  ? lock_release+0x810/0x810
[ 1981.514850][T12853]  ? create_io_thread+0xe0/0xe0
[ 1981.519703][T12853]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 1981.525958][T12853]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1981.531427][T12853]  ? lock_acquire+0x4fc/0x630
[ 1981.536100][T12853]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1981.541564][T12853]  ? lock_release+0x5cb/0x810
[ 1981.546240][T12853]  ? __ct_user_exit+0xff/0x150
[ 1981.551009][T12853]  ? lock_downgrade+0x6e0/0x6e0
[ 1981.555862][T12853]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 1981.561415][T12853]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 1981.567322][T12853]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1981.573213][T12853]  ? trace_hardirqs_on+0x2d/0x160
[ 1981.578236][T12853]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1981.584127][T12853]  do_int80_syscall_32+0x46/0x90
[ 1981.589071][T12853]  entry_INT80_compat+0x8b/0x90
[ 1981.593930][T12853] RIP: 0023:0xf6e5ba74
[ 1981.597993][T12853] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 1981.617601][T12853] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 1981.626012][T12853] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 1981.633976][T12853] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 1981.641944][T12853] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 1981.649910][T12853] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1981.657876][T12853] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1981.665848][T12853]  </TASK>
[ 1981.696592][T12836] device bridge261 entered promiscuous mode
[ 1981.713720][T12836] bridge260: port 1(vlan99) entered blocking state
[ 1981.720320][T12836] bridge260: port 1(vlan99) entered forwarding state
[ 1981.731751][T12841] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
17:37:40 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffffa888, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1981.743683][T12841] __nla_validate_parse: 4 callbacks suppressed
[ 1981.743698][T12841] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
17:37:40 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1981.792194][T12844] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 1981.828303][T12853] memory: usage 307176kB, limit 307200kB, failcnt 42937
17:37:40 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x0, 0x2400, 0x0, 0x0, 0x5000000)

[ 1981.836569][T12844] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1981.851073][T12853] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1981.869967][T12853] Memory cgroup stats for /syz2:
[ 1981.870157][T12853] anon 94208
[ 1981.870157][T12853] file 266240
[ 1981.870157][T12853] kernel 314187776
[ 1981.870157][T12853] kernel_stack 32768
[ 1981.870157][T12853] pagetables 65536
[ 1981.870157][T12853] sec_pagetables 0
[ 1981.870157][T12853] percpu 5359968
[ 1981.870157][T12853] sock 0
[ 1981.870157][T12853] vmalloc 8192
[ 1981.870157][T12853] shmem 266240
[ 1981.870157][T12853] zswap 0
[ 1981.870157][T12853] zswapped 0
[ 1981.870157][T12853] file_mapped 266240
[ 1981.870157][T12853] file_dirty 0
[ 1981.870157][T12853] file_writeback 0
[ 1981.870157][T12853] swapcached 0
[ 1981.870157][T12853] anon_thp 0
[ 1981.870157][T12853] file_thp 0
[ 1981.870157][T12853] shmem_thp 0
[ 1981.870157][T12853] inactive_anon 94208
[ 1981.870157][T12853] active_anon 266240
[ 1981.870157][T12853] inactive_file 0
[ 1981.870157][T12853] active_file 0
[ 1981.870157][T12853] unevictable 0
[ 1981.870157][T12853] slab_reclaimable 10296
[ 1981.870157][T12853] slab_unreclaimable 308672880
[ 1981.977002][T12845] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
17:37:40 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe68, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1981.977289][T12853] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12853,uid=0
[ 1982.007788][T12853] Memory cgroup out of memory: Killed process 12853 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1982.113994][T12866] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1982.127475][T12866] CPU: 1 PID: 12866 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1982.137895][T12866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1982.147941][T12866] Call Trace:
[ 1982.151212][T12866]  <TASK>
[ 1982.154137][T12866]  dump_stack_lvl+0xcd/0x134
[ 1982.158727][T12866]  dump_header+0x10b/0x85f
[ 1982.163135][T12866]  oom_kill_process.cold+0x10/0x15
[ 1982.168238][T12866]  out_of_memory+0x358/0x14a0
[ 1982.172909][T12866]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1982.178367][T12866]  ? __mod_timer+0x83c/0xe30
[ 1982.182953][T12866]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1982.188412][T12866]  ? lock_acquire+0x4fc/0x630
[ 1982.193088][T12866]  ? oom_killer_disable+0x270/0x270
[ 1982.198288][T12866]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1982.203747][T12866]  ? lock_release+0x5cb/0x810
[ 1982.208420][T12866]  ? rcu_read_unlock+0x9/0x60
[ 1982.213086][T12866]  ? lock_downgrade+0x6e0/0x6e0
[ 1982.217926][T12866]  mem_cgroup_out_of_memory+0x206/0x270
[ 1982.223470][T12866]  ? mem_cgroup_margin+0x130/0x130
[ 1982.228585][T12866]  ? lock_downgrade+0x6e0/0x6e0
[ 1982.233455][T12866]  try_charge_memcg+0xef8/0x12f0
[ 1982.238404][T12866]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1982.244416][T12866]  ? lock_release+0x5cb/0x810
[ 1982.249111][T12866]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1982.254838][T12866]  ? lock_downgrade+0x6e0/0x6e0
[ 1982.259710][T12866]  ? lock_release+0x5cb/0x810
[ 1982.264383][T12866]  ? rcu_read_unlock+0x9/0x60
[ 1982.269078][T12866]  ? lock_downgrade+0x6e0/0x6e0
[ 1982.273922][T12866]  ? memcg_slab_post_alloc_hook+0x249/0x480
[ 1982.279838][T12866]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1982.285406][T12866]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 1982.291572][T12866]  copy_process+0x73e/0x7190
[ 1982.296164][T12866]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1982.301621][T12866]  ? lock_release+0x5cb/0x810
[ 1982.306296][T12866]  ? psi_task_change+0x1bb/0x2f0
[ 1982.311232][T12866]  ? lock_downgrade+0x6e0/0x6e0
[ 1982.316081][T12866]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1982.321541][T12866]  ? lock_acquire+0x4fc/0x630
[ 1982.326215][T12866]  ? __cleanup_sighand+0xb0/0xb0
[ 1982.331147][T12866]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1982.336608][T12866]  ? lock_release+0x5cb/0x810
[ 1982.341274][T12866]  ? psi_memstall_leave+0x170/0x250
[ 1982.346473][T12866]  ? lock_repin_lock+0x350/0x350
[ 1982.351419][T12866]  kernel_clone+0xe7/0x980
[ 1982.355843][T12866]  ? lock_release+0x810/0x810
[ 1982.360512][T12866]  ? create_io_thread+0xe0/0xe0
[ 1982.365375][T12866]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 1982.371640][T12866]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1982.377097][T12866]  ? lock_acquire+0x4fc/0x630
[ 1982.381765][T12866]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1982.387228][T12866]  ? lock_release+0x5cb/0x810
[ 1982.391902][T12866]  ? __ct_user_exit+0xff/0x150
[ 1982.396667][T12866]  ? lock_downgrade+0x6e0/0x6e0
[ 1982.401515][T12866]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 1982.407067][T12866]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 1982.412961][T12866]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1982.418846][T12866]  ? trace_hardirqs_on+0x2d/0x160
[ 1982.423864][T12866]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1982.429752][T12866]  do_int80_syscall_32+0x46/0x90
[ 1982.434747][T12866]  entry_INT80_compat+0x8b/0x90
[ 1982.439615][T12866] RIP: 0023:0xf6e5ba74
[ 1982.443672][T12866] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 1982.463288][T12866] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 1982.471714][T12866] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 1982.479696][T12866] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 1982.487670][T12866] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 1982.495639][T12866] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1982.503598][T12866] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1982.511565][T12866]  </TASK>
[ 1982.526168][T12846] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1982.545847][T12866] memory: usage 307180kB, limit 307200kB, failcnt 43006
[ 1982.552972][T12866] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1982.616545][T12866] Memory cgroup stats for /syz2:
[ 1982.616743][T12866] anon 94208
[ 1982.616743][T12866] file 266240
[ 1982.616743][T12866] kernel 314191872
[ 1982.616743][T12866] kernel_stack 32768
[ 1982.616743][T12866] pagetables 65536
[ 1982.616743][T12866] sec_pagetables 0
[ 1982.616743][T12866] percpu 5359968
[ 1982.616743][T12866] sock 0
[ 1982.616743][T12866] vmalloc 8192
[ 1982.616743][T12866] shmem 266240
[ 1982.616743][T12866] zswap 0
[ 1982.616743][T12866] zswapped 0
[ 1982.616743][T12866] file_mapped 266240
[ 1982.616743][T12866] file_dirty 0
[ 1982.616743][T12866] file_writeback 0
[ 1982.616743][T12866] swapcached 0
[ 1982.616743][T12866] anon_thp 0
[ 1982.616743][T12866] file_thp 0
[ 1982.616743][T12866] shmem_thp 0
[ 1982.616743][T12866] inactive_anon 61440
[ 1982.616743][T12866] active_anon 266240
[ 1982.616743][T12866] inactive_file 0
[ 1982.616743][T12866] active_file 0
[ 1982.616743][T12866] unevictable 0
[ 1982.616743][T12866] slab_reclaimable 10296
[ 1982.616743][T12866] slab_unreclaimable 308672880
17:37:41 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x0, 0x2400, 0x0, 0x0, 0x5000000)

[ 1982.729304][T12849] bridge332: port 1(vlan148) entered blocking state
[ 1982.749711][T12849] bridge332: port 1(vlan148) entered disabled state
[ 1982.765890][T12849] device bridge333 entered promiscuous mode
17:37:41 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe6c, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1982.789957][T12849] bridge332: port 1(vlan148) entered blocking state
[ 1982.796712][T12849] bridge332: port 1(vlan148) entered forwarding state
[ 1982.796766][T12866] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12866,uid=0
[ 1982.821400][T12866] Memory cgroup out of memory: Killed process 12866 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:41 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x3000000)

[ 1982.868693][T12848] bridge203: port 1(vlan84) entered blocking state
[ 1982.894072][T12848] bridge203: port 1(vlan84) entered disabled state
[ 1982.922499][T12848] device bridge204 entered promiscuous mode
[ 1982.960806][T12870] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1982.997536][T12848] bridge203: port 1(vlan84) entered blocking state
[ 1983.004167][T12848] bridge203: port 1(vlan84) entered forwarding state
[ 1983.012619][T12870] CPU: 1 PID: 12870 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1983.023054][T12870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1983.033111][T12870] Call Trace:
[ 1983.036391][T12870]  <TASK>
[ 1983.039316][T12870]  dump_stack_lvl+0xcd/0x134
[ 1983.043906][T12870]  dump_header+0x10b/0x85f
[ 1983.048319][T12870]  oom_kill_process.cold+0x10/0x15
[ 1983.053423][T12870]  out_of_memory+0x358/0x14a0
[ 1983.058096][T12870]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1983.063552][T12870]  ? __mod_timer+0x83c/0xe30
[ 1983.068138][T12870]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1983.073625][T12870]  ? lock_acquire+0x4fc/0x630
[ 1983.078300][T12870]  ? oom_killer_disable+0x270/0x270
[ 1983.083509][T12870]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1983.088982][T12870]  ? lock_release+0x5cb/0x810
[ 1983.093663][T12870]  ? rcu_read_unlock+0x9/0x60
[ 1983.098343][T12870]  ? lock_downgrade+0x6e0/0x6e0
[ 1983.103196][T12870]  mem_cgroup_out_of_memory+0x206/0x270
[ 1983.108751][T12870]  ? mem_cgroup_margin+0x130/0x130
[ 1983.113863][T12870]  ? lock_downgrade+0x6e0/0x6e0
[ 1983.118726][T12870]  try_charge_memcg+0xef8/0x12f0
[ 1983.123677][T12870]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1983.129667][T12870]  ? lock_release+0x5cb/0x810
[ 1983.134341][T12870]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1983.140070][T12870]  ? lock_downgrade+0x6e0/0x6e0
[ 1983.144936][T12870]  ? lock_release+0x5cb/0x810
[ 1983.149618][T12870]  ? rcu_read_unlock+0x9/0x60
[ 1983.154298][T12870]  ? lock_downgrade+0x6e0/0x6e0
[ 1983.159146][T12870]  ? lock_release+0x5cb/0x810
[ 1983.163826][T12870]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1983.169386][T12870]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 1983.175546][T12870]  copy_process+0x15ed/0x7190
[ 1983.180225][T12870]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1983.185691][T12870]  ? lock_release+0x5cb/0x810
[ 1983.190364][T12870]  ? psi_task_change+0x1bb/0x2f0
[ 1983.195306][T12870]  ? lock_downgrade+0x6e0/0x6e0
[ 1983.200154][T12870]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1983.205620][T12870]  ? lock_acquire+0x4fc/0x630
[ 1983.210296][T12870]  ? __cleanup_sighand+0xb0/0xb0
[ 1983.215234][T12870]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1983.220700][T12870]  ? lock_release+0x5cb/0x810
[ 1983.225376][T12870]  ? psi_memstall_leave+0x170/0x250
[ 1983.230583][T12870]  ? lock_repin_lock+0x350/0x350
[ 1983.235518][T12870]  kernel_clone+0xe7/0x980
[ 1983.239935][T12870]  ? lock_release+0x810/0x810
[ 1983.244609][T12870]  ? create_io_thread+0xe0/0xe0
[ 1983.249462][T12870]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 1983.255710][T12870]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1983.261177][T12870]  ? lock_acquire+0x4fc/0x630
[ 1983.265853][T12870]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1983.271323][T12870]  ? lock_release+0x5cb/0x810
[ 1983.275997][T12870]  ? __ct_user_exit+0xff/0x150
[ 1983.280763][T12870]  ? lock_downgrade+0x6e0/0x6e0
[ 1983.285615][T12870]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 1983.291173][T12870]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 1983.297078][T12870]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1983.302970][T12870]  ? trace_hardirqs_on+0x2d/0x160
[ 1983.307995][T12870]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1983.313889][T12870]  do_int80_syscall_32+0x46/0x90
[ 1983.318830][T12870]  entry_INT80_compat+0x8b/0x90
[ 1983.323696][T12870] RIP: 0023:0xf6e5ba74
[ 1983.327759][T12870] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
17:37:41 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xffff0300, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1983.347365][T12870] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 1983.355782][T12870] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 1983.363750][T12870] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 1983.371719][T12870] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 1983.379691][T12870] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1983.387674][T12870] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1983.395660][T12870]  </TASK>
[ 1983.429094][T12855] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1983.441053][T12870] memory: usage 307200kB, limit 307200kB, failcnt 43080
[ 1983.451121][T12870] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1983.458930][T12870] Memory cgroup stats for /syz2:
[ 1983.459058][T12870] anon 94208
[ 1983.459058][T12870] file 266240
[ 1983.459058][T12870] kernel 314195968
[ 1983.459058][T12870] kernel_stack 32768
[ 1983.459058][T12870] pagetables 65536
[ 1983.459058][T12870] sec_pagetables 0
[ 1983.459058][T12870] percpu 5359968
[ 1983.459058][T12870] sock 0
[ 1983.459058][T12870] vmalloc 8192
[ 1983.459058][T12870] shmem 266240
[ 1983.459058][T12870] zswap 0
[ 1983.459058][T12870] zswapped 0
[ 1983.459058][T12870] file_mapped 266240
[ 1983.459058][T12870] file_dirty 0
[ 1983.459058][T12870] file_writeback 0
[ 1983.459058][T12870] swapcached 0
[ 1983.459058][T12870] anon_thp 0
[ 1983.459058][T12870] file_thp 0
[ 1983.459058][T12870] shmem_thp 0
[ 1983.459058][T12870] inactive_anon 94208
[ 1983.459058][T12870] active_anon 266240
[ 1983.459058][T12870] inactive_file 0
[ 1983.459058][T12870] active_file 0
[ 1983.459058][T12870] unevictable 0
[ 1983.459058][T12870] slab_reclaimable 10296
[ 1983.459058][T12870] slab_unreclaimable 308675048
[ 1983.558062][T12855] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1983.617426][T12856] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1983.645354][T12870] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12870,uid=0
17:37:42 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x0, 0x2400, 0x0, 0x0, 0x5000000)

17:37:42 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe70, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1983.679957][T12870] Memory cgroup out of memory: Killed process 12870 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1983.742034][T12859] bridge262: port 1(vlan100) entered blocking state
[ 1983.750790][T12859] bridge262: port 1(vlan100) entered disabled state
[ 1983.754221][T12880] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1983.762939][T12859] device bridge263 entered promiscuous mode
[ 1983.793257][T12859] bridge262: port 1(vlan100) entered blocking state
[ 1983.799965][T12859] bridge262: port 1(vlan100) entered forwarding state
[ 1983.822199][T12880] CPU: 1 PID: 12880 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1983.832740][T12880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1983.842810][T12880] Call Trace:
[ 1983.846106][T12880]  <TASK>
[ 1983.849049][T12880]  dump_stack_lvl+0xcd/0x134
[ 1983.853671][T12880]  dump_header+0x10b/0x85f
[ 1983.858118][T12880]  oom_kill_process.cold+0x10/0x15
[ 1983.863254][T12880]  out_of_memory+0x358/0x14a0
[ 1983.867957][T12880]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1983.873421][T12880]  ? __mod_timer+0x83c/0xe30
[ 1983.878017][T12880]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1983.883486][T12880]  ? lock_acquire+0x4fc/0x630
[ 1983.888166][T12880]  ? oom_killer_disable+0x270/0x270
[ 1983.893379][T12880]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1983.898954][T12880]  ? lock_release+0x5cb/0x810
[ 1983.903638][T12880]  ? rcu_read_unlock+0x9/0x60
[ 1983.908319][T12880]  ? lock_downgrade+0x6e0/0x6e0
[ 1983.913174][T12880]  mem_cgroup_out_of_memory+0x206/0x270
[ 1983.918744][T12880]  ? mem_cgroup_margin+0x130/0x130
[ 1983.923853][T12880]  ? lock_downgrade+0x6e0/0x6e0
[ 1983.928754][T12880]  try_charge_memcg+0xef8/0x12f0
[ 1983.933695][T12880]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1983.939682][T12880]  ? lock_release+0x5cb/0x810
[ 1983.944362][T12880]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1983.950085][T12880]  ? lock_downgrade+0x6e0/0x6e0
[ 1983.954942][T12880]  ? lock_release+0x5cb/0x810
[ 1983.959644][T12880]  ? rcu_read_unlock+0x9/0x60
[ 1983.964344][T12880]  ? lock_downgrade+0x6e0/0x6e0
[ 1983.969194][T12880]  ? memcg_slab_post_alloc_hook+0x249/0x480
[ 1983.975103][T12880]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1983.980673][T12880]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 1983.986831][T12880]  copy_process+0x73e/0x7190
[ 1983.991421][T12880]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1983.996893][T12880]  ? lock_release+0x5cb/0x810
[ 1984.001575][T12880]  ? psi_task_change+0x1bb/0x2f0
[ 1984.006543][T12880]  ? lock_downgrade+0x6e0/0x6e0
[ 1984.011407][T12880]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1984.016868][T12880]  ? lock_acquire+0x4fc/0x630
[ 1984.021546][T12880]  ? __cleanup_sighand+0xb0/0xb0
[ 1984.026480][T12880]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1984.031942][T12880]  ? lock_release+0x5cb/0x810
[ 1984.036613][T12880]  ? psi_memstall_leave+0x170/0x250
[ 1984.041812][T12880]  ? lock_repin_lock+0x350/0x350
[ 1984.046751][T12880]  kernel_clone+0xe7/0x980
[ 1984.051168][T12880]  ? lock_release+0x810/0x810
[ 1984.055842][T12880]  ? create_io_thread+0xe0/0xe0
[ 1984.060694][T12880]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 1984.066937][T12880]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1984.072402][T12880]  ? lock_acquire+0x4fc/0x630
[ 1984.077080][T12880]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1984.082543][T12880]  ? lock_release+0x5cb/0x810
[ 1984.087219][T12880]  ? __ct_user_exit+0xff/0x150
[ 1984.091989][T12880]  ? lock_downgrade+0x6e0/0x6e0
[ 1984.096852][T12880]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 1984.102406][T12880]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 1984.108307][T12880]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1984.114204][T12880]  ? trace_hardirqs_on+0x2d/0x160
[ 1984.119232][T12880]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1984.125130][T12880]  do_int80_syscall_32+0x46/0x90
[ 1984.130086][T12880]  entry_INT80_compat+0x8b/0x90
[ 1984.134946][T12880] RIP: 0023:0xf6e5ba74
[ 1984.139028][T12880] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 1984.158642][T12880] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 1984.167069][T12880] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 1984.175153][T12880] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 1984.183140][T12880] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
17:37:42 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1984.191117][T12880] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1984.199089][T12880] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1984.207066][T12880]  </TASK>
[ 1984.220286][T12877] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
17:37:42 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0xbd3)

[ 1984.255498][T12877] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1984.425291][T12880] memory: usage 307184kB, limit 307200kB, failcnt 43149
[ 1984.432268][T12880] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1984.440149][T12880] Memory cgroup stats for /syz2
[ 1984.459914][T12879] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1984.595480][T12880] :
[ 1984.595637][T12880] anon 94208
[ 1984.595637][T12880] file 266240
[ 1984.595637][T12880] kernel 314195968
[ 1984.595637][T12880] kernel_stack 32768
[ 1984.595637][T12880] pagetables 65536
[ 1984.595637][T12880] sec_pagetables 0
[ 1984.595637][T12880] percpu 5359968
[ 1984.595637][T12880] sock 0
[ 1984.595637][T12880] vmalloc 8192
[ 1984.595637][T12880] shmem 266240
[ 1984.595637][T12880] zswap 0
[ 1984.595637][T12880] zswapped 0
[ 1984.595637][T12880] file_mapped 266240
[ 1984.595637][T12880] file_dirty 0
17:37:43 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x0, 0x0, 0x0, 0x5000000)

[ 1984.595637][T12880] file_writeback 0
[ 1984.595637][T12880] swapcached 0
[ 1984.595637][T12880] anon_thp 0
[ 1984.595637][T12880] file_thp 0
[ 1984.595637][T12880] shmem_thp 0
[ 1984.595637][T12880] inactive_anon 94208
[ 1984.595637][T12880] active_anon 266240
[ 1984.595637][T12880] inactive_file 0
[ 1984.595637][T12880] active_file 0
[ 1984.595637][T12880] unevictable 0
[ 1984.595637][T12880] slab_reclaimable 10296
[ 1984.595637][T12880] slab_unreclaimable 308672880
[ 1984.767147][T12880] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12880,uid=0
[ 1984.862637][T12880] Memory cgroup out of memory: Killed process 12880 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:43 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0xbd2)

[ 1984.965998][T12883] bridge205: port 1(vlan85) entered blocking state
17:37:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe74, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1985.144640][T12883] bridge205: port 1(vlan85) entered disabled state
[ 1985.185509][T12883] device bridge206 entered promiscuous mode
[ 1985.205169][T12883] bridge205: port 1(vlan85) entered blocking state
[ 1985.211750][T12883] bridge205: port 1(vlan85) entered forwarding state
17:37:43 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:43 executing program 3:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1985.252356][T12899] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1985.320549][T12899] CPU: 1 PID: 12899 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1985.331021][T12899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1985.341095][T12899] Call Trace:
[ 1985.344389][T12899]  <TASK>
[ 1985.347337][T12899]  dump_stack_lvl+0xcd/0x134
[ 1985.351965][T12899]  dump_header+0x10b/0x85f
[ 1985.356415][T12899]  oom_kill_process.cold+0x10/0x15
[ 1985.361562][T12899]  out_of_memory+0x358/0x14a0
[ 1985.366278][T12899]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1985.371786][T12899]  ? __mod_timer+0x83c/0xe30
[ 1985.376413][T12899]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1985.381920][T12899]  ? lock_acquire+0x4fc/0x630
[ 1985.386635][T12899]  ? oom_killer_disable+0x270/0x270
[ 1985.391879][T12899]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1985.397376][T12899]  ? lock_release+0x5cb/0x810
[ 1985.402050][T12899]  ? rcu_read_unlock+0x9/0x60
[ 1985.406721][T12899]  ? lock_downgrade+0x6e0/0x6e0
[ 1985.411569][T12899]  mem_cgroup_out_of_memory+0x206/0x270
[ 1985.417116][T12899]  ? mem_cgroup_margin+0x130/0x130
[ 1985.422221][T12899]  ? lock_downgrade+0x6e0/0x6e0
[ 1985.427068][T12899]  try_charge_memcg+0xef8/0x12f0
[ 1985.432015][T12899]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1985.438002][T12899]  ? lock_acquire+0x4fc/0x630
[ 1985.442675][T12899]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1985.448403][T12899]  ? lock_downgrade+0x6e0/0x6e0
[ 1985.453262][T12899]  ? lock_release+0x5cb/0x810
[ 1985.457944][T12899]  ? obj_cgroup_charge+0x244/0x5e0
[ 1985.463065][T12899]  ? lock_downgrade+0x6e0/0x6e0
[ 1985.467917][T12899]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1985.473385][T12899]  obj_cgroup_charge+0x2ab/0x5e0
[ 1985.478332][T12899]  kmem_cache_alloc_lru+0x13d/0x730
[ 1985.483531][T12899]  ? sock_alloc_inode+0x23/0x1d0
[ 1985.488473][T12899]  sock_alloc_inode+0x23/0x1d0
[ 1985.493235][T12899]  ? sock_free_inode+0x20/0x20
[ 1985.498005][T12899]  alloc_inode+0x61/0x230
[ 1985.502333][T12899]  new_inode_pseudo+0x13/0x80
[ 1985.507011][T12899]  sock_alloc+0x3c/0x260
[ 1985.511252][T12899]  __sock_create+0xb9/0x790
[ 1985.515769][T12899]  ? lock_downgrade+0x6e0/0x6e0
[ 1985.520639][T12899]  __sys_socket+0x12f/0x240
[ 1985.525151][T12899]  ? __sys_socket_file+0x1f0/0x1f0
[ 1985.530280][T12899]  ? vtime_user_exit+0x218/0x6c0
[ 1985.535226][T12899]  __ia32_sys_socket+0x6f/0xb0
[ 1985.540004][T12899]  ? syscall_enter_from_user_mode_prepare+0x19/0x80
[ 1985.546590][T12899]  __do_fast_syscall_32+0x65/0xf0
[ 1985.551617][T12899]  do_fast_syscall_32+0x2f/0x70
[ 1985.556470][T12899]  entry_SYSENTER_compat_after_hwframe+0x70/0x82
[ 1985.562800][T12899] RIP: 0023:0xf7f51549
[ 1985.566862][T12899] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1985.586468][T12899] RSP: 002b:00000000f7f4c5cc EFLAGS: 00000296 ORIG_RAX: 0000000000000167
[ 1985.594881][T12899] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000000003
[ 1985.602869][T12899] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1985.610834][T12899] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1985.618797][T12899] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1985.626933][T12899] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1985.634908][T12899]  </TASK>
[ 1985.681680][T12905] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1985.745414][T12899] memory: usage 307200kB, limit 307200kB, failcnt 43245
[ 1985.761165][T12899] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1985.785295][T12899] Memory cgroup stats for /syz2:
[ 1985.785741][T12899] anon 98304
[ 1985.785741][T12899] file 266240
[ 1985.785741][T12899] kernel 314195968
[ 1985.785741][T12899] kernel_stack 65536
[ 1985.785741][T12899] pagetables 65536
[ 1985.785741][T12899] sec_pagetables 0
[ 1985.785741][T12899] percpu 5359968
[ 1985.785741][T12899] sock 0
[ 1985.785741][T12899] vmalloc 8192
[ 1985.785741][T12899] shmem 266240
[ 1985.785741][T12899] zswap 0
[ 1985.785741][T12899] zswapped 0
[ 1985.785741][T12899] file_mapped 266240
[ 1985.785741][T12899] file_dirty 0
[ 1985.785741][T12899] file_writeback 0
[ 1985.785741][T12899] swapcached 0
[ 1985.785741][T12899] anon_thp 0
[ 1985.785741][T12899] file_thp 0
[ 1985.785741][T12899] shmem_thp 0
[ 1985.785741][T12899] inactive_anon 98304
[ 1985.785741][T12899] active_anon 266240
[ 1985.785741][T12899] inactive_file 0
[ 1985.785741][T12899] active_file 0
[ 1985.785741][T12899] unevictable 0
[ 1985.785741][T12899] slab_reclaimable 10296
[ 1985.785741][T12899] slab_unreclaimable 308662248
17:37:44 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfeffffff, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:44 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfeff0000, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1986.020522][T12908] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1986.145315][T12899] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12898,uid=0
[ 1986.170858][T12908] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
17:37:44 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe78, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:44 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:44 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100))
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
r4 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
syz_io_uring_setup(0x222, &(0x7f0000000080)={0x0, 0x85f8, 0x20, 0x1, 0x225, 0x0, r5}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
dup(r4)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1986.213341][T12899] Memory cgroup out of memory: Killed process 12898 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1986.318704][T12911] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
[ 1986.332743][T12916] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1986.376786][T12911] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1986.446614][T12916] CPU: 1 PID: 12916 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1986.457149][T12916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1986.467237][T12916] Call Trace:
[ 1986.470517][T12916]  <TASK>
[ 1986.473445][T12916]  dump_stack_lvl+0xcd/0x134
[ 1986.478045][T12916]  dump_header+0x10b/0x85f
[ 1986.482463][T12916]  oom_kill_process.cold+0x10/0x15
[ 1986.487571][T12916]  out_of_memory+0x358/0x14a0
[ 1986.492251][T12916]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1986.497803][T12916]  ? __mod_timer+0x83c/0xe30
[ 1986.502394][T12916]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1986.507858][T12916]  ? lock_acquire+0x4fc/0x630
[ 1986.512528][T12916]  ? oom_killer_disable+0x270/0x270
[ 1986.517728][T12916]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1986.523198][T12916]  ? lock_release+0x5cb/0x810
[ 1986.527877][T12916]  ? rcu_read_unlock+0x9/0x60
[ 1986.532551][T12916]  ? lock_downgrade+0x6e0/0x6e0
[ 1986.537392][T12916]  mem_cgroup_out_of_memory+0x206/0x270
[ 1986.542930][T12916]  ? mem_cgroup_margin+0x130/0x130
[ 1986.548039][T12916]  ? lock_downgrade+0x6e0/0x6e0
[ 1986.552898][T12916]  try_charge_memcg+0xef8/0x12f0
[ 1986.557863][T12916]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1986.563873][T12916]  ? lock_release+0x5cb/0x810
[ 1986.568550][T12916]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1986.574268][T12916]  ? lock_downgrade+0x6e0/0x6e0
[ 1986.579115][T12916]  ? lock_release+0x5cb/0x810
[ 1986.583782][T12916]  ? rcu_read_unlock+0x9/0x60
[ 1986.588456][T12916]  ? lock_downgrade+0x6e0/0x6e0
[ 1986.593297][T12916]  ? lock_release+0x5cb/0x810
[ 1986.597971][T12916]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1986.603566][T12916]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 1986.609727][T12916]  copy_process+0x15ed/0x7190
[ 1986.614402][T12916]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1986.619880][T12916]  ? lock_release+0x5cb/0x810
[ 1986.624560][T12916]  ? psi_task_change+0x1bb/0x2f0
[ 1986.629513][T12916]  ? lock_downgrade+0x6e0/0x6e0
[ 1986.634355][T12916]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1986.639818][T12916]  ? lock_acquire+0x4fc/0x630
[ 1986.644498][T12916]  ? __cleanup_sighand+0xb0/0xb0
[ 1986.649455][T12916]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1986.654925][T12916]  ? lock_release+0x5cb/0x810
[ 1986.659610][T12916]  ? psi_memstall_leave+0x170/0x250
[ 1986.664816][T12916]  ? lock_repin_lock+0x350/0x350
[ 1986.669759][T12916]  kernel_clone+0xe7/0x980
[ 1986.674170][T12916]  ? lock_release+0x810/0x810
[ 1986.678841][T12916]  ? create_io_thread+0xe0/0xe0
[ 1986.683685][T12916]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 1986.689923][T12916]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1986.695388][T12916]  ? lock_acquire+0x4fc/0x630
[ 1986.700059][T12916]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1986.705520][T12916]  ? lock_release+0x5cb/0x810
[ 1986.710187][T12916]  ? __ct_user_exit+0xff/0x150
[ 1986.714952][T12916]  ? lock_downgrade+0x6e0/0x6e0
[ 1986.719808][T12916]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 1986.725365][T12916]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 1986.731261][T12916]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1986.737146][T12916]  ? trace_hardirqs_on+0x2d/0x160
[ 1986.742162][T12916]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1986.748052][T12916]  do_int80_syscall_32+0x46/0x90
[ 1986.752991][T12916]  entry_INT80_compat+0x8b/0x90
[ 1986.757842][T12916] RIP: 0023:0xf6e5ba74
[ 1986.761902][T12916] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 1986.781508][T12916] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 1986.789921][T12916] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 1986.797891][T12916] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 1986.805853][T12916] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 1986.813812][T12916] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1986.821772][T12916] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1986.829740][T12916]  </TASK>
[ 1986.868523][T12909] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1986.925317][T12916] memory: usage 307192kB, limit 307200kB, failcnt 43317
[ 1986.932834][T12916] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1986.940492][T12916] Memory cgroup stats for /syz2:
[ 1986.940619][T12916] anon 94208
[ 1986.940619][T12916] file 266240
[ 1986.940619][T12916] kernel 314204160
[ 1986.940619][T12916] kernel_stack 32768
[ 1986.940619][T12916] pagetables 65536
[ 1986.940619][T12916] sec_pagetables 0
[ 1986.940619][T12916] percpu 5359968
[ 1986.940619][T12916] sock 0
[ 1986.940619][T12916] vmalloc 8192
[ 1986.940619][T12916] shmem 266240
[ 1986.940619][T12916] zswap 0
[ 1986.940619][T12916] zswapped 0
[ 1986.940619][T12916] file_mapped 266240
[ 1986.940619][T12916] file_dirty 0
[ 1986.940619][T12916] file_writeback 0
[ 1986.940619][T12916] swapcached 0
[ 1986.940619][T12916] anon_thp 0
[ 1986.940619][T12916] file_thp 0
[ 1986.940619][T12916] shmem_thp 0
[ 1986.940619][T12916] inactive_anon 94208
[ 1986.940619][T12916] active_anon 266240
[ 1986.940619][T12916] inactive_file 0
[ 1986.940619][T12916] active_file 0
[ 1986.940619][T12916] unevictable 0
[ 1986.940619][T12916] slab_reclaimable 10296
[ 1986.940619][T12916] slab_unreclaimable 308672880
[ 1987.081207][T12912] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
17:37:45 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:45 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100))
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = dup2(r0, r3)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r5, 0xc01064bd, &(0x7f0000000100)={&(0x7f0000000040)='d', 0x1, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r5, 0xc01064ac, &(0x7f0000000140)={r6, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r4, 0xc00464be, &(0x7f0000000240)={r6})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x73, &(0x7f0000000080)={<r7=>0x0, 0x9, 0x30, 0x101, 0x6e6}, &(0x7f00000000c0)=0x18)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000180)=@assoc_value={r7, 0x8001}, 0x8)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f00000001c0)={r7, 0x1, 0x30, 0x100000001, 0x8}, &(0x7f0000000200)=0x18)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1987.182066][T12915] bridge264: port 1(vlan101) entered blocking state
[ 1987.207989][T12915] bridge264: port 1(vlan101) entered disabled state
17:37:45 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe7c, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1987.236589][T12916] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12916,uid=0
[ 1987.238346][T12915] device bridge265 entered promiscuous mode
[ 1987.267170][T12916] Memory cgroup out of memory: Killed process 12916 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1987.348876][T12915] bridge264: port 1(vlan101) entered blocking state
[ 1987.355628][T12915] bridge264: port 1(vlan101) entered forwarding state
17:37:46 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfe0f0000, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1987.463875][T12929] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1987.499089][T12920] bridge585: port 1(vlan175) entered blocking state
[ 1987.540790][T12920] bridge585: port 1(vlan175) entered disabled state
[ 1987.583138][T12920] device bridge586 entered promiscuous mode
[ 1987.622793][T12920] bridge585: port 1(vlan175) entered blocking state
[ 1987.629471][T12920] bridge585: port 1(vlan175) entered forwarding state
17:37:46 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfeff0000, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1987.699531][T12935] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1987.724244][T12935] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1987.820113][T12936] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1987.836120][T12929] CPU: 0 PID: 12929 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1987.846566][T12929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1987.856625][T12929] Call Trace:
[ 1987.859898][T12929]  <TASK>
[ 1987.862821][T12929]  dump_stack_lvl+0xcd/0x134
[ 1987.867412][T12929]  dump_header+0x10b/0x85f
[ 1987.871820][T12929]  oom_kill_process.cold+0x10/0x15
[ 1987.876922][T12929]  out_of_memory+0x358/0x14a0
[ 1987.881593][T12929]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1987.887061][T12929]  ? __mod_timer+0x83c/0xe30
[ 1987.891681][T12929]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1987.897169][T12929]  ? lock_acquire+0x4fc/0x630
[ 1987.901850][T12929]  ? oom_killer_disable+0x270/0x270
[ 1987.907046][T12929]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1987.912502][T12929]  ? lock_release+0x5cb/0x810
[ 1987.917176][T12929]  ? rcu_read_unlock+0x9/0x60
[ 1987.921846][T12929]  ? lock_downgrade+0x6e0/0x6e0
[ 1987.926688][T12929]  mem_cgroup_out_of_memory+0x206/0x270
[ 1987.932225][T12929]  ? mem_cgroup_margin+0x130/0x130
[ 1987.937339][T12929]  ? lock_downgrade+0x6e0/0x6e0
[ 1987.942219][T12929]  try_charge_memcg+0xef8/0x12f0
[ 1987.947177][T12929]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1987.953161][T12929]  ? lock_release+0x5cb/0x810
[ 1987.957829][T12929]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1987.963544][T12929]  ? lock_downgrade+0x6e0/0x6e0
[ 1987.968385][T12929]  ? lock_release+0x5cb/0x810
[ 1987.973051][T12929]  ? rcu_read_unlock+0x9/0x60
[ 1987.977719][T12929]  ? lock_downgrade+0x6e0/0x6e0
[ 1987.982564][T12929]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1987.988122][T12929]  __alloc_pages+0x1ef/0x5a0
[ 1987.992737][T12929]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1987.999493][T12929]  ? lock_release+0x5cb/0x810
[ 1988.004162][T12929]  ? psi_task_change+0x1bb/0x2f0
[ 1988.009102][T12929]  alloc_pages+0x1a6/0x270
[ 1988.013539][T12929]  pte_alloc_one+0x16/0x230
[ 1988.018039][T12929]  __pte_alloc+0x69/0x250
[ 1988.022355][T12929]  ? pmd_install+0x150/0x150
[ 1988.026933][T12929]  ? hugepage_vma_check+0x24a/0x830
[ 1988.032126][T12929]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1988.037600][T12929]  __handle_mm_fault+0x3527/0x3a40
[ 1988.042727][T12929]  ? lock_acquire+0x4fc/0x630
[ 1988.047397][T12929]  ? vm_iomap_memory+0x180/0x180
[ 1988.052341][T12929]  handle_mm_fault+0x1c8/0x780
[ 1988.057098][T12929]  do_user_addr_fault+0x475/0x1210
[ 1988.062209][T12929]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1988.067666][T12929]  exc_page_fault+0x94/0x170
[ 1988.072249][T12929]  asm_exc_page_fault+0x22/0x30
[ 1988.077094][T12929] RIP: 0023:0xf6e1cd58
[ 1988.081150][T12929] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1988.100755][T12929] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1988.106817][T12929] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1988.114777][T12929] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1988.122741][T12929] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1988.130711][T12929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1988.138682][T12929] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1988.146651][T12929]  </TASK>
17:37:46 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100))
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
r4 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
syz_io_uring_setup(0x222, &(0x7f0000000080)={0x0, 0x85f8, 0x20, 0x1, 0x225, 0x0, r5}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
dup(r4)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:37:46 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1988.184256][T12937] bridge266: port 1(vlan102) entered blocking state
[ 1988.193283][T12937] bridge266: port 1(vlan102) entered disabled state
[ 1988.206947][T12937] device bridge267 entered promiscuous mode
[ 1988.271452][T12937] bridge266: port 1(vlan102) entered blocking state
[ 1988.278140][T12937] bridge266: port 1(vlan102) entered forwarding state
[ 1988.395432][T12929] memory: usage 307188kB, limit 307200kB, failcnt 43425
[ 1988.402619][T12929] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1988.410416][T12929] Memory cgroup stats for /syz2:
[ 1988.410606][T12929] anon 98304
[ 1988.410606][T12929] file 266240
[ 1988.410606][T12929] kernel 314195968
[ 1988.410606][T12929] kernel_stack 65536
[ 1988.410606][T12929] pagetables 65536
[ 1988.410606][T12929] sec_pagetables 0
[ 1988.410606][T12929] percpu 5359968
[ 1988.410606][T12929] sock 0
[ 1988.410606][T12929] vmalloc 8192
[ 1988.410606][T12929] shmem 266240
[ 1988.410606][T12929] zswap 0
[ 1988.410606][T12929] zswapped 0
[ 1988.410606][T12929] file_mapped 266240
[ 1988.410606][T12929] file_dirty 0
[ 1988.410606][T12929] file_writeback 0
[ 1988.410606][T12929] swapcached 0
[ 1988.410606][T12929] anon_thp 0
[ 1988.410606][T12929] file_thp 0
[ 1988.410606][T12929] shmem_thp 0
[ 1988.410606][T12929] inactive_anon 98304
[ 1988.410606][T12929] active_anon 266240
[ 1988.410606][T12929] inactive_file 0
[ 1988.410606][T12929] active_file 0
[ 1988.410606][T12929] unevictable 0
17:37:47 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfdb60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1988.410606][T12929] slab_reclaimable 10296
[ 1988.410606][T12929] slab_unreclaimable 308661944
[ 1988.627974][T12939] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
[ 1988.664213][T12939] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1988.699928][T12929] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12929,uid=0
[ 1988.749359][T12940] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
17:37:47 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfbb60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1988.785698][T12929] Memory cgroup out of memory: Killed process 12929 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1988.789292][T12941] bridge587: port 1(vlan176) entered blocking state
17:37:47 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe80, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1988.893320][T12941] bridge587: port 1(vlan176) entered disabled state
[ 1988.937409][T12941] device bridge588 entered promiscuous mode
[ 1988.975500][T12956] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1988.975729][T12941] bridge587: port 1(vlan176) entered blocking state
[ 1988.994310][T12941] bridge587: port 1(vlan176) entered forwarding state
[ 1989.012239][T12956] CPU: 1 PID: 12956 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1989.022680][T12956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1989.032725][T12956] Call Trace:
[ 1989.036003][T12956]  <TASK>
[ 1989.038941][T12956]  dump_stack_lvl+0xcd/0x134
[ 1989.043534][T12956]  dump_header+0x10b/0x85f
[ 1989.047952][T12956]  oom_kill_process.cold+0x10/0x15
[ 1989.053058][T12956]  out_of_memory+0x358/0x14a0
[ 1989.057736][T12956]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1989.063195][T12956]  ? __mod_timer+0x83c/0xe30
[ 1989.067784][T12956]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1989.073242][T12956]  ? lock_acquire+0x4fc/0x630
[ 1989.077924][T12956]  ? oom_killer_disable+0x270/0x270
[ 1989.083142][T12956]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1989.088625][T12956]  ? lock_release+0x5cb/0x810
[ 1989.093314][T12956]  ? rcu_read_unlock+0x9/0x60
[ 1989.098003][T12956]  ? lock_downgrade+0x6e0/0x6e0
[ 1989.102866][T12956]  mem_cgroup_out_of_memory+0x206/0x270
[ 1989.108428][T12956]  ? mem_cgroup_margin+0x130/0x130
[ 1989.113551][T12956]  ? lock_downgrade+0x6e0/0x6e0
[ 1989.118414][T12956]  try_charge_memcg+0xef8/0x12f0
[ 1989.123367][T12956]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1989.129359][T12956]  ? lock_release+0x5cb/0x810
[ 1989.134039][T12956]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1989.139769][T12956]  ? lock_downgrade+0x6e0/0x6e0
[ 1989.144628][T12956]  ? lock_release+0x5cb/0x810
[ 1989.149329][T12956]  ? rcu_read_unlock+0x9/0x60
[ 1989.154025][T12956]  ? lock_downgrade+0x6e0/0x6e0
[ 1989.158902][T12956]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1989.164477][T12956]  __alloc_pages+0x1ef/0x5a0
[ 1989.169090][T12956]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1989.175867][T12956]  ? lock_release+0x5cb/0x810
[ 1989.180554][T12956]  ? psi_task_change+0x1bb/0x2f0
[ 1989.185507][T12956]  alloc_pages+0x1a6/0x270
[ 1989.189945][T12956]  pte_alloc_one+0x16/0x230
[ 1989.194462][T12956]  __pte_alloc+0x69/0x250
[ 1989.198795][T12956]  ? pmd_install+0x150/0x150
[ 1989.203388][T12956]  ? hugepage_vma_check+0x24a/0x830
[ 1989.208598][T12956]  __handle_mm_fault+0x3527/0x3a40
[ 1989.213718][T12956]  ? lock_acquire+0x4fc/0x630
[ 1989.218399][T12956]  ? vm_iomap_memory+0x180/0x180
[ 1989.223342][T12956]  ? lock_release+0x810/0x810
[ 1989.228030][T12956]  handle_mm_fault+0x1c8/0x780
[ 1989.232802][T12956]  do_user_addr_fault+0x475/0x1210
[ 1989.237924][T12956]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1989.243398][T12956]  exc_page_fault+0x94/0x170
[ 1989.247991][T12956]  asm_exc_page_fault+0x22/0x30
[ 1989.252855][T12956] RIP: 0023:0xf6e1cd58
[ 1989.256923][T12956] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1989.276535][T12956] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
17:37:47 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfeff0000, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1989.282606][T12956] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1989.290579][T12956] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1989.298551][T12956] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1989.306527][T12956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1989.314505][T12956] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1989.322487][T12956]  </TASK>
[ 1989.363378][T12950] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 1989.382056][T12950] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
17:37:48 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1989.427206][T12951] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1989.488295][T12956] memory: usage 307188kB, limit 307200kB, failcnt 43521
[ 1989.501007][T12956] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1989.527628][T12954] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1989.553679][T12954] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1989.570047][T12956] Memory cgroup stats for /syz2:
[ 1989.570242][T12956] anon 98304
[ 1989.570242][T12956] file 266240
[ 1989.570242][T12956] kernel 314195968
[ 1989.570242][T12956] kernel_stack 65536
[ 1989.570242][T12956] pagetables 65536
[ 1989.570242][T12956] sec_pagetables 0
[ 1989.570242][T12956] percpu 5359968
[ 1989.570242][T12956] sock 0
[ 1989.570242][T12956] vmalloc 8192
[ 1989.570242][T12956] shmem 266240
[ 1989.570242][T12956] zswap 0
[ 1989.570242][T12956] zswapped 0
[ 1989.570242][T12956] file_mapped 266240
[ 1989.570242][T12956] file_dirty 0
[ 1989.570242][T12956] file_writeback 0
[ 1989.570242][T12956] swapcached 0
[ 1989.570242][T12956] anon_thp 0
[ 1989.570242][T12956] file_thp 0
[ 1989.570242][T12956] shmem_thp 0
[ 1989.570242][T12956] inactive_anon 98304
[ 1989.570242][T12956] active_anon 266240
[ 1989.570242][T12956] inactive_file 0
[ 1989.570242][T12956] active_file 0
[ 1989.570242][T12956] unevictable 0
[ 1989.570242][T12956] slab_reclaimable 10296
[ 1989.570242][T12956] slab_unreclaimable 308661944
[ 1989.664651][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1989.723983][T12957] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1989.757212][T12956] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12956,uid=0
[ 1989.779364][T12956] Memory cgroup out of memory: Killed process 12956 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:48 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe84, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:48 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfab60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:48 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfab60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1989.988272][T12959] bridge268: port 1(vlan103) entered blocking state
[ 1989.996976][T12969] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1990.031572][T12959] bridge268: port 1(vlan103) entered disabled state
[ 1990.044181][T12969] CPU: 0 PID: 12969 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1990.054644][T12969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1990.064725][T12969] Call Trace:
[ 1990.068022][T12969]  <TASK>
[ 1990.070970][T12969]  dump_stack_lvl+0xcd/0x134
[ 1990.075603][T12969]  dump_header+0x10b/0x85f
[ 1990.080052][T12969]  oom_kill_process.cold+0x10/0x15
[ 1990.085194][T12969]  out_of_memory+0x358/0x14a0
[ 1990.089907][T12969]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1990.095419][T12969]  ? __mod_timer+0x83c/0xe30
[ 1990.100048][T12969]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1990.104227][T12959] device bridge269 entered promiscuous mode
[ 1990.105532][T12969]  ? lock_acquire+0x4fc/0x630
[ 1990.105559][T12969]  ? oom_killer_disable+0x270/0x270
[ 1990.113733][T12959] bridge268: port 1(vlan103) entered blocking state
[ 1990.116106][T12969]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1990.116146][T12969]  ? lock_release+0x5cb/0x810
[ 1990.121379][T12959] bridge268: port 1(vlan103) entered forwarding state
[ 1990.127903][T12969]  ? rcu_read_unlock+0x9/0x60
[ 1990.127940][T12969]  ? lock_downgrade+0x6e0/0x6e0
[ 1990.154356][T12961] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
[ 1990.154364][T12969]  mem_cgroup_out_of_memory+0x206/0x270
[ 1990.167984][T12969]  ? mem_cgroup_margin+0x130/0x130
[ 1990.173104][T12969]  ? lock_downgrade+0x6e0/0x6e0
[ 1990.177958][T12969]  try_charge_memcg+0xef8/0x12f0
[ 1990.182914][T12969]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1990.188903][T12969]  ? lock_acquire+0x4fc/0x630
[ 1990.193583][T12969]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1990.199319][T12969]  ? lock_downgrade+0x6e0/0x6e0
[ 1990.204201][T12969]  ? lock_release+0x5cb/0x810
[ 1990.208878][T12969]  ? obj_cgroup_charge+0x244/0x5e0
[ 1990.213997][T12969]  ? lock_downgrade+0x6e0/0x6e0
[ 1990.218851][T12969]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1990.224339][T12969]  obj_cgroup_charge+0x2ab/0x5e0
[ 1990.229297][T12969]  kmem_cache_alloc_lru+0x13d/0x730
[ 1990.234498][T12969]  ? sock_alloc_inode+0x23/0x1d0
[ 1990.239446][T12969]  sock_alloc_inode+0x23/0x1d0
[ 1990.244213][T12969]  ? sock_free_inode+0x20/0x20
[ 1990.248993][T12969]  alloc_inode+0x61/0x230
[ 1990.253351][T12969]  new_inode_pseudo+0x13/0x80
[ 1990.258032][T12969]  sock_alloc+0x3c/0x260
[ 1990.262279][T12969]  __sock_create+0xb9/0x790
[ 1990.266784][T12969]  ? lock_downgrade+0x6e0/0x6e0
[ 1990.271631][T12969]  __sys_socket+0x12f/0x240
[ 1990.276135][T12969]  ? __sys_socket_file+0x1f0/0x1f0
[ 1990.281248][T12969]  ? vtime_user_exit+0x218/0x6c0
[ 1990.286196][T12969]  __ia32_sys_socket+0x6f/0xb0
[ 1990.290961][T12969]  ? syscall_enter_from_user_mode_prepare+0x19/0x80
[ 1990.297563][T12969]  __do_fast_syscall_32+0x65/0xf0
[ 1990.302628][T12969]  do_fast_syscall_32+0x2f/0x70
[ 1990.307493][T12969]  entry_SYSENTER_compat_after_hwframe+0x70/0x82
[ 1990.313842][T12969] RIP: 0023:0xf7f51549
[ 1990.317904][T12969] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1990.337508][T12969] RSP: 002b:00000000f7f4c5cc EFLAGS: 00000296 ORIG_RAX: 0000000000000167
[ 1990.345924][T12969] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000000003
[ 1990.353915][T12969] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1990.361889][T12969] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1990.369869][T12969] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
17:37:48 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0)={0x0, 0x0, 0x80}, &(0x7f0000eed000/0x4000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100))
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
fsmount(r4, 0x0, 0x0)
mmap(&(0x7f0000eee000/0x4000)=nil, 0x4000, 0x8, 0x40010, r4, 0x120ff000)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1990.377837][T12969] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1990.385809][T12969]  </TASK>
[ 1990.388875][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1990.470838][T12969] memory: usage 307200kB, limit 307200kB, failcnt 43612
[ 1990.478843][T12969] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1990.498906][T12969] Memory cgroup stats for /syz2:
[ 1990.499092][T12969] anon 98304
[ 1990.499092][T12969] file 266240
[ 1990.499092][T12969] kernel 314208256
[ 1990.499092][T12969] kernel_stack 65536
[ 1990.499092][T12969] pagetables 65536
[ 1990.499092][T12969] sec_pagetables 0
[ 1990.499092][T12969] percpu 5359968
[ 1990.499092][T12969] sock 0
[ 1990.499092][T12969] vmalloc 8192
[ 1990.499092][T12969] shmem 266240
[ 1990.499092][T12969] zswap 0
[ 1990.499092][T12969] zswapped 0
[ 1990.499092][T12969] file_mapped 266240
[ 1990.499092][T12969] file_dirty 0
[ 1990.499092][T12969] file_writeback 0
[ 1990.499092][T12969] swapcached 0
[ 1990.499092][T12969] anon_thp 0
[ 1990.499092][T12969] file_thp 0
[ 1990.499092][T12969] shmem_thp 0
[ 1990.499092][T12969] inactive_anon 61440
17:37:49 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1990.499092][T12969] active_anon 266240
[ 1990.499092][T12969] inactive_file 0
[ 1990.499092][T12969] active_file 0
[ 1990.499092][T12969] unevictable 0
[ 1990.499092][T12969] slab_reclaimable 10296
[ 1990.499092][T12969] slab_unreclaimable 308673344
[ 1990.592499][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1990.639935][T12965] bridge589: port 1(vlan177) entered blocking state
[ 1990.661467][T12965] bridge589: port 1(vlan177) entered disabled state
[ 1990.739340][T12965] device bridge590 entered promiscuous mode
[ 1990.777278][T12965] bridge589: port 1(vlan177) entered blocking state
[ 1990.783962][T12965] bridge589: port 1(vlan177) entered forwarding state
[ 1990.831374][T12971] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 1990.857209][T12969] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12968,uid=0
17:37:49 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf7b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1990.930740][T12969] Memory cgroup out of memory: Killed process 12968 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1990.957971][T12973] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
17:37:49 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe88, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1991.140201][T12976] bridge209: port 1(vlan87) entered blocking state
[ 1991.160949][T12976] bridge209: port 1(vlan87) entered disabled state
[ 1991.196259][T12976] device bridge210 entered promiscuous mode
[ 1991.219854][T12976] bridge209: port 1(vlan87) entered blocking state
[ 1991.226445][T12976] bridge209: port 1(vlan87) entered forwarding state
17:37:49 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfab60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1991.252868][T12991] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1991.333959][T12993] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 1991.344120][T12991] CPU: 0 PID: 12991 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1991.354557][T12991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1991.364604][T12991] Call Trace:
[ 1991.367875][T12991]  <TASK>
[ 1991.370800][T12991]  dump_stack_lvl+0xcd/0x134
[ 1991.375389][T12991]  dump_header+0x10b/0x85f
[ 1991.379798][T12991]  oom_kill_process.cold+0x10/0x15
[ 1991.384898][T12991]  out_of_memory+0x358/0x14a0
[ 1991.389569][T12991]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1991.395036][T12991]  ? __mod_timer+0x83c/0xe30
[ 1991.399654][T12991]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1991.405146][T12991]  ? lock_acquire+0x4fc/0x630
[ 1991.409819][T12991]  ? oom_killer_disable+0x270/0x270
[ 1991.415013][T12991]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1991.420469][T12991]  ? lock_release+0x5cb/0x810
[ 1991.425140][T12991]  ? rcu_read_unlock+0x9/0x60
[ 1991.429821][T12991]  ? lock_downgrade+0x6e0/0x6e0
[ 1991.434679][T12991]  mem_cgroup_out_of_memory+0x206/0x270
[ 1991.440251][T12991]  ? mem_cgroup_margin+0x130/0x130
[ 1991.445372][T12991]  ? lock_downgrade+0x6e0/0x6e0
[ 1991.450251][T12991]  try_charge_memcg+0xef8/0x12f0
[ 1991.455197][T12991]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1991.461181][T12991]  ? lock_release+0x5cb/0x810
[ 1991.465852][T12991]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1991.471567][T12991]  ? lock_downgrade+0x6e0/0x6e0
[ 1991.476407][T12991]  ? lock_release+0x5cb/0x810
[ 1991.481072][T12991]  ? rcu_read_unlock+0x9/0x60
[ 1991.485739][T12991]  ? lock_downgrade+0x6e0/0x6e0
[ 1991.490580][T12991]  ? memcg_slab_post_alloc_hook+0x249/0x480
[ 1991.496487][T12991]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1991.502057][T12991]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 1991.508210][T12991]  copy_process+0x73e/0x7190
[ 1991.512790][T12991]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1991.518248][T12991]  ? lock_release+0x5cb/0x810
[ 1991.522912][T12991]  ? psi_task_change+0x1bb/0x2f0
[ 1991.527840][T12991]  ? lock_downgrade+0x6e0/0x6e0
[ 1991.532676][T12991]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1991.538129][T12991]  ? lock_acquire+0x4fc/0x630
[ 1991.542795][T12991]  ? __cleanup_sighand+0xb0/0xb0
[ 1991.547734][T12991]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1991.553220][T12991]  ? lock_release+0x5cb/0x810
[ 1991.557893][T12991]  ? psi_memstall_leave+0x170/0x250
[ 1991.563090][T12991]  ? lock_repin_lock+0x350/0x350
[ 1991.568017][T12991]  kernel_clone+0xe7/0x980
[ 1991.572425][T12991]  ? lock_release+0x810/0x810
[ 1991.577089][T12991]  ? create_io_thread+0xe0/0xe0
[ 1991.581929][T12991]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 1991.588166][T12991]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1991.593618][T12991]  ? lock_acquire+0x4fc/0x630
[ 1991.598297][T12991]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1991.603785][T12991]  ? lock_release+0x5cb/0x810
[ 1991.608454][T12991]  ? __ct_user_exit+0xff/0x150
[ 1991.613210][T12991]  ? lock_downgrade+0x6e0/0x6e0
[ 1991.618050][T12991]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 1991.623594][T12991]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 1991.629484][T12991]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1991.635366][T12991]  ? trace_hardirqs_on+0x2d/0x160
[ 1991.640383][T12991]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1991.646282][T12991]  do_int80_syscall_32+0x46/0x90
[ 1991.651256][T12991]  entry_INT80_compat+0x8b/0x90
[ 1991.656107][T12991] RIP: 0023:0xf6e5ba74
[ 1991.660166][T12991] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 1991.679763][T12991] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 1991.688169][T12991] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 1991.696140][T12991] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 1991.704126][T12991] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 1991.712086][T12991] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1991.720046][T12991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1991.728008][T12991]  </TASK>
17:37:50 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfab60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1991.731105][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1991.786370][T12991] memory: usage 307192kB, limit 307200kB, failcnt 43682
[ 1991.811574][T12991] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1991.838660][T12988] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
[ 1991.855667][T12991] Memory cgroup stats for /syz2:
[ 1991.855860][T12991] anon 94208
[ 1991.855860][T12991] file 266240
[ 1991.855860][T12991] kernel 314204160
[ 1991.855860][T12991] kernel_stack 32768
[ 1991.855860][T12991] pagetables 65536
[ 1991.855860][T12991] sec_pagetables 0
[ 1991.855860][T12991] percpu 5359968
[ 1991.855860][T12991] sock 0
[ 1991.855860][T12991] vmalloc 8192
[ 1991.855860][T12991] shmem 266240
[ 1991.855860][T12991] zswap 0
[ 1991.855860][T12991] zswapped 0
[ 1991.855860][T12991] file_mapped 266240
[ 1991.855860][T12991] file_dirty 0
[ 1991.855860][T12991] file_writeback 0
[ 1991.855860][T12991] swapcached 0
[ 1991.855860][T12991] anon_thp 0
[ 1991.855860][T12991] file_thp 0
[ 1991.855860][T12991] shmem_thp 0
[ 1991.855860][T12991] inactive_anon 94208
[ 1991.855860][T12991] active_anon 266240
[ 1991.855860][T12991] inactive_file 0
[ 1991.855860][T12991] active_file 0
17:37:50 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1991.855860][T12991] unevictable 0
[ 1991.855860][T12991] slab_reclaimable 10296
[ 1991.855860][T12991] slab_unreclaimable 308672880
[ 1992.025984][T12989] __nla_validate_parse: 8 callbacks suppressed
[ 1992.026003][T12989] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1992.053770][T12991] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12991,uid=0
17:37:50 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf6b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1992.127089][T12990] bridge591: port 1(vlan178) entered blocking state
[ 1992.135843][T12990] bridge591: port 1(vlan178) entered disabled state
[ 1992.159717][T12990] device bridge592 entered promiscuous mode
[ 1992.177929][T12990] bridge591: port 1(vlan178) entered blocking state
[ 1992.184615][T12990] bridge591: port 1(vlan178) entered forwarding state
17:37:50 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf7b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1992.218559][T12995] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
[ 1992.236084][T12995] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1992.314162][T12996] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1992.393718][T12997] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1992.532674][T12998] bridge336: port 1(vlan150) entered blocking state
[ 1992.540821][T12998] bridge336: port 1(vlan150) entered disabled state
[ 1992.561897][T12998] device bridge337 entered promiscuous mode
[ 1992.577815][T12998] bridge336: port 1(vlan150) entered blocking state
[ 1992.584500][T12998] bridge336: port 1(vlan150) entered forwarding state
17:37:51 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x1ba4, &(0x7f00000002c0)={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, r1}, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000100))
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC])
fsetxattr$system_posix_acl(r2, &(0x7f0000000280)='system.posix_acl_access\x00', &(0x7f0000000a40)={{}, {0x1, 0x2}, [{0x2, 0x2}, {0x2, 0x2}, {0x2, 0x4}, {0x2, 0x2}, {0x2, 0x1, 0xffffffffffffffff}, {0x2, 0x5}, {0x2, 0x0, 0xffffffffffffffff}, {}], {}, [{0x8, 0x7}, {0x8, 0x4}, {0x8, 0x6}, {}, {0x8, 0x4}, {0x8, 0x7}, {0x8, 0x4, 0xee00}, {0x8, 0x5}], {0x10, 0x4}, {0x20, 0x2}}, 0xa4, 0x7)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x2376, &(0x7f0000000080)={0x0, 0x7568, 0x200, 0x0, 0x2000e8, 0x0, r6}, &(0x7f0000eed000/0x3000)=nil, &(0x7f0000ee8000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
r7 = dup(r4)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
sched_getparam(0x0, &(0x7f0000000240))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r8, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000900)={0x1c, 0x2, 0x3, 0x201, 0x0, 0x0, {}, [@NFQA_CFG_FLAGS={0x3}]}, 0x1c}}, 0x0)
io_uring_enter(r2, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1992.638831][T12993] bridge211: port 1(vlan88) entered blocking state
[ 1992.656773][T12993] bridge211: port 1(vlan88) entered disabled state
[ 1992.687134][T12993] device bridge212 entered promiscuous mode
[ 1992.712143][T12993] bridge211: port 1(vlan88) entered blocking state
[ 1992.718746][T12993] bridge211: port 1(vlan88) entered forwarding state
17:37:51 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xfab60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1992.767896][T13004] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
17:37:51 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1992.815467][T12991] Memory cgroup out of memory: Killed process 12991 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1992.850961][T13004] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1992.852501][T13015] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
17:37:51 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe8c, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1992.941015][T13005] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1992.969005][T13020] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1992.997000][T13020] CPU: 0 PID: 13020 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1993.007440][T13020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1993.017485][T13020] Call Trace:
[ 1993.020754][T13020]  <TASK>
[ 1993.023675][T13020]  dump_stack_lvl+0xcd/0x134
[ 1993.028264][T13020]  dump_header+0x10b/0x85f
[ 1993.032673][T13020]  oom_kill_process.cold+0x10/0x15
[ 1993.037776][T13020]  out_of_memory+0x358/0x14a0
[ 1993.042452][T13020]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1993.047911][T13020]  ? __mod_timer+0x83c/0xe30
[ 1993.052496][T13020]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1993.057970][T13020]  ? lock_acquire+0x4fc/0x630
[ 1993.062670][T13020]  ? oom_killer_disable+0x270/0x270
[ 1993.067902][T13020]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1993.073401][T13020]  ? lock_release+0x5cb/0x810
[ 1993.078095][T13020]  ? rcu_read_unlock+0x9/0x60
[ 1993.082773][T13020]  ? lock_downgrade+0x6e0/0x6e0
[ 1993.087616][T13020]  mem_cgroup_out_of_memory+0x206/0x270
[ 1993.093159][T13020]  ? mem_cgroup_margin+0x130/0x130
[ 1993.098264][T13020]  ? lock_downgrade+0x6e0/0x6e0
[ 1993.103116][T13020]  try_charge_memcg+0xef8/0x12f0
[ 1993.108067][T13020]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1993.114070][T13020]  ? lock_release+0x5cb/0x810
[ 1993.118739][T13020]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1993.124456][T13020]  ? lock_downgrade+0x6e0/0x6e0
[ 1993.129302][T13020]  ? lock_release+0x5cb/0x810
[ 1993.133966][T13020]  ? rcu_read_unlock+0x9/0x60
[ 1993.138633][T13020]  ? lock_downgrade+0x6e0/0x6e0
[ 1993.143472][T13020]  ? lock_release+0x5cb/0x810
[ 1993.148142][T13020]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1993.153685][T13020]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 1993.159850][T13020]  copy_process+0x15ed/0x7190
[ 1993.164551][T13020]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1993.170013][T13020]  ? lock_release+0x5cb/0x810
[ 1993.174679][T13020]  ? psi_task_change+0x1bb/0x2f0
[ 1993.179610][T13020]  ? lock_downgrade+0x6e0/0x6e0
[ 1993.184452][T13020]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1993.189907][T13020]  ? lock_acquire+0x4fc/0x630
[ 1993.194573][T13020]  ? __cleanup_sighand+0xb0/0xb0
[ 1993.199504][T13020]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1993.204958][T13020]  ? lock_release+0x5cb/0x810
[ 1993.209622][T13020]  ? psi_memstall_leave+0x170/0x250
[ 1993.214826][T13020]  ? lock_repin_lock+0x350/0x350
[ 1993.219772][T13020]  kernel_clone+0xe7/0x980
[ 1993.224182][T13020]  ? lock_release+0x810/0x810
[ 1993.228849][T13020]  ? create_io_thread+0xe0/0xe0
[ 1993.233691][T13020]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 1993.239924][T13020]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1993.245381][T13020]  ? lock_acquire+0x4fc/0x630
[ 1993.250048][T13020]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1993.255502][T13020]  ? lock_release+0x5cb/0x810
[ 1993.260170][T13020]  ? __ct_user_exit+0xff/0x150
[ 1993.264925][T13020]  ? lock_downgrade+0x6e0/0x6e0
[ 1993.269774][T13020]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 1993.275322][T13020]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 1993.281216][T13020]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1993.287102][T13020]  ? trace_hardirqs_on+0x2d/0x160
[ 1993.292117][T13020]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1993.298001][T13020]  do_int80_syscall_32+0x46/0x90
[ 1993.302939][T13020]  entry_INT80_compat+0x8b/0x90
[ 1993.307786][T13020] RIP: 0023:0xf6e5ba74
[ 1993.311841][T13020] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 1993.331441][T13020] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 1993.339843][T13020] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 1993.347807][T13020] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 1993.355767][T13020] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 1993.363728][T13020] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1993.371698][T13020] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1993.379675][T13020]  </TASK>
[ 1993.382742][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1993.603428][T13006] bridge270: port 1(vlan104) entered blocking state
[ 1993.610916][T13006] bridge270: port 1(vlan104) entered disabled state
[ 1993.628533][T13006] device bridge271 entered promiscuous mode
[ 1993.646080][T13006] bridge270: port 1(vlan104) entered blocking state
[ 1993.652782][T13006] bridge270: port 1(vlan104) entered forwarding state
[ 1993.661035][T13020] memory: usage 307152kB, limit 307200kB, failcnt 43744
[ 1993.681027][T13020] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1993.711506][T13020] Memory cgroup stats for /syz2:
[ 1993.711753][T13020] anon 94208
[ 1993.711753][T13020] file 266240
[ 1993.711753][T13020] kernel 314163200
[ 1993.711753][T13020] kernel_stack 32768
[ 1993.711753][T13020] pagetables 65536
[ 1993.711753][T13020] sec_pagetables 0
[ 1993.711753][T13020] percpu 5359968
[ 1993.711753][T13020] sock 0
[ 1993.711753][T13020] vmalloc 8192
[ 1993.711753][T13020] shmem 266240
[ 1993.711753][T13020] zswap 0
[ 1993.711753][T13020] zswapped 0
[ 1993.711753][T13020] file_mapped 266240
[ 1993.711753][T13020] file_dirty 0
[ 1993.711753][T13020] file_writeback 0
[ 1993.711753][T13020] swapcached 0
[ 1993.711753][T13020] anon_thp 0
[ 1993.711753][T13020] file_thp 0
[ 1993.711753][T13020] shmem_thp 0
[ 1993.711753][T13020] inactive_anon 69632
[ 1993.711753][T13020] active_anon 266240
[ 1993.711753][T13020] inactive_file 0
[ 1993.711753][T13020] active_file 0
[ 1993.711753][T13020] unevictable 0
[ 1993.711753][T13020] slab_reclaimable 10296
[ 1993.711753][T13020] slab_unreclaimable 308661480
17:37:52 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf6b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1993.731409][T13008] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
[ 1993.835500][T13008] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
17:37:52 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe90, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1993.876949][T13020] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13020,uid=0
[ 1993.897465][T13020] Memory cgroup out of memory: Killed process 13020 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1993.948816][T13009] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1994.030874][T13010] bridge593: port 1(vlan179) entered blocking state
[ 1994.059517][T13036] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1994.081219][T13010] bridge593: port 1(vlan179) entered disabled state
[ 1994.103365][T13036] CPU: 1 PID: 13036 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1994.113827][T13036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1994.123897][T13036] Call Trace:
[ 1994.127186][T13036]  <TASK>
[ 1994.130123][T13036]  dump_stack_lvl+0xcd/0x134
[ 1994.134738][T13036]  dump_header+0x10b/0x85f
[ 1994.139170][T13036]  oom_kill_process.cold+0x10/0x15
[ 1994.144298][T13036]  out_of_memory+0x358/0x14a0
[ 1994.148995][T13036]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1994.154458][T13036]  ? __mod_timer+0x83c/0xe30
[ 1994.159060][T13036]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1994.164527][T13036]  ? lock_acquire+0x4fc/0x630
[ 1994.169214][T13036]  ? oom_killer_disable+0x270/0x270
[ 1994.174411][T13036]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1994.179892][T13036]  ? lock_release+0x5cb/0x810
[ 1994.184567][T13036]  ? rcu_read_unlock+0x9/0x60
[ 1994.189252][T13036]  ? lock_downgrade+0x6e0/0x6e0
[ 1994.194102][T13036]  mem_cgroup_out_of_memory+0x206/0x270
[ 1994.199675][T13036]  ? mem_cgroup_margin+0x130/0x130
[ 1994.204819][T13036]  ? lock_downgrade+0x6e0/0x6e0
[ 1994.209689][T13036]  try_charge_memcg+0xef8/0x12f0
[ 1994.214648][T13036]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1994.220661][T13036]  ? lock_release+0x5cb/0x810
[ 1994.225339][T13036]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1994.231058][T13036]  ? lock_downgrade+0x6e0/0x6e0
[ 1994.235900][T13036]  ? lock_release+0x5cb/0x810
[ 1994.240565][T13036]  ? rcu_read_unlock+0x9/0x60
[ 1994.245244][T13036]  ? lock_downgrade+0x6e0/0x6e0
[ 1994.250108][T13036]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1994.255664][T13036]  __alloc_pages+0x1ef/0x5a0
[ 1994.260247][T13036]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1994.267187][T13036]  ? lock_release+0x5cb/0x810
[ 1994.271866][T13036]  ? psi_task_change+0x1bb/0x2f0
[ 1994.276808][T13036]  alloc_pages+0x1a6/0x270
[ 1994.281225][T13036]  pte_alloc_one+0x16/0x230
[ 1994.285738][T13036]  __pte_alloc+0x69/0x250
[ 1994.290089][T13036]  ? pmd_install+0x150/0x150
[ 1994.291421][T13010] device bridge594 entered promiscuous mode
[ 1994.294681][T13036]  ? hugepage_vma_check+0x24a/0x830
[ 1994.294716][T13036]  __handle_mm_fault+0x3527/0x3a40
[ 1994.294745][T13036]  ? lock_acquire+0x4fc/0x630
[ 1994.315573][T13036]  ? vm_iomap_memory+0x180/0x180
[ 1994.320523][T13036]  ? lock_release+0x810/0x810
[ 1994.325208][T13036]  handle_mm_fault+0x1c8/0x780
[ 1994.329980][T13036]  do_user_addr_fault+0x475/0x1210
[ 1994.335100][T13036]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1994.340579][T13036]  exc_page_fault+0x94/0x170
[ 1994.345175][T13036]  asm_exc_page_fault+0x22/0x30
[ 1994.350044][T13036] RIP: 0023:0xf6e1cd58
[ 1994.354100][T13036] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1994.373703][T13036] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1994.379764][T13036] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1994.387727][T13036] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1994.395698][T13036] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1994.403675][T13036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1994.411640][T13036] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1994.419606][T13036]  </TASK>
17:37:53 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf7b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1994.446535][T13010] bridge593: port 1(vlan179) entered blocking state
[ 1994.453186][T13010] bridge593: port 1(vlan179) entered forwarding state
[ 1994.474039][T13016] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 1994.485415][T13036] memory: usage 307200kB, limit 307200kB, failcnt 43848
[ 1994.495415][T13036] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1994.511959][T13016] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1994.523048][T13036] Memory cgroup stats for /syz2:
[ 1994.524198][T13036] anon 98304
[ 1994.524198][T13036] file 266240
[ 1994.524198][T13036] kernel 314208256
[ 1994.524198][T13036] kernel_stack 65536
[ 1994.524198][T13036] pagetables 65536
[ 1994.524198][T13036] sec_pagetables 0
[ 1994.524198][T13036] percpu 5359968
[ 1994.524198][T13036] sock 0
[ 1994.524198][T13036] vmalloc 8192
[ 1994.524198][T13036] shmem 266240
[ 1994.524198][T13036] zswap 0
[ 1994.524198][T13036] zswapped 0
[ 1994.524198][T13036] file_mapped 266240
[ 1994.524198][T13036] file_dirty 0
[ 1994.524198][T13036] file_writeback 0
[ 1994.524198][T13036] swapcached 0
[ 1994.524198][T13036] anon_thp 0
[ 1994.524198][T13036] file_thp 0
[ 1994.524198][T13036] shmem_thp 0
[ 1994.524198][T13036] inactive_anon 98304
[ 1994.524198][T13036] active_anon 266240
[ 1994.524198][T13036] inactive_file 0
[ 1994.524198][T13036] active_file 0
[ 1994.524198][T13036] unevictable 0
[ 1994.524198][T13036] slab_reclaimable 10296
[ 1994.524198][T13036] slab_unreclaimable 308673344
17:37:53 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1994.675587][T13036] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13036,uid=0
[ 1994.692960][T13036] Memory cgroup out of memory: Killed process 13036 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1994.756943][T13037] socket: no more sockets
17:37:53 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xe94, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1994.785973][T13023] bridge213: port 1(vlan89) entered blocking state
[ 1994.839754][T13023] bridge213: port 1(vlan89) entered disabled state
[ 1994.860756][T13044] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1994.876693][T13044] CPU: 1 PID: 13044 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1994.887149][T13044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1994.897192][T13044] Call Trace:
[ 1994.900459][T13044]  <TASK>
[ 1994.903377][T13044]  dump_stack_lvl+0xcd/0x134
[ 1994.907963][T13044]  dump_header+0x10b/0x85f
[ 1994.912366][T13044]  oom_kill_process.cold+0x10/0x15
[ 1994.917469][T13044]  out_of_memory+0x358/0x14a0
[ 1994.922138][T13044]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1994.927594][T13044]  ? __mod_timer+0x83c/0xe30
[ 1994.932172][T13044]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1994.937627][T13044]  ? lock_acquire+0x4fc/0x630
[ 1994.942291][T13044]  ? oom_killer_disable+0x270/0x270
[ 1994.947479][T13044]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1994.952945][T13044]  ? lock_release+0x5cb/0x810
[ 1994.957616][T13044]  ? rcu_read_unlock+0x9/0x60
[ 1994.962283][T13044]  ? lock_downgrade+0x6e0/0x6e0
[ 1994.967125][T13044]  mem_cgroup_out_of_memory+0x206/0x270
[ 1994.972661][T13044]  ? mem_cgroup_margin+0x130/0x130
[ 1994.977583][T13023] device bridge214 entered promiscuous mode
[ 1994.977755][T13044]  ? lock_downgrade+0x6e0/0x6e0
[ 1994.988477][T13044]  try_charge_memcg+0xef8/0x12f0
[ 1994.993410][T13044]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1994.999390][T13044]  ? lock_release+0x5cb/0x810
[ 1995.004052][T13044]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1995.009767][T13044]  ? lock_downgrade+0x6e0/0x6e0
[ 1995.014610][T13044]  ? lock_release+0x5cb/0x810
[ 1995.019293][T13044]  ? rcu_read_unlock+0x9/0x60
[ 1995.023958][T13044]  ? lock_downgrade+0x6e0/0x6e0
[ 1995.028795][T13044]  ? memcg_slab_post_alloc_hook+0x249/0x480
[ 1995.034715][T13044]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1995.040273][T13044]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 1995.046424][T13044]  copy_process+0x73e/0x7190
[ 1995.051005][T13044]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1995.056466][T13044]  ? lock_acquire+0x4fc/0x630
[ 1995.061133][T13044]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1995.066601][T13044]  ? lock_release+0x5cb/0x810
[ 1995.071285][T13044]  ? lock_release+0x5cb/0x810
[ 1995.075968][T13044]  ? folio_add_lru+0x341/0x680
[ 1995.080736][T13044]  ? __cleanup_sighand+0xb0/0xb0
[ 1995.085680][T13044]  ? folio_add_lru+0x377/0x680
[ 1995.090449][T13044]  ? do_raw_spin_unlock+0x171/0x230
[ 1995.095657][T13044]  kernel_clone+0xe7/0x980
[ 1995.100088][T13044]  ? lock_acquire+0x4fc/0x630
[ 1995.104769][T13044]  ? create_io_thread+0xe0/0xe0
[ 1995.109629][T13044]  ? lock_release+0x810/0x810
[ 1995.114305][T13044]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1995.119775][T13044]  ? lock_acquire+0x4fc/0x630
[ 1995.124455][T13044]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1995.129931][T13044]  ? lock_release+0x5cb/0x810
[ 1995.134606][T13044]  ? __ct_user_exit+0xff/0x150
[ 1995.139370][T13044]  ? lock_downgrade+0x6e0/0x6e0
[ 1995.144223][T13044]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 1995.149782][T13044]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 1995.155685][T13044]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1995.161583][T13044]  ? trace_hardirqs_on+0x2d/0x160
[ 1995.166605][T13044]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1995.172498][T13044]  do_int80_syscall_32+0x46/0x90
[ 1995.177441][T13044]  entry_INT80_compat+0x8b/0x90
[ 1995.182297][T13044] RIP: 0023:0xf6e5ba74
[ 1995.186358][T13044] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 1995.205964][T13044] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 1995.214373][T13044] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 1995.222345][T13044] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 1995.230317][T13044] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 1995.238286][T13044] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1995.246256][T13044] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1995.254244][T13044]  </TASK>
17:37:53 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf65ad188, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1995.316023][T13023] bridge213: port 1(vlan89) entered blocking state
[ 1995.322585][T13023] bridge213: port 1(vlan89) entered forwarding state
[ 1995.331332][T13044] memory: usage 307184kB, limit 307200kB, failcnt 43940
[ 1995.339237][T13044] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1995.349755][T13044] Memory cgroup stats for /syz2:
[ 1995.349882][T13044] anon 94208
[ 1995.349882][T13044] file 266240
[ 1995.349882][T13044] kernel 314195968
[ 1995.349882][T13044] kernel_stack 32768
[ 1995.349882][T13044] pagetables 65536
[ 1995.349882][T13044] sec_pagetables 0
[ 1995.349882][T13044] percpu 5359968
[ 1995.349882][T13044] sock 0
[ 1995.349882][T13044] vmalloc 8192
[ 1995.349882][T13044] shmem 266240
[ 1995.349882][T13044] zswap 0
[ 1995.349882][T13044] zswapped 0
[ 1995.349882][T13044] file_mapped 266240
[ 1995.349882][T13044] file_dirty 0
[ 1995.349882][T13044] file_writeback 0
[ 1995.349882][T13044] swapcached 0
[ 1995.349882][T13044] anon_thp 0
[ 1995.349882][T13044] file_thp 0
17:37:53 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x600)

[ 1995.349882][T13044] shmem_thp 0
[ 1995.349882][T13044] inactive_anon 94208
[ 1995.349882][T13044] active_anon 266240
[ 1995.349882][T13044] inactive_file 0
[ 1995.349882][T13044] active_file 0
[ 1995.349882][T13044] unevictable 0
[ 1995.349882][T13044] slab_reclaimable 10296
[ 1995.349882][T13044] slab_unreclaimable 308672880
[ 1995.435044][T13032] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 1995.465408][T13044] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13044,uid=0
17:37:54 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0xc00c, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1995.507065][T13044] Memory cgroup out of memory: Killed process 13044 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1995.657527][T13035] bridge272: port 1(vlan105) entered blocking state
17:37:54 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1995.713953][T13035] bridge272: port 1(vlan105) entered disabled state
[ 1995.737735][T13054] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1995.800115][T13035] device bridge273 entered promiscuous mode
[ 1995.813129][T13054] CPU: 0 PID: 13054 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1995.823573][T13054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1995.833612][T13054] Call Trace:
[ 1995.836874][T13054]  <TASK>
[ 1995.839791][T13054]  dump_stack_lvl+0xcd/0x134
[ 1995.844377][T13054]  dump_header+0x10b/0x85f
[ 1995.848793][T13054]  oom_kill_process.cold+0x10/0x15
[ 1995.853891][T13054]  out_of_memory+0x358/0x14a0
[ 1995.858558][T13054]  ? __mod_timer+0x83c/0xe30
[ 1995.863141][T13054]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1995.868608][T13054]  ? lock_acquire+0x4fc/0x630
[ 1995.873298][T13054]  ? oom_killer_disable+0x270/0x270
[ 1995.878491][T13054]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1995.883942][T13054]  ? lock_release+0x5cb/0x810
[ 1995.888606][T13054]  ? rcu_read_unlock+0x9/0x60
[ 1995.893268][T13054]  ? lock_downgrade+0x6e0/0x6e0
[ 1995.898103][T13054]  mem_cgroup_out_of_memory+0x206/0x270
[ 1995.903637][T13054]  ? mem_cgroup_margin+0x130/0x130
[ 1995.908734][T13054]  ? lock_downgrade+0x6e0/0x6e0
[ 1995.913575][T13054]  try_charge_memcg+0xef8/0x12f0
[ 1995.918508][T13054]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1995.924483][T13054]  ? lock_release+0x5cb/0x810
[ 1995.929145][T13054]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1995.934852][T13054]  ? lock_downgrade+0x6e0/0x6e0
[ 1995.939686][T13054]  ? lock_release+0x5cb/0x810
[ 1995.944349][T13054]  ? rcu_read_unlock+0x9/0x60
[ 1995.949011][T13054]  ? lock_downgrade+0x6e0/0x6e0
[ 1995.953852][T13054]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1995.959394][T13054]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 1995.965550][T13054]  copy_process+0x73e/0x7190
[ 1995.970162][T13054]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1995.970628][T13035] bridge272: port 1(vlan105) entered blocking state
[ 1995.975623][T13054]  ? lock_acquire+0x4fc/0x630
[ 1995.975648][T13054]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1995.982272][T13035] bridge272: port 1(vlan105) entered forwarding state
[ 1995.986882][T13054]  ? lock_release+0x5cb/0x810
[ 1995.986903][T13054]  ? psi_task_switch+0x212/0x930
[ 1996.008669][T13054]  ? __cleanup_sighand+0xb0/0xb0
[ 1996.013600][T13054]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1996.019055][T13054]  ? lock_release+0x5cb/0x810
[ 1996.023721][T13054]  ? finish_task_switch.isra.0+0x2b0/0xc80
[ 1996.029513][T13054]  ? vtime_account_system+0x2c6/0x530
[ 1996.034878][T13054]  kernel_clone+0xe7/0x980
[ 1996.039285][T13054]  ? create_io_thread+0xe0/0xe0
[ 1996.044127][T13054]  ? __switch_to_asm+0x3a/0x60
[ 1996.048882][T13054]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1996.054334][T13054]  ? lock_acquire+0x4fc/0x630
[ 1996.058999][T13054]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1996.064455][T13054]  ? lock_release+0x5cb/0x810
[ 1996.069140][T13054]  ? lock_release+0x5cb/0x810
[ 1996.073819][T13054]  ? __ct_user_exit+0xff/0x150
[ 1996.078573][T13054]  ? lock_downgrade+0x6e0/0x6e0
[ 1996.083413][T13054]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 1996.088982][T13054]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 1996.094871][T13054]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1996.100751][T13054]  ? trace_hardirqs_on+0x2d/0x160
[ 1996.105760][T13054]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1996.111638][T13054]  do_int80_syscall_32+0x46/0x90
[ 1996.116585][T13054]  entry_INT80_compat+0x8b/0x90
[ 1996.121451][T13054] RIP: 0023:0xf6e5ba74
[ 1996.125502][T13054] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 1996.145092][T13054] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 1996.153515][T13054] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 1996.161476][T13054] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 1996.169446][T13054] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 1996.177607][T13054] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1996.185586][T13054] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1996.193554][T13054]  </TASK>
17:37:54 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf6b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1996.240045][T13039] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
[ 1996.265408][T13054] memory: usage 307184kB, limit 307200kB, failcnt 44019
[ 1996.272511][T13054] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1996.280222][T13054] Memory cgroup stats for /syz2:
[ 1996.280464][T13054] anon 94208
[ 1996.280464][T13054] file 266240
[ 1996.280464][T13054] kernel 314195968
[ 1996.280464][T13054] kernel_stack 32768
[ 1996.280464][T13054] pagetables 65536
[ 1996.280464][T13054] sec_pagetables 0
[ 1996.280464][T13054] percpu 5359968
[ 1996.280464][T13054] sock 0
[ 1996.280464][T13054] vmalloc 8192
[ 1996.280464][T13054] shmem 266240
[ 1996.280464][T13054] zswap 0
[ 1996.280464][T13054] zswapped 0
[ 1996.280464][T13054] file_mapped 266240
[ 1996.280464][T13054] file_dirty 0
[ 1996.280464][T13054] file_writeback 0
[ 1996.280464][T13054] swapcached 0
[ 1996.280464][T13054] anon_thp 0
[ 1996.280464][T13054] file_thp 0
[ 1996.280464][T13054] shmem_thp 0
[ 1996.280464][T13054] inactive_anon 94208
[ 1996.280464][T13054] active_anon 266240
[ 1996.280464][T13054] inactive_file 0
[ 1996.280464][T13054] active_file 0
[ 1996.280464][T13054] unevictable 0
[ 1996.280464][T13054] slab_reclaimable 10296
[ 1996.280464][T13054] slab_unreclaimable 308672880
[ 1996.453683][T13041] bridge595: port 1(vlan180) entered blocking state
[ 1996.482952][T13041] bridge595: port 1(vlan180) entered disabled state
[ 1996.514047][T13041] device bridge596 entered promiscuous mode
[ 1996.535958][T13041] bridge595: port 1(vlan180) entered blocking state
[ 1996.542619][T13041] bridge595: port 1(vlan180) entered forwarding state
17:37:55 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf5ffffff, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1996.570641][T13047] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
[ 1996.709679][T13053] bridge338: port 1(vlan151) entered blocking state
[ 1996.731142][T13053] bridge338: port 1(vlan151) entered disabled state
[ 1996.760756][T13053] device bridge339 entered promiscuous mode
[ 1996.781490][T13053] bridge338: port 1(vlan151) entered blocking state
[ 1996.788175][T13053] bridge338: port 1(vlan151) entered forwarding state
17:37:55 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf65ad188, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1996.827123][T13058] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
17:37:55 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf5b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1997.011892][T13061] bridge274: port 1(vlan106) entered blocking state
17:37:55 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x2, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:37:55 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1997.073619][T13054] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13054,uid=0
[ 1997.087723][T13061] bridge274: port 1(vlan106) entered disabled state
[ 1997.091440][T13054] Memory cgroup out of memory: Killed process 13054 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1997.169884][T13074] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1997.181473][T13074] CPU: 1 PID: 13074 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1997.186804][T13061] device bridge275 entered promiscuous mode
[ 1997.191903][T13074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1997.191918][T13074] Call Trace:
[ 1997.191926][T13074]  <TASK>
[ 1997.191934][T13074]  dump_stack_lvl+0xcd/0x134
[ 1997.218674][T13074]  dump_header+0x10b/0x85f
[ 1997.223127][T13074]  oom_kill_process.cold+0x10/0x15
[ 1997.228254][T13074]  out_of_memory+0x358/0x14a0
[ 1997.232949][T13074]  ? io_schedule_timeout+0x140/0x140
[ 1997.233666][T13061] bridge274: port 1(vlan106) entered blocking state
[ 1997.238244][T13074]  ? lock_acquire+0x4fc/0x630
[ 1997.238272][T13074]  ? oom_killer_disable+0x270/0x270
[ 1997.238300][T13074]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1997.244939][T13061] bridge274: port 1(vlan106) entered forwarding state
[ 1997.249524][T13074]  ? lock_release+0x5cb/0x810
[ 1997.271586][T13074]  ? trace_hardirqs_off+0xe/0x150
[ 1997.276633][T13074]  mem_cgroup_out_of_memory+0x206/0x270
[ 1997.282201][T13074]  ? mem_cgroup_margin+0x130/0x130
[ 1997.287321][T13074]  ? mem_cgroup_out_of_memory+0x1c/0x270
[ 1997.292956][T13074]  try_charge_memcg+0xef8/0x12f0
[ 1997.297905][T13074]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1997.303890][T13074]  ? lock_release+0x5cb/0x810
[ 1997.308566][T13074]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1997.314287][T13074]  ? lock_downgrade+0x6e0/0x6e0
[ 1997.319135][T13074]  ? lock_release+0x5cb/0x810
[ 1997.323807][T13074]  ? rcu_read_unlock+0x9/0x60
[ 1997.328484][T13074]  ? lock_downgrade+0x6e0/0x6e0
[ 1997.333330][T13074]  ? memcg_slab_post_alloc_hook+0x249/0x480
[ 1997.339231][T13074]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1997.344786][T13074]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 1997.350946][T13074]  copy_process+0x73e/0x7190
[ 1997.355540][T13074]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1997.361014][T13074]  ? lock_release+0x5cb/0x810
[ 1997.365689][T13074]  ? psi_task_change+0x1bb/0x2f0
[ 1997.370630][T13074]  ? lock_downgrade+0x6e0/0x6e0
[ 1997.375479][T13074]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1997.380948][T13074]  ? lock_acquire+0x4fc/0x630
[ 1997.385626][T13074]  ? __cleanup_sighand+0xb0/0xb0
[ 1997.390567][T13074]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1997.396036][T13074]  ? lock_release+0x5cb/0x810
[ 1997.400722][T13074]  ? psi_memstall_leave+0x170/0x250
[ 1997.405937][T13074]  ? lock_repin_lock+0x350/0x350
[ 1997.410879][T13074]  kernel_clone+0xe7/0x980
[ 1997.415301][T13074]  ? lock_release+0x810/0x810
[ 1997.419979][T13074]  ? create_io_thread+0xe0/0xe0
[ 1997.424833][T13074]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 1997.431082][T13074]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1997.436552][T13074]  ? lock_acquire+0x4fc/0x630
[ 1997.441226][T13074]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1997.446701][T13074]  ? lock_release+0x5cb/0x810
[ 1997.451381][T13074]  ? __ct_user_exit+0xff/0x150
[ 1997.456148][T13074]  ? lock_downgrade+0x6e0/0x6e0
[ 1997.461000][T13074]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 1997.466557][T13074]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 1997.472460][T13074]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1997.478352][T13074]  ? trace_hardirqs_on+0x2d/0x160
[ 1997.483371][T13074]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 1997.489264][T13074]  do_int80_syscall_32+0x46/0x90
[ 1997.494207][T13074]  entry_INT80_compat+0x8b/0x90
[ 1997.499065][T13074] RIP: 0023:0xf6e5ba74
[ 1997.503131][T13074] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 1997.522737][T13074] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 1997.531145][T13074] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 1997.539114][T13074] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 1997.547081][T13074] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 1997.555050][T13074] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 1997.563014][T13074] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1997.570988][T13074]  </TASK>
[ 1997.605369][T13074] memory: usage 307176kB, limit 307200kB, failcnt 44086
[ 1997.612666][T13074] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1997.630692][T13063] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
[ 1997.631059][T13074] Memory cgroup stats for /syz2:
[ 1997.640141][T13074] anon 94208
[ 1997.640141][T13074] file 266240
[ 1997.640141][T13074] kernel 314171392
[ 1997.640141][T13074] kernel_stack 32768
[ 1997.640141][T13074] pagetables 65536
[ 1997.640141][T13074] sec_pagetables 0
[ 1997.640141][T13074] percpu 5359968
[ 1997.640141][T13074] sock 0
[ 1997.640141][T13074] vmalloc 8192
[ 1997.640141][T13074] shmem 266240
[ 1997.640141][T13074] zswap 0
[ 1997.640141][T13074] zswapped 0
[ 1997.640141][T13074] file_mapped 266240
[ 1997.640141][T13074] file_dirty 0
[ 1997.640141][T13074] file_writeback 0
[ 1997.640141][T13074] swapcached 0
[ 1997.640141][T13074] anon_thp 0
[ 1997.640141][T13074] file_thp 0
[ 1997.640141][T13074] shmem_thp 0
[ 1997.640141][T13074] inactive_anon 94208
[ 1997.640141][T13074] active_anon 266240
[ 1997.640141][T13074] inactive_file 0
[ 1997.640141][T13074] active_file 0
[ 1997.640141][T13074] unevictable 0
[ 1997.640141][T13074] slab_reclaimable 10296
[ 1997.640141][T13074] slab_unreclaimable 308661784
17:37:56 executing program 1:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1997.758975][T13063] __nla_validate_parse: 9 callbacks suppressed
[ 1997.758995][T13063] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1997.760572][T13074] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13074,uid=0
17:37:56 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x3, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1997.808900][T13074] Memory cgroup out of memory: Killed process 13074 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1997.867027][T13064] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1997.990576][T13084] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1998.012262][T13065] bridge597: port 1(vlan181) entered blocking state
[ 1998.035421][T13065] bridge597: port 1(vlan181) entered disabled state
[ 1998.061032][T13065] device bridge598 entered promiscuous mode
[ 1998.073496][T13084] CPU: 0 PID: 13084 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1998.084033][T13084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1998.094095][T13084] Call Trace:
[ 1998.097364][T13084]  <TASK>
[ 1998.100285][T13084]  dump_stack_lvl+0xcd/0x134
[ 1998.104874][T13084]  dump_header+0x10b/0x85f
[ 1998.109278][T13084]  oom_kill_process.cold+0x10/0x15
[ 1998.114376][T13084]  out_of_memory+0x358/0x14a0
[ 1998.119061][T13084]  ? __mod_timer+0x83c/0xe30
[ 1998.123641][T13084]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1998.129111][T13084]  ? lock_acquire+0x4fc/0x630
[ 1998.133807][T13084]  ? oom_killer_disable+0x270/0x270
[ 1998.139015][T13084]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1998.144489][T13084]  ? lock_release+0x5cb/0x810
[ 1998.149168][T13084]  ? rcu_read_unlock+0x9/0x60
[ 1998.153847][T13084]  ? lock_downgrade+0x6e0/0x6e0
[ 1998.158704][T13084]  mem_cgroup_out_of_memory+0x206/0x270
[ 1998.164259][T13084]  ? mem_cgroup_margin+0x130/0x130
[ 1998.169377][T13084]  ? lock_downgrade+0x6e0/0x6e0
[ 1998.174235][T13084]  try_charge_memcg+0xef8/0x12f0
[ 1998.179187][T13084]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1998.185178][T13084]  ? lock_acquire+0x4fc/0x630
[ 1998.189862][T13084]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1998.195588][T13084]  ? lock_downgrade+0x6e0/0x6e0
[ 1998.200439][T13084]  ? lock_release+0x5cb/0x810
[ 1998.205116][T13084]  ? obj_cgroup_charge+0x244/0x5e0
[ 1998.210238][T13084]  ? lock_downgrade+0x6e0/0x6e0
[ 1998.215090][T13084]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1998.220563][T13084]  obj_cgroup_charge+0x2ab/0x5e0
[ 1998.225510][T13084]  kmem_cache_alloc_lru+0x13d/0x730
[ 1998.230717][T13084]  ? sock_alloc_inode+0x23/0x1d0
[ 1998.235669][T13084]  sock_alloc_inode+0x23/0x1d0
[ 1998.240447][T13084]  ? sock_free_inode+0x20/0x20
[ 1998.245215][T13084]  alloc_inode+0x61/0x230
[ 1998.249552][T13084]  new_inode_pseudo+0x13/0x80
[ 1998.254235][T13084]  sock_alloc+0x3c/0x260
[ 1998.258486][T13084]  __sock_create+0xb9/0x790
[ 1998.263000][T13084]  ? lock_downgrade+0x6e0/0x6e0
[ 1998.267858][T13084]  __sys_socket+0x12f/0x240
[ 1998.272371][T13084]  ? __sys_socket_file+0x1f0/0x1f0
[ 1998.277494][T13084]  ? vtime_user_exit+0x218/0x6c0
[ 1998.282447][T13084]  __ia32_sys_socket+0x6f/0xb0
[ 1998.287221][T13084]  ? syscall_enter_from_user_mode_prepare+0x19/0x80
[ 1998.293816][T13084]  __do_fast_syscall_32+0x65/0xf0
[ 1998.298857][T13084]  do_fast_syscall_32+0x2f/0x70
[ 1998.303721][T13084]  entry_SYSENTER_compat_after_hwframe+0x70/0x82
[ 1998.310060][T13084] RIP: 0023:0xf7f51549
[ 1998.314123][T13084] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1998.333732][T13084] RSP: 002b:00000000f7f4c5cc EFLAGS: 00000296 ORIG_RAX: 0000000000000167
[ 1998.342145][T13084] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000000003
[ 1998.350118][T13084] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1998.358090][T13084] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1998.366058][T13084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1998.374025][T13084] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1998.381999][T13084]  </TASK>
[ 1998.404665][T13065] bridge597: port 1(vlan181) entered blocking state
[ 1998.411326][T13065] bridge597: port 1(vlan181) entered forwarding state
17:37:57 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf5ffffff, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1998.445192][T13067] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
[ 1998.453454][T13067] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
17:37:57 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1998.538699][T13068] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1998.647111][T13069] bridge340: port 1(vlan152) entered blocking state
[ 1998.665559][T13084] memory: usage 307200kB, limit 307200kB, failcnt 44193
[ 1998.680966][T13069] bridge340: port 1(vlan152) entered disabled state
[ 1998.688791][T13084] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1998.709522][T13069] device bridge341 entered promiscuous mode
[ 1998.719291][T13084] Memory cgroup stats for /syz2:
[ 1998.719446][T13084] anon 98304
[ 1998.719446][T13084] file 266240
[ 1998.719446][T13084] kernel 314208256
[ 1998.719446][T13084] kernel_stack 65536
[ 1998.719446][T13084] pagetables 65536
[ 1998.719446][T13084] sec_pagetables 0
[ 1998.719446][T13084] percpu 5359968
[ 1998.719446][T13084] sock 0
[ 1998.719446][T13084] vmalloc 8192
[ 1998.719446][T13084] shmem 266240
[ 1998.719446][T13084] zswap 0
[ 1998.719446][T13084] zswapped 0
[ 1998.719446][T13084] file_mapped 266240
[ 1998.719446][T13084] file_dirty 0
[ 1998.719446][T13084] file_writeback 0
[ 1998.719446][T13084] swapcached 0
[ 1998.719446][T13084] anon_thp 0
[ 1998.719446][T13084] file_thp 0
[ 1998.719446][T13084] shmem_thp 0
[ 1998.719446][T13084] inactive_anon 98304
[ 1998.719446][T13084] active_anon 266240
[ 1998.719446][T13084] inactive_file 0
[ 1998.719446][T13084] active_file 0
[ 1998.719446][T13084] unevictable 0
[ 1998.719446][T13084] slab_reclaimable 10296
[ 1998.719446][T13084] slab_unreclaimable 308673344
[ 1998.823851][T13069] bridge340: port 1(vlan152) entered blocking state
[ 1998.830502][T13069] bridge340: port 1(vlan152) entered forwarding state
17:37:57 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf65ad188, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1998.872040][T13071] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 1998.886071][T13071] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1998.943668][T13073] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1998.955475][T13084] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13082,uid=0
[ 1999.015799][T13084] Memory cgroup out of memory: Killed process 13082 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 1999.072819][T13075] bridge215: port 1(vlan90) entered blocking state
[ 1999.087565][T13075] bridge215: port 1(vlan90) entered disabled state
[ 1999.111057][T13075] device bridge216 entered promiscuous mode
17:37:57 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x4, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1999.141709][T13075] bridge215: port 1(vlan90) entered blocking state
[ 1999.148267][T13075] bridge215: port 1(vlan90) entered forwarding state
17:37:57 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf5b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 1999.187719][T13086] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
[ 1999.203090][T13086] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
17:37:57 executing program 1:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1999.241560][T13087] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1999.312544][T13096] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1999.354298][T13096] CPU: 0 PID: 13096 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 1999.364761][T13096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 1999.374807][T13096] Call Trace:
[ 1999.378072][T13096]  <TASK>
[ 1999.380992][T13096]  dump_stack_lvl+0xcd/0x134
[ 1999.385574][T13096]  dump_header+0x10b/0x85f
[ 1999.389976][T13096]  oom_kill_process.cold+0x10/0x15
[ 1999.395089][T13096]  out_of_memory+0x358/0x14a0
[ 1999.399787][T13096]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1999.405258][T13096]  ? __mod_timer+0x83c/0xe30
[ 1999.409848][T13096]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1999.415309][T13096]  ? lock_acquire+0x4fc/0x630
[ 1999.419976][T13096]  ? oom_killer_disable+0x270/0x270
[ 1999.425236][T13096]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1999.430693][T13096]  ? lock_release+0x5cb/0x810
[ 1999.435358][T13096]  ? rcu_read_unlock+0x9/0x60
[ 1999.440054][T13096]  ? lock_downgrade+0x6e0/0x6e0
[ 1999.444909][T13096]  mem_cgroup_out_of_memory+0x206/0x270
[ 1999.450472][T13096]  ? mem_cgroup_margin+0x130/0x130
[ 1999.455590][T13096]  ? lock_downgrade+0x6e0/0x6e0
[ 1999.460448][T13096]  try_charge_memcg+0xef8/0x12f0
[ 1999.465396][T13096]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 1999.471381][T13096]  ? lock_release+0x5cb/0x810
[ 1999.476052][T13096]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 1999.481761][T13096]  ? lock_downgrade+0x6e0/0x6e0
[ 1999.486599][T13096]  ? lock_release+0x5cb/0x810
[ 1999.491261][T13096]  ? rcu_read_unlock+0x9/0x60
[ 1999.496114][T13096]  ? lock_downgrade+0x6e0/0x6e0
[ 1999.500983][T13096]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 1999.506528][T13096]  __alloc_pages+0x1ef/0x5a0
[ 1999.511105][T13096]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 1999.517851][T13096]  ? try_to_wake_up+0x107/0x20f0
[ 1999.522776][T13096]  ? sched_core_balance+0xac0/0xac0
[ 1999.527960][T13096]  ? lock_downgrade+0x6e0/0x6e0
[ 1999.532796][T13096]  ? do_raw_spin_lock+0x120/0x2a0
[ 1999.537808][T13096]  alloc_pages+0x1a6/0x270
[ 1999.542219][T13096]  pte_alloc_one+0x16/0x230
[ 1999.546730][T13096]  __pte_alloc+0x69/0x250
[ 1999.551073][T13096]  ? pmd_install+0x150/0x150
[ 1999.555653][T13096]  ? hugepage_vma_check+0x24a/0x830
[ 1999.560843][T13096]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1999.566296][T13096]  __handle_mm_fault+0x3527/0x3a40
[ 1999.571401][T13096]  ? lock_acquire+0x4fc/0x630
[ 1999.576062][T13096]  ? vm_iomap_memory+0x180/0x180
[ 1999.580993][T13096]  handle_mm_fault+0x1c8/0x780
[ 1999.585747][T13096]  do_user_addr_fault+0x475/0x1210
[ 1999.590852][T13096]  ? rcu_read_lock_sched_held+0xd/0x70
[ 1999.596321][T13096]  exc_page_fault+0x94/0x170
[ 1999.600923][T13096]  asm_exc_page_fault+0x22/0x30
[ 1999.605771][T13096] RIP: 0023:0xf6e1cd58
[ 1999.609822][T13096] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 1999.629414][T13096] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 1999.635464][T13096] RAX: 0000000000000001 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 1999.643419][T13096] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 1999.651380][T13096] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 1999.659341][T13096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1999.667297][T13096] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1999.675262][T13096]  </TASK>
[ 1999.728320][T13096] memory: usage 307200kB, limit 307200kB, failcnt 44317
17:37:58 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 1999.786559][T13096] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1999.826571][T13096] Memory cgroup stats for /syz2:
[ 1999.826773][T13096] anon 98304
[ 1999.826773][T13096] file 266240
[ 1999.826773][T13096] kernel 314208256
[ 1999.826773][T13096] kernel_stack 65536
[ 1999.826773][T13096] pagetables 65536
[ 1999.826773][T13096] sec_pagetables 0
[ 1999.826773][T13096] percpu 5359968
[ 1999.826773][T13096] sock 0
[ 1999.826773][T13096] vmalloc 8192
[ 1999.826773][T13096] shmem 266240
[ 1999.826773][T13096] zswap 0
[ 1999.826773][T13096] zswapped 0
[ 1999.826773][T13096] file_mapped 266240
[ 1999.826773][T13096] file_dirty 0
[ 1999.826773][T13096] file_writeback 0
[ 1999.826773][T13096] swapcached 0
[ 1999.826773][T13096] anon_thp 0
[ 1999.826773][T13096] file_thp 0
[ 1999.826773][T13096] shmem_thp 0
[ 1999.826773][T13096] inactive_anon 98304
[ 1999.826773][T13096] active_anon 266240
[ 1999.826773][T13096] inactive_file 0
[ 1999.826773][T13096] active_file 0
[ 1999.826773][T13096] unevictable 0
[ 1999.826773][T13096] slab_reclaimable 10296
[ 1999.826773][T13096] slab_unreclaimable 308673344
[ 1999.946522][T13090] bridge599: port 1(vlan182) entered blocking state
[ 1999.969724][T13090] bridge599: port 1(vlan182) entered disabled state
[ 2000.094343][T13090] device bridge600 entered promiscuous mode
[ 2000.133935][T13090] bridge599: port 1(vlan182) entered blocking state
[ 2000.140596][T13090] bridge599: port 1(vlan182) entered forwarding state
[ 2000.152320][T13096] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13096,uid=0
[ 2000.171766][T13096] Memory cgroup out of memory: Killed process 13096 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:37:58 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf5ffffff, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2000.221552][T13093] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
[ 2000.237470][T13093] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
17:37:58 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x6, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2000.351538][T13094] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2000.437711][T13095] bridge342: port 1(vlan153) entered blocking state
[ 2000.447426][T13095] bridge342: port 1(vlan153) entered disabled state
[ 2000.492414][T13095] device bridge343 entered promiscuous mode
[ 2000.524380][T13095] bridge342: port 1(vlan153) entered blocking state
[ 2000.531087][T13095] bridge342: port 1(vlan153) entered forwarding state
17:37:59 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0xa928)

[ 2000.566605][T13110] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 2000.583385][T13099] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 2000.671552][T13110] CPU: 1 PID: 13110 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 2000.682016][T13110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 2000.692089][T13110] Call Trace:
[ 2000.695382][T13110]  <TASK>
[ 2000.698316][T13110]  dump_stack_lvl+0xcd/0x134
[ 2000.702909][T13110]  dump_header+0x10b/0x85f
[ 2000.707326][T13110]  oom_kill_process.cold+0x10/0x15
[ 2000.712439][T13110]  out_of_memory+0x358/0x14a0
[ 2000.717128][T13110]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2000.722610][T13110]  ? __mod_timer+0x83c/0xe30
[ 2000.727204][T13110]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2000.732664][T13110]  ? lock_acquire+0x4fc/0x630
[ 2000.737330][T13110]  ? oom_killer_disable+0x270/0x270
[ 2000.742520][T13110]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2000.747988][T13110]  ? lock_release+0x5cb/0x810
[ 2000.752681][T13110]  ? rcu_read_unlock+0x9/0x60
[ 2000.757374][T13110]  ? lock_downgrade+0x6e0/0x6e0
[ 2000.762223][T13110]  mem_cgroup_out_of_memory+0x206/0x270
[ 2000.767775][T13110]  ? mem_cgroup_margin+0x130/0x130
[ 2000.772881][T13110]  ? lock_downgrade+0x6e0/0x6e0
[ 2000.777733][T13110]  try_charge_memcg+0xef8/0x12f0
[ 2000.782669][T13110]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 2000.788652][T13110]  ? lock_release+0x5cb/0x810
[ 2000.793321][T13110]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 2000.799040][T13110]  ? lock_downgrade+0x6e0/0x6e0
[ 2000.803882][T13110]  ? lock_release+0x5cb/0x810
[ 2000.808550][T13110]  ? rcu_read_unlock+0x9/0x60
[ 2000.813230][T13110]  ? lock_downgrade+0x6e0/0x6e0
[ 2000.818072][T13110]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 2000.823612][T13110]  __alloc_pages+0x1ef/0x5a0
[ 2000.828191][T13110]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 2000.834954][T13110]  ? lock_release+0x5cb/0x810
[ 2000.839639][T13110]  ? psi_task_change+0x1bb/0x2f0
[ 2000.844579][T13110]  alloc_pages+0x1a6/0x270
[ 2000.849009][T13110]  pte_alloc_one+0x16/0x230
[ 2000.853508][T13110]  __pte_alloc+0x69/0x250
[ 2000.857828][T13110]  ? pmd_install+0x150/0x150
[ 2000.862412][T13110]  ? hugepage_vma_check+0x24a/0x830
[ 2000.867609][T13110]  __handle_mm_fault+0x3527/0x3a40
[ 2000.872717][T13110]  ? lock_acquire+0x4fc/0x630
[ 2000.877391][T13110]  ? vm_iomap_memory+0x180/0x180
[ 2000.882318][T13110]  ? lock_release+0x810/0x810
[ 2000.886991][T13110]  handle_mm_fault+0x1c8/0x780
[ 2000.891750][T13110]  do_user_addr_fault+0x475/0x1210
[ 2000.896859][T13110]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2000.902315][T13110]  exc_page_fault+0x94/0x170
[ 2000.906898][T13110]  asm_exc_page_fault+0x22/0x30
[ 2000.911742][T13110] RIP: 0023:0xf6e1cd58
[ 2000.915804][T13110] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 2000.935418][T13110] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 2000.941470][T13110] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 2000.949430][T13110] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 2000.957391][T13110] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 2000.965364][T13110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2000.973336][T13110] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2000.981303][T13110]  </TASK>
[ 2001.015378][T13103] bridge217: port 1(vlan91) entered blocking state
[ 2001.045916][T13110] memory: usage 307200kB, limit 307200kB, failcnt 44399
[ 2001.053070][T13110] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2001.053111][T13103] bridge217: port 1(vlan91) entered disabled state
17:37:59 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2001.091735][T13103] device bridge218 entered promiscuous mode
[ 2001.122732][T13110] Memory cgroup stats for /syz2:
[ 2001.122917][T13110] anon 98304
[ 2001.122917][T13110] file 266240
[ 2001.122917][T13110] kernel 314195968
[ 2001.122917][T13110] kernel_stack 65536
[ 2001.122917][T13110] pagetables 65536
[ 2001.122917][T13110] sec_pagetables 0
[ 2001.122917][T13110] percpu 5359968
[ 2001.122917][T13110] sock 0
[ 2001.122917][T13110] vmalloc 8192
[ 2001.122917][T13110] shmem 266240
[ 2001.122917][T13110] zswap 0
[ 2001.122917][T13110] zswapped 0
[ 2001.122917][T13110] file_mapped 266240
[ 2001.122917][T13110] file_dirty 0
[ 2001.122917][T13110] file_writeback 0
[ 2001.122917][T13110] swapcached 0
[ 2001.122917][T13110] anon_thp 0
[ 2001.122917][T13110] file_thp 0
[ 2001.122917][T13110] shmem_thp 0
[ 2001.122917][T13110] inactive_anon 98304
[ 2001.122917][T13110] active_anon 266240
[ 2001.122917][T13110] inactive_file 0
[ 2001.122917][T13110] active_file 0
[ 2001.122917][T13110] unevictable 0
[ 2001.122917][T13110] slab_reclaimable 10296
[ 2001.122917][T13110] slab_unreclaimable 308662248
[ 2001.240543][T13103] bridge217: port 1(vlan91) entered blocking state
[ 2001.247160][T13103] bridge217: port 1(vlan91) entered forwarding state
17:37:59 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf5b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2001.363868][T13109] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
17:38:00 executing program 1:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r3, 0x8000000)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r3, 0x10000000)
syz_io_uring_submit(r8, r9, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r3, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2001.483462][T13123] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
17:38:00 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x7, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2001.536269][T13110] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13110,uid=0
[ 2001.561089][T13110] Memory cgroup out of memory: Killed process 13110 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 2001.719547][T13112] bridge601: port 1(vlan183) entered blocking state
[ 2001.766946][T13112] bridge601: port 1(vlan183) entered disabled state
[ 2001.819323][T13130] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 2001.820615][T13112] device bridge602 entered promiscuous mode
[ 2001.840473][T13130] CPU: 1 PID: 13130 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 2001.850908][T13130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 2001.860971][T13130] Call Trace:
[ 2001.864245][T13130]  <TASK>
[ 2001.867170][T13130]  dump_stack_lvl+0xcd/0x134
[ 2001.871759][T13130]  dump_header+0x10b/0x85f
[ 2001.876168][T13130]  oom_kill_process.cold+0x10/0x15
[ 2001.881276][T13130]  out_of_memory+0x358/0x14a0
[ 2001.885952][T13130]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2001.891404][T13130]  ? __mod_timer+0x83c/0xe30
[ 2001.895985][T13130]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2001.901440][T13130]  ? lock_acquire+0x4fc/0x630
[ 2001.906106][T13130]  ? oom_killer_disable+0x270/0x270
[ 2001.911294][T13130]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2001.916751][T13130]  ? lock_release+0x5cb/0x810
[ 2001.921416][T13130]  ? rcu_read_unlock+0x9/0x60
[ 2001.926082][T13130]  ? lock_downgrade+0x6e0/0x6e0
[ 2001.930922][T13130]  mem_cgroup_out_of_memory+0x206/0x270
[ 2001.936461][T13130]  ? mem_cgroup_margin+0x130/0x130
[ 2001.941560][T13130]  ? lock_downgrade+0x6e0/0x6e0
[ 2001.946404][T13130]  try_charge_memcg+0xef8/0x12f0
[ 2001.951340][T13130]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 2001.957313][T13130]  ? lock_release+0x5cb/0x810
[ 2001.961979][T13130]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 2001.967693][T13130]  ? lock_downgrade+0x6e0/0x6e0
[ 2001.972533][T13130]  ? lock_release+0x5cb/0x810
[ 2001.977200][T13130]  ? rcu_read_unlock+0x9/0x60
[ 2001.981878][T13130]  ? lock_downgrade+0x6e0/0x6e0
[ 2001.986744][T13130]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 2001.992285][T13130]  __alloc_pages+0x1ef/0x5a0
[ 2001.996868][T13130]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 2002.003620][T13130]  ? lock_release+0x5cb/0x810
[ 2002.008287][T13130]  ? psi_task_change+0x1bb/0x2f0
[ 2002.013218][T13130]  alloc_pages+0x1a6/0x270
[ 2002.017633][T13130]  pte_alloc_one+0x16/0x230
[ 2002.022128][T13130]  __pte_alloc+0x69/0x250
[ 2002.026447][T13130]  ? pmd_install+0x150/0x150
[ 2002.031020][T13130]  ? hugepage_vma_check+0x24a/0x830
[ 2002.036212][T13130]  __handle_mm_fault+0x3527/0x3a40
[ 2002.041319][T13130]  ? lock_acquire+0x4fc/0x630
[ 2002.045986][T13130]  ? vm_iomap_memory+0x180/0x180
[ 2002.050914][T13130]  ? lock_release+0x810/0x810
[ 2002.055599][T13130]  handle_mm_fault+0x1c8/0x780
[ 2002.060380][T13130]  do_user_addr_fault+0x475/0x1210
[ 2002.065487][T13130]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2002.070943][T13130]  exc_page_fault+0x94/0x170
[ 2002.075532][T13130]  asm_exc_page_fault+0x22/0x30
[ 2002.080393][T13130] RIP: 0023:0xf6e1cd58
[ 2002.084453][T13130] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 2002.104158][T13130] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 2002.110224][T13130] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 2002.118182][T13130] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 2002.126140][T13130] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 2002.134099][T13130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2002.142055][T13130] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2002.150021][T13130]  </TASK>
17:38:00 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2002.247443][T13112] bridge601: port 1(vlan183) entered blocking state
[ 2002.254117][T13112] bridge601: port 1(vlan183) entered forwarding state
[ 2002.283434][T13130] memory: usage 307188kB, limit 307200kB, failcnt 44462
17:38:00 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf4b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2002.323810][T13130] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2002.430861][T13129] bridge219: port 1(vlan92) entered blocking state
[ 2002.448351][T13130] Memory cgroup stats for /syz2:
[ 2002.448632][T13130] anon 98304
[ 2002.448632][T13130] file 266240
[ 2002.448632][T13130] kernel 314195968
[ 2002.448632][T13130] kernel_stack 65536
[ 2002.448632][T13130] pagetables 65536
[ 2002.448632][T13130] sec_pagetables 0
[ 2002.448632][T13130] percpu 5359968
[ 2002.448632][T13130] sock 0
[ 2002.448632][T13130] vmalloc 8192
[ 2002.448632][T13130] shmem 266240
[ 2002.448632][T13130] zswap 0
[ 2002.448632][T13130] zswapped 0
[ 2002.448632][T13130] file_mapped 266240
[ 2002.448632][T13130] file_dirty 0
[ 2002.448632][T13130] file_writeback 0
[ 2002.448632][T13130] swapcached 0
[ 2002.448632][T13130] anon_thp 0
[ 2002.448632][T13130] file_thp 0
[ 2002.448632][T13130] shmem_thp 0
[ 2002.448632][T13130] inactive_anon 98304
[ 2002.448632][T13130] active_anon 266240
[ 2002.448632][T13130] inactive_file 0
[ 2002.448632][T13130] active_file 0
[ 2002.448632][T13130] unevictable 0
[ 2002.448632][T13130] slab_reclaimable 10296
[ 2002.448632][T13130] slab_unreclaimable 308661944
17:38:01 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100))
stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
read$FUSE(0xffffffffffffffff, &(0x7f0000000340)={0x2020, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
shmctl$IPC_SET(0x0, 0x1, &(0x7f00000000c0)={{0x3, r2, 0xffffffffffffffff, 0x0, 0xee00, 0x34, 0x9}, 0x1, 0x2, 0xffffffff, 0x3, r3, 0x0, 0xfffd})
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)
dup3(r5, r0, 0x80000)

[ 2002.572851][T13129] bridge219: port 1(vlan92) entered disabled state
[ 2002.610726][T13129] device bridge220 entered promiscuous mode
[ 2002.650462][T13129] bridge219: port 1(vlan92) entered blocking state
[ 2002.657068][T13129] bridge219: port 1(vlan92) entered forwarding state
17:38:01 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf3b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2002.740079][T13137] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
[ 2002.793513][T13137] __nla_validate_parse: 6 callbacks suppressed
[ 2002.793526][T13137] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2002.831062][T13138] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2002.915528][T13130] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13130,uid=0
[ 2002.997656][T13130] Memory cgroup out of memory: Killed process 13130 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:38:01 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x8, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2003.092476][T13140] bridge603: port 1(vlan184) entered blocking state
17:38:01 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf2b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2003.187260][T13140] bridge603: port 1(vlan184) entered disabled state
[ 2003.257155][T13149] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2003.298380][T13140] device bridge604 entered promiscuous mode
[ 2003.326078][T13149] CPU: 0 PID: 13149 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 2003.336573][T13149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
17:38:01 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2003.346655][T13149] Call Trace:
[ 2003.349946][T13149]  <TASK>
[ 2003.352896][T13149]  dump_stack_lvl+0xcd/0x134
[ 2003.357527][T13149]  dump_header+0x10b/0x85f
[ 2003.361975][T13149]  oom_kill_process.cold+0x10/0x15
[ 2003.367109][T13149]  out_of_memory+0x358/0x14a0
[ 2003.371818][T13149]  ? __mod_timer+0x83c/0xe30
[ 2003.376437][T13149]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2003.381934][T13149]  ? lock_acquire+0x4fc/0x630
[ 2003.386641][T13149]  ? oom_killer_disable+0x270/0x270
[ 2003.391874][T13149]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2003.397380][T13149]  ? lock_release+0x5cb/0x810
[ 2003.402074][T13149]  ? rcu_read_unlock+0x9/0x60
[ 2003.406744][T13149]  ? lock_downgrade+0x6e0/0x6e0
[ 2003.411584][T13149]  mem_cgroup_out_of_memory+0x206/0x270
[ 2003.417146][T13149]  ? mem_cgroup_margin+0x130/0x130
[ 2003.422258][T13149]  ? lock_downgrade+0x6e0/0x6e0
[ 2003.427124][T13149]  try_charge_memcg+0xef8/0x12f0
[ 2003.432098][T13149]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 2003.438098][T13149]  ? lock_acquire+0x4fc/0x630
[ 2003.442766][T13149]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 2003.448487][T13149]  ? lock_downgrade+0x6e0/0x6e0
[ 2003.453339][T13149]  ? lock_release+0x5cb/0x810
[ 2003.458026][T13149]  ? obj_cgroup_charge+0x244/0x5e0
[ 2003.463135][T13149]  ? lock_downgrade+0x6e0/0x6e0
[ 2003.467979][T13149]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2003.473439][T13149]  obj_cgroup_charge+0x2ab/0x5e0
[ 2003.478391][T13149]  kmem_cache_alloc_lru+0x13d/0x730
[ 2003.483606][T13149]  ? sock_alloc_inode+0x23/0x1d0
[ 2003.488560][T13149]  sock_alloc_inode+0x23/0x1d0
[ 2003.493343][T13149]  ? sock_free_inode+0x20/0x20
[ 2003.498118][T13149]  alloc_inode+0x61/0x230
[ 2003.502453][T13149]  new_inode_pseudo+0x13/0x80
[ 2003.507137][T13149]  sock_alloc+0x3c/0x260
[ 2003.511388][T13149]  __sock_create+0xb9/0x790
[ 2003.515900][T13149]  ? lock_downgrade+0x6e0/0x6e0
[ 2003.520757][T13149]  __sys_socket+0x12f/0x240
[ 2003.525277][T13149]  ? __sys_socket_file+0x1f0/0x1f0
[ 2003.530413][T13149]  ? vtime_user_exit+0x218/0x6c0
[ 2003.535395][T13149]  __ia32_sys_socket+0x6f/0xb0
[ 2003.540169][T13149]  ? syscall_enter_from_user_mode_prepare+0x19/0x80
[ 2003.546765][T13149]  __do_fast_syscall_32+0x65/0xf0
[ 2003.551802][T13149]  do_fast_syscall_32+0x2f/0x70
[ 2003.556663][T13149]  entry_SYSENTER_compat_after_hwframe+0x70/0x82
[ 2003.563002][T13149] RIP: 0023:0xf7f51549
[ 2003.567069][T13149] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2003.586678][T13149] RSP: 002b:00000000f7f4c5cc EFLAGS: 00000296 ORIG_RAX: 0000000000000167
[ 2003.595091][T13149] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000000003
[ 2003.603063][T13149] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2003.611030][T13149] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2003.618996][T13149] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 2003.626964][T13149] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2003.634937][T13149]  </TASK>
[ 2003.653987][T13140] bridge603: port 1(vlan184) entered blocking state
[ 2003.660684][T13140] bridge603: port 1(vlan184) entered forwarding state
[ 2003.684566][T13149] memory: usage 307200kB, limit 307200kB, failcnt 44571
[ 2003.699137][T13149] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2003.707395][T13149] Memory cgroup stats for /syz2:
[ 2003.707578][T13149] anon 98304
[ 2003.707578][T13149] file 266240
[ 2003.707578][T13149] kernel 314195968
[ 2003.707578][T13149] kernel_stack 65536
[ 2003.707578][T13149] pagetables 65536
[ 2003.707578][T13149] sec_pagetables 0
[ 2003.707578][T13149] percpu 5359968
[ 2003.707578][T13149] sock 0
[ 2003.707578][T13149] vmalloc 8192
[ 2003.707578][T13149] shmem 266240
[ 2003.707578][T13149] zswap 0
[ 2003.707578][T13149] zswapped 0
[ 2003.707578][T13149] file_mapped 266240
[ 2003.707578][T13149] file_dirty 0
[ 2003.707578][T13149] file_writeback 0
[ 2003.707578][T13149] swapcached 0
[ 2003.707578][T13149] anon_thp 0
[ 2003.707578][T13149] file_thp 0
[ 2003.707578][T13149] shmem_thp 0
[ 2003.707578][T13149] inactive_anon 98304
[ 2003.707578][T13149] active_anon 266240
[ 2003.707578][T13149] inactive_file 0
[ 2003.707578][T13149] active_file 0
[ 2003.707578][T13149] unevictable 0
[ 2003.707578][T13149] slab_reclaimable 10296
[ 2003.707578][T13149] slab_unreclaimable 308662248
[ 2003.863125][T13144] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 2003.876690][T13149] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13148,uid=0
[ 2003.877295][T13144] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
17:38:02 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf2b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2003.896314][T13149] Memory cgroup out of memory: Killed process 13148 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:38:02 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x9, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2004.027282][T13146] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2004.135848][T13147] bridge221: port 1(vlan93) entered blocking state
[ 2004.152435][T13147] bridge221: port 1(vlan93) entered disabled state
[ 2004.169373][T13147] device bridge222 entered promiscuous mode
[ 2004.179900][T13164] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2004.199006][T13147] bridge221: port 1(vlan93) entered blocking state
[ 2004.205583][T13147] bridge221: port 1(vlan93) entered forwarding state
[ 2004.221667][T13164] CPU: 0 PID: 13164 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 2004.232114][T13164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 2004.242159][T13164] Call Trace:
[ 2004.245426][T13164]  <TASK>
[ 2004.248355][T13164]  dump_stack_lvl+0xcd/0x134
[ 2004.252959][T13164]  dump_header+0x10b/0x85f
[ 2004.257374][T13164]  oom_kill_process.cold+0x10/0x15
[ 2004.262477][T13164]  out_of_memory+0x358/0x14a0
[ 2004.267151][T13164]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2004.272610][T13164]  ? __mod_timer+0x83c/0xe30
[ 2004.277210][T13164]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2004.282711][T13164]  ? lock_acquire+0x4fc/0x630
[ 2004.287414][T13164]  ? oom_killer_disable+0x270/0x270
[ 2004.289274][T13151] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 2004.292622][T13164]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2004.306133][T13164]  ? lock_release+0x5cb/0x810
[ 2004.310807][T13164]  ? rcu_read_unlock+0x9/0x60
[ 2004.315475][T13164]  ? lock_downgrade+0x6e0/0x6e0
[ 2004.320314][T13164]  mem_cgroup_out_of_memory+0x206/0x270
[ 2004.325865][T13164]  ? mem_cgroup_margin+0x130/0x130
[ 2004.330995][T13164]  ? lock_downgrade+0x6e0/0x6e0
[ 2004.335861][T13164]  try_charge_memcg+0xef8/0x12f0
[ 2004.340811][T13164]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 2004.346804][T13164]  ? lock_acquire+0x4fc/0x630
[ 2004.351486][T13164]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 2004.357213][T13164]  ? lock_downgrade+0x6e0/0x6e0
[ 2004.362066][T13164]  ? lock_release+0x5cb/0x810
[ 2004.366747][T13164]  ? obj_cgroup_charge+0x244/0x5e0
[ 2004.371870][T13164]  ? lock_downgrade+0x6e0/0x6e0
[ 2004.376733][T13164]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2004.382227][T13164]  obj_cgroup_charge+0x2ab/0x5e0
[ 2004.387193][T13164]  kmem_cache_alloc_lru+0x13d/0x730
[ 2004.392423][T13164]  ? sock_alloc_inode+0x23/0x1d0
[ 2004.397385][T13164]  sock_alloc_inode+0x23/0x1d0
[ 2004.402160][T13164]  ? sock_free_inode+0x20/0x20
[ 2004.406928][T13164]  alloc_inode+0x61/0x230
[ 2004.411260][T13164]  new_inode_pseudo+0x13/0x80
[ 2004.415940][T13164]  sock_alloc+0x3c/0x260
[ 2004.420189][T13164]  __sock_create+0xb9/0x790
[ 2004.424705][T13164]  ? lock_downgrade+0x6e0/0x6e0
[ 2004.429562][T13164]  __sys_socket+0x12f/0x240
[ 2004.434073][T13164]  ? __sys_socket_file+0x1f0/0x1f0
[ 2004.439213][T13164]  ? vtime_user_exit+0x218/0x6c0
[ 2004.444163][T13164]  __ia32_sys_socket+0x6f/0xb0
[ 2004.448936][T13164]  ? syscall_enter_from_user_mode_prepare+0x19/0x80
[ 2004.455529][T13164]  __do_fast_syscall_32+0x65/0xf0
[ 2004.460563][T13164]  do_fast_syscall_32+0x2f/0x70
[ 2004.465428][T13164]  entry_SYSENTER_compat_after_hwframe+0x70/0x82
[ 2004.471768][T13164] RIP: 0023:0xf7f51549
[ 2004.475833][T13164] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2004.495442][T13164] RSP: 002b:00000000f7f4c5cc EFLAGS: 00000296 ORIG_RAX: 0000000000000167
[ 2004.503858][T13164] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000000003
[ 2004.511825][T13164] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2004.519790][T13164] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2004.527756][T13164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
17:38:03 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf3b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:38:03 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
sched_setparam(0x0, &(0x7f0000000080)=0x40)
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0xf0)

[ 2004.535723][T13164] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2004.543697][T13164]  </TASK>
[ 2004.561378][T13151] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2004.641466][T13152] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
17:38:03 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2004.719031][T13154] bridge276: port 1(vlan107) entered blocking state
[ 2004.759568][T13154] bridge276: port 1(vlan107) entered disabled state
[ 2004.796560][T13154] device bridge277 entered promiscuous mode
[ 2004.812780][T13154] bridge276: port 1(vlan107) entered blocking state
[ 2004.819434][T13154] bridge276: port 1(vlan107) entered forwarding state
17:38:03 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf1b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2004.879943][T13160] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
[ 2004.891115][T13160] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2004.938654][T13162] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2004.967630][T13164] memory: usage 307200kB, limit 307200kB, failcnt 44662
[ 2004.988321][T13164] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2005.036938][T13163] bridge605: port 1(vlan185) entered blocking state
[ 2005.057054][T13163] bridge605: port 1(vlan185) entered disabled state
[ 2005.087464][T13163] device bridge606 entered promiscuous mode
[ 2005.119795][T13163] bridge605: port 1(vlan185) entered blocking state
[ 2005.126465][T13163] bridge605: port 1(vlan185) entered forwarding state
[ 2005.156127][T13164] Memory cgroup stats for /syz2:
[ 2005.156330][T13164] anon 98304
[ 2005.156330][T13164] file 266240
[ 2005.156330][T13164] kernel 314195968
[ 2005.156330][T13164] kernel_stack 65536
[ 2005.156330][T13164] pagetables 65536
[ 2005.156330][T13164] sec_pagetables 0
[ 2005.156330][T13164] percpu 5359968
[ 2005.156330][T13164] sock 0
[ 2005.156330][T13164] vmalloc 8192
[ 2005.156330][T13164] shmem 266240
[ 2005.156330][T13164] zswap 0
[ 2005.156330][T13164] zswapped 0
[ 2005.156330][T13164] file_mapped 266240
[ 2005.156330][T13164] file_dirty 0
[ 2005.156330][T13164] file_writeback 0
[ 2005.156330][T13164] swapcached 0
[ 2005.156330][T13164] anon_thp 0
[ 2005.156330][T13164] file_thp 0
[ 2005.156330][T13164] shmem_thp 0
[ 2005.156330][T13164] inactive_anon 98304
[ 2005.156330][T13164] active_anon 266240
[ 2005.156330][T13164] inactive_file 0
[ 2005.156330][T13164] active_file 0
[ 2005.156330][T13164] unevictable 0
[ 2005.156330][T13164] slab_reclaimable 10296
[ 2005.156330][T13164] slab_unreclaimable 308662248
17:38:03 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf2b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2005.267123][T13168] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 2005.285464][T13164] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13161,uid=0
[ 2005.294535][T13168] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
17:38:03 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0xa, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2005.302345][T13164] Memory cgroup out of memory: Killed process 13161 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 2005.449771][T13181] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 2005.462674][T13170] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2005.527261][T13181] CPU: 0 PID: 13181 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 2005.537709][T13181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 2005.547772][T13181] Call Trace:
[ 2005.551042][T13181]  <TASK>
[ 2005.553967][T13181]  dump_stack_lvl+0xcd/0x134
[ 2005.558565][T13181]  dump_header+0x10b/0x85f
[ 2005.562988][T13181]  oom_kill_process.cold+0x10/0x15
[ 2005.568092][T13181]  out_of_memory+0x358/0x14a0
[ 2005.572765][T13181]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2005.578227][T13181]  ? __mod_timer+0x83c/0xe30
[ 2005.582820][T13181]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2005.588292][T13181]  ? lock_acquire+0x4fc/0x630
[ 2005.592985][T13181]  ? oom_killer_disable+0x270/0x270
[ 2005.598194][T13181]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2005.603665][T13181]  ? lock_release+0x5cb/0x810
[ 2005.608344][T13181]  ? rcu_read_unlock+0x9/0x60
[ 2005.613008][T13181]  ? lock_downgrade+0x6e0/0x6e0
[ 2005.617844][T13181]  mem_cgroup_out_of_memory+0x206/0x270
[ 2005.623377][T13181]  ? mem_cgroup_margin+0x130/0x130
[ 2005.628474][T13181]  ? lock_downgrade+0x6e0/0x6e0
[ 2005.633316][T13181]  try_charge_memcg+0xef8/0x12f0
[ 2005.638270][T13181]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 2005.644270][T13181]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 2005.649980][T13181]  ? lock_downgrade+0x6e0/0x6e0
[ 2005.654819][T13181]  ? preempt_schedule_notrace_thunk+0x16/0x18
[ 2005.660881][T13181]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 2005.666425][T13181]  __alloc_pages+0x1ef/0x5a0
[ 2005.671002][T13181]  ? page_remove_rmap+0x135/0x1110
[ 2005.676105][T13181]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 2005.682865][T13181]  ? put_page+0xd9/0x280
[ 2005.687113][T13181]  alloc_pages+0x1a6/0x270
[ 2005.691556][T13181]  pte_alloc_one+0x16/0x230
[ 2005.696064][T13181]  __pte_alloc+0x69/0x250
[ 2005.700391][T13181]  ? pmd_install+0x150/0x150
[ 2005.704972][T13181]  ? hugepage_vma_check+0x24a/0x830
[ 2005.710161][T13181]  __handle_mm_fault+0x3527/0x3a40
[ 2005.715262][T13181]  ? lock_acquire+0x4fc/0x630
[ 2005.719923][T13181]  ? vm_iomap_memory+0x180/0x180
[ 2005.724851][T13181]  ? lock_release+0x810/0x810
[ 2005.729518][T13181]  handle_mm_fault+0x1c8/0x780
[ 2005.734275][T13181]  do_user_addr_fault+0x475/0x1210
[ 2005.739382][T13181]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2005.744836][T13181]  exc_page_fault+0x94/0x170
[ 2005.749414][T13181]  asm_exc_page_fault+0x22/0x30
[ 2005.754274][T13181] RIP: 0023:0xf6e1cd58
[ 2005.758328][T13181] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 2005.777929][T13181] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 2005.784063][T13181] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 2005.792117][T13181] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 2005.800077][T13181] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 2005.808032][T13181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2005.815985][T13181] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2005.823948][T13181]  </TASK>
[ 2005.841798][T13181] memory: usage 307200kB, limit 307200kB, failcnt 44749
[ 2005.849316][T13181] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2005.862315][T13181] Memory cgroup stats for /syz2:
[ 2005.862449][T13181] anon 98304
[ 2005.862449][T13181] file 266240
[ 2005.862449][T13181] kernel 314208256
[ 2005.862449][T13181] kernel_stack 65536
[ 2005.862449][T13181] pagetables 65536
[ 2005.862449][T13181] sec_pagetables 0
[ 2005.862449][T13181] percpu 5359968
[ 2005.862449][T13181] sock 0
[ 2005.862449][T13181] vmalloc 8192
[ 2005.862449][T13181] shmem 266240
[ 2005.862449][T13181] zswap 0
[ 2005.862449][T13181] zswapped 0
[ 2005.862449][T13181] file_mapped 266240
[ 2005.862449][T13181] file_dirty 0
[ 2005.862449][T13181] file_writeback 0
[ 2005.862449][T13181] swapcached 0
[ 2005.862449][T13181] anon_thp 0
[ 2005.862449][T13181] file_thp 0
[ 2005.862449][T13181] shmem_thp 0
[ 2005.862449][T13181] inactive_anon 61440
[ 2005.862449][T13181] active_anon 266240
[ 2005.862449][T13181] inactive_file 0
[ 2005.862449][T13181] active_file 0
[ 2005.862449][T13181] unevictable 0
[ 2005.862449][T13181] slab_reclaimable 10296
[ 2005.862449][T13181] slab_unreclaimable 308673344
17:38:04 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2006.016400][T13181] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13181,uid=0
[ 2006.033994][T13181] Memory cgroup out of memory: Killed process 13181 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:38:04 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0xb, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2006.118317][T13173] bridge223: port 1(vlan94) entered blocking state
[ 2006.134681][T13173] bridge223: port 1(vlan94) entered disabled state
[ 2006.199162][T13173] device bridge224 entered promiscuous mode
[ 2006.228578][T13173] bridge223: port 1(vlan94) entered blocking state
[ 2006.235176][T13173] bridge223: port 1(vlan94) entered forwarding state
17:38:04 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf3b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2006.246700][T13176] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
17:38:04 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf0ffffff, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2006.313674][T13189] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2006.431875][T13189] CPU: 0 PID: 13189 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 2006.442320][T13189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 2006.452371][T13189] Call Trace:
[ 2006.455656][T13189]  <TASK>
[ 2006.458577][T13189]  dump_stack_lvl+0xcd/0x134
[ 2006.463165][T13189]  dump_header+0x10b/0x85f
[ 2006.467569][T13189]  oom_kill_process.cold+0x10/0x15
[ 2006.472669][T13189]  out_of_memory+0x358/0x14a0
[ 2006.477354][T13189]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2006.482813][T13189]  ? __mod_timer+0x83c/0xe30
[ 2006.487415][T13189]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2006.492904][T13189]  ? lock_acquire+0x4fc/0x630
[ 2006.497661][T13189]  ? oom_killer_disable+0x270/0x270
[ 2006.502850][T13189]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2006.508301][T13189]  ? lock_release+0x5cb/0x810
[ 2006.512961][T13189]  ? rcu_read_unlock+0x9/0x60
[ 2006.517623][T13189]  ? lock_downgrade+0x6e0/0x6e0
[ 2006.522461][T13189]  mem_cgroup_out_of_memory+0x206/0x270
[ 2006.527995][T13189]  ? mem_cgroup_margin+0x130/0x130
[ 2006.533092][T13189]  ? lock_downgrade+0x6e0/0x6e0
[ 2006.537947][T13189]  try_charge_memcg+0xef8/0x12f0
[ 2006.542906][T13189]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 2006.548886][T13189]  ? lock_acquire+0x4fc/0x630
[ 2006.553551][T13189]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 2006.559261][T13189]  ? lock_downgrade+0x6e0/0x6e0
[ 2006.564097][T13189]  ? lock_release+0x5cb/0x810
[ 2006.568760][T13189]  ? obj_cgroup_charge+0x244/0x5e0
[ 2006.573863][T13189]  ? lock_downgrade+0x6e0/0x6e0
[ 2006.578702][T13189]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2006.584158][T13189]  obj_cgroup_charge+0x2ab/0x5e0
[ 2006.589100][T13189]  kmem_cache_alloc_lru+0x13d/0x730
[ 2006.594295][T13189]  ? sock_alloc_inode+0x23/0x1d0
[ 2006.599232][T13189]  sock_alloc_inode+0x23/0x1d0
[ 2006.603989][T13189]  ? sock_free_inode+0x20/0x20
[ 2006.608742][T13189]  alloc_inode+0x61/0x230
[ 2006.613059][T13189]  new_inode_pseudo+0x13/0x80
[ 2006.617725][T13189]  sock_alloc+0x3c/0x260
[ 2006.621960][T13189]  __sock_create+0xb9/0x790
[ 2006.626458][T13189]  ? trace_hardirqs_off+0xe/0x150
[ 2006.631469][T13189]  __sys_socket+0x12f/0x240
[ 2006.635974][T13189]  ? __sys_socket_file+0x1f0/0x1f0
[ 2006.641105][T13189]  __ia32_sys_socket+0x6f/0xb0
[ 2006.645864][T13189]  __do_fast_syscall_32+0x65/0xf0
[ 2006.650885][T13189]  do_fast_syscall_32+0x2f/0x70
[ 2006.655728][T13189]  entry_SYSENTER_compat_after_hwframe+0x70/0x82
[ 2006.662050][T13189] RIP: 0023:0xf7f51549
[ 2006.666100][T13189] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2006.685704][T13189] RSP: 002b:00000000f7f4c5cc EFLAGS: 00000296 ORIG_RAX: 0000000000000167
[ 2006.694126][T13189] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000000003
[ 2006.702085][T13189] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2006.710042][T13189] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2006.717997][T13189] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 2006.725951][T13189] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2006.733910][T13189]  </TASK>
[ 2006.752041][T13178] bridge278: port 1(vlan108) entered blocking state
[ 2006.772968][T13178] bridge278: port 1(vlan108) entered disabled state
17:38:05 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf1b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2006.798361][T13189] memory: usage 307200kB, limit 307200kB, failcnt 44886
[ 2006.800490][T13178] device bridge279 entered promiscuous mode
[ 2006.806525][T13189] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2006.814148][T13178] bridge278: port 1(vlan108) entered blocking state
[ 2006.824790][T13178] bridge278: port 1(vlan108) entered forwarding state
[ 2006.838137][T13180] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
[ 2006.863758][T13189] Memory cgroup stats for /syz2:
[ 2006.864273][T13189] anon 98304
[ 2006.864273][T13189] file 266240
[ 2006.864273][T13189] kernel 314208256
[ 2006.864273][T13189] kernel_stack 65536
[ 2006.864273][T13189] pagetables 65536
[ 2006.864273][T13189] sec_pagetables 0
[ 2006.864273][T13189] percpu 5359968
[ 2006.864273][T13189] sock 0
[ 2006.864273][T13189] vmalloc 8192
[ 2006.864273][T13189] shmem 266240
[ 2006.864273][T13189] zswap 0
[ 2006.864273][T13189] zswapped 0
[ 2006.864273][T13189] file_mapped 266240
[ 2006.864273][T13189] file_dirty 0
[ 2006.864273][T13189] file_writeback 0
[ 2006.864273][T13189] swapcached 0
[ 2006.864273][T13189] anon_thp 0
[ 2006.864273][T13189] file_thp 0
[ 2006.864273][T13189] shmem_thp 0
[ 2006.864273][T13189] inactive_anon 98304
[ 2006.864273][T13189] active_anon 266240
[ 2006.864273][T13189] inactive_file 0
[ 2006.864273][T13189] active_file 0
[ 2006.864273][T13189] unevictable 0
[ 2006.864273][T13189] slab_reclaimable 10296
[ 2006.864273][T13189] slab_unreclaimable 308673344
[ 2006.985391][T13189] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13188,uid=0
[ 2007.002150][T13189] Memory cgroup out of memory: Killed process 13188 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 2007.031514][T13189] socket: no more sockets
17:38:05 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:38:05 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0xc, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2007.127154][T13184] bridge607: port 1(vlan186) entered blocking state
[ 2007.135233][T13184] bridge607: port 1(vlan186) entered disabled state
[ 2007.150902][T13204] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2007.178293][T13204] CPU: 1 PID: 13204 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 2007.188745][T13204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 2007.198794][T13204] Call Trace:
[ 2007.202060][T13204]  <TASK>
[ 2007.204990][T13204]  dump_stack_lvl+0xcd/0x134
[ 2007.209595][T13204]  dump_header+0x10b/0x85f
[ 2007.214001][T13204]  oom_kill_process.cold+0x10/0x15
[ 2007.219110][T13204]  out_of_memory+0x358/0x14a0
[ 2007.223777][T13204]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2007.229231][T13204]  ? __mod_timer+0x83c/0xe30
[ 2007.233814][T13204]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2007.239268][T13204]  ? lock_acquire+0x4fc/0x630
[ 2007.243933][T13204]  ? oom_killer_disable+0x270/0x270
[ 2007.249124][T13204]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2007.254587][T13204]  ? lock_release+0x5cb/0x810
[ 2007.259266][T13204]  ? rcu_read_unlock+0x9/0x60
[ 2007.263931][T13204]  ? lock_downgrade+0x6e0/0x6e0
[ 2007.268771][T13204]  mem_cgroup_out_of_memory+0x206/0x270
[ 2007.274310][T13204]  ? mem_cgroup_margin+0x130/0x130
[ 2007.279410][T13204]  ? lock_downgrade+0x6e0/0x6e0
[ 2007.284251][T13204]  try_charge_memcg+0xef8/0x12f0
[ 2007.286693][T13184] device bridge608 entered promiscuous mode
[ 2007.289180][T13204]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 2007.301027][T13204]  ? lock_release+0x5cb/0x810
[ 2007.305701][T13204]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 2007.311431][T13204]  ? lock_downgrade+0x6e0/0x6e0
[ 2007.316273][T13204]  ? lock_release+0x5cb/0x810
[ 2007.320945][T13204]  ? rcu_read_unlock+0x9/0x60
[ 2007.325618][T13204]  ? lock_downgrade+0x6e0/0x6e0
[ 2007.330462][T13204]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 2007.336004][T13204]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 2007.342151][T13204]  copy_process+0x73e/0x7190
[ 2007.346733][T13204]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2007.352190][T13204]  ? lock_release+0x5cb/0x810
[ 2007.356858][T13204]  ? psi_task_change+0x1bb/0x2f0
[ 2007.361788][T13204]  ? lock_downgrade+0x6e0/0x6e0
[ 2007.366630][T13204]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2007.372087][T13204]  ? lock_acquire+0x4fc/0x630
[ 2007.376761][T13204]  ? __cleanup_sighand+0xb0/0xb0
[ 2007.381713][T13204]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2007.387173][T13204]  ? lock_release+0x5cb/0x810
[ 2007.391848][T13204]  ? psi_memstall_leave+0x170/0x250
[ 2007.397043][T13204]  ? lock_repin_lock+0x350/0x350
[ 2007.401976][T13204]  kernel_clone+0xe7/0x980
[ 2007.406395][T13204]  ? lock_release+0x810/0x810
[ 2007.411078][T13204]  ? create_io_thread+0xe0/0xe0
[ 2007.415923][T13204]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 2007.422154][T13204]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2007.427616][T13204]  ? lock_acquire+0x4fc/0x630
[ 2007.432283][T13204]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2007.437745][T13204]  ? lock_release+0x5cb/0x810
[ 2007.442429][T13204]  ? __ct_user_exit+0xff/0x150
[ 2007.447187][T13204]  ? lock_downgrade+0x6e0/0x6e0
[ 2007.452027][T13204]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 2007.457571][T13204]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 2007.463460][T13204]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 2007.469345][T13204]  ? trace_hardirqs_on+0x2d/0x160
[ 2007.474356][T13204]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 2007.480248][T13204]  do_int80_syscall_32+0x46/0x90
[ 2007.485196][T13204]  entry_INT80_compat+0x8b/0x90
[ 2007.490060][T13204] RIP: 0023:0xf6e5ba74
[ 2007.494114][T13204] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 2007.513726][T13204] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 2007.522129][T13204] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 2007.530088][T13204] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 2007.538058][T13204] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 2007.546020][T13204] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 2007.553977][T13204] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2007.559862][T13184] bridge607: port 1(vlan186) entered blocking state
[ 2007.561936][T13204]  </TASK>
[ 2007.568573][T13184] bridge607: port 1(vlan186) entered forwarding state
17:38:06 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf2b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2007.632800][T13191] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 2007.655869][T13204] memory: usage 307172kB, limit 307200kB, failcnt 44992
[ 2007.666676][T13204] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2007.713635][T13204] Memory cgroup stats for /syz2:
[ 2007.714272][T13204] anon 94208
[ 2007.714272][T13204] file 266240
[ 2007.714272][T13204] kernel 314183680
[ 2007.714272][T13204] kernel_stack 32768
[ 2007.714272][T13204] pagetables 65536
[ 2007.714272][T13204] sec_pagetables 0
[ 2007.714272][T13204] percpu 5359968
[ 2007.714272][T13204] sock 0
[ 2007.714272][T13204] vmalloc 8192
[ 2007.714272][T13204] shmem 266240
[ 2007.714272][T13204] zswap 0
[ 2007.714272][T13204] zswapped 0
[ 2007.714272][T13204] file_mapped 266240
[ 2007.714272][T13204] file_dirty 0
[ 2007.714272][T13204] file_writeback 0
[ 2007.714272][T13204] swapcached 0
[ 2007.714272][T13204] anon_thp 0
[ 2007.714272][T13204] file_thp 0
[ 2007.714272][T13204] shmem_thp 0
[ 2007.714272][T13204] inactive_anon 94208
[ 2007.714272][T13204] active_anon 266240
[ 2007.714272][T13204] inactive_file 0
[ 2007.714272][T13204] active_file 0
[ 2007.714272][T13204] unevictable 0
[ 2007.714272][T13204] slab_reclaimable 10296
[ 2007.714272][T13204] slab_unreclaimable 308672880
[ 2007.831699][T13193] bridge225: port 1(vlan95) entered blocking state
[ 2007.847467][T13193] bridge225: port 1(vlan95) entered disabled state
[ 2007.866257][T13193] device bridge226 entered promiscuous mode
17:38:06 executing program 3:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2007.879217][T13193] bridge225: port 1(vlan95) entered blocking state
[ 2007.885811][T13193] bridge225: port 1(vlan95) entered forwarding state
[ 2007.920024][T13195] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
17:38:06 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2007.937418][T13195] __nla_validate_parse: 6 callbacks suppressed
[ 2007.939757][T13195] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2007.968479][T13204] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13204,uid=0
[ 2008.030764][T13196] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2008.052874][T13198] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 2008.065594][T13198] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2008.116578][T13204] Memory cgroup out of memory: Killed process 13204 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:38:06 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0xd, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2008.159677][T13200] bridge344: port 1(vlan154) entered blocking state
[ 2008.188885][T13200] bridge344: port 1(vlan154) entered disabled state
[ 2008.227770][T13200] device bridge345 entered promiscuous mode
[ 2008.259641][T13200] bridge344: port 1(vlan154) entered blocking state
[ 2008.266349][T13200] bridge344: port 1(vlan154) entered forwarding state
17:38:06 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf0ffffff, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2008.312304][T13199] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2008.332945][T13218] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 2008.383376][T13218] CPU: 0 PID: 13218 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 2008.393836][T13218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 2008.403908][T13218] Call Trace:
[ 2008.407205][T13218]  <TASK>
[ 2008.410143][T13218]  dump_stack_lvl+0xcd/0x134
[ 2008.414762][T13218]  dump_header+0x10b/0x85f
[ 2008.419206][T13218]  oom_kill_process.cold+0x10/0x15
[ 2008.424334][T13218]  out_of_memory+0x358/0x14a0
[ 2008.429035][T13218]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2008.434523][T13218]  ? __mod_timer+0x83c/0xe30
[ 2008.439137][T13218]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2008.444622][T13218]  ? lock_acquire+0x4fc/0x630
[ 2008.449304][T13218]  ? oom_killer_disable+0x270/0x270
[ 2008.454513][T13218]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2008.459989][T13218]  ? lock_release+0x5cb/0x810
[ 2008.464668][T13218]  ? rcu_read_unlock+0x9/0x60
[ 2008.469349][T13218]  ? lock_downgrade+0x6e0/0x6e0
[ 2008.474200][T13218]  mem_cgroup_out_of_memory+0x206/0x270
[ 2008.479753][T13218]  ? mem_cgroup_margin+0x130/0x130
[ 2008.484866][T13218]  ? lock_downgrade+0x6e0/0x6e0
[ 2008.489735][T13218]  try_charge_memcg+0xef8/0x12f0
[ 2008.494692][T13218]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 2008.500680][T13218]  ? lock_release+0x5cb/0x810
[ 2008.505356][T13218]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 2008.511076][T13218]  ? lock_downgrade+0x6e0/0x6e0
[ 2008.515925][T13218]  ? lock_release+0x5cb/0x810
[ 2008.520598][T13218]  ? rcu_read_unlock+0x9/0x60
[ 2008.525275][T13218]  ? lock_downgrade+0x6e0/0x6e0
[ 2008.530130][T13218]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 2008.535684][T13218]  __alloc_pages+0x1ef/0x5a0
[ 2008.540270][T13218]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 2008.547038][T13218]  ? lock_release+0x5cb/0x810
[ 2008.551714][T13218]  ? psi_task_change+0x1bb/0x2f0
[ 2008.556665][T13218]  alloc_pages+0x1a6/0x270
[ 2008.561088][T13218]  pte_alloc_one+0x16/0x230
[ 2008.565600][T13218]  __pte_alloc+0x69/0x250
[ 2008.569927][T13218]  ? pmd_install+0x150/0x150
[ 2008.574513][T13218]  ? hugepage_vma_check+0x24a/0x830
[ 2008.579719][T13218]  __handle_mm_fault+0x3527/0x3a40
[ 2008.584839][T13218]  ? lock_acquire+0x4fc/0x630
[ 2008.589512][T13218]  ? vm_iomap_memory+0x180/0x180
[ 2008.594468][T13218]  ? lock_release+0x810/0x810
[ 2008.599155][T13218]  handle_mm_fault+0x1c8/0x780
[ 2008.603920][T13218]  do_user_addr_fault+0x475/0x1210
[ 2008.609038][T13218]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2008.614509][T13218]  exc_page_fault+0x94/0x170
[ 2008.619100][T13218]  asm_exc_page_fault+0x22/0x30
[ 2008.623955][T13218] RIP: 0023:0xf6e1cd58
[ 2008.628018][T13218] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 2008.647624][T13218] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 2008.653687][T13218] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 2008.661654][T13218] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 2008.669619][T13218] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 2008.677584][T13218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2008.685551][T13218] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2008.693524][T13218]  </TASK>
[ 2008.714351][T13201] bridge280: port 1(vlan109) entered blocking state
[ 2008.750876][T13201] bridge280: port 1(vlan109) entered disabled state
[ 2008.765832][T13218] memory: usage 307200kB, limit 307200kB, failcnt 45098
[ 2008.791501][T13218] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2008.807147][T13201] device bridge281 entered promiscuous mode
[ 2008.825438][T13218] Memory cgroup stats for /syz2:
[ 2008.825557][T13218] anon 98304
[ 2008.825557][T13218] file 266240
[ 2008.825557][T13218] kernel 314208256
[ 2008.825557][T13218] kernel_stack 65536
[ 2008.825557][T13218] pagetables 65536
[ 2008.825557][T13218] sec_pagetables 0
[ 2008.825557][T13218] percpu 5359968
[ 2008.825557][T13218] sock 0
[ 2008.825557][T13218] vmalloc 8192
[ 2008.825557][T13218] shmem 266240
[ 2008.825557][T13218] zswap 0
[ 2008.825557][T13218] zswapped 0
[ 2008.825557][T13218] file_mapped 266240
[ 2008.825557][T13218] file_dirty 0
[ 2008.825557][T13218] file_writeback 0
[ 2008.825557][T13218] swapcached 0
[ 2008.825557][T13218] anon_thp 0
[ 2008.825557][T13218] file_thp 0
[ 2008.825557][T13218] shmem_thp 0
[ 2008.825557][T13218] inactive_anon 98304
[ 2008.825557][T13218] active_anon 266240
[ 2008.825557][T13218] inactive_file 0
[ 2008.825557][T13218] active_file 0
[ 2008.825557][T13218] unevictable 0
[ 2008.825557][T13218] slab_reclaimable 10296
[ 2008.825557][T13218] slab_unreclaimable 308673344
[ 2008.921393][T13201] bridge280: port 1(vlan109) entered blocking state
[ 2008.921456][T13201] bridge280: port 1(vlan109) entered forwarding state
17:38:07 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf1b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2008.942055][T13208] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
[ 2008.985520][T13208] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2008.994878][T13218] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13218,uid=0
17:38:07 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x0, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2009.027492][T13218] Memory cgroup out of memory: Killed process 13218 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:38:07 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0xf, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2009.111131][T13209] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2009.257853][T13210] bridge609: port 1(vlan187) entered blocking state
[ 2009.269500][T13210] bridge609: port 1(vlan187) entered disabled state
[ 2009.293579][T13210] device bridge610 entered promiscuous mode
17:38:07 executing program 3:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2009.312127][T13210] bridge609: port 1(vlan187) entered blocking state
[ 2009.318790][T13210] bridge609: port 1(vlan187) entered forwarding state
[ 2009.339120][T13230] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 2009.398397][T13221] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
[ 2009.398396][T13230] CPU: 0 PID: 13230 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 2009.398424][T13230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 2009.426914][T13230] Call Trace:
[ 2009.430190][T13230]  <TASK>
[ 2009.433113][T13230]  dump_stack_lvl+0xcd/0x134
[ 2009.437706][T13230]  dump_header+0x10b/0x85f
[ 2009.442115][T13230]  oom_kill_process.cold+0x10/0x15
[ 2009.447235][T13230]  out_of_memory+0x358/0x14a0
[ 2009.451939][T13230]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2009.457425][T13230]  ? __mod_timer+0x83c/0xe30
[ 2009.462021][T13230]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2009.467478][T13230]  ? lock_acquire+0x4fc/0x630
[ 2009.472143][T13230]  ? oom_killer_disable+0x270/0x270
[ 2009.477332][T13230]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2009.482784][T13230]  ? lock_release+0x5cb/0x810
[ 2009.487447][T13230]  ? rcu_read_unlock+0x9/0x60
[ 2009.492110][T13230]  ? lock_downgrade+0x6e0/0x6e0
[ 2009.496966][T13230]  mem_cgroup_out_of_memory+0x206/0x270
[ 2009.502534][T13230]  ? mem_cgroup_margin+0x130/0x130
[ 2009.507641][T13230]  ? lock_downgrade+0x6e0/0x6e0
[ 2009.512481][T13230]  try_charge_memcg+0xef8/0x12f0
[ 2009.517412][T13230]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 2009.523382][T13230]  ? lock_release+0x5cb/0x810
[ 2009.528048][T13230]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 2009.533758][T13230]  ? lock_downgrade+0x6e0/0x6e0
[ 2009.538594][T13230]  ? lock_release+0x5cb/0x810
[ 2009.543278][T13230]  ? rcu_read_unlock+0x9/0x60
[ 2009.547962][T13230]  ? lock_downgrade+0x6e0/0x6e0
[ 2009.552827][T13230]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 2009.558380][T13230]  __alloc_pages+0x1ef/0x5a0
[ 2009.562972][T13230]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 2009.569724][T13230]  ? lock_release+0x5cb/0x810
[ 2009.574398][T13230]  ? psi_task_change+0x1bb/0x2f0
[ 2009.579341][T13230]  alloc_pages+0x1a6/0x270
[ 2009.583754][T13230]  pte_alloc_one+0x16/0x230
[ 2009.588251][T13230]  __pte_alloc+0x69/0x250
[ 2009.592569][T13230]  ? pmd_install+0x150/0x150
[ 2009.597159][T13230]  ? hugepage_vma_check+0x24a/0x830
[ 2009.602375][T13230]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2009.607832][T13230]  __handle_mm_fault+0x3527/0x3a40
[ 2009.612936][T13230]  ? lock_acquire+0x4fc/0x630
[ 2009.617599][T13230]  ? vm_iomap_memory+0x180/0x180
[ 2009.622531][T13230]  handle_mm_fault+0x1c8/0x780
[ 2009.627325][T13230]  do_user_addr_fault+0x475/0x1210
[ 2009.632430][T13230]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2009.637881][T13230]  exc_page_fault+0x94/0x170
[ 2009.642466][T13230]  asm_exc_page_fault+0x22/0x30
[ 2009.647318][T13230] RIP: 0023:0xf6e1cd58
[ 2009.651389][T13230] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 2009.670989][T13230] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 2009.677045][T13230] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 2009.685004][T13230] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
17:38:08 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf0b60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2009.692961][T13230] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 2009.700926][T13230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2009.708884][T13230] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2009.716843][T13230]  </TASK>
[ 2009.787091][T13221] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2009.799573][T13230] memory: usage 307200kB, limit 307200kB, failcnt 45172
[ 2009.853189][T13230] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2009.855349][T13236] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
[ 2009.861119][T13230] Memory cgroup stats for /syz2:
[ 2009.870361][T13230] anon 98304
[ 2009.870361][T13230] file 266240
[ 2009.870361][T13230] kernel 314208256
[ 2009.870361][T13230] kernel_stack 65536
[ 2009.870361][T13230] pagetables 65536
[ 2009.870361][T13230] sec_pagetables 0
[ 2009.870361][T13230] percpu 5359968
[ 2009.870361][T13230] sock 0
[ 2009.870361][T13230] vmalloc 8192
[ 2009.870361][T13230] shmem 266240
[ 2009.870361][T13230] zswap 0
[ 2009.870361][T13230] zswapped 0
[ 2009.870361][T13230] file_mapped 266240
[ 2009.870361][T13230] file_dirty 0
[ 2009.870361][T13230] file_writeback 0
[ 2009.870361][T13230] swapcached 0
[ 2009.870361][T13230] anon_thp 0
[ 2009.870361][T13230] file_thp 0
[ 2009.870361][T13230] shmem_thp 0
[ 2009.870361][T13230] inactive_anon 98304
[ 2009.870361][T13230] active_anon 266240
[ 2009.870361][T13230] inactive_file 0
[ 2009.870361][T13230] active_file 0
[ 2009.870361][T13230] unevictable 0
[ 2009.870361][T13230] slab_reclaimable 10296
[ 2009.870361][T13230] slab_unreclaimable 308673344
17:38:08 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x0, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2009.990146][T13230] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13230,uid=0
[ 2010.009891][T13236] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2010.065407][T13230] Memory cgroup out of memory: Killed process 13230 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 2010.100417][T13222] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
17:38:08 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x10, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2010.130968][T13232] socket: no more sockets
[ 2010.221370][T13242] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 2010.280274][T13223] bridge346: port 1(vlan155) entered blocking state
[ 2010.299222][T13223] bridge346: port 1(vlan155) entered disabled state
[ 2010.308362][T13242] CPU: 0 PID: 13242 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 2010.318806][T13242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 2010.328856][T13242] Call Trace:
[ 2010.332130][T13242]  <TASK>
[ 2010.335057][T13242]  dump_stack_lvl+0xcd/0x134
[ 2010.339659][T13242]  dump_header+0x10b/0x85f
[ 2010.344078][T13242]  oom_kill_process.cold+0x10/0x15
[ 2010.349192][T13242]  out_of_memory+0x358/0x14a0
[ 2010.353873][T13242]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2010.359348][T13242]  ? __mod_timer+0x83c/0xe30
[ 2010.363948][T13242]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2010.369431][T13242]  ? lock_acquire+0x4fc/0x630
[ 2010.374118][T13242]  ? oom_killer_disable+0x270/0x270
[ 2010.379331][T13242]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2010.384809][T13242]  ? lock_release+0x5cb/0x810
[ 2010.389501][T13242]  ? rcu_read_unlock+0x9/0x60
[ 2010.394200][T13242]  ? lock_downgrade+0x6e0/0x6e0
[ 2010.399071][T13242]  mem_cgroup_out_of_memory+0x206/0x270
[ 2010.404640][T13242]  ? mem_cgroup_margin+0x130/0x130
[ 2010.409763][T13242]  ? lock_downgrade+0x6e0/0x6e0
[ 2010.414631][T13242]  try_charge_memcg+0xef8/0x12f0
[ 2010.419579][T13242]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 2010.425572][T13242]  ? lock_release+0x5cb/0x810
[ 2010.430250][T13242]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 2010.435978][T13242]  ? lock_downgrade+0x6e0/0x6e0
[ 2010.440826][T13242]  ? lock_release+0x5cb/0x810
[ 2010.445504][T13242]  ? rcu_read_unlock+0x9/0x60
[ 2010.450183][T13242]  ? lock_downgrade+0x6e0/0x6e0
[ 2010.455038][T13242]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 2010.460593][T13242]  __alloc_pages+0x1ef/0x5a0
[ 2010.465186][T13242]  ? page_remove_rmap+0x135/0x1110
[ 2010.470297][T13242]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 2010.477059][T13242]  ? put_page+0xd9/0x280
[ 2010.481304][T13242]  alloc_pages+0x1a6/0x270
[ 2010.485729][T13242]  pte_alloc_one+0x16/0x230
[ 2010.490238][T13242]  __pte_alloc+0x69/0x250
[ 2010.494566][T13242]  ? pmd_install+0x150/0x150
[ 2010.499159][T13242]  ? hugepage_vma_check+0x24a/0x830
[ 2010.504366][T13242]  __handle_mm_fault+0x3527/0x3a40
[ 2010.509485][T13242]  ? lock_acquire+0x4fc/0x630
[ 2010.514161][T13242]  ? vm_iomap_memory+0x180/0x180
[ 2010.519097][T13242]  ? lock_release+0x810/0x810
[ 2010.523780][T13242]  handle_mm_fault+0x1c8/0x780
[ 2010.528547][T13242]  do_user_addr_fault+0x475/0x1210
[ 2010.533666][T13242]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2010.539146][T13242]  exc_page_fault+0x94/0x170
[ 2010.543738][T13242]  asm_exc_page_fault+0x22/0x30
[ 2010.548597][T13242] RIP: 0023:0xf6e1cd58
[ 2010.552665][T13242] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 2010.572273][T13242] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 2010.578337][T13242] RAX: 0000000000000000 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 2010.586306][T13242] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 2010.594276][T13242] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 2010.602242][T13242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2010.610209][T13242] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2010.618182][T13242]  </TASK>
[ 2010.639470][T13223] device bridge347 entered promiscuous mode
[ 2010.657438][T13223] bridge346: port 1(vlan155) entered blocking state
[ 2010.664085][T13223] bridge346: port 1(vlan155) entered forwarding state
17:38:09 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xf0ffffff, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2010.697133][T13225] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 2010.709630][T13225] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2010.776350][T13242] memory: usage 307200kB, limit 307200kB, failcnt 45277
[ 2010.785118][T13242] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2010.816861][T13242] Memory cgroup stats for /syz2:
[ 2010.817063][T13242] anon 98304
[ 2010.817063][T13242] file 266240
[ 2010.817063][T13242] kernel 314208256
[ 2010.817063][T13242] kernel_stack 65536
[ 2010.817063][T13242] pagetables 65536
[ 2010.817063][T13242] sec_pagetables 0
[ 2010.817063][T13242] percpu 5359968
[ 2010.817063][T13242] sock 0
[ 2010.817063][T13242] vmalloc 8192
[ 2010.817063][T13242] shmem 266240
[ 2010.817063][T13242] zswap 0
[ 2010.817063][T13242] zswapped 0
[ 2010.817063][T13242] file_mapped 266240
[ 2010.817063][T13242] file_dirty 0
[ 2010.817063][T13242] file_writeback 0
[ 2010.817063][T13242] swapcached 0
[ 2010.817063][T13242] anon_thp 0
[ 2010.817063][T13242] file_thp 0
[ 2010.817063][T13242] shmem_thp 0
[ 2010.817063][T13242] inactive_anon 98304
[ 2010.817063][T13242] active_anon 266240
[ 2010.817063][T13242] inactive_file 0
[ 2010.817063][T13242] active_file 0
[ 2010.817063][T13242] unevictable 0
[ 2010.817063][T13242] slab_reclaimable 10296
[ 2010.817063][T13242] slab_unreclaimable 308673344
[ 2010.933498][T13227] bridge282: port 1(vlan110) entered blocking state
[ 2010.945288][T13227] bridge282: port 1(vlan110) entered disabled state
[ 2010.962496][T13227] device bridge283 entered promiscuous mode
[ 2010.985484][T13242] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13242,uid=0
[ 2011.005614][T13227] bridge282: port 1(vlan110) entered blocking state
[ 2011.012277][T13227] bridge282: port 1(vlan110) entered forwarding state
17:38:09 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xefb60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:38:09 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x0, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2011.086511][T13242] Memory cgroup out of memory: Killed process 13242 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 2011.120992][T13241] bridge611: port 1(vlan188) entered blocking state
[ 2011.139185][T13241] bridge611: port 1(vlan188) entered disabled state
[ 2011.156370][T13241] device bridge612 entered promiscuous mode
[ 2011.164527][T13241] bridge611: port 1(vlan188) entered blocking state
[ 2011.171175][T13241] bridge611: port 1(vlan188) entered forwarding state
17:38:09 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xefb60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:38:09 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x11, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2011.190083][T13246] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
17:38:09 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xeeb60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2011.340008][T13260] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[ 2011.398292][T13260] CPU: 0 PID: 13260 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 2011.408748][T13260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 2011.418810][T13260] Call Trace:
[ 2011.422081][T13260]  <TASK>
[ 2011.424999][T13260]  dump_stack_lvl+0xcd/0x134
[ 2011.429594][T13260]  dump_header+0x10b/0x85f
[ 2011.434005][T13260]  oom_kill_process.cold+0x10/0x15
[ 2011.439104][T13260]  out_of_memory+0x358/0x14a0
[ 2011.443773][T13260]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2011.449227][T13260]  ? __mod_timer+0x83c/0xe30
[ 2011.453809][T13260]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2011.459282][T13260]  ? lock_acquire+0x4fc/0x630
[ 2011.463976][T13260]  ? oom_killer_disable+0x270/0x270
[ 2011.469199][T13260]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2011.474688][T13260]  ? lock_release+0x5cb/0x810
[ 2011.479381][T13260]  ? rcu_read_unlock+0x9/0x60
[ 2011.484065][T13260]  ? lock_downgrade+0x6e0/0x6e0
[ 2011.488907][T13260]  mem_cgroup_out_of_memory+0x206/0x270
[ 2011.494446][T13260]  ? mem_cgroup_margin+0x130/0x130
[ 2011.499552][T13260]  ? lock_downgrade+0x6e0/0x6e0
[ 2011.504402][T13260]  try_charge_memcg+0xef8/0x12f0
[ 2011.509359][T13260]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 2011.515340][T13260]  ? lock_release+0x5cb/0x810
[ 2011.520022][T13260]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 2011.525733][T13260]  ? lock_downgrade+0x6e0/0x6e0
[ 2011.530572][T13260]  ? lock_release+0x5cb/0x810
[ 2011.535243][T13260]  ? rcu_read_unlock+0x9/0x60
[ 2011.539925][T13260]  ? lock_downgrade+0x6e0/0x6e0
[ 2011.544765][T13260]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 2011.550307][T13260]  __alloc_pages+0x1ef/0x5a0
[ 2011.554894][T13260]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 2011.561677][T13260]  ? try_to_wake_up+0x107/0x20f0
[ 2011.566628][T13260]  ? sched_core_balance+0xac0/0xac0
[ 2011.571830][T13260]  ? lock_downgrade+0x6e0/0x6e0
[ 2011.576671][T13260]  ? do_raw_spin_lock+0x120/0x2a0
[ 2011.581697][T13260]  alloc_pages+0x1a6/0x270
[ 2011.586132][T13260]  pte_alloc_one+0x16/0x230
[ 2011.590629][T13260]  __pte_alloc+0x69/0x250
[ 2011.594946][T13260]  ? pmd_install+0x150/0x150
[ 2011.599520][T13260]  ? hugepage_vma_check+0x24a/0x830
[ 2011.604722][T13260]  __handle_mm_fault+0x3527/0x3a40
[ 2011.609889][T13260]  ? lock_acquire+0x4fc/0x630
[ 2011.614556][T13260]  ? vm_iomap_memory+0x180/0x180
[ 2011.619481][T13260]  ? lock_release+0x810/0x810
[ 2011.624151][T13260]  handle_mm_fault+0x1c8/0x780
[ 2011.628904][T13260]  do_user_addr_fault+0x475/0x1210
[ 2011.634006][T13260]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2011.639459][T13260]  exc_page_fault+0x94/0x170
[ 2011.644035][T13260]  asm_exc_page_fault+0x22/0x30
[ 2011.648877][T13260] RIP: 0023:0xf6e1cd58
[ 2011.652929][T13260] Code: 85 db 0f 85 16 0c 00 00 c7 01 01 00 00 00 68 40 42 0f 00 68 81 00 00 00 51 68 f0 00 00 00 8b 5c 24 1c e8 db d8 03 00 83 c4 10 <83> 83 00 60 43 00 01 0f b6 83 c2 b2 f6 00 80 bc 24 7c 01 00 00 00
[ 2011.672548][T13260] RSP: 002b:00000000f74afb60 EFLAGS: 00010286
[ 2011.678604][T13260] RAX: 0000000000000001 RBX: 00000000f6f4a000 RCX: 0000000000000081
[ 2011.686561][T13260] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 00000000f6f4a000
[ 2011.694518][T13260] RBP: 00000000f6f7afcc R08: 0000000000000000 R09: 0000000000000000
[ 2011.702477][T13260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2011.710440][T13260] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2011.718403][T13260]  </TASK>
[ 2011.763623][T13248] bridge348: port 1(vlan156) entered blocking state
[ 2011.771983][T13260] memory: usage 307200kB, limit 307200kB, failcnt 45386
[ 2011.781138][T13260] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2011.796612][T13260] Memory cgroup stats for /syz2:
[ 2011.796737][T13260] anon 98304
[ 2011.796737][T13260] file 266240
[ 2011.796737][T13260] kernel 314208256
[ 2011.796737][T13260] kernel_stack 65536
[ 2011.796737][T13260] pagetables 65536
[ 2011.796737][T13260] sec_pagetables 0
[ 2011.796737][T13260] percpu 5359968
[ 2011.796737][T13260] sock 0
[ 2011.796737][T13260] vmalloc 8192
[ 2011.796737][T13260] shmem 266240
[ 2011.796737][T13260] zswap 0
[ 2011.796737][T13260] zswapped 0
[ 2011.796737][T13260] file_mapped 266240
[ 2011.796737][T13260] file_dirty 0
[ 2011.796737][T13260] file_writeback 0
[ 2011.796737][T13260] swapcached 0
[ 2011.796737][T13260] anon_thp 0
[ 2011.796737][T13260] file_thp 0
[ 2011.796737][T13260] shmem_thp 0
[ 2011.796737][T13260] inactive_anon 98304
[ 2011.796737][T13260] active_anon 266240
[ 2011.796737][T13260] inactive_file 0
[ 2011.796737][T13260] active_file 0
[ 2011.796737][T13260] unevictable 0
[ 2011.796737][T13260] slab_reclaimable 10296
[ 2011.796737][T13260] slab_unreclaimable 308673344
[ 2011.906932][T13248] bridge348: port 1(vlan156) entered disabled state
[ 2011.949500][T13260] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13260,uid=0
[ 2011.959791][T13248] device bridge349 entered promiscuous mode
[ 2011.966786][T13260] Memory cgroup out of memory: Killed process 13260 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
17:38:10 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x13, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2011.999778][T13248] bridge348: port 1(vlan156) entered blocking state
[ 2012.006567][T13248] bridge348: port 1(vlan156) entered forwarding state
17:38:10 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x3c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}]}, 0x3c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2012.041983][T13252] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
17:38:10 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x803e)

[ 2012.093480][T13256] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
[ 2012.121197][T13267] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2012.138390][T13267] CPU: 0 PID: 13267 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 2012.148832][T13267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 2012.158878][T13267] Call Trace:
[ 2012.162145][T13267]  <TASK>
[ 2012.165065][T13267]  dump_stack_lvl+0xcd/0x134
[ 2012.169660][T13267]  dump_header+0x10b/0x85f
[ 2012.174066][T13267]  oom_kill_process.cold+0x10/0x15
[ 2012.179168][T13267]  out_of_memory+0x358/0x14a0
[ 2012.183844][T13267]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2012.189315][T13267]  ? __mod_timer+0x83c/0xe30
[ 2012.193928][T13267]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2012.199427][T13267]  ? lock_acquire+0x4fc/0x630
[ 2012.204125][T13267]  ? oom_killer_disable+0x270/0x270
[ 2012.209344][T13267]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2012.214802][T13267]  ? lock_release+0x5cb/0x810
[ 2012.219470][T13267]  ? rcu_read_unlock+0x9/0x60
[ 2012.224160][T13267]  ? lock_downgrade+0x6e0/0x6e0
[ 2012.229001][T13267]  mem_cgroup_out_of_memory+0x206/0x270
[ 2012.234540][T13267]  ? mem_cgroup_margin+0x130/0x130
[ 2012.239639][T13267]  ? lock_downgrade+0x6e0/0x6e0
[ 2012.244488][T13267]  try_charge_memcg+0xef8/0x12f0
[ 2012.249459][T13267]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 2012.255452][T13267]  ? lock_release+0x5cb/0x810
[ 2012.260132][T13267]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 2012.265858][T13267]  ? lock_downgrade+0x6e0/0x6e0
[ 2012.270711][T13267]  ? lock_release+0x5cb/0x810
[ 2012.275401][T13267]  ? rcu_read_unlock+0x9/0x60
[ 2012.280068][T13267]  ? lock_downgrade+0x6e0/0x6e0
[ 2012.284910][T13267]  ? memcg_slab_post_alloc_hook+0x249/0x480
[ 2012.290801][T13267]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 2012.296449][T13267]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 2012.302626][T13267]  copy_process+0x73e/0x7190
[ 2012.307233][T13267]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2012.312713][T13267]  ? lock_release+0x5cb/0x810
[ 2012.317382][T13267]  ? psi_task_change+0x1bb/0x2f0
[ 2012.322310][T13267]  ? lock_downgrade+0x6e0/0x6e0
[ 2012.327152][T13267]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2012.332614][T13267]  ? lock_acquire+0x4fc/0x630
[ 2012.337293][T13267]  ? __cleanup_sighand+0xb0/0xb0
[ 2012.342235][T13267]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2012.347698][T13267]  ? lock_release+0x5cb/0x810
[ 2012.352393][T13267]  ? psi_memstall_leave+0x170/0x250
[ 2012.357593][T13267]  ? lock_repin_lock+0x350/0x350
[ 2012.362518][T13267]  kernel_clone+0xe7/0x980
[ 2012.366928][T13267]  ? lock_release+0x810/0x810
[ 2012.371591][T13267]  ? create_io_thread+0xe0/0xe0
[ 2012.376454][T13267]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 2012.382695][T13267]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2012.388161][T13267]  ? lock_acquire+0x4fc/0x630
[ 2012.392828][T13267]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2012.398303][T13267]  ? lock_release+0x5cb/0x810
[ 2012.402995][T13267]  ? __ct_user_exit+0xff/0x150
[ 2012.407752][T13267]  ? lock_downgrade+0x6e0/0x6e0
[ 2012.412595][T13267]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 2012.418137][T13267]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 2012.424045][T13267]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 2012.429934][T13267]  ? trace_hardirqs_on+0x2d/0x160
[ 2012.434953][T13267]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 2012.440855][T13267]  do_int80_syscall_32+0x46/0x90
[ 2012.445809][T13267]  entry_INT80_compat+0x8b/0x90
[ 2012.450682][T13267] RIP: 0023:0xf6e5ba74
[ 2012.454742][T13267] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 2012.474347][T13267] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 2012.482751][T13267] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 2012.490724][T13267] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 2012.498689][T13267] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 2012.506652][T13267] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 2012.514618][T13267] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2012.522587][T13267]  </TASK>
[ 2012.576001][T13267] memory: usage 307184kB, limit 307200kB, failcnt 45460
[ 2012.590167][T13267] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2012.606041][T13257] bridge284: port 1(vlan111) entered blocking state
[ 2012.625195][T13257] bridge284: port 1(vlan111) entered disabled state
[ 2012.653548][T13257] device bridge285 entered promiscuous mode
[ 2012.683676][T13257] bridge284: port 1(vlan111) entered blocking state
[ 2012.690368][T13257] bridge284: port 1(vlan111) entered forwarding state
[ 2012.736607][T13267] Memory cgroup stats for /syz2:
[ 2012.736728][T13267] anon 94208
[ 2012.736728][T13267] file 266240
[ 2012.736728][T13267] kernel 314195968
[ 2012.736728][T13267] kernel_stack 32768
[ 2012.736728][T13267] pagetables 65536
[ 2012.736728][T13267] sec_pagetables 0
[ 2012.736728][T13267] percpu 5359968
[ 2012.736728][T13267] sock 0
[ 2012.736728][T13267] vmalloc 8192
[ 2012.736728][T13267] shmem 266240
[ 2012.736728][T13267] zswap 0
[ 2012.736728][T13267] zswapped 0
[ 2012.736728][T13267] file_mapped 266240
17:38:11 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xefb60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2012.736728][T13267] file_dirty 0
[ 2012.736728][T13267] file_writeback 0
[ 2012.736728][T13267] swapcached 0
[ 2012.736728][T13267] anon_thp 0
[ 2012.736728][T13267] file_thp 0
[ 2012.736728][T13267] shmem_thp 0
[ 2012.736728][T13267] inactive_anon 94208
[ 2012.736728][T13267] active_anon 266240
[ 2012.736728][T13267] inactive_file 0
[ 2012.736728][T13267] active_file 0
[ 2012.736728][T13267] unevictable 0
[ 2012.736728][T13267] slab_reclaimable 10296
[ 2012.736728][T13267] slab_unreclaimable 308672880
[ 2012.905936][T13262] bridge613: port 1(vlan189) entered blocking state
[ 2012.920563][T13262] bridge613: port 1(vlan189) entered disabled state
[ 2012.936937][T13267] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13267,uid=0
[ 2012.956299][T13267] Memory cgroup out of memory: Killed process 13267 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 2012.994024][T13262] device bridge614 entered promiscuous mode
17:38:11 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x14, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2013.002626][T13262] bridge613: port 1(vlan189) entered blocking state
[ 2013.009277][T13262] bridge613: port 1(vlan189) entered forwarding state
[ 2013.037329][T13264] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
17:38:11 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xefb60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2013.063171][T13264] __nla_validate_parse: 8 callbacks suppressed
[ 2013.063190][T13264] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2013.132438][T13280] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2013.133082][T13282] netlink: 'syz-executor.0': attribute type 7 has an invalid length.
[ 2013.169019][T13280] CPU: 1 PID: 13280 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 2013.173279][T13282] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2013.179458][T13280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 2013.179473][T13280] Call Trace:
[ 2013.179480][T13280]  <TASK>
[ 2013.179488][T13280]  dump_stack_lvl+0xcd/0x134
[ 2013.179520][T13280]  dump_header+0x10b/0x85f
[ 2013.179544][T13280]  oom_kill_process.cold+0x10/0x15
[ 2013.179566][T13280]  out_of_memory+0x358/0x14a0
[ 2013.179592][T13280]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2013.179624][T13280]  ? __mod_timer+0x83c/0xe30
[ 2013.179649][T13280]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2013.179679][T13280]  ? lock_acquire+0x4fc/0x630
[ 2013.179701][T13280]  ? oom_killer_disable+0x270/0x270
[ 2013.179725][T13280]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2013.179756][T13280]  ? lock_release+0x5cb/0x810
[ 2013.179777][T13280]  ? rcu_read_unlock+0x9/0x60
[ 2013.179798][T13280]  ? lock_downgrade+0x6e0/0x6e0
[ 2013.179821][T13280]  mem_cgroup_out_of_memory+0x206/0x270
[ 2013.179847][T13280]  ? mem_cgroup_margin+0x130/0x130
[ 2013.179869][T13280]  ? lock_downgrade+0x6e0/0x6e0
[ 2013.179896][T13280]  try_charge_memcg+0xef8/0x12f0
[ 2013.179927][T13280]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 2013.179957][T13280]  ? lock_release+0x5cb/0x810
[ 2013.179984][T13280]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 2013.180010][T13280]  ? lock_downgrade+0x6e0/0x6e0
[ 2013.180031][T13280]  ? lock_release+0x5cb/0x810
[ 2013.180051][T13280]  ? rcu_read_unlock+0x9/0x60
[ 2013.180073][T13280]  ? lock_downgrade+0x6e0/0x6e0
[ 2013.180093][T13280]  ? memcg_slab_post_alloc_hook+0x249/0x480
[ 2013.180125][T13280]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 2013.180156][T13280]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 2013.180185][T13280]  copy_process+0x73e/0x7190
[ 2013.180211][T13280]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2013.180241][T13280]  ? lock_release+0x5cb/0x810
[ 2013.180261][T13280]  ? psi_task_change+0x1bb/0x2f0
[ 2013.180287][T13280]  ? lock_downgrade+0x6e0/0x6e0
[ 2013.180308][T13280]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2013.180339][T13280]  ? lock_acquire+0x4fc/0x630
[ 2013.180362][T13280]  ? __cleanup_sighand+0xb0/0xb0
[ 2013.180387][T13280]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2013.180416][T13280]  ? lock_release+0x5cb/0x810
[ 2013.180437][T13280]  ? psi_memstall_leave+0x170/0x250
[ 2013.180466][T13280]  ? lock_repin_lock+0x350/0x350
[ 2013.180490][T13280]  kernel_clone+0xe7/0x980
[ 2013.180513][T13280]  ? lock_release+0x810/0x810
[ 2013.180533][T13280]  ? create_io_thread+0xe0/0xe0
[ 2013.180557][T13280]  ? percpu_ref_put_many.constprop.0+0x6a/0x1a0
[ 2013.422386][T13280]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2013.427953][T13280]  ? lock_acquire+0x4fc/0x630
[ 2013.432631][T13280]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2013.438099][T13280]  ? lock_release+0x5cb/0x810
[ 2013.442777][T13280]  ? __ct_user_exit+0xff/0x150
[ 2013.447546][T13280]  ? lock_downgrade+0x6e0/0x6e0
[ 2013.452398][T13280]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 2013.457954][T13280]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 2013.463879][T13280]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 2013.469791][T13280]  ? trace_hardirqs_on+0x2d/0x160
[ 2013.474817][T13280]  ? syscall_enter_from_user_mode+0x22/0xb0
[ 2013.480710][T13280]  do_int80_syscall_32+0x46/0x90
[ 2013.485662][T13280]  entry_INT80_compat+0x8b/0x90
[ 2013.490519][T13280] RIP: 0023:0xf6e5ba74
[ 2013.494582][T13280] Code: 8b 44 24 04 89 41 08 c7 41 04 00 00 00 00 53 56 57 8b 74 24 24 8b 54 24 20 8b 5c 24 18 8b 7c 24 28 b8 78 00 00 00 89 19 cd 80 <5f> 5e 5b 85 c0 0f 8c 61 81 00 00 74 01 c3 89 f5 ff d3 e8 00 00 00
[ 2013.514186][T13280] RSP: 002b:00000000f74afa30 EFLAGS: 00000292 ORIG_RAX: 0000000000000078
[ 2013.522595][T13280] RAX: ffffffffffffffda RBX: 00000000003d0f00 RCX: 00000000f7f4c7a4
[ 2013.530564][T13280] RDX: 00000000f7f4cba8 RSI: 00000000f74afa7c RDI: 00000000f7f4cba8
[ 2013.538529][T13280] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 2013.546495][T13280] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[ 2013.554461][T13280] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2013.562435][T13280]  </TASK>
[ 2013.620141][T13265] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2013.646997][T13280] memory: usage 307184kB, limit 307200kB, failcnt 45531
[ 2013.673901][T13280] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2013.684069][T13266] bridge227: port 1(vlan96) entered blocking state
[ 2013.698670][T13266] bridge227: port 1(vlan96) entered disabled state
[ 2013.709499][T13280] Memory cgroup stats for /syz2:
[ 2013.709624][T13280] anon 94208
[ 2013.709624][T13280] file 266240
[ 2013.709624][T13280] kernel 314195968
[ 2013.709624][T13280] kernel_stack 32768
[ 2013.709624][T13280] pagetables 65536
[ 2013.709624][T13280] sec_pagetables 0
[ 2013.709624][T13280] percpu 5359968
[ 2013.709624][T13280] sock 0
[ 2013.709624][T13280] vmalloc 8192
[ 2013.709624][T13280] shmem 266240
[ 2013.709624][T13280] zswap 0
[ 2013.709624][T13280] zswapped 0
[ 2013.709624][T13280] file_mapped 266240
[ 2013.709624][T13280] file_dirty 0
[ 2013.709624][T13280] file_writeback 0
[ 2013.709624][T13280] swapcached 0
[ 2013.709624][T13280] anon_thp 0
[ 2013.709624][T13280] file_thp 0
[ 2013.709624][T13280] shmem_thp 0
[ 2013.709624][T13280] inactive_anon 69632
[ 2013.709624][T13280] active_anon 266240
[ 2013.709624][T13280] inactive_file 0
[ 2013.709624][T13280] active_file 0
[ 2013.709624][T13280] unevictable 0
[ 2013.709624][T13280] slab_reclaimable 10296
[ 2013.709624][T13280] slab_unreclaimable 308672880
[ 2013.713255][T13266] device bridge228 entered promiscuous mode
17:38:12 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x15, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2013.816107][T13280] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13280,uid=0
[ 2013.833289][T13280] Memory cgroup out of memory: Killed process 13280 (syz-executor.2) total-vm:54364kB, anon-rss:400kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:1000
[ 2013.888229][T13266] bridge227: port 1(vlan96) entered blocking state
[ 2013.894845][T13266] bridge227: port 1(vlan96) entered forwarding state
[ 2013.895705][ T3656] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0
[ 2013.914062][ T3656] CPU: 0 PID: 3656 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00249-g4da34b7d175d #0
[ 2013.924403][ T3656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[ 2013.934459][ T3656] Call Trace:
[ 2013.937731][ T3656]  <TASK>
[ 2013.940657][ T3656]  dump_stack_lvl+0xcd/0x134
[ 2013.945246][ T3656]  dump_header+0x10b/0x85f
[ 2013.949653][ T3656]  oom_kill_process.cold+0x10/0x15
[ 2013.954757][ T3656]  out_of_memory+0x358/0x14a0
[ 2013.959429][ T3656]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2013.964895][ T3656]  ? __mod_timer+0x83c/0xe30
[ 2013.969509][ T3656]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2013.974989][ T3656]  ? lock_acquire+0x4fc/0x630
[ 2013.979659][ T3656]  ? oom_killer_disable+0x270/0x270
[ 2013.984849][ T3656]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2013.990305][ T3656]  ? lock_release+0x5cb/0x810
[ 2013.994971][ T3656]  ? rcu_read_unlock+0x9/0x60
[ 2013.999640][ T3656]  ? lock_downgrade+0x6e0/0x6e0
[ 2014.004482][ T3656]  mem_cgroup_out_of_memory+0x206/0x270
[ 2014.010020][ T3656]  ? mem_cgroup_margin+0x130/0x130
[ 2014.015132][ T3656]  ? lock_downgrade+0x6e0/0x6e0
[ 2014.020003][ T3656]  try_charge_memcg+0xef8/0x12f0
[ 2014.024962][ T3656]  ? mem_cgroup_handle_over_high+0x510/0x510
[ 2014.030949][ T3656]  ? lock_release+0x5cb/0x810
[ 2014.035624][ T3656]  ? get_mem_cgroup_from_objcg+0xa1/0x260
[ 2014.041346][ T3656]  ? lock_downgrade+0x6e0/0x6e0
[ 2014.046198][ T3656]  ? lock_release+0x5cb/0x810
[ 2014.050875][ T3656]  ? rcu_read_unlock+0x9/0x60
[ 2014.055555][ T3656]  ? lock_downgrade+0x6e0/0x6e0
[ 2014.060411][ T3656]  __memcg_kmem_charge_page+0x16a/0x3b0
[ 2014.065964][ T3656]  __alloc_pages+0x1ef/0x5a0
[ 2014.070552][ T3656]  ? unwind_get_return_address+0x51/0x90
[ 2014.076190][ T3656]  ? __alloc_pages_slowpath.constprop.0+0x23d0/0x23d0
[ 2014.082956][ T3656]  alloc_pages+0x1a6/0x270
[ 2014.087379][ T3656]  pte_alloc_one+0x16/0x230
[ 2014.091894][ T3656]  __pte_alloc+0x69/0x250
[ 2014.096224][ T3656]  ? pmd_install+0x150/0x150
[ 2014.100810][ T3656]  ? __sanitizer_cov_trace_switch+0x50/0x90
[ 2014.106711][ T3656]  copy_page_range+0x16e2/0x3900
[ 2014.111661][ T3656]  ? handle_mm_fault+0x780/0x780
[ 2014.116598][ T3656]  ? mas_empty_area_rev+0x1290/0x1290
[ 2014.121977][ T3656]  ? up_write+0x1ac/0x520
[ 2014.126313][ T3656]  dup_mmap+0xc10/0x10b0
[ 2014.130563][ T3656]  ? replace_mm_exe_file+0x4b0/0x4b0
[ 2014.135848][ T3656]  ? do_raw_spin_unlock+0x171/0x230
[ 2014.141060][ T3656]  ? lockdep_init_map_type+0x21a/0x7f0
[ 2014.146525][ T3656]  ? __init_rwsem+0x129/0x1a0
[ 2014.151211][ T3656]  dup_mm+0x91/0x370
[ 2014.155107][ T3656]  copy_process+0x3bc6/0x7190
[ 2014.159789][ T3656]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2014.165256][ T3656]  ? lock_release+0x5cb/0x810
[ 2014.169934][ T3656]  ? __cleanup_sighand+0xb0/0xb0
[ 2014.174872][ T3656]  ? do_raw_spin_unlock+0x171/0x230
[ 2014.180073][ T3656]  ? _raw_spin_unlock+0x24/0x40
[ 2014.184926][ T3656]  ? do_wp_page+0x1d9/0x1930
[ 2014.189517][ T3656]  kernel_clone+0xe7/0x980
[ 2014.193937][ T3656]  ? create_io_thread+0xe0/0xe0
[ 2014.198789][ T3656]  ? lock_acquire+0x4fc/0x630
[ 2014.203464][ T3656]  ? vm_iomap_memory+0x180/0x180
[ 2014.208402][ T3656]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2014.213868][ T3656]  ? lock_acquire+0x4fc/0x630
[ 2014.218544][ T3656]  ? rcu_read_lock_sched_held+0xd/0x70
[ 2014.224009][ T3656]  ? lock_release+0x5cb/0x810
[ 2014.228686][ T3656]  ? __ct_user_exit+0xff/0x150
[ 2014.233462][ T3656]  ? lock_downgrade+0x6e0/0x6e0
[ 2014.238320][ T3656]  __do_compat_sys_ia32_clone+0x9e/0xd0
[ 2014.243892][ T3656]  ? __do_compat_sys_ia32_fstat64+0xd0/0xd0
[ 2014.249816][ T3656]  ? syscall_enter_from_user_mode_prepare+0x19/0x80
[ 2014.256422][ T3656]  ? trace_hardirqs_on+0x2d/0x160
[ 2014.261706][ T3656]  __do_fast_syscall_32+0x65/0xf0
[ 2014.266743][ T3656]  do_fast_syscall_32+0x2f/0x70
[ 2014.271599][ T3656]  entry_SYSENTER_compat_after_hwframe+0x70/0x82
[ 2014.277937][ T3656] RIP: 0023:0xf7f51549
[ 2014.282007][ T3656] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 2014.301632][ T3656] RSP: 002b:00000000f74afd30 EFLAGS: 00000206 ORIG_RAX: 0000000000000078
[ 2014.310046][ T3656] RAX: ffffffffffffffda RBX: 0000000001200011 RCX: 0000000000000000
[ 2014.318015][ T3656] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000056f5f3e8
[ 2014.325985][ T3656] RBP: 00000000f6f4a000 R08: 0000000000000000 R09: 0000000000000000
[ 2014.333951][ T3656] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000
[ 2014.341931][ T3656] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2014.349934][ T3656]  </TASK>
[ 2014.367006][ T3656] memory: usage 307132kB, limit 307200kB, failcnt 45574
[ 2014.374190][ T3656] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
17:38:12 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x3c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}]}, 0x3c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:38:12 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xeeb60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2014.389947][T13276] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 2014.413222][T13276] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2014.422694][ T3656] Memory cgroup stats for /syz2:
[ 2014.422890][ T3656] anon 61440
[ 2014.422890][ T3656] file 266240
[ 2014.422890][ T3656] kernel 314146816
[ 2014.422890][ T3656] kernel_stack 32768
[ 2014.422890][ T3656] pagetables 40960
[ 2014.422890][ T3656] sec_pagetables 0
[ 2014.422890][ T3656] percpu 5359968
[ 2014.422890][ T3656] sock 0
[ 2014.422890][ T3656] vmalloc 8192
[ 2014.422890][ T3656] shmem 266240
[ 2014.422890][ T3656] zswap 0
[ 2014.422890][ T3656] zswapped 0
[ 2014.422890][ T3656] file_mapped 258048
[ 2014.422890][ T3656] file_dirty 0
[ 2014.422890][ T3656] file_writeback 0
[ 2014.422890][ T3656] swapcached 0
[ 2014.422890][ T3656] anon_thp 0
[ 2014.422890][ T3656] file_thp 0
[ 2014.422890][ T3656] shmem_thp 0
[ 2014.422890][ T3656] inactive_anon 61440
[ 2014.422890][ T3656] active_anon 266240
[ 2014.422890][ T3656] inactive_file 0
[ 2014.422890][ T3656] active_file 0
[ 2014.422890][ T3656] unevictable 0
[ 2014.422890][ T3656] slab_reclaimable 15696
[ 2014.422890][ T3656] slab_unreclaimable 308663848
[ 2014.559520][T13277] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2014.605328][ T3656] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=3656,uid=0
[ 2014.621487][ T3656] Memory cgroup out of memory: Killed process 3656 (syz-executor.2) total-vm:50392kB, anon-rss:400kB, file-rss:9044kB, shmem-rss:4kB, UID:0 pgtables:60kB oom_score_adj:0
17:38:13 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x803e)

[ 2014.711453][T13279] bridge286: port 1(vlan112) entered blocking state
[ 2014.739637][T13279] bridge286: port 1(vlan112) entered disabled state
[ 2014.780731][T13279] device bridge287 entered promiscuous mode
[ 2014.808027][T13279] bridge286: port 1(vlan112) entered blocking state
[ 2014.814729][T13279] bridge286: port 1(vlan112) entered forwarding state
17:38:13 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xefb60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2014.910490][T13283] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2014.970916][T13282] bridge615: port 1(vlan190) entered blocking state
[ 2014.984208][T13282] bridge615: port 1(vlan190) entered disabled state
[ 2015.023603][T13282] device bridge616 entered promiscuous mode
[ 2015.057087][T13282] bridge615: port 1(vlan190) entered blocking state
[ 2015.063771][T13282] bridge615: port 1(vlan190) entered forwarding state
17:38:13 executing program 0:
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x4a, 0x0, @fd, 0x0, 0x0, 0xffffff2d}, 0x0)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2015.098164][T13288] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 2015.121854][T13288] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2015.206628][T13290] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2015.316432][T13292] bridge229: port 1(vlan97) entered blocking state
[ 2015.323132][T13292] bridge229: port 1(vlan97) entered disabled state
[ 2015.368942][T13292] device bridge230 entered promiscuous mode
[ 2015.429436][T13292] bridge229: port 1(vlan97) entered blocking state
[ 2015.436005][T13292] bridge229: port 1(vlan97) entered forwarding state
17:38:14 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x3c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}]}, 0x3c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:38:14 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xeeb60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2015.660204][T13296] netlink: 'syz-executor.1': attribute type 7 has an invalid length.
[ 2015.686433][T13296] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
17:38:14 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x16, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2015.848150][T13298] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
17:38:14 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x18, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

[ 2016.113859][T13299] bridge288: port 1(vlan113) entered blocking state
[ 2016.135350][T13299] bridge288: port 1(vlan113) entered disabled state
17:38:14 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100))
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = eventfd2(0x5, 0x801)
r4 = syz_open_dev$vcsa(&(0x7f00000003c0), 0x8, 0x420201)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
r7 = syz_open_dev$vcsn(&(0x7f0000000580), 0x1cd, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000600)={<r8=>0xffffffffffffffff})
r9 = syz_open_dev$vcsn(&(0x7f0000000080), 0x0, 0x80000)
r10 = openat$nvram(0xffffff9c, &(0x7f0000000880), 0x400, 0x0)
r11 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r11, 0x6, 0x0, 0x0, 0x0)
fsmount(r11, 0x0, 0x0)
io_submit(0x0, 0x7, &(0x7f0000000a00)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x7, 0x7ff, 0xffffffffffffffff, &(0x7f0000000180)="0e2b5047c444fd4bdf1531cf4a367860862618e88edec62ac87c62777f95fa46a6e29b80f169a2e4c3ffbdecc81d4bb071c912abce4efb802c5f5dfb19ce664cea68808a9d5d5b5115a02e19252351cf9ea3d5fbe1bfd182600468387b334609f6d627192e4236a5ac32a672355c830a88dbfa5dd2e22e4eec79db1d742833e362e2005bbf63507947443d5cbe0799661ce9b79edbbb283f70fab17562fa9c8102c745c89cc38d4ca348e6843e3f424fe4d5c8825d0218823052d6c39817462a37d33430e86931016ea958122db789e081ca9fcd2eadbfbe96", 0xd9, 0x1, 0x0, 0x1, r3}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x7, 0x80, 0xffffffffffffffff, &(0x7f0000000340)="e5e63538307dfc6a95357e76867d24ff15275ebaff765938e9bc1979c4c6", 0x1e, 0x8, 0x0, 0x2}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x5, 0x2, r4, &(0x7f0000000400)="526922dfb1aaed1f046d85c4bc8f9f2db4101e30826f94fd689e5b8b04b353062e1c617dd0e61de6fc20269a8199314718e25feb6360f4242df05af4c87262b415fd2c21a552430aed2fa07ed9f5be2d127cb5c4d81a2d2a68b2f802b7c38f09edc84d0b81cb15a13be6e550e875db738f35a60cb47b970ee10753b45b6eff247ba2170e2acd7f88f30160211938d50cd16a250ee175636c5fb3f40625e403063996fa730035a0facf1da8cb470f234da3466642a26c5328d804a74348395de61b1456225cb8686cfccb1a93c5f85b2eb789860173d9705ae927", 0xda, 0xffffffffffffffff, 0x0, 0x0, r6}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000540)="3ba0b08ba2cb1788b36249d12cc14baaecf36a60650aa3daa51776868d144223df58f8ca9707b42d75b27287b59b1bfd187c5a408497", 0x36, 0xffffffff, 0x0, 0x2, r7}, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x2, 0x8, r8, &(0x7f0000000640)="4d272e1bf80b61e820e8c2e3816aae8cfed68e25843217a8a52bf0dcedb3ebf8e06f0cd880ecef4e5051eee8b37cd6dbe5ea660d43858dd0b84460be51a6dd9e2018d7f6b281d9eacffcb0d05e0d53a59e06f8f85df06337046c8148d72364286795a8a9d10bc1508af92134b3e5ace1b3be8ff2e38395d221b0f7f240e8ff49ecdb25475104128abbc95406763cd4ce10b58f56ca8c91fa0de5d8f87d46959881ad035ab4d8d38935dea11cd75a64da4183b7284351a8ca9bb7b282260539ff3ae2802dde68ab8089657162f6d27e61bd91", 0xd2, 0x2, 0x0, 0x1, r9}, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x2, 0xff, r2, &(0x7f00000007c0)="0de9243cf568128a9fafe8259c8cfb17ce8a2ab00508679bb5fa7fff9f0758ff906f6fb43debbcd5c323a6b3c1daa28b24e0b5e41106fc5b9ac6045a1ab6e64348b52e6ab0d2469a58badf28eb51452c281bd52490aea0cee95028c578167ac63261c83571b4d9624db0c2ddb59bb87f0b6c2b2503669284235dc83c721bad1eb774d3a333c2ed6bbdad43abb0d0f80af5aeed2ad51c1b7aaaebc37f3e9acf3b3e1d3be9ff72dbcc77a05d60d382e2afb3c1fd8e9445c023ba2b2a410c7408", 0xbf, 0x7, 0x0, 0x0, r10}, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x1, 0x3, r11, &(0x7f0000000900)="147215741c705a70295c4e45df2d9847018f867e2875f19a6f0e0edcededd184fb04867fe28b5bd5c20831e8961ab892f1be69640f2b08f16104e0f1fb2cbcf4f2c8401faf68478e19ccf6b3e17efea26c2374835dc856d24a0652772ffc6a7d72644991518eb29d2e8beff603501f4418d82f8290f618087795c73f620ced6e0efd124dc63f32b81f4d074d71ba522c98d9bee551ab5e0e4139803271981ec2cd1ffd9437b1fd3b728c66d7c7f8ec4fe9dfbf7834f227ab08ba773b8ddb7d8b", 0xc0, 0xbc, 0x0, 0x3}])
r12 = dup(r2)
write$6lowpan_enable(r12, &(0x7f0000000000)='1', 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2016.180986][T13299] device bridge289 entered promiscuous mode
[ 2016.207923][T13299] bridge288: port 1(vlan113) entered blocking state
[ 2016.214641][T13299] bridge288: port 1(vlan113) entered forwarding state
[ 2016.314328][T13309] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
17:38:14 executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100))
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = eventfd2(0x5, 0x801)
r4 = syz_open_dev$vcsa(&(0x7f00000003c0), 0x8, 0x420201)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
r7 = syz_open_dev$vcsn(&(0x7f0000000580), 0x1cd, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000600)={<r8=>0xffffffffffffffff})
r9 = syz_open_dev$vcsn(&(0x7f0000000080), 0x0, 0x80000)
r10 = openat$nvram(0xffffff9c, &(0x7f0000000880), 0x400, 0x0)
r11 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r11, 0x6, 0x0, 0x0, 0x0)
fsmount(r11, 0x0, 0x0)
io_submit(0x0, 0x7, &(0x7f0000000a00)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x7, 0x7ff, 0xffffffffffffffff, &(0x7f0000000180)="0e2b5047c444fd4bdf1531cf4a367860862618e88edec62ac87c62777f95fa46a6e29b80f169a2e4c3ffbdecc81d4bb071c912abce4efb802c5f5dfb19ce664cea68808a9d5d5b5115a02e19252351cf9ea3d5fbe1bfd182600468387b334609f6d627192e4236a5ac32a672355c830a88dbfa5dd2e22e4eec79db1d742833e362e2005bbf63507947443d5cbe0799661ce9b79edbbb283f70fab17562fa9c8102c745c89cc38d4ca348e6843e3f424fe4d5c8825d0218823052d6c39817462a37d33430e86931016ea958122db789e081ca9fcd2eadbfbe96", 0xd9, 0x1, 0x0, 0x1, r3}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x7, 0x80, 0xffffffffffffffff, &(0x7f0000000340)="e5e63538307dfc6a95357e76867d24ff15275ebaff765938e9bc1979c4c6", 0x1e, 0x8, 0x0, 0x2}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x5, 0x2, r4, &(0x7f0000000400)="526922dfb1aaed1f046d85c4bc8f9f2db4101e30826f94fd689e5b8b04b353062e1c617dd0e61de6fc20269a8199314718e25feb6360f4242df05af4c87262b415fd2c21a552430aed2fa07ed9f5be2d127cb5c4d81a2d2a68b2f802b7c38f09edc84d0b81cb15a13be6e550e875db738f35a60cb47b970ee10753b45b6eff247ba2170e2acd7f88f30160211938d50cd16a250ee175636c5fb3f40625e403063996fa730035a0facf1da8cb470f234da3466642a26c5328d804a74348395de61b1456225cb8686cfccb1a93c5f85b2eb789860173d9705ae927", 0xda, 0xffffffffffffffff, 0x0, 0x0, r6}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000540)="3ba0b08ba2cb1788b36249d12cc14baaecf36a60650aa3daa51776868d144223df58f8ca9707b42d75b27287b59b1bfd187c5a408497", 0x36, 0xffffffff, 0x0, 0x2, r7}, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x2, 0x8, r8, &(0x7f0000000640)="4d272e1bf80b61e820e8c2e3816aae8cfed68e25843217a8a52bf0dcedb3ebf8e06f0cd880ecef4e5051eee8b37cd6dbe5ea660d43858dd0b84460be51a6dd9e2018d7f6b281d9eacffcb0d05e0d53a59e06f8f85df06337046c8148d72364286795a8a9d10bc1508af92134b3e5ace1b3be8ff2e38395d221b0f7f240e8ff49ecdb25475104128abbc95406763cd4ce10b58f56ca8c91fa0de5d8f87d46959881ad035ab4d8d38935dea11cd75a64da4183b7284351a8ca9bb7b282260539ff3ae2802dde68ab8089657162f6d27e61bd91", 0xd2, 0x2, 0x0, 0x1, r9}, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x2, 0xff, r2, &(0x7f00000007c0)="0de9243cf568128a9fafe8259c8cfb17ce8a2ab00508679bb5fa7fff9f0758ff906f6fb43debbcd5c323a6b3c1daa28b24e0b5e41106fc5b9ac6045a1ab6e64348b52e6ab0d2469a58badf28eb51452c281bd52490aea0cee95028c578167ac63261c83571b4d9624db0c2ddb59bb87f0b6c2b2503669284235dc83c721bad1eb774d3a333c2ed6bbdad43abb0d0f80af5aeed2ad51c1b7aaaebc37f3e9acf3b3e1d3be9ff72dbcc77a05d60d382e2afb3c1fd8e9445c023ba2b2a410c7408", 0xbf, 0x7, 0x0, 0x0, r10}, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x1, 0x3, r11, &(0x7f0000000900)="147215741c705a70295c4e45df2d9847018f867e2875f19a6f0e0edcededd184fb04867fe28b5bd5c20831e8961ab892f1be69640f2b08f16104e0f1fb2cbcf4f2c8401faf68478e19ccf6b3e17efea26c2374835dc856d24a0652772ffc6a7d72644991518eb29d2e8beff603501f4418d82f8290f618087795c73f620ced6e0efd124dc63f32b81f4d074d71ba522c98d9bee551ab5e0e4139803271981ec2cd1ffd9437b1fd3b728c66d7c7f8ec4fe9dfbf7834f227ab08ba773b8ddb7d8b", 0xc0, 0xbc, 0x0, 0x3}])
r12 = dup(r2)
write$6lowpan_enable(r12, &(0x7f0000000000)='1', 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:38:15 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r1, 0x3d1b, 0x2400, 0x0, 0x0, 0x803e)

17:38:15 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2016.946961][T13311] bridge231: port 1(vlan98) entered blocking state
[ 2016.991856][T13311] bridge231: port 1(vlan98) entered disabled state
[ 2017.082007][T13311] device bridge232 entered promiscuous mode
[ 2017.194430][T13311] bridge231: port 1(vlan98) entered blocking state
[ 2017.201039][T13311] bridge231: port 1(vlan98) entered forwarding state
17:38:15 executing program 3:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x3c, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}]}, 0x3c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2017.784228][T15934] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2018.088748][T15934] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2018.536874][T15934] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
17:38:17 executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100))
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = eventfd2(0x5, 0x801)
r4 = syz_open_dev$vcsa(&(0x7f00000003c0), 0x8, 0x420201)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
r7 = syz_open_dev$vcsn(&(0x7f0000000580), 0x1cd, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000600)={<r8=>0xffffffffffffffff})
r9 = syz_open_dev$vcsn(&(0x7f0000000080), 0x0, 0x80000)
r10 = openat$nvram(0xffffff9c, &(0x7f0000000880), 0x400, 0x0)
r11 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r11, 0x6, 0x0, 0x0, 0x0)
fsmount(r11, 0x0, 0x0)
io_submit(0x0, 0x7, &(0x7f0000000a00)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x7, 0x7ff, 0xffffffffffffffff, &(0x7f0000000180)="0e2b5047c444fd4bdf1531cf4a367860862618e88edec62ac87c62777f95fa46a6e29b80f169a2e4c3ffbdecc81d4bb071c912abce4efb802c5f5dfb19ce664cea68808a9d5d5b5115a02e19252351cf9ea3d5fbe1bfd182600468387b334609f6d627192e4236a5ac32a672355c830a88dbfa5dd2e22e4eec79db1d742833e362e2005bbf63507947443d5cbe0799661ce9b79edbbb283f70fab17562fa9c8102c745c89cc38d4ca348e6843e3f424fe4d5c8825d0218823052d6c39817462a37d33430e86931016ea958122db789e081ca9fcd2eadbfbe96", 0xd9, 0x1, 0x0, 0x1, r3}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x7, 0x80, 0xffffffffffffffff, &(0x7f0000000340)="e5e63538307dfc6a95357e76867d24ff15275ebaff765938e9bc1979c4c6", 0x1e, 0x8, 0x0, 0x2}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x5, 0x2, r4, &(0x7f0000000400)="526922dfb1aaed1f046d85c4bc8f9f2db4101e30826f94fd689e5b8b04b353062e1c617dd0e61de6fc20269a8199314718e25feb6360f4242df05af4c87262b415fd2c21a552430aed2fa07ed9f5be2d127cb5c4d81a2d2a68b2f802b7c38f09edc84d0b81cb15a13be6e550e875db738f35a60cb47b970ee10753b45b6eff247ba2170e2acd7f88f30160211938d50cd16a250ee175636c5fb3f40625e403063996fa730035a0facf1da8cb470f234da3466642a26c5328d804a74348395de61b1456225cb8686cfccb1a93c5f85b2eb789860173d9705ae927", 0xda, 0xffffffffffffffff, 0x0, 0x0, r6}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000540)="3ba0b08ba2cb1788b36249d12cc14baaecf36a60650aa3daa51776868d144223df58f8ca9707b42d75b27287b59b1bfd187c5a408497", 0x36, 0xffffffff, 0x0, 0x2, r7}, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x2, 0x8, r8, &(0x7f0000000640)="4d272e1bf80b61e820e8c2e3816aae8cfed68e25843217a8a52bf0dcedb3ebf8e06f0cd880ecef4e5051eee8b37cd6dbe5ea660d43858dd0b84460be51a6dd9e2018d7f6b281d9eacffcb0d05e0d53a59e06f8f85df06337046c8148d72364286795a8a9d10bc1508af92134b3e5ace1b3be8ff2e38395d221b0f7f240e8ff49ecdb25475104128abbc95406763cd4ce10b58f56ca8c91fa0de5d8f87d46959881ad035ab4d8d38935dea11cd75a64da4183b7284351a8ca9bb7b282260539ff3ae2802dde68ab8089657162f6d27e61bd91", 0xd2, 0x2, 0x0, 0x1, r9}, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x2, 0xff, r2, &(0x7f00000007c0)="0de9243cf568128a9fafe8259c8cfb17ce8a2ab00508679bb5fa7fff9f0758ff906f6fb43debbcd5c323a6b3c1daa28b24e0b5e41106fc5b9ac6045a1ab6e64348b52e6ab0d2469a58badf28eb51452c281bd52490aea0cee95028c578167ac63261c83571b4d9624db0c2ddb59bb87f0b6c2b2503669284235dc83c721bad1eb774d3a333c2ed6bbdad43abb0d0f80af5aeed2ad51c1b7aaaebc37f3e9acf3b3e1d3be9ff72dbcc77a05d60d382e2afb3c1fd8e9445c023ba2b2a410c7408", 0xbf, 0x7, 0x0, 0x0, r10}, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x1, 0x3, r11, &(0x7f0000000900)="147215741c705a70295c4e45df2d9847018f867e2875f19a6f0e0edcededd184fb04867fe28b5bd5c20831e8961ab892f1be69640f2b08f16104e0f1fb2cbcf4f2c8401faf68478e19ccf6b3e17efea26c2374835dc856d24a0652772ffc6a7d72644991518eb29d2e8beff603501f4418d82f8290f618087795c73f620ced6e0efd124dc63f32b81f4d074d71ba522c98d9bee551ab5e0e4139803271981ec2cd1ffd9437b1fd3b728c66d7c7f8ec4fe9dfbf7834f227ab08ba773b8ddb7d8b", 0xc0, 0xbc, 0x0, 0x3}])
r12 = dup(r2)
write$6lowpan_enable(r12, &(0x7f0000000000)='1', 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:38:17 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

17:38:17 executing program 4:
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100))
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r3, r3, 0xb}, 0x10)
socket$packet(0x11, 0x2, 0x300)
r5 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
openat$mice(0xffffff9c, &(0x7f0000000180), 0x101000)
accept4$packet(r3, &(0x7f00000001c0), &(0x7f0000000200)=0x14, 0x800)
syz_open_dev$vivid(&(0x7f0000000240), 0x3, 0x2)
clock_gettime(0x0, &(0x7f0000000340)={<r7=>0x0, <r8=>0x0})
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x200000d, 0x2010, r4, 0x10000000)
syz_io_uring_submit(r1, r10, &(0x7f00000007c0)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x0, &(0x7f0000000380)={r7, r8+60000000}, 0x1, 0x1, 0x1, {0x0, r9}}, 0x0)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)
write$6lowpan_enable(r3, &(0x7f0000000080)='0', 0x1)

17:38:17 executing program 1:
r0 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100))
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
r4 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r3, r3, 0xb}, 0x10)
socket$packet(0x11, 0x2, 0x300)
r5 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
openat$mice(0xffffff9c, &(0x7f0000000180), 0x101000)
accept4$packet(r3, &(0x7f00000001c0), &(0x7f0000000200)=0x14, 0x800)
syz_open_dev$vivid(&(0x7f0000000240), 0x3, 0x2)
clock_gettime(0x0, &(0x7f0000000340)={<r7=>0x0, <r8=>0x0})
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x200000d, 0x2010, r4, 0x10000000)
syz_io_uring_submit(r1, r10, &(0x7f00000007c0)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x0, &(0x7f0000000380)={r7, r8+60000000}, 0x1, 0x1, 0x1, {0x0, r9}}, 0x0)
io_uring_enter(r0, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)
write$6lowpan_enable(r3, &(0x7f0000000080)='0', 0x1)

[ 2018.871863][T15934] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
17:38:18 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080), 0xc)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765000e14000200080007004a"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010000104005a65ffffffffffbf000000", @ANYRES32=r8, @ANYBLOB="01400000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xebb60400, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7a, 0x0, 0xa5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0)

17:38:18 executing program 5:
alarm(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={<r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x6c000000, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP={0x18, 0x16, 0x0, 0x0, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x0, {0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x11}}}}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv6_newaddr={0x78, 0x14, 0x200, 0x70bd2b, 0x25dfdbfd, {0xa, 0x8, 0x61, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x43}}, @IFA_CACHEINFO={0x14, 0x6, {0x7, 0x10001, 0xff, 0xffffff7f}}, @IFA_FLAGS={0x8, 0x8, 0x10}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x6, 0x2800000, 0x10001, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r4 = syz_io_uring_setup(0x1ba7, &(0x7f00000002c0), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000eed000/0x2000)=nil, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ee8000/0x4000)=nil, 0x4000, 0x2000000, 0x10, r4, 0x8000000)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ee8000/0x1000)=nil, 0x1000, 0x3000000, 0x8010, r4, 0x10000000)
syz_io_uring_submit(r9, r10, &(0x7f0000000240)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x3, 0x1}, 0x3)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000007c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}, 0x0)
io_uring_enter(r4, 0x3d1b, 0x2400, 0x0, 0x0, 0x0)

[ 2020.074049][T13346] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[ 2020.086294][T13346] __nla_validate_parse: 2 callbacks suppressed
[ 2020.086312][T13346] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2020.199812][T13349] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2020.364049][T13351] bridge233: port 1(vlan99) entered blocking state
[ 2020.400862][T13351] bridge233: port 1(vlan99) entered disabled state
[ 2020.501332][T13351] device bridge234 entered promiscuous mode
[ 2020.559137][T13351] bridge233: port 1(vlan99) entered blocking state
[ 2020.565737][T13351] bridge233: port 1(vlan99) entered forwarding state
[ 2021.360282][T13400] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2021.370353][T13400] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2021.382281][T13400] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2021.401519][T13400] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2021.418672][T13400] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 2021.431742][T13400] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2021.441383][T13348] Bluetooth: hci4: HCI_REQ-0x0c1a
[ 2021.563245][T15934] device bridge3026 left promiscuous mode
[ 2021.570976][T15934] bridge3025: port 1(vlan1419) entered disabled state
[ 2021.590316][T15934] device bridge3022 left promiscuous mode
[ 2021.597531][T15934] bridge3021: port 1(vlan1418) entered disabled state
[ 2021.611829][T15934] device bridge3020 left promiscuous mode
[ 2021.618653][T15934] bridge3019: port 1(vlan1417) entered disabled state
[ 2021.646709][T15934] device bridge2992 left promiscuous mode
[ 2021.652489][T15934] bridge2991: port 1(vlan1416) entered disabled state
[ 2021.665986][T15934] bridge2989: port 1(vlan1415) entered disabled state
[ 2021.678855][T15934] bridge2987: port 1(vlan1414) entered disabled state
[ 2021.692191][T15934] device bridge2986 left promiscuous mode
[ 2021.699118][T15934] bridge2985: port 1(vlan1413) entered disabled state
[ 2021.710928][T15934] bridge2983: port 1(vlan1412) entered disabled state
[ 2021.722135][T15934] bridge2981: port 1(vlan1411) entered disabled state
[ 2021.733653][T15934] device bridge2980 left promiscuous mode
[ 2021.740281][T15934] bridge2979: port 1(vlan1410) entered disabled state
[ 2021.753145][T15934] bridge2977: port 1(vlan1409) entered disabled state
[ 2021.798817][T15934] device bridge2976 left promiscuous mode
[ 2021.805449][T15934] bridge2975: port 1(vlan1408) entered disabled state
[ 2021.822337][T15934] bridge2973: port 1(vlan1407) entered disabled state
[ 2021.833138][T15934] bridge2971: port 1(vlan1406) entered disabled state
[ 2021.845609][T15934] bridge2969: port 1(vlan1405) entered disabled state
[ 2021.858244][T15934] bridge2967: port 1(vlan1404) entered disabled state
[ 2021.870092][T15934] bridge2965: port 1(vlan1403) entered disabled state
[ 2021.882170][T15934] bridge2963: port 1(vlan1402) entered disabled state
[ 2021.894216][T15934] device bridge2962 left promiscuous mode
[ 2021.900858][T15934] bridge2961: port 1(vlan1401) entered disabled state
[ 2021.912013][T15934] bridge2959: port 1(vlan1400) entered disabled state
[ 2021.925745][T15934] bridge2957: port 1(vlan1399) entered disabled state
[ 2021.935111][T15934] bridge2955: port 1(vlan1398) entered disabled state
[ 2021.944247][T15934] bridge2953: port 1(vlan1397) entered disabled state
[ 2021.955966][T15934] device bridge2952 left promiscuous mode
[ 2021.961714][T15934] bridge2951: port 1(vlan1396) entered disabled state
[ 2021.973427][T15934] bridge2949: port 1(vlan1395) entered disabled state
[ 2021.986537][T15934] bridge2947: port 1(vlan1394) entered disabled state
[ 2021.998118][T15934] bridge2945: port 1(vlan1393) entered disabled state
[ 2022.008912][T15934] bridge2943: port 1(vlan1392) entered disabled state
[ 2022.019561][T15934] bridge2941: port 1(vlan1391) entered disabled state
[ 2022.029857][T15934] bridge2939: port 1(vlan1390) entered disabled state
[ 2022.039596][T15934] bridge2937: port 1(vlan1389) entered disabled state
[ 2022.049866][T15934] bridge2935: port 1(vlan1388) entered disabled state
[ 2022.060680][T15934] device bridge2934 left promiscuous mode
[ 2022.067378][T15934] bridge2933: port 1(vlan1387) entered disabled state
[ 2022.079985][T15934] bridge2931: port 1(vlan1386) entered disabled state
[ 2022.090351][T15934] bridge2929: port 1(vlan1385) entered disabled state
[ 2022.101085][T15934] bridge2927: port 1(vlan1384) entered disabled state
[ 2022.111117][T15934] bridge2925: port 1(vlan1383) entered disabled state
[ 2022.121062][T15934] bridge2923: port 1(vlan1382) entered disabled state
[ 2022.130659][T15934] device bridge2922 left promiscuous mode
[ 2022.137295][T15934] bridge2921: port 1(vlan1381) entered disabled state
[ 2022.147169][T15934] bridge2919: port 1(vlan1380) entered disabled state
[ 2022.159210][T15934] bridge2917: port 1(vlan1379) entered disabled state
[ 2022.169739][T15934] bridge2915: port 1(vlan1378) entered disabled state
[ 2022.180287][T15934] bridge2913: port 1(vlan1377) entered disabled state
[ 2022.191564][T15934] bridge2911: port 1(vlan1376) entered disabled state
[ 2022.201941][T15934] bridge2909: port 1(vlan1375) entered disabled state
[ 2022.211953][T15934] bridge2907: port 1(vlan1374) entered disabled state
[ 2022.221659][T15934] bridge2905: port 1(vlan1373) entered disabled state
[ 2022.233770][T15934] bridge2903: port 1(vlan1372) entered disabled state
[ 2022.247332][T15934] bridge2901: port 1(vlan1371) entered disabled state
[ 2022.257928][T15934] bridge2899: port 1(vlan1370) entered disabled state
[ 2022.270027][T15934] bridge2897: port 1(vlan1369) entered disabled state
[ 2022.280643][T15934] device bridge2896 left promiscuous mode
[ 2022.287000][T15934] bridge2895: port 1(vlan1368) entered disabled state
[ 2022.298103][T15934] bridge2893: port 1(vlan1367) entered disabled state
[ 2022.309533][T15934] bridge2891: port 1(vlan1366) entered disabled state
[ 2022.319868][T15934] bridge2889: port 1(vlan1365) entered disabled state
[ 2022.331642][T15934] bridge2887: port 1(vlan1364) entered disabled state
[ 2022.341942][T15934] bridge2885: port 1(vlan1363) entered disabled state
[ 2022.353265][T15934] bridge2883: port 1(vlan1362) entered disabled state
[ 2022.366050][T15934] bridge2881: port 1(vlan1361) entered disabled state
[ 2022.377611][T15934] bridge2879: port 1(vlan1360) entered disabled state
[ 2022.391240][T15934] bridge2877: port 1(vlan1359) entered disabled state
[ 2022.402576][T15934] bridge2875: port 1(vlan1358) entered disabled state
[ 2022.412794][T15934] bridge2873: port 1(vlan1357) entered disabled state
[ 2022.422437][T15934] bridge2871: port 1(vlan1356) entered disabled state
[ 2022.432153][T15934] bridge2869: port 1(vlan1355) entered disabled state
[ 2022.441777][T15934] bridge2867: port 1(vlan1354) entered disabled state
[ 2022.452385][T15934] bridge2865: port 1(vlan1353) entered disabled state
[ 2022.463926][T15934] bridge2863: port 1(vlan1352) entered disabled state
[ 2022.475792][T15934] bridge2861: port 1(vlan1351) entered disabled state
[ 2022.489297][T15934] bridge2859: port 1(vlan1350) entered disabled state
[ 2022.500875][T15934] bridge2857: port 1(vlan1349) entered disabled state
[ 2022.511098][T15934] bridge2855: port 1(vlan1348) entered disabled state
[ 2022.520785][T15934] bridge2853: port 1(vlan1347) entered disabled state
[ 2022.531143][T15934] bridge2851: port 1(vlan1346) entered disabled state
[ 2022.541400][T15934] bridge2849: port 1(vlan1345) entered disabled state
[ 2022.552279][T15934] bridge2847: port 1(vlan1344) entered disabled state
[ 2022.562823][T15934] bridge2845: port 1(vlan1343) entered disabled state
[ 2022.574185][T15934] bridge2843: port 1(vlan1342) entered disabled state
[ 2022.586869][T15934] bridge2841: port 1(vlan1341) entered disabled state
[ 2022.599202][T15934] bridge2839: port 1(vlan1340) entered disabled state
[ 2022.609397][T15934] bridge2837: port 1(vlan1339) entered disabled state
[ 2022.619547][T15934] bridge2835: port 1(vlan1338) entered disabled state
[ 2022.629254][T15934] bridge2833: port 1(vlan1337) entered disabled state
[ 2022.639903][T15934] bridge2831: port 1(vlan1336) entered disabled state
[ 2022.650219][T15934] bridge2829: port 1(vlan1335) entered disabled state
[ 2022.661027][T15934] bridge2827: port 1(vlan1334) entered disabled state
[ 2022.673012][T15934] bridge2825: port 1(vlan1333) entered disabled state
[ 2022.684203][T15934] device bridge2824 left promiscuous mode
[ 2022.691146][T15934] bridge2823: port 1(vlan1332) entered disabled state
[ 2022.704023][T15934] bridge2821: port 1(vlan1331) entered disabled state
[ 2022.714227][T15934] bridge2819: port 1(vlan1330) entered disabled state
[ 2022.725520][T15934] bridge2817: port 1(vlan1329) entered disabled state
[ 2022.735779][T15934] bridge2815: port 1(vlan1328) entered disabled state
[ 2022.746312][T15934] bridge2813: port 1(vlan1327) entered disabled state
[ 2022.757794][T15934] bridge2811: port 1(vlan1326) entered disabled state
[ 2022.768341][T15934] bridge2809: port 1(vlan1325) entered disabled state
[ 2022.779972][T15934] bridge2807: port 1(vlan1324) entered disabled state
[ 2022.792089][T15934] bridge2805: port 1(vlan1323) entered disabled state
[ 2022.802509][T15934] bridge2803: port 1(vlan1322) entered disabled state
[ 2022.812430][T15934] bridge2801: port 1(vlan1321) entered disabled state
[ 2022.822180][T15934] bridge2799: port 1(vlan1320) entered disabled state
[ 2022.831791][T15934] bridge2797: port 1(vlan1319) entered disabled state
[ 2022.842194][T15934] bridge2793: port 1(vlan1318) entered disabled state
[ 2022.854232][T15934] bridge2791: port 1(vlan1317) entered disabled state
[ 2022.869701][T15934] bridge2789: port 1(vlan1316) entered disabled state
[ 2022.880450][T15934] bridge2787: port 1(vlan1315) entered disabled state
[ 2022.892214][T15934] bridge2785: port 1(vlan1314) entered disabled state
[ 2022.902709][T15934] bridge2783: port 1(vlan1313) entered disabled state
[ 2022.913126][T15934] bridge2781: port 1(vlan1312) entered disabled state
[ 2022.922786][T15934] bridge2779: port 1(vlan1311) entered disabled state
[ 2022.932721][T15934] bridge2777: port 1(vlan1310) entered disabled state
[ 2022.942454][T15934] bridge2775: port 1(vlan1309) entered disabled state
[ 2022.953012][T15934] device bridge2774 left promiscuous mode
[ 2022.967014][T15934] bridge2773: port 1(vlan1308) entered disabled state
[ 2022.977110][T15934] bridge2771: port 1(vlan1307) entered disabled state
[ 2022.988925][T15934] bridge2769: port 1(vlan1306) entered disabled state
[ 2022.999599][T15934] bridge2767: port 1(vlan1305) entered disabled state
[ 2023.011466][T15934] bridge2765: port 1(vlan1304) entered disabled state
[ 2023.021134][T15934] device bridge2764 left promiscuous mode
[ 2023.027542][T15934] bridge2763: port 1(vlan1303) entered disabled state
[ 2023.040851][T15934] bridge2761: port 1(vlan1302) entered disabled state
[ 2023.053310][T15934] bridge2759: port 1(vlan1301) entered disabled state
[ 2023.064054][T15934] bridge2757: port 1(vlan1300) entered disabled state
[ 2023.078551][T15934] bridge2755: port 1(vlan1299) entered disabled state
[ 2023.090318][T15934] bridge2753: port 1(vlan1298) entered disabled state
[ 2023.101452][T15934] bridge2751: port 1(vlan1297) entered disabled state
[ 2023.112149][T15934] bridge2749: port 1(vlan1296) entered disabled state
[ 2023.122370][T15934] bridge2747: port 1(vlan1295) entered disabled state
[ 2023.132067][T15934] bridge2745: port 1(vlan1294) entered disabled state
[ 2023.141651][T15934] bridge2743: port 1(vlan1293) entered disabled state
[ 2023.152235][T15934] bridge2741: port 1(vlan1292) entered disabled state
[ 2023.162531][T15934] bridge2739: port 1(vlan1291) entered disabled state
[ 2023.173156][T15934] bridge2737: port 1(vlan1290) entered disabled state
[ 2023.183718][T15934] bridge2735: port 1(vlan1289) entered disabled state
[ 2023.197604][T15934] bridge2733: port 1(vlan1288) entered disabled state
[ 2023.207955][T15934] bridge2731: port 1(vlan1287) entered disabled state
[ 2023.219337][T15934] bridge2729: port 1(vlan1286) entered disabled state
[ 2023.228957][T15934] bridge2727: port 1(vlan1285) entered disabled state
[ 2023.239377][T15934] bridge2725: port 1(vlan1284) entered disabled state
[ 2023.249653][T15934] bridge2723: port 1(vlan1283) entered disabled state
[ 2023.260656][T15934] bridge2721: port 1(vlan1282) entered disabled state
[ 2023.271108][T15934] bridge2719: port 1(vlan1281) entered disabled state
[ 2023.287182][T15934] bridge2717: port 1(vlan1280) entered disabled state
[ 2023.299593][T15934] bridge2715: port 1(vlan1279) entered disabled state
[ 2023.310042][T15934] bridge2713: port 1(vlan1278) entered disabled state
[ 2023.319656][T15934] bridge2711: port 1(vlan1277) entered disabled state
[ 2023.330078][T15934] bridge2707: port 1(vlan1276) entered disabled state
[ 2023.343987][T15934] bridge2705: port 1(vlan1275) entered disabled state
[ 2023.355628][T15934] bridge2703: port 1(vlan1274) entered disabled state
[ 2023.366862][T15934] bridge2701: port 1(vlan1273) entered disabled state
[ 2023.378718][T15934] bridge2697: port 1(vlan1272) entered disabled state
[ 2023.389731][T15934] bridge2695: port 1(vlan1271) entered disabled state
[ 2023.400270][T15934] bridge2693: port 1(vlan1270) entered disabled state
[ 2023.410547][T15934] bridge2691: port 1(vlan1269) entered disabled state
[ 2023.420458][T15934] bridge2689: port 1(vlan1268) entered disabled state
[ 2023.429981][T15934] bridge2687: port 1(vlan1267) entered disabled state
[ 2023.439860][T15934] bridge2685: port 1(vlan1266) entered disabled state
[ 2023.455157][T15934] bridge2683: port 1(vlan1265) entered disabled state
[ 2023.467004][T15934] bridge2681: port 1(vlan1264) entered disabled state
[ 2023.476949][T15934] bridge2679: port 1(vlan1263) entered disabled state
[ 2023.489685][T15934] bridge2675: port 1(vlan1262) entered disabled state
[ 2023.500100][T15934] device bridge2674 left promiscuous mode
[ 2023.506768][T15934] bridge2673: port 1(vlan1261) entered disabled state
[ 2023.515650][ T3648] Bluetooth: hci4: command 0x0409 tx timeout
[ 2023.523215][T15934] bridge2671: port 1(vlan1260) entered disabled state
[ 2023.533114][T15934] device bridge2670 left promiscuous mode
[ 2023.539518][T15934] bridge2669: port 1(vlan1259) entered disabled state
[ 2023.550213][T15934] bridge2667: port 1(vlan1258) entered disabled state
[ 2023.561400][T15934] device bridge2666 left promiscuous mode
[ 2023.567957][T15934] bridge2665: port 1(vlan1257) entered disabled state
[ 2023.579289][T15934] bridge2663: port 1(vlan1256) entered disabled state
[ 2023.590657][T15934] device bridge2662 left promiscuous mode
[ 2023.597123][T15934] bridge2661: port 1(vlan1255) entered disabled state
[ 2023.608383][T15934] bridge2659: port 1(vlan1254) entered disabled state
[ 2023.618007][T15934] device bridge2658 left promiscuous mode
[ 2023.623729][T15934] bridge2657: port 1(vlan1253) entered disabled state
[ 2023.633568][T15934] bridge2655: port 1(vlan1252) entered disabled state
[ 2023.643593][T15934] device bridge2654 left promiscuous mode
[ 2023.649953][T15934] bridge2653: port 1(vlan1251) entered disabled state
[ 2023.660765][T15934] bridge2651: port 1(vlan1250) entered disabled state
[ 2023.671999][T15934] device bridge2650 left promiscuous mode
[ 2023.680375][T15934] bridge2649: port 1(vlan1249) entered disabled state
[ 2023.691264][T15934] bridge2647: port 1(vlan1248) entered disabled state
[ 2023.701731][T15934] device bridge2646 left promiscuous mode
[ 2023.708135][T15934] bridge2645: port 1(vlan1247) entered disabled state
[ 2023.718532][T15934] bridge2643: port 1(vlan1246) entered disabled state
[ 2023.728121][T15934] device bridge2642 left promiscuous mode
[ 2023.733841][T15934] bridge2641: port 1(vlan1245) entered disabled state
[ 2023.743868][T15934] bridge2639: port 1(vlan1244) entered disabled state
[ 2023.754329][T15934] device bridge2638 left promiscuous mode
[ 2023.761321][T15934] bridge2637: port 1(vlan1243) entered disabled state
[ 2023.771771][T15934] bridge2635: port 1(vlan1242) entered disabled state
[ 2023.782438][T15934] device bridge2634 left promiscuous mode
[ 2023.790491][T15934] bridge2633: port 1(vlan1241) entered disabled state
[ 2023.801279][T15934] bridge2631: port 1(vlan1240) entered disabled state
[ 2023.811712][T15934] device bridge2630 left promiscuous mode
[ 2023.818348][T15934] bridge2629: port 1(vlan1239) entered disabled state
[ 2023.828374][T15934] bridge2627: port 1(vlan1238) entered disabled state
[ 2023.838690][T15934] device bridge2626 left promiscuous mode
[ 2023.845861][T15934] bridge2625: port 1(vlan1237) entered disabled state
[ 2023.856027][T15934] bridge2623: port 1(vlan1236) entered disabled state
[ 2023.868077][T15934] device bridge2622 left promiscuous mode
[ 2023.873811][T15934] bridge2621: port 1(vlan1235) entered disabled state
[ 2023.884764][T15934] bridge2619: port 1(vlan1234) entered disabled state
[ 2023.896670][T15934] device bridge2618 left promiscuous mode
[ 2023.902404][T15934] bridge2617: port 1(vlan1233) entered disabled state
[ 2023.912723][T15934] bridge2615: port 1(vlan1232) entered disabled state
[ 2023.922232][T15934] device bridge2614 left promiscuous mode
[ 2023.928627][T15934] bridge2613: port 1(vlan1231) entered disabled state
[ 2023.938271][T15934] bridge2611: port 1(vlan1230) entered disabled state
[ 2023.948916][T15934] device bridge2610 left promiscuous mode
[ 2023.955998][T15934] bridge2609: port 1(vlan1229) entered disabled state
[ 2023.969066][T15934] bridge2607: port 1(vlan1228) entered disabled state
[ 2023.980093][T15934] device bridge2606 left promiscuous mode
[ 2023.986810][T15934] bridge2605: port 1(vlan1227) entered disabled state
[ 2024.000985][T15934] bridge2603: port 1(vlan1226) entered disabled state
[ 2024.011608][T15934] device bridge2602 left promiscuous mode
[ 2024.018181][T15934] bridge2601: port 1(vlan1225) entered disabled state
[ 2024.028242][T15934] bridge2599: port 1(vlan1224) entered disabled state
[ 2024.038100][T15934] device bridge2598 left promiscuous mode
[ 2024.043822][T15934] bridge2597: port 1(vlan1223) entered disabled state
[ 2024.054345][T15934] bridge2595: port 1(vlan1222) entered disabled state
[ 2024.064797][T15934] device bridge2594 left promiscuous mode
[ 2024.070554][T15934] bridge2593: port 1(vlan1221) entered disabled state
[ 2024.082071][T15934] bridge2591: port 1(vlan1220) entered disabled state
[ 2024.093743][T15934] device bridge2590 left promiscuous mode
[ 2024.100754][T15934] bridge2589: port 1(vlan1219) entered disabled state
[ 2024.113138][T15934] bridge2587: port 1(vlan1218) entered disabled state
[ 2024.122591][T15934] device bridge2586 left promiscuous mode
[ 2024.132342][T15934] bridge2585: port 1(vlan1217) entered disabled state
[ 2024.141881][T15934] bridge2583: port 1(vlan1216) entered disabled state
[ 2024.152435][T15934] device bridge2582 left promiscuous mode
[ 2024.159343][T15934] bridge2581: port 1(vlan1215) entered disabled state
[ 2024.170039][T15934] bridge2579: port 1(vlan1214) entered disabled state
[ 2024.180370][T15934] device bridge2578 left promiscuous mode
[ 2024.187544][T15934] bridge2577: port 1(vlan1213) entered disabled state
[ 2024.198490][T15934] bridge2575: port 1(vlan1212) entered disabled state
[ 2024.209145][T15934] device bridge2574 left promiscuous mode
[ 2024.215938][T15934] bridge2573: port 1(vlan1211) entered disabled state
[ 2024.226463][T15934] bridge2571: port 1(vlan1210) entered disabled state
[ 2024.235960][T15934] device bridge2570 left promiscuous mode
[ 2024.241691][T15934] bridge2569: port 1(vlan1209) entered disabled state
[ 2024.253006][T15934] bridge2567: port 1(vlan1208) entered disabled state
[ 2024.263424][T15934] device bridge2566 left promiscuous mode
[ 2024.269893][T15934] bridge2565: port 1(vlan1207) entered disabled state
[ 2024.286330][T15934] bridge2563: port 1(vlan1206) entered disabled state
[ 2024.297332][T15934] device bridge2562 left promiscuous mode
[ 2024.303093][T15934] bridge2561: port 1(vlan1205) entered disabled state
[ 2024.316829][T15934] bridge2559: port 1(vlan1204) entered disabled state
[ 2024.328449][T15934] device bridge2558 left promiscuous mode
[ 2024.334180][T15934] bridge2557: port 1(vlan1203) entered disabled state
[ 2024.344001][T15934] bridge2555: port 1(vlan1202) entered disabled state
[ 2024.354335][T15934] device bridge2554 left promiscuous mode
[ 2024.360786][T15934] bridge2553: port 1(vlan1201) entered disabled state
[ 2024.371097][T15934] bridge2551: port 1(vlan1200) entered disabled state
[ 2024.381635][T15934] device bridge2550 left promiscuous mode
[ 2024.388083][T15934] bridge2549: port 1(vlan1199) entered disabled state
[ 2024.402149][T15934] bridge2547: port 1(vlan1198) entered disabled state
[ 2024.412546][T15934] device bridge2546 left promiscuous mode
[ 2024.419487][T15934] bridge2545: port 1(vlan1197) entered disabled state
[ 2024.429190][T15934] bridge2543: port 1(vlan1196) entered disabled state
[ 2024.439524][T15934] device bridge2542 left promiscuous mode
[ 2024.447307][T15934] bridge2541: port 1(vlan1195) entered disabled state
[ 2024.457355][T15934] bridge2539: port 1(vlan1194) entered disabled state
[ 2024.468987][T15934] device bridge2538 left promiscuous mode
[ 2024.475694][T15934] bridge2537: port 1(vlan1193) entered disabled state
[ 2024.485917][T15934] bridge2535: port 1(vlan1192) entered disabled state
[ 2024.499004][T15934] device bridge2534 left promiscuous mode
[ 2024.505573][T15934] bridge2533: port 1(vlan1191) entered disabled state
[ 2024.522026][T15934] bridge2531: port 1(vlan1190) entered disabled state
[ 2024.532040][T15934] device bridge2530 left promiscuous mode
[ 2024.538360][T15934] bridge2529: port 1(vlan1189) entered disabled state
[ 2024.549836][T15934] bridge2527: port 1(vlan1188) entered disabled state
[ 2024.562387][T15934] device bridge2526 left promiscuous mode
[ 2024.568809][T15934] bridge2525: port 1(vlan1187) entered disabled state
[ 2024.582803][T15934] bridge2523: port 1(vlan1186) entered disabled state
[ 2024.593152][T15934] device bridge2522 left promiscuous mode
[ 2024.599509][T15934] bridge2521: port 1(vlan1185) entered disabled state
[ 2024.610153][T15934] bridge2519: port 1(vlan1184) entered disabled state
[ 2024.620074][T15934] device bridge2518 left promiscuous mode
[ 2024.626678][T15934] bridge2517: port 1(vlan1183) entered disabled state
[ 2024.636790][T15934] bridge2515: port 1(vlan1182) entered disabled state
[ 2024.647432][T15934] device bridge2514 left promiscuous mode
[ 2024.653161][T15934] bridge2513: port 1(vlan1181) entered disabled state
[ 2024.663815][T15934] bridge2511: port 1(vlan1180) entered disabled state
[ 2024.676650][T15934] device bridge2510 left promiscuous mode
[ 2024.682393][T15934] bridge2509: port 1(vlan1179) entered disabled state
[ 2024.693663][T15934] bridge2507: port 1(vlan1178) entered disabled state
[ 2024.703954][T15934] device bridge2506 left promiscuous mode
[ 2024.710331][T15934] bridge2505: port 1(vlan1177) entered disabled state
[ 2024.720399][T15934] bridge2503: port 1(vlan1176) entered disabled state
[ 2024.731498][T15934] device bridge2502 left promiscuous mode
[ 2024.737815][T15934] bridge2501: port 1(vlan1175) entered disabled state
[ 2024.750408][T15934] bridge2499: port 1(vlan1174) entered disabled state
[ 2024.760621][T15934] bridge2497: port 1(vlan1173) entered disabled state
[ 2024.772794][T15934] device bridge2496 left promiscuous mode
[ 2024.779817][T15934] bridge2495: port 1(vlan1172) entered disabled state
[ 2024.790457][T15934] device bridge2494 left promiscuous mode
[ 2024.798007][T15934] bridge2493: port 1(vlan1171) entered disabled state
[ 2024.808651][T15934] device bridge2492 left promiscuous mode
[ 2024.814536][T15934] bridge2491: port 1(vlan1170) entered disabled state
[ 2024.823623][T15934] device bridge2490 left promiscuous mode
[ 2024.830818][T15934] bridge2489: port 1(vlan1169) entered disabled state
[ 2024.840408][T15934] bridge2487: port 1(vlan1168) entered disabled state
[ 2024.851098][T15934] device bridge2486 left promiscuous mode
[ 2024.857635][T15934] bridge2485: port 1(vlan1167) entered disabled state
[ 2024.869894][T15934] device bridge2484 left promiscuous mode
[ 2024.876458][T15934] bridge2483: port 1(vlan1166) entered disabled state
[ 2024.891460][T15934] device bridge2482 left promiscuous mode
[ 2024.897853][T15934] bridge2481: port 1(vlan1165) entered disabled state
[ 2024.908578][T15934] bridge2479: port 1(vlan1164) entered disabled state
[ 2024.918019][T15934] bridge2477: port 1(vlan1163) entered disabled state
[ 2024.928335][T15934] bridge2475: port 1(vlan1162) entered disabled state
[ 2024.937947][T15934] bridge2473: port 1(vlan1161) entered disabled state
[ 2024.948409][T15934] bridge2471: port 1(vlan1160) entered disabled state
[ 2024.959481][T15934] bridge2469: port 1(vlan1159) entered disabled state
[ 2024.969852][T15934] bridge2467: port 1(vlan1158) entered disabled state
[ 2024.980567][T15934] bridge2465: port 1(vlan1157) entered disabled state
[ 2024.991101][T15934] device bridge2464 left promiscuous mode
[ 2024.997479][T15934] bridge2463: port 1(vlan1156) entered disabled state
[ 2025.008336][T15934] device bridge2462 left promiscuous mode
[ 2025.014063][T15934] bridge2461: port 1(vlan1155) entered disabled state
[ 2025.024068][T15934] device bridge2460 left promiscuous mode
[ 2025.030459][T15934] bridge2459: port 1(vlan1154) entered disabled state
[ 2025.041797][T15934] bridge2457: port 1(vlan1153) entered disabled state
[ 2025.051606][T15934] bridge2455: port 1(vlan1152) entered disabled state
[ 2025.061909][T15934] bridge2453: port 1(vlan1151) entered disabled state
[ 2025.072023][T15934] bridge2451: port 1(vlan1150) entered disabled state
[ 2025.083331][T15934] bridge2449: port 1(vlan1149) entered disabled state
[ 2025.093937][T15934] bridge2447: port 1(vlan1148) entered disabled state
[ 2025.108575][T15934] bridge2445: port 1(vlan1147) entered disabled state
[ 2025.118289][T15934] bridge2443: port 1(vlan1146) entered disabled state
[ 2025.128583][T15934] bridge2441: port 1(vlan1145) entered disabled state
[ 2025.138015][T15934] device bridge2440 left promiscuous mode
[ 2025.143737][T15934] bridge2439: port 1(vlan1144) entered disabled state
[ 2025.154344][T15934] bridge2437: port 1(vlan1143) entered disabled state
[ 2025.164695][T15934] bridge2435: port 1(vlan1142) entered disabled state
[ 2025.174290][T15934] bridge2433: port 1(vlan1141) entered disabled state
[ 2025.185559][T15934] bridge2431: port 1(vlan1140) entered disabled state
[ 2025.201914][T15934] bridge2429: port 1(vlan1139) entered disabled state
[ 2025.213118][T15934] bridge2427: port 1(vlan1138) entered disabled state
[ 2025.222751][T15934] bridge2425: port 1(vlan1137) entered disabled state
[ 2025.233936][T15934] device bridge2422 left promiscuous mode
[ 2025.240438][T15934] bridge2421: port 1(vlan1136) entered disabled state
[ 2025.250672][T15934] bridge2419: port 1(vlan1135) entered disabled state
[ 2025.260941][T15934] bridge2417: port 1(vlan1134) entered disabled state
[ 2025.272658][T15934] bridge2415: port 1(vlan1133) entered disabled state
[ 2025.282976][T15934] device bridge2414 left promiscuous mode
[ 2025.289731][T15934] bridge2413: port 1(vlan1132) entered disabled state
[ 2025.300215][T15934] bridge2411: port 1(vlan1131) entered disabled state
[ 2025.310490][T15934] bridge2409: port 1(vlan1130) entered disabled state
[ 2025.321121][T15934] bridge2407: port 1(vlan1129) entered disabled state
[ 2025.331939][T15934] device bridge2406 left promiscuous mode
[ 2025.338253][T15934] bridge2405: port 1(vlan1128) entered disabled state
[ 2025.349540][T15934] bridge2403: port 1(vlan1127) entered disabled state
[ 2025.359660][T15934] bridge2401: port 1(vlan1126) entered disabled state
[ 2025.370321][T15934] bridge2399: port 1(vlan1125) entered disabled state
[ 2025.380512][T15934] device bridge2398 left promiscuous mode
[ 2025.387220][T15934] bridge2397: port 1(vlan1124) entered disabled state
[ 2025.397622][T15934] bridge2395: port 1(vlan1123) entered disabled state
[ 2025.409133][T15934] bridge2393: port 1(vlan1122) entered disabled state
[ 2025.418554][T15934] bridge2391: port 1(vlan1121) entered disabled state
[ 2025.428722][T15934] bridge2389: port 1(vlan1120) entered disabled state
[ 2025.442467][T15934] bridge2387: port 1(vlan1119) entered disabled state
[ 2025.452844][T15934] bridge2385: port 1(vlan1118) entered disabled state
[ 2025.466233][T15934] bridge2383: port 1(vlan1117) entered disabled state
[ 2025.477353][T15934] bridge2381: port 1(vlan1116) entered disabled state
[ 2025.487816][T15934] bridge2379: port 1(vlan1115) entered disabled state
[ 2025.497961][T15934] bridge2377: port 1(vlan1114) entered disabled state
[ 2025.509339][T15934] bridge2375: port 1(vlan1113) entered disabled state
[ 2025.519079][T15934] bridge2373: port 1(vlan1112) entered disabled state
[ 2025.529617][T15934] bridge2371: port 1(vlan1111) entered disabled state
[ 2025.540227][T15934] bridge2369: port 1(vlan1110) entered disabled state
[ 2025.551907][T15934] bridge2367: port 1(vlan1109) entered disabled state
[ 2025.562041][T15934] bridge2365: port 1(vlan1108) entered disabled state
[ 2025.572291][T15934] bridge2363: port 1(vlan1107) entered disabled state
[ 2025.582470][T15934] bridge2361: port 1(vlan1106) entered disabled state
[ 2025.592604][T15934] bridge2359: port 1(vlan1105) entered disabled state
[ 2025.595779][ T3648] Bluetooth: hci4: command 0x041b tx timeout
[ 2025.609485][T15934] bridge2357: port 1(vlan1104) entered disabled state
[ 2025.619559][T15934] bridge2355: port 1(vlan1103) entered disabled state
[ 2025.629739][T15934] bridge2353: port 1(vlan1102) entered disabled state
[ 2025.639649][T15934] bridge2351: port 1(vlan1101) entered disabled state
[ 2025.651688][T15934] bridge2349: port 1(vlan1100) entered disabled state
[ 2025.661888][T15934] bridge2347: port 1(vlan1099) entered disabled state
[ 2025.672932][T15934] device bridge2346 left promiscuous mode
[ 2025.679341][T15934] bridge2345: port 1(vlan1098) entered disabled state
[ 2025.690667][T15934] bridge2343: port 1(vlan1097) entered disabled state
[ 2025.700936][T15934] device bridge2342 left promiscuous mode
[ 2025.707336][T15934] bridge2341: port 1(vlan1096) entered disabled state
[ 2025.717859][T15934] bridge2339: port 1(vlan1095) entered disabled state
[ 2025.728411][T15934] device bridge2338 left promiscuous mode
[ 2025.734138][T15934] bridge2337: port 1(vlan1094) entered disabled state
[ 2025.744063][T15934] bridge2335: port 1(vlan1093) entered disabled state
[ 2025.754189][T15934] device bridge2334 left promiscuous mode
[ 2025.760749][T15934] bridge2333: port 1(vlan1092) entered disabled state
[ 2025.771253][T15934] bridge2331: port 1(vlan1091) entered disabled state
[ 2025.781344][T15934] device bridge2330 left promiscuous mode
[ 2025.788066][T15934] bridge2329: port 1(vlan1090) entered disabled state
[ 2025.798873][T15934] bridge2327: port 1(vlan1089) entered disabled state
[ 2025.808877][T15934] device bridge2326 left promiscuous mode
[ 2025.815324][T15934] bridge2325: port 1(vlan1088) entered disabled state
[ 2025.824180][T15934] bridge2323: port 1(vlan1087) entered disabled state
[ 2025.833806][T15934] device bridge2322 left promiscuous mode
[ 2025.840182][T15934] bridge2321: port 1(vlan1086) entered disabled state
[ 2025.853283][T15934] bridge2319: port 1(vlan1085) entered disabled state
[ 2025.864321][T15934] device bridge2318 left promiscuous mode
[ 2025.870781][T15934] bridge2317: port 1(vlan1084) entered disabled state
[ 2025.881468][T15934] device bridge2316 left promiscuous mode
[ 2025.887837][T15934] bridge2315: port 1(vlan1083) entered disabled state
[ 2025.898499][T15934] device bridge2314 left promiscuous mode
[ 2025.904238][T15934] bridge2313: port 1(vlan1082) entered disabled state
[ 2025.914216][T15934] device bridge2312 left promiscuous mode
[ 2025.920604][T15934] bridge2311: port 1(vlan1081) entered disabled state
[ 2025.930182][T15934] device bridge2310 left promiscuous mode
[ 2025.936825][T15934] bridge2309: port 1(vlan1080) entered disabled state
[ 2025.946866][T15934] device bridge2308 left promiscuous mode
[ 2025.952594][T15934] bridge2307: port 1(vlan1079) entered disabled state
[ 2025.963577][T15934] device bridge2306 left promiscuous mode
[ 2025.969909][T15934] bridge2305: port 1(vlan1078) entered disabled state
[ 2025.980488][T15934] device bridge2304 left promiscuous mode
[ 2025.986957][T15934] bridge2303: port 1(vlan1077) entered disabled state
[ 2025.997978][T15934] device bridge2302 left promiscuous mode
[ 2026.003710][T15934] bridge2301: port 1(vlan1076) entered disabled state
[ 2026.013795][T15934] device bridge2300 left promiscuous mode
[ 2026.020382][T15934] bridge2299: port 1(vlan1075) entered disabled state
[ 2026.029903][T15934] device bridge2298 left promiscuous mode
[ 2026.036339][T15934] bridge2297: port 1(vlan1074) entered disabled state
[ 2026.046428][T15934] device bridge2296 left promiscuous mode
[ 2026.052175][T15934] bridge2295: port 1(vlan1073) entered disabled state
[ 2026.062892][T15934] device bridge2294 left promiscuous mode
[ 2026.070869][T15934] bridge2293: port 1(vlan1072) entered disabled state
[ 2026.082783][T15934] device bridge2292 left promiscuous mode
[ 2026.089461][T15934] bridge2291: port 1(vlan1071) entered disabled state
[ 2026.100218][T15934] device bridge2290 left promiscuous mode
[ 2026.106982][T15934] bridge2289: port 1(vlan1070) entered disabled state
[ 2026.116689][T15934] device bridge2288 left promiscuous mode
[ 2026.122427][T15934] bridge2287: port 1(vlan1069) entered disabled state
[ 2026.132460][T15934] device bridge2286 left promiscuous mode
[ 2026.138692][T15934] bridge2285: port 1(vlan1068) entered disabled state
[ 2026.149534][T15934] device bridge2284 left promiscuous mode
[ 2026.156153][T15934] bridge2283: port 1(vlan1067) entered disabled state
[ 2026.167179][T15934] device bridge2282 left promiscuous mode
[ 2026.172914][T15934] bridge2281: port 1(vlan1066) entered disabled state
[ 2026.183539][T15934] device bridge2280 left promiscuous mode
[ 2026.190832][T15934] bridge2279: port 1(vlan1065) entered disabled state
[ 2026.201632][T15934] device bridge2278 left promiscuous mode
[ 2026.208511][T15934] bridge2277: port 1(vlan1064) entered disabled state
[ 2026.219463][T15934] device bridge2276 left promiscuous mode
[ 2026.225995][T15934] bridge2275: port 1(vlan1063) entered disabled state
[ 2026.235191][T15934] device bridge2274 left promiscuous mode
[ 2026.240930][T15934] bridge2273: port 1(vlan1062) entered disabled state
[ 2026.253423][T15934] device bridge2272 left promiscuous mode
[ 2026.259751][T15934] bridge2271: port 1(vlan1061) entered disabled state
[ 2026.270319][T15934] device bridge2270 left promiscuous mode
[ 2026.276584][T15934] bridge2269: port 1(vlan1060) entered disabled state
[ 2026.287302][T15934] device bridge2268 left promiscuous mode
[ 2026.293038][T15934] bridge2267: port 1(vlan1059) entered disabled state
[ 2026.303832][T15934] device bridge2266 left promiscuous mode
[ 2026.311675][T15934] bridge2265: port 1(vlan1058) entered disabled state
[ 2026.321963][T15934] device bridge2262 left promiscuous mode
[ 2026.329367][T15934] bridge2261: port 1(vlan1057) entered disabled state
[ 2026.339107][T15934] device bridge2260 left promiscuous mode
[ 2026.345716][T15934] bridge2259: port 1(vlan1056) entered disabled state
[ 2026.356540][T15934] device bridge2258 left promiscuous mode
[ 2026.362275][T15934] bridge2257: port 1(vlan1055) entered disabled state
[ 2026.373406][T15934] device bridge2256 left promiscuous mode
[ 2026.379820][T15934] bridge2255: port 1(vlan1054) entered disabled state
[ 2026.390668][T15934] device bridge2254 left promiscuous mode
[ 2026.396975][T15934] bridge2253: port 1(vlan1053) entered disabled state
[ 2026.407420][T15934] device bridge2252 left promiscuous mode
[ 2026.413151][T15934] bridge2251: port 1(vlan1052) entered disabled state
[ 2026.423195][T15934] device bridge2250 left promiscuous mode
[ 2026.429493][T15934] bridge2249: port 1(vlan1051) entered disabled state
[ 2026.439048][T15934] device bridge2248 left promiscuous mode
[ 2026.446690][T15934] bridge2247: port 1(vlan1050) entered disabled state
[ 2026.457366][T15934] device bridge2246 left promiscuous mode
[ 2026.463123][T15934] bridge2245: port 1(vlan1049) entered disabled state
[ 2026.473935][T15934] device bridge2244 left promiscuous mode
[ 2026.483093][T15934] bridge2243: port 1(vlan1048) entered disabled state
[ 2026.493495][T15934] device bridge2242 left promiscuous mode
[ 2026.499817][T15934] bridge2241: port 1(vlan1047) entered disabled state
[ 2026.510803][T15934] device bridge2240 left promiscuous mode
[ 2026.517674][T15934] bridge2239: port 1(vlan1046) entered disabled state
[ 2026.529559][T15934] device bridge2238 left promiscuous mode
[ 2026.535890][T15934] bridge2237: port 1(vlan1045) entered disabled state
[ 2026.546257][T15934] device bridge2236 left promiscuous mode
[ 2026.552001][T15934] bridge2235: port 1(vlan1044) entered disabled state
[ 2026.562899][T15934] device bridge2234 left promiscuous mode
[ 2026.569201][T15934] bridge2233: port 1(vlan1043) entered disabled state
[ 2026.579895][T15934] device bridge2232 left promiscuous mode
[ 2026.586217][T15934] bridge2231: port 1(vlan1042) entered disabled state
[ 2026.598288][T15934] device bridge2230 left promiscuous mode
[ 2026.604020][T15934] bridge2229: port 1(vlan1041) entered disabled state
[ 2026.614044][T15934] device bridge2228 left promiscuous mode
[ 2026.620835][T15934] bridge2227: port 1(vlan1040) entered disabled state
[ 2026.632648][T15934] device bridge2226 left promiscuous mode
[ 2026.638962][T15934] bridge2225: port 1(vlan1039) entered disabled state
[ 2026.649058][T15934] device bridge2224 left promiscuous mode
[ 2026.655584][T15934] bridge2223: port 1(vlan1038) entered disabled state
[ 2026.666656][T15934] device bridge2222 left promiscuous mode
[ 2026.672391][T15934] bridge2221: port 1(vlan1037) entered disabled state
[ 2026.685624][T15934] device bridge2220 left promiscuous mode
[ 2026.691380][T15934] bridge2219: port 1(vlan1036) entered disabled state
[ 2026.701514][T15934] device bridge2218 left promiscuous mode
[ 2026.707757][T15934] bridge2217: port 1(vlan1035) entered disabled state
[ 2026.718565][T15934] device bridge2216 left promiscuous mode
[ 2026.724295][T15934] bridge2215: port 1(vlan1034) entered disabled state
[ 2026.733827][T15934] device bridge2214 left promiscuous mode
[ 2026.740108][T15934] bridge2213: port 1(vlan1033) entered disabled state
[ 2026.750827][T15934] device bridge2212 left promiscuous mode
[ 2026.757212][T15934] bridge2211: port 1(vlan1032) entered disabled state
[ 2026.768890][T15934] device bridge2210 left promiscuous mode
[ 2026.775575][T15934] bridge2209: port 1(vlan1031) entered disabled state
[ 2026.786407][T15934] device bridge2208 left promiscuous mode
[ 2026.792169][T15934] bridge2207: port 1(vlan1030) entered disabled state
[ 2026.802349][T15934] device bridge2206 left promiscuous mode
[ 2026.808620][T15934] bridge2205: port 1(vlan1029) entered disabled state
[ 2026.819306][T15934] device bridge2202 left promiscuous mode
[ 2026.825664][T15934] bridge2201: port 1(vlan1028) entered disabled state
[ 2026.835411][T15934] device bridge2200 left promiscuous mode
[ 2026.841159][T15934] bridge2199: port 1(vlan1027) entered disabled state
[ 2026.852428][T15934] device bridge2198 left promiscuous mode
[ 2026.858912][T15934] bridge2197: port 1(vlan1026) entered disabled state
[ 2026.870373][T15934] device bridge2196 left promiscuous mode
[ 2026.900637][T15934] bridge2195: port 1(vlan1025) entered disabled state
[ 2026.911021][T15934] device bridge2194 left promiscuous mode
[ 2026.918519][T15934] bridge2193: port 1(vlan1024) entered disabled state
[ 2026.927983][T15934] device bridge2192 left promiscuous mode
[ 2026.933706][T15934] bridge2191: port 1(vlan1023) entered disabled state
[ 2026.943354][T15934] device bridge2190 left promiscuous mode
[ 2026.949663][T15934] bridge2189: port 1(vlan1022) entered disabled state
[ 2026.961337][T15934] device bridge2188 left promiscuous mode
[ 2026.968091][T15934] bridge2187: port 1(vlan1021) entered disabled state
[ 2026.978657][T15934] device bridge2186 left promiscuous mode
[ 2026.984438][T15934] bridge2185: port 1(vlan1020) entered disabled state
[ 2026.993900][T15934] device bridge2184 left promiscuous mode
[ 2027.000827][T15934] bridge2183: port 1(vlan1019) entered disabled state
[ 2027.013754][T15934] device bridge2182 left promiscuous mode
[ 2027.019966][T15934] bridge2181: port 1(vlan1018) entered disabled state
[ 2027.029478][T15934] device bridge2180 left promiscuous mode
[ 2027.036010][T15934] bridge2179: port 1(vlan1017) entered disabled state
[ 2027.045535][T15934] device bridge2178 left promiscuous mode
[ 2027.051270][T15934] bridge2177: port 1(vlan1016) entered disabled state
[ 2027.061866][T15934] device bridge2176 left promiscuous mode
[ 2027.068246][T15934] bridge2175: port 1(vlan1015) entered disabled state
[ 2027.079108][T15934] device bridge2174 left promiscuous mode
[ 2027.085609][T15934] bridge2173: port 1(vlan1014) entered disabled state
[ 2027.095571][T15934] device bridge2172 left promiscuous mode
[ 2027.101311][T15934] bridge2171: port 1(vlan1013) entered disabled state
[ 2027.111750][T15934] device bridge2170 left promiscuous mode
[ 2027.119354][T15934] bridge2169: port 1(vlan1012) entered disabled state
[ 2027.130834][T15934] device bridge2168 left promiscuous mode
[ 2027.137138][T15934] bridge2167: port 1(vlan1011) entered disabled state
[ 2027.147149][T15934] device bridge2166 left promiscuous mode
[ 2027.152875][T15934] bridge2165: port 1(vlan1010) entered disabled state
[ 2027.163549][T15934] device bridge2164 left promiscuous mode
[ 2027.169907][T15934] bridge2163: port 1(vlan1009) entered disabled state
[ 2027.180249][T15934] device bridge2162 left promiscuous mode
[ 2027.188079][T15934] bridge2161: port 1(vlan1008) entered disabled state
[ 2027.200785][T15934] device bridge2160 left promiscuous mode
[ 2027.208017][T15934] bridge2159: port 1(vlan1007) entered disabled state
[ 2027.218069][T15934] device bridge2158 left promiscuous mode
[ 2027.223803][T15934] bridge2157: port 1(vlan1006) entered disabled state
[ 2027.234140][T15934] device bridge2156 left promiscuous mode
[ 2027.241471][T15934] bridge2155: port 1(vlan1005) entered disabled state
[ 2027.251928][T15934] device bridge2154 left promiscuous mode
[ 2027.258269][T15934] bridge2153: port 1(vlan1004) entered disabled state
[ 2027.268929][T15934] device bridge2152 left promiscuous mode
[ 2027.275605][T15934] bridge2151: port 1(vlan1003) entered disabled state
[ 2027.286188][T15934] device bridge2150 left promiscuous mode
[ 2027.291937][T15934] bridge2149: port 1(vlan1002) entered disabled state
[ 2027.308194][T15934] device bridge2148 left promiscuous mode
[ 2027.313931][T15934] bridge2147: port 1(vlan1001) entered disabled state
[ 2027.323448][T15934] device bridge2146 left promiscuous mode
[ 2027.329735][T15934] bridge2145: port 1(vlan1000) entered disabled state
[ 2027.339664][T15934] device bridge2144 left promiscuous mode
[ 2027.346924][T15934] bridge2143: port 1(vlan999) entered disabled state
[ 2027.357419][T15934] device bridge2142 left promiscuous mode
[ 2027.363152][T15934] bridge2141: port 1(vlan998) entered disabled state
[ 2027.373650][T15934] device bridge2140 left promiscuous mode
[ 2027.380231][T15934] bridge2139: port 1(vlan997) entered disabled state
[ 2027.390320][T15934] device bridge2138 left promiscuous mode
[ 2027.396877][T15934] bridge2137: port 1(vlan996) entered disabled state
[ 2027.408214][T15934] device bridge2136 left promiscuous mode
[ 2027.413957][T15934] bridge2135: port 1(vlan995) entered disabled state
[ 2027.423472][T15934] device bridge2134 left promiscuous mode
[ 2027.429739][T15934] bridge2133: port 1(vlan994) entered disabled state
[ 2027.439019][T15934] device bridge2132 left promiscuous mode
[ 2027.445638][T15934] bridge2131: port 1(vlan993) entered disabled state
[ 2027.457233][T15934] device bridge2130 left promiscuous mode
[ 2027.462972][T15934] bridge2129: port 1(vlan992) entered disabled state
[ 2027.473168][T15934] device bridge2128 left promiscuous mode
[ 2027.480090][T15934] bridge2127: port 1(vlan991) entered disabled state
[ 2027.490131][T15934] device bridge2126 left promiscuous mode
[ 2027.496674][T15934] bridge2125: port 1(vlan990) entered disabled state
[ 2027.507477][T15934] device bridge2124 left promiscuous mode
[ 2027.513207][T15934] bridge2123: port 1(vlan989) entered disabled state
[ 2027.523445][T15934] device bridge2122 left promiscuous mode
[ 2027.533596][T15934] bridge2121: port 1(vlan988) entered disabled state
[ 2027.543321][T15934] device bridge2120 left promiscuous mode
[ 2027.550580][T15934] bridge2119: port 1(vlan987) entered disabled state
[ 2027.560919][T15934] device bridge2118 left promiscuous mode
[ 2027.567165][T15934] bridge2117: port 1(vlan986) entered disabled state
[ 2027.578139][T15934] device bridge2116 left promiscuous mode
[ 2027.584206][T15934] bridge2115: port 1(vlan985) entered disabled state
[ 2027.594277][T15934] device bridge2114 left promiscuous mode
[ 2027.600551][T15934] bridge2113: port 1(vlan984) entered disabled state
[ 2027.610594][T15934] device bridge2112 left promiscuous mode
[ 2027.616833][T15934] bridge2111: port 1(vlan983) entered disabled state
[ 2027.627971][T15934] device bridge2110 left promiscuous mode
[ 2027.633710][T15934] bridge2109: port 1(vlan982) entered disabled state
[ 2027.643345][T15934] device bridge2108 left promiscuous mode
[ 2027.649608][T15934] bridge2107: port 1(vlan981) entered disabled state
[ 2027.659866][T15934] device bridge2106 left promiscuous mode
[ 2027.666134][T15934] bridge2105: port 1(vlan980) entered disabled state
[ 2027.675370][ T3648] Bluetooth: hci4: command 0x040f tx timeout
[ 2027.683483][T15934] device bridge2104 left promiscuous mode
[ 2027.690146][T15934] bridge2103: port 1(vlan979) entered disabled state
[ 2027.700241][T15934] device bridge2102 left promiscuous mode
[ 2027.706785][T15934] bridge2101: port 1(vlan978) entered disabled state
[ 2027.717450][T15934] device bridge2100 left promiscuous mode
[ 2027.723174][T15934] bridge2099: port 1(vlan977) entered disabled state
[ 2027.732489][T15934] device bridge2098 left promiscuous mode
[ 2027.740159][T15934] bridge2097: port 1(vlan976) entered disabled state
[ 2027.752627][T15934] device bridge2096 left promiscuous mode
[ 2027.759057][T15934] bridge2095: port 1(vlan975) entered disabled state
[ 2027.769161][T15934] device bridge2094 left promiscuous mode
[ 2027.775666][T15934] bridge2093: port 1(vlan974) entered disabled state
[ 2027.785478][T15934] device bridge2092 left promiscuous mode
[ 2027.791337][T15934] bridge2091: port 1(vlan973) entered disabled state
[ 2027.802609][T15934] device bridge2090 left promiscuous mode
[ 2027.808767][T15934] bridge2089: port 1(vlan972) entered disabled state
[ 2027.819498][T15934] device bridge2088 left promiscuous mode
[ 2027.825775][T15934] bridge2087: port 1(vlan971) entered disabled state
[ 2027.835685][T15934] device bridge2086 left promiscuous mode
[ 2027.841422][T15934] bridge2085: port 1(vlan970) entered disabled state
[ 2027.852079][T15934] device bridge2084 left promiscuous mode
[ 2027.858354][T15934] bridge2083: port 1(vlan969) entered disabled state
[ 2027.869078][T15934] device bridge2082 left promiscuous mode
[ 2027.875348][T15934] bridge2081: port 1(vlan968) entered disabled state
[ 2027.885957][T15934] device bridge2080 left promiscuous mode
[ 2027.892022][T15934] bridge2079: port 1(vlan967) entered disabled state
[ 2027.902051][T15934] device bridge2078 left promiscuous mode
[ 2027.908461][T15934] bridge2077: port 1(vlan966) entered disabled state
[ 2027.919353][T15934] device bridge2076 left promiscuous mode
[ 2027.925662][T15934] bridge2075: port 1(vlan965) entered disabled state
[ 2027.935287][T15934] device bridge2074 left promiscuous mode
[ 2027.941026][T15934] bridge2073: port 1(vlan964) entered disabled state
[ 2027.952707][T15934] device bridge2072 left promiscuous mode
[ 2027.959123][T15934] bridge2071: port 1(vlan963) entered disabled state
[ 2027.970575][T15934] device bridge2070 left promiscuous mode
[ 2027.977140][T15934] bridge2069: port 1(vlan962) entered disabled state
[ 2027.986841][T15934] device bridge2068 left promiscuous mode
[ 2027.992680][T15934] bridge2067: port 1(vlan961) entered disabled state
[ 2028.004214][T15934] device bridge2066 left promiscuous mode
[ 2028.010503][T15934] bridge2065: port 1(vlan960) entered disabled state
[ 2028.020005][T15934] device bridge2064 left promiscuous mode
[ 2028.026386][T15934] bridge2063: port 1(vlan959) entered disabled state
[ 2028.036629][T15934] device bridge2062 left promiscuous mode
[ 2028.042372][T15934] bridge2061: port 1(vlan958) entered disabled state
[ 2028.052565][T15934] device bridge2060 left promiscuous mode
[ 2028.058837][T15934] bridge2059: port 1(vlan957) entered disabled state
[ 2028.069903][T15934] device bridge2058 left promiscuous mode
[ 2028.077002][T15934] bridge2057: port 1(vlan956) entered disabled state
[ 2028.086747][T15934] device bridge2056 left promiscuous mode
[ 2028.092475][T15934] bridge2055: port 1(vlan955) entered disabled state
[ 2028.103777][T15934] device bridge2054 left promiscuous mode
[ 2028.110046][T15934] bridge2053: port 1(vlan954) entered disabled state
[ 2028.119569][T15934] device bridge2052 left promiscuous mode
[ 2028.125834][T15934] bridge2051: port 1(vlan953) entered disabled state
[ 2028.134764][T15934] device bridge2050 left promiscuous mode
[ 2028.140502][T15934] bridge2049: port 1(vlan952) entered disabled state
[ 2028.161028][T15934] device bridge2048 left promiscuous mode
[ 2028.167281][T15934] bridge2047: port 1(vlan951) entered disabled state
[ 2028.183111][T15934] device bridge2046 left promiscuous mode
[ 2028.189676][T15934] bridge2045: port 1(vlan950) entered disabled state
[ 2028.200234][T15934] device bridge2044 left promiscuous mode
[ 2028.206913][T15934] bridge2043: port 1(vlan949) entered disabled state
[ 2028.217457][T15934] device bridge2042 left promiscuous mode
[ 2028.223182][T15934] bridge2041: port 1(vlan948) entered disabled state
[ 2028.232559][T15934] device bridge2040 left promiscuous mode
[ 2028.239588][T15934] bridge2039: port 1(vlan947) entered disabled state
[ 2028.249603][T15934] device bridge2038 left promiscuous mode
[ 2028.257014][T15934] bridge2037: port 1(vlan946) entered disabled state
[ 2028.267720][T15934] device bridge2036 left promiscuous mode
[ 2028.273460][T15934] bridge2035: port 1(vlan945) entered disabled state
[ 2028.283491][T15934] device bridge2034 left promiscuous mode
[ 2028.289860][T15934] bridge2033: port 1(vlan944) entered disabled state
[ 2028.300420][T15934] device bridge2032 left promiscuous mode
[ 2028.306888][T15934] bridge2031: port 1(vlan943) entered disabled state
[ 2028.316651][T15934] device bridge2030 left promiscuous mode
[ 2028.322374][T15934] bridge2029: port 1(vlan942) entered disabled state
[ 2028.332115][T15934] device bridge2028 left promiscuous mode
[ 2028.338472][T15934] bridge2027: port 1(vlan941) entered disabled state
[ 2028.348721][T15934] device bridge2026 left promiscuous mode
[ 2028.355306][T15934] bridge2025: port 1(vlan940) entered disabled state
[ 2028.365142][T15934] device bridge2024 left promiscuous mode
[ 2028.370973][T15934] bridge2023: port 1(vlan939) entered disabled state
[ 2028.385505][T15934] device bridge2022 left promiscuous mode
[ 2028.391269][T15934] bridge2021: port 1(vlan938) entered disabled state
[ 2028.403016][T15934] device bridge2020 left promiscuous mode
[ 2028.409965][T15934] bridge2019: port 1(vlan937) entered disabled state
[ 2028.419635][T15934] device bridge2018 left promiscuous mode
[ 2028.426124][T15934] bridge2017: port 1(vlan936) entered disabled state
[ 2028.435272][T15934] device bridge2016 left promiscuous mode
[ 2028.441007][T15934] bridge2015: port 1(vlan935) entered disabled state
[ 2028.451318][T15934] device bridge2014 left promiscuous mode
[ 2028.457642][T15934] bridge2013: port 1(vlan934) entered disabled state
[ 2028.467876][T15934] device bridge2012 left promiscuous mode
[ 2028.473611][T15934] bridge2011: port 1(vlan933) entered disabled state
[ 2028.484412][T15934] device bridge2010 left promiscuous mode
[ 2028.490246][T15934] bridge2009: port 1(vlan932) entered disabled state
[ 2028.501351][T15934] device bridge2008 left promiscuous mode
[ 2028.507972][T15934] bridge2007: port 1(vlan931) entered disabled state
[ 2028.518075][T15934] device bridge2006 left promiscuous mode
[ 2028.523797][T15934] bridge2005: port 1(vlan930) entered disabled state
[ 2028.533094][T15934] device bridge2004 left promiscuous mode
[ 2028.539380][T15934] bridge2003: port 1(vlan929) entered disabled state
[ 2028.549377][T15934] device bridge2002 left promiscuous mode
[ 2028.557844][T15934] bridge2001: port 1(vlan928) entered disabled state
[ 2028.568282][T15934] device bridge2000 left promiscuous mode
[ 2028.574019][T15934] bridge1999: port 1(vlan927) entered disabled state
[ 2028.584187][T15934] device bridge1998 left promiscuous mode
[ 2028.590835][T15934] bridge1997: port 1(vlan926) entered disabled state
[ 2028.601010][T15934] device bridge1996 left promiscuous mode
[ 2028.607847][T15934] bridge1995: port 1(vlan925) entered disabled state
[ 2028.618521][T15934] device bridge1994 left promiscuous mode
[ 2028.624248][T15934] bridge1993: port 1(vlan924) entered disabled state
[ 2028.635326][T15934] device bridge1992 left promiscuous mode
[ 2028.641066][T15934] bridge1991: port 1(vlan923) entered disabled state
[ 2028.651560][T15934] device bridge1990 left promiscuous mode
[ 2028.657954][T15934] bridge1989: port 1(vlan922) entered disabled state
[ 2028.669252][T15934] device bridge1986 left promiscuous mode
[ 2028.675499][T15934] bridge1985: port 1(vlan921) entered disabled state
[ 2028.686027][T15934] device bridge1984 left promiscuous mode
[ 2028.691768][T15934] bridge1983: port 1(vlan920) entered disabled state
[ 2028.701717][T15934] device bridge1982 left promiscuous mode
[ 2028.708629][T15934] bridge1981: port 1(vlan919) entered disabled state
[ 2028.718489][T15934] device bridge1980 left promiscuous mode
[ 2028.724210][T15934] bridge1979: port 1(vlan918) entered disabled state
[ 2028.734159][T15934] device bridge1978 left promiscuous mode
[ 2028.741176][T15934] bridge1977: port 1(vlan917) entered disabled state
[ 2028.752346][T15934] device bridge1976 left promiscuous mode
[ 2028.758583][T15934] bridge1975: port 1(vlan916) entered disabled state
[ 2028.768762][T15934] device bridge1974 left promiscuous mode
[ 2028.775176][T15934] bridge1973: port 1(vlan915) entered disabled state
[ 2028.784926][T15934] device bridge1972 left promiscuous mode
[ 2028.790674][T15934] bridge1971: port 1(vlan914) entered disabled state
[ 2028.801951][T15934] device bridge1970 left promiscuous mode
[ 2028.808193][T15934] bridge1969: port 1(vlan913) entered disabled state
[ 2028.818510][T15934] device bridge1968 left promiscuous mode
[ 2028.824236][T15934] bridge1967: port 1(vlan912) entered disabled state
[ 2028.833855][T15934] device bridge1966 left promiscuous mode
[ 2028.841414][T15934] bridge1965: port 1(vlan911) entered disabled state
[ 2028.851889][T15934] device bridge1964 left promiscuous mode
[ 2028.858726][T15934] bridge1963: port 1(vlan910) entered disabled state
[ 2028.868722][T15934] device bridge1962 left promiscuous mode
[ 2028.875273][T15934] bridge1961: port 1(vlan909) entered disabled state
[ 2028.884880][T15934] device bridge1960 left promiscuous mode
[ 2028.890622][T15934] bridge1959: port 1(vlan908) entered disabled state
[ 2028.901150][T15934] device bridge1958 left promiscuous mode
[ 2028.907420][T15934] bridge1957: port 1(vlan907) entered disabled state
[ 2028.917360][T15934] device bridge1956 left promiscuous mode
[ 2028.923078][T15934] bridge1955: port 1(vlan906) entered disabled state
[ 2028.934163][T15934] device bridge1954 left promiscuous mode
[ 2028.940921][T15934] bridge1953: port 1(vlan905) entered disabled state
[ 2028.950775][T15934] device bridge1952 left promiscuous mode
[ 2028.958479][T15934] bridge1951: port 1(vlan904) entered disabled state
[ 2028.968477][T15934] device bridge1950 left promiscuous mode
[ 2028.974205][T15934] bridge1949: port 1(vlan903) entered disabled state
[ 2028.986521][T15934] device bridge1948 left promiscuous mode
[ 2028.992291][T15934] bridge1947: port 1(vlan902) entered disabled state
[ 2029.002790][T15934] device bridge1946 left promiscuous mode
[ 2029.009068][T15934] bridge1945: port 1(vlan901) entered disabled state
[ 2029.019146][T15934] device bridge1944 left promiscuous mode
[ 2029.025365][T15934] bridge1943: port 1(vlan900) entered disabled state
[ 2029.034075][T15934] device bridge1942 left promiscuous mode
[ 2029.040756][T15934] bridge1941: port 1(vlan899) entered disabled state
[ 2029.051743][T15934] device bridge1940 left promiscuous mode
[ 2029.058251][T15934] bridge1939: port 1(vlan898) entered disabled state
[ 2029.068183][T15934] device bridge1938 left promiscuous mode
[ 2029.073917][T15934] bridge1937: port 1(vlan897) entered disabled state
[ 2029.083753][T15934] device bridge1936 left promiscuous mode
[ 2029.090097][T15934] bridge1935: port 1(vlan896) entered disabled state
[ 2029.100185][T15934] device bridge1934 left promiscuous mode
[ 2029.106606][T15934] bridge1933: port 1(vlan895) entered disabled state
[ 2029.116233][T15934] device bridge1932 left promiscuous mode
[ 2029.122065][T15934] bridge1931: port 1(vlan894) entered disabled state
[ 2029.131887][T15934] device bridge1930 left promiscuous mode
[ 2029.138099][T15934] bridge1929: port 1(vlan893) entered disabled state
[ 2029.148112][T15934] device bridge1928 left promiscuous mode
[ 2029.153842][T15934] bridge1927: port 1(vlan892) entered disabled state
[ 2029.164170][T15934] device bridge1926 left promiscuous mode
[ 2029.171071][T15934] bridge1925: port 1(vlan891) entered disabled state
[ 2029.181725][T15934] device bridge1924 left promiscuous mode
[ 2029.187926][T15934] bridge1923: port 1(vlan890) entered disabled state
[ 2029.201490][T15934] device bridge1922 left promiscuous mode
[ 2029.209051][T15934] bridge1921: port 1(vlan889) entered disabled state
[ 2029.218943][T15934] device bridge1920 left promiscuous mode
[ 2029.225739][T15934] bridge1919: port 1(vlan888) entered disabled state
[ 2029.235471][T15934] device bridge1918 left promiscuous mode
[ 2029.241195][T15934] bridge1917: port 1(vlan887) entered disabled state
[ 2029.251777][T15934] device bridge1916 left promiscuous mode
[ 2029.258162][T15934] bridge1915: port 1(vlan886) entered disabled state
[ 2029.270755][T15934] device bridge1914 left promiscuous mode
[ 2029.277264][T15934] bridge1913: port 1(vlan885) entered disabled state
[ 2029.288666][T15934] device bridge1912 left promiscuous mode
[ 2029.294450][T15934] bridge1911: port 1(vlan884) entered disabled state
[ 2029.303781][T15934] device bridge1910 left promiscuous mode
[ 2029.310549][T15934] bridge1909: port 1(vlan883) entered disabled state
[ 2029.320023][T15934] device bridge1908 left promiscuous mode
[ 2029.326747][T15934] bridge1907: port 1(vlan882) entered disabled state
[ 2029.336010][T15934] device bridge1906 left promiscuous mode
[ 2029.341744][T15934] bridge1905: port 1(vlan881) entered disabled state
[ 2029.352163][T15934] device bridge1904 left promiscuous mode
[ 2029.358578][T15934] bridge1903: port 1(vlan880) entered disabled state
[ 2029.368880][T15934] device bridge1902 left promiscuous mode
[ 2029.375453][T15934] bridge1901: port 1(vlan879) entered disabled state
[ 2029.387012][T15934] device bridge1900 left promiscuous mode
[ 2029.392751][T15934] bridge1899: port 1(vlan878) entered disabled state
[ 2029.402765][T15934] device bridge1898 left promiscuous mode
[ 2029.409129][T15934] bridge1897: port 1(vlan877) entered disabled state
[ 2029.419082][T15934] device bridge1896 left promiscuous mode
[ 2029.425979][T15934] bridge1895: port 1(vlan876) entered disabled state
[ 2029.435621][T15934] device bridge1894 left promiscuous mode
[ 2029.441355][T15934] bridge1893: port 1(vlan875) entered disabled state
[ 2029.451269][T15934] device bridge1892 left promiscuous mode
[ 2029.457636][T15934] bridge1891: port 1(vlan874) entered disabled state
[ 2029.471207][T15934] device bridge1890 left promiscuous mode
[ 2029.477526][T15934] bridge1889: port 1(vlan873) entered disabled state
[ 2029.488595][T15934] device bridge1888 left promiscuous mode
[ 2029.495401][T15934] bridge1887: port 1(vlan872) entered disabled state
[ 2029.505054][T15934] device bridge1886 left promiscuous mode
[ 2029.510806][T15934] bridge1885: port 1(vlan871) entered disabled state
[ 2029.521306][T15934] device bridge1884 left promiscuous mode
[ 2029.527936][T15934] bridge1883: port 1(vlan870) entered disabled state
[ 2029.538936][T15934] device bridge1882 left promiscuous mode
[ 2029.545210][T15934] bridge1881: port 1(vlan869) entered disabled state
[ 2029.556181][T15934] device bridge1880 left promiscuous mode
[ 2029.561944][T15934] bridge1879: port 1(vlan868) entered disabled state
[ 2029.571893][T15934] device bridge1878 left promiscuous mode
[ 2029.579349][T15934] bridge1877: port 1(vlan867) entered disabled state
[ 2029.589243][T15934] device bridge1876 left promiscuous mode
[ 2029.598048][T15934] bridge1875: port 1(vlan866) entered disabled state
[ 2029.610433][T15934] device bridge1874 left promiscuous mode
[ 2029.616918][T15934] bridge1873: port 1(vlan865) entered disabled state
[ 2029.626690][T15934] device bridge1872 left promiscuous mode
[ 2029.632718][T15934] bridge1871: port 1(vlan864) entered disabled state
[ 2029.642037][T15934] device bridge1870 left promiscuous mode
[ 2029.648413][T15934] bridge1869: port 1(vlan863) entered disabled state
[ 2029.658805][T15934] device bridge1868 left promiscuous mode
[ 2029.665075][T15934] bridge1867: port 1(vlan862) entered disabled state
[ 2029.674336][T15934] device bridge1866 left promiscuous mode
[ 2029.680789][T15934] bridge1865: port 1(vlan861) entered disabled state
[ 2029.690544][T15934] device bridge1864 left promiscuous mode
[ 2029.696935][T15934] bridge1863: port 1(vlan860) entered disabled state
[ 2029.707899][T15934] device bridge1862 left promiscuous mode
[ 2029.713643][T15934] bridge1861: port 1(vlan859) entered disabled state
[ 2029.723204][T15934] device bridge1860 left promiscuous mode
[ 2029.730971][T15934] bridge1859: port 1(vlan858) entered disabled state
[ 2029.742980][T15934] device bridge1858 left promiscuous mode
[ 2029.749575][T15934] bridge1857: port 1(vlan857) entered disabled state
[ 2029.755178][ T3648] Bluetooth: hci4: command 0x0419 tx timeout
[ 2029.769096][T15934] device bridge1856 left promiscuous mode
[ 2029.775859][T15934] bridge1855: port 1(vlan856) entered disabled state
[ 2029.785424][T15934] device bridge1854 left promiscuous mode
[ 2029.791176][T15934] bridge1853: port 1(vlan855) entered disabled state
[ 2029.801626][T15934] device bridge1852 left promiscuous mode
[ 2029.807834][T15934] bridge1851: port 1(vlan854) entered disabled state
[ 2029.818061][T15934] device bridge1850 left promiscuous mode
[ 2029.823784][T15934] bridge1849: port 1(vlan853) entered disabled state
[ 2029.833089][T15934] device bridge1848 left promiscuous mode
[ 2029.839927][T15934] bridge1847: port 1(vlan852) entered disabled state
[ 2029.850071][T15934] device bridge1846 left promiscuous mode
[ 2029.856410][T15934] bridge1845: port 1(vlan851) entered disabled state
[ 2029.867016][T15934] device bridge1844 left promiscuous mode
[ 2029.872759][T15934] bridge1843: port 1(vlan850) entered disabled state
[ 2029.882625][T15934] device bridge1842 left promiscuous mode
[ 2029.888973][T15934] bridge1841: port 1(vlan849) entered disabled state
[ 2029.898986][T15934] device bridge1840 left promiscuous mode
[ 2029.905423][T15934] bridge1839: port 1(vlan848) entered disabled state
[ 2029.915225][T15934] device bridge1838 left promiscuous mode
[ 2029.920959][T15934] bridge1837: port 1(vlan847) entered disabled state
[ 2029.930171][T15934] device bridge1836 left promiscuous mode
[ 2029.936505][T15934] bridge1835: port 1(vlan846) entered disabled state
[ 2029.950075][T15934] device bridge1834 left promiscuous mode
[ 2029.956700][T15934] bridge1833: port 1(vlan845) entered disabled state
[ 2029.966945][T15934] device bridge1832 left promiscuous mode
[ 2029.972677][T15934] bridge1831: port 1(vlan844) entered disabled state
[ 2029.986754][T15934] device bridge1830 left promiscuous mode
[ 2029.992489][T15934] bridge1829: port 1(vlan843) entered disabled state
[ 2030.003957][T15934] device bridge1828 left promiscuous mode
[ 2030.010117][T15934] bridge1827: port 1(vlan842) entered disabled state
[ 2030.019417][T15934] device bridge1826 left promiscuous mode
[ 2030.025830][T15934] bridge1825: port 1(vlan841) entered disabled state
[ 2030.034793][T15934] device bridge1824 left promiscuous mode
[ 2030.040623][T15934] bridge1823: port 1(vlan840) entered disabled state
[ 2030.051353][T15934] device bridge1822 left promiscuous mode
[ 2030.057799][T15934] bridge1821: port 1(vlan839) entered disabled state
[ 2030.068140][T15934] device bridge1820 left promiscuous mode
[ 2030.073878][T15934] bridge1819: port 1(vlan838) entered disabled state
[ 2030.084253][T15934] device bridge1818 left promiscuous mode
[ 2030.091296][T15934] bridge1817: port 1(vlan837) entered disabled state
[ 2030.101430][T15934] device bridge1816 left promiscuous mode
[ 2030.108559][T15934] bridge1815: port 1(vlan836) entered disabled state
[ 2030.118279][T15934] device bridge1814 left promiscuous mode
[ 2030.124000][T15934] bridge1813: port 1(vlan835) entered disabled state
[ 2030.134084][T15934] device bridge1812 left promiscuous mode
[ 2030.140411][T15934] bridge1811: port 1(vlan834) entered disabled state
[ 2030.151575][T15934] device bridge1810 left promiscuous mode
[ 2030.158728][T15934] bridge1809: port 1(vlan833) entered disabled state
[ 2030.168738][T15934] device bridge1808 left promiscuous mode
[ 2030.175313][T15934] bridge1807: port 1(vlan832) entered disabled state
[ 2030.185776][T15934] device bridge1806 left promiscuous mode
[ 2030.191544][T15934] bridge1805: port 1(vlan831) entered disabled state
[ 2030.201419][T15934] device bridge1804 left promiscuous mode
[ 2030.208841][T15934] bridge1803: port 1(vlan830) entered disabled state
[ 2030.218259][T15934] device bridge1802 left promiscuous mode
[ 2030.223981][T15934] bridge1801: port 1(vlan829) entered disabled state
[ 2030.233383][T15934] device bridge1800 left promiscuous mode
[ 2030.241423][T15934] bridge1799: port 1(vlan828) entered disabled state
[ 2030.256042][T15934] device bridge1798 left promiscuous mode
[ 2030.261802][T15934] bridge1797: port 1(vlan827) entered disabled state
[ 2030.272534][T15934] device bridge1796 left promiscuous mode
[ 2030.280685][T15934] bridge1795: port 1(vlan826) entered disabled state
[ 2030.290851][T15934] device bridge1794 left promiscuous mode
[ 2030.297218][T15934] bridge1793: port 1(vlan825) entered disabled state
[ 2030.307959][T15934] device bridge1792 left promiscuous mode
[ 2030.313718][T15934] bridge1791: port 1(vlan824) entered disabled state
[ 2030.322906][T15934] device bridge1790 left promiscuous mode
[ 2030.329089][T15934] bridge1789: port 1(vlan823) entered disabled state
[ 2030.338666][T15934] device bridge1788 left promiscuous mode
[ 2030.345126][T15934] bridge1787: port 1(vlan822) entered disabled state
[ 2030.355733][T15934] device bridge1786 left promiscuous mode
[ 2030.361510][T15934] bridge1785: port 1(vlan821) entered disabled state
[ 2030.371391][T15934] device bridge1784 left promiscuous mode
[ 2030.377665][T15934] bridge1783: port 1(vlan820) entered disabled state
[ 2030.389420][T15934] device bridge1782 left promiscuous mode
[ 2030.395882][T15934] bridge1781: port 1(vlan819) entered disabled state
[ 2030.405642][T15934] device bridge1780 left promiscuous mode
[ 2030.411398][T15934] bridge1779: port 1(vlan818) entered disabled state
[ 2030.421093][T15934] device bridge1778 left promiscuous mode
[ 2030.427481][T15934] bridge1777: port 1(vlan817) entered disabled state
[ 2030.436610][T15934] device bridge1776 left promiscuous mode
[ 2030.442358][T15934] bridge1775: port 1(vlan816) entered disabled state
[ 2030.452981][T15934] device bridge1774 left promiscuous mode
[ 2030.459230][T15934] bridge1773: port 1(vlan815) entered disabled state
[ 2030.470716][T15934] device bridge1772 left promiscuous mode
[ 2030.476971][T15934] bridge1771: port 1(vlan814) entered disabled state
[ 2030.488753][T15934] device bridge1770 left promiscuous mode
[ 2030.495778][T15934] bridge1769: port 1(vlan813) entered disabled state
[ 2030.505938][T15934] device bridge1768 left promiscuous mode
[ 2030.511767][T15934] bridge1767: port 1(vlan812) entered disabled state
[ 2030.521362][T15934] device bridge1766 left promiscuous mode
[ 2030.527711][T15934] bridge1765: port 1(vlan811) entered disabled state
[ 2030.536915][T15934] device bridge1764 left promiscuous mode
[ 2030.542639][T15934] bridge1763: port 1(vlan810) entered disabled state
[ 2030.553623][T15934] device bridge1762 left promiscuous mode
[ 2030.559883][T15934] bridge1761: port 1(vlan809) entered disabled state
[ 2030.569810][T15934] device bridge1760 left promiscuous mode
[ 2030.576036][T15934] bridge1759: port 1(vlan808) entered disabled state
[ 2030.588275][T15934] device bridge1758 left promiscuous mode
[ 2030.594010][T15934] bridge1757: port 1(vlan807) entered disabled state
[ 2030.605242][T15934] device bridge1756 left promiscuous mode
[ 2030.610989][T15934] bridge1755: port 1(vlan806) entered disabled state
[ 2030.620355][T15934] device bridge1754 left promiscuous mode
[ 2030.626539][T15934] bridge1753: port 1(vlan805) entered disabled state
[ 2030.636437][T15934] device bridge1752 left promiscuous mode
[ 2030.642177][T15934] bridge1751: port 1(vlan804) entered disabled state
[ 2030.652697][T15934] device bridge1750 left promiscuous mode
[ 2030.659215][T15934] bridge1749: port 1(vlan803) entered disabled state
[ 2030.671655][T15934] device bridge1748 left promiscuous mode
[ 2030.677897][T15934] bridge1747: port 1(vlan802) entered disabled state
[ 2030.689209][T15934] device bridge1746 left promiscuous mode
[ 2030.695452][T15934] bridge1745: port 1(vlan801) entered disabled state
[ 2030.706533][T15934] device bridge1744 left promiscuous mode
[ 2030.712274][T15934] bridge1743: port 1(vlan800) entered disabled state
[ 2030.723217][T15934] device bridge1740 left promiscuous mode
[ 2030.730404][T15934] bridge1739: port 1(vlan799) entered disabled state
[ 2030.739706][T15934] device bridge1738 left promiscuous mode
[ 2030.747286][T15934] bridge1737: port 1(vlan798) entered disabled state
[ 2030.758057][T15934] device bridge1736 left promiscuous mode
[ 2030.763793][T15934] bridge1735: port 1(vlan797) entered disabled state
[ 2030.773940][T15934] device bridge1734 left promiscuous mode
[ 2030.780157][T15934] bridge1733: port 1(vlan796) entered disabled state
[ 2030.790027][T15934] device bridge1732 left promiscuous mode
[ 2030.796417][T15934] bridge1731: port 1(vlan795) entered disabled state
[ 2030.806456][T15934] device bridge1730 left promiscuous mode
[ 2030.812193][T15934] bridge1729: port 1(vlan794) entered disabled state
[ 2030.822322][T15934] device bridge1728 left promiscuous mode
[ 2030.829085][T15934] bridge1727: port 1(vlan793) entered disabled state
[ 2030.838201][T15934] device bridge1726 left promiscuous mode
[ 2030.843927][T15934] bridge1725: port 1(vlan792) entered disabled state
[ 2030.853867][T15934] device bridge1724 left promiscuous mode
[ 2030.860142][T15934] bridge1723: port 1(vlan791) entered disabled state
[ 2030.870331][T15934] device bridge1722 left promiscuous mode
[ 2030.876594][T15934] bridge1721: port 1(vlan790) entered disabled state
[ 2030.887005][T15934] device bridge1720 left promiscuous mode
[ 2030.892739][T15934] bridge1719: port 1(vlan789) entered disabled state
[ 2030.902977][T15934] device bridge1718 left promiscuous mode
[ 2030.910166][T15934] bridge1717: port 1(vlan788) entered disabled state
[ 2030.919439][T15934] device bridge1716 left promiscuous mode
[ 2030.927134][T15934] bridge1715: port 1(vlan787) entered disabled state
[ 2030.937389][T15934] device bridge1714 left promiscuous mode
[ 2030.943113][T15934] bridge1713: port 1(vlan786) entered disabled state
[ 2030.953881][T15934] device bridge1712 left promiscuous mode
[ 2030.960257][T15934] bridge1711: port 1(vlan785) entered disabled state
[ 2030.970632][T15934] device bridge1710 left promiscuous mode
[ 2030.976915][T15934] bridge1709: port 1(vlan784) entered disabled state
[ 2030.988048][T15934] device bridge1708 left promiscuous mode
[ 2030.993789][T15934] bridge1707: port 1(vlan783) entered disabled state
[ 2031.003619][T15934] device bridge1706 left promiscuous mode
[ 2031.009900][T15934] bridge1705: port 1(vlan782) entered disabled state
[ 2031.019218][T15934] device bridge1704 left promiscuous mode
[ 2031.025611][T15934] bridge1703: port 1(vlan781) entered disabled state
[ 2031.034216][T15934] device bridge1702 left promiscuous mode
[ 2031.040620][T15934] bridge1701: port 1(vlan780) entered disabled state
[ 2031.051232][T15934] device bridge1700 left promiscuous mode
[ 2031.057504][T15934] bridge1699: port 1(vlan779) entered disabled state
[ 2031.068675][T15934] device bridge1698 left promiscuous mode
[ 2031.075143][T15934] bridge1697: port 1(vlan778) entered disabled state
[ 2031.084295][T15934] device bridge1696 left promiscuous mode
[ 2031.090714][T15934] bridge1695: port 1(vlan777) entered disabled state
[ 2031.100362][T15934] device bridge1694 left promiscuous mode
[ 2031.106756][T15934] bridge1693: port 1(vlan776) entered disabled state
[ 2031.116954][T15934] device bridge1692 left promiscuous mode
[ 2031.122689][T15934] bridge1691: port 1(vlan775) entered disabled state
[ 2031.131845][T15934] device bridge1690 left promiscuous mode
[ 2031.137980][T15934] bridge1689: port 1(vlan774) entered disabled state
[ 2031.148913][T15934] device bridge1688 left promiscuous mode
[ 2031.155181][T15934] bridge1687: port 1(vlan773) entered disabled state
[ 2031.168252][T15934] device bridge1686 left promiscuous mode
[ 2031.174007][T15934] bridge1685: port 1(vlan772) entered disabled state
[ 2031.183742][T15934] device bridge1684 left promiscuous mode
[ 2031.190102][T15934] bridge1683: port 1(vlan771) entered disabled state
[ 2031.200351][T15934] device bridge1682 left promiscuous mode
[ 2031.206669][T15934] bridge1681: port 1(vlan770) entered disabled state
[ 2031.216886][T15934] device bridge1680 left promiscuous mode
[ 2031.222621][T15934] bridge1679: port 1(vlan769) entered disabled state
[ 2031.231756][T15934] device bridge1678 left promiscuous mode
[ 2031.239933][T15934] bridge1677: port 1(vlan768) entered disabled state
[ 2031.249715][T15934] device bridge1676 left promiscuous mode
[ 2031.256021][T15934] bridge1675: port 1(vlan767) entered disabled state
[ 2031.267064][T15934] device bridge1674 left promiscuous mode
[ 2031.272893][T15934] bridge1673: port 1(vlan766) entered disabled state
[ 2031.285109][T15934] device bridge1672 left promiscuous mode
[ 2031.290863][T15934] bridge1671: port 1(vlan765) entered disabled state
[ 2031.301474][T15934] device bridge1670 left promiscuous mode
[ 2031.307858][T15934] bridge1669: port 1(vlan764) entered disabled state
[ 2031.317312][T15934] device bridge1668 left promiscuous mode
[ 2031.323035][T15934] bridge1667: port 1(vlan763) entered disabled state
[ 2031.332268][T15934] device bridge1666 left promiscuous mode
[ 2031.338495][T15934] bridge1665: port 1(vlan762) entered disabled state
[ 2031.348383][T15934] device bridge1664 left promiscuous mode
[ 2031.354110][T15934] bridge1663: port 1(vlan761) entered disabled state
[ 2031.365276][T15934] device bridge1662 left promiscuous mode
[ 2031.371161][T15934] bridge1661: port 1(vlan760) entered disabled state
[ 2031.384235][T15934] device bridge1658 left promiscuous mode
[ 2031.391242][T15934] bridge1657: port 1(vlan759) entered disabled state
[ 2031.401339][T15934] device bridge1656 left promiscuous mode
[ 2031.408492][T15934] bridge1655: port 1(vlan758) entered disabled state
[ 2031.417925][T15934] device bridge1654 left promiscuous mode
[ 2031.423650][T15934] bridge1653: port 1(vlan757) entered disabled state
[ 2031.433270][T15934] device bridge1652 left promiscuous mode
[ 2031.439452][T15934] bridge1651: port 1(vlan756) entered disabled state
[ 2031.449441][T15934] device bridge1650 left promiscuous mode
[ 2031.456867][T15934] bridge1649: port 1(vlan755) entered disabled state
[ 2031.468169][T15934] device bridge1648 left promiscuous mode
[ 2031.474004][T15934] bridge1647: port 1(vlan754) entered disabled state
[ 2031.483822][T15934] device bridge1646 left promiscuous mode
[ 2031.490035][T15934] bridge1645: port 1(vlan753) entered disabled state
[ 2031.500061][T15934] device bridge1644 left promiscuous mode
[ 2031.507217][T15934] bridge1643: port 1(vlan752) entered disabled state
[ 2031.518364][T15934] device bridge1642 left promiscuous mode
[ 2031.524091][T15934] bridge1641: port 1(vlan751) entered disabled state
[ 2031.535529][T15934] device bridge1640 left promiscuous mode
[ 2031.541278][T15934] bridge1639: port 1(vlan750) entered disabled state
[ 2031.551606][T15934] device bridge1638 left promiscuous mode
[ 2031.557888][T15934] bridge1637: port 1(vlan749) entered disabled state
[ 2031.568392][T15934] device bridge1636 left promiscuous mode
[ 2031.574146][T15934] bridge1635: port 1(vlan748) entered disabled state
[ 2031.586006][T15934] device bridge1634 left promiscuous mode
[ 2031.591787][T15934] bridge1633: port 1(vlan747) entered disabled state
[ 2031.601642][T15934] device bridge1632 left promiscuous mode
[ 2031.608659][T15934] bridge1631: port 1(vlan746) entered disabled state
[ 2031.618054][T15934] device bridge1630 left promiscuous mode
[ 2031.623781][T15934] bridge1629: port 1(vlan745) entered disabled state
[ 2031.633052][T15934] device bridge1628 left promiscuous mode
[ 2031.639419][T15934] bridge1627: port 1(vlan744) entered disabled state
[ 2031.649478][T15934] device bridge1626 left promiscuous mode
[ 2031.655820][T15934] bridge1625: port 1(vlan743) entered disabled state
[ 2031.665438][T15934] device bridge1624 left promiscuous mode
[ 2031.671190][T15934] bridge1623: port 1(vlan742) entered disabled state
[ 2031.683402][T15934] device bridge1622 left promiscuous mode
[ 2031.689725][T15934] bridge1621: port 1(vlan741) entered disabled state
[ 2031.699466][T15934] device bridge1620 left promiscuous mode
[ 2031.705806][T15934] bridge1619: port 1(vlan740) entered disabled state
[ 2031.714984][T15934] device bridge1618 left promiscuous mode
[ 2031.720720][T15934] bridge1617: port 1(vlan739) entered disabled state
[ 2031.733751][T15934] device bridge1616 left promiscuous mode
[ 2031.740032][T15934] bridge1615: port 1(vlan738) entered disabled state
[ 2031.750082][T15934] device bridge1614 left promiscuous mode
[ 2031.756849][T15934] bridge1613: port 1(vlan737) entered disabled state
[ 2031.767082][T15934] device bridge1612 left promiscuous mode
[ 2031.772838][T15934] bridge1611: port 1(vlan736) entered disabled state
[ 2031.783384][T15934] device bridge1610 left promiscuous mode
[ 2031.789651][T15934] bridge1609: port 1(vlan735) entered disabled state
[ 2031.799373][T15934] device bridge1608 left promiscuous mode
[ 2031.805912][T15934] bridge1607: port 1(vlan734) entered disabled state
[ 2031.818195][T15934] device bridge1606 left promiscuous mode
[ 2031.823919][T15934] bridge1605: port 1(vlan733) entered disabled state
[ 2031.833460][T15934] device bridge1604 left promiscuous mode
[ 2031.839715][T15934] bridge1603: port 1(vlan732) entered disabled state
[ 2031.850136][T15934] device bridge1602 left promiscuous mode
[ 2031.856597][T15934] bridge1601: port 1(vlan731) entered disabled state
[ 2031.868054][T15934] device bridge1600 left promiscuous mode
[ 2031.873794][T15934] bridge1599: port 1(vlan730) entered disabled state
[ 2031.887292][T15934] device bridge1598 left promiscuous mode
[ 2031.893050][T15934] bridge1597: port 1(vlan729) entered disabled state
[ 2031.902671][T15934] device bridge1596 left promiscuous mode
[ 2031.909779][T15934] bridge1595: port 1(vlan728) entered disabled state
[ 2031.919621][T15934] device bridge1594 left promiscuous mode
[ 2031.926902][T15934] bridge1593: port 1(vlan727) entered disabled state
[ 2031.936385][T15934] device bridge1592 left promiscuous mode
[ 2031.942112][T15934] bridge1591: port 1(vlan726) entered disabled state
[ 2031.952187][T15934] device bridge1590 left promiscuous mode
[ 2031.958388][T15934] bridge1589: port 1(vlan725) entered disabled state
[ 2031.968754][T15934] device bridge1586 left promiscuous mode
[ 2031.975150][T15934] bridge1585: port 1(vlan724) entered disabled state
[ 2031.986825][T15934] device bridge1584 left promiscuous mode
[ 2031.992560][T15934] bridge1583: port 1(vlan723) entered disabled state
[ 2032.010273][T15934] device bridge1582 left promiscuous mode
[ 2032.016439][T15934] bridge1581: port 1(vlan722) entered disabled state
[ 2032.025700][T15934] device bridge1580 left promiscuous mode
[ 2032.031454][T15934] bridge1579: port 1(vlan721) entered disabled state
[ 2032.041365][T15934] device bridge1578 left promiscuous mode
[ 2032.048495][T15934] bridge1577: port 1(vlan720) entered disabled state
[ 2032.058151][T15934] device bridge1576 left promiscuous mode
[ 2032.063885][T15934] bridge1575: port 1(vlan719) entered disabled state
[ 2032.077804][T15934] device bridge1574 left promiscuous mode
[ 2032.083559][T15934] bridge1573: port 1(vlan718) entered disabled state
[ 2032.094321][T15934] device bridge1572 left promiscuous mode
[ 2032.100719][T15934] bridge1571: port 1(vlan717) entered disabled state
[ 2032.110291][T15934] device bridge1570 left promiscuous mode
[ 2032.116710][T15934] bridge1569: port 1(vlan716) entered disabled state
[ 2032.126412][T15934] device bridge1568 left promiscuous mode
[ 2032.132144][T15934] bridge1567: port 1(vlan715) entered disabled state
[ 2032.146468][T15934] device bridge1566 left promiscuous mode
[ 2032.152222][T15934] bridge1565: port 1(vlan714) entered disabled state
[ 2032.162149][T15934] device bridge1564 left promiscuous mode
[ 2032.168840][T15934] bridge1563: port 1(vlan713) entered disabled state
[ 2032.178628][T15934] device bridge1562 left promiscuous mode
[ 2032.184415][T15934] bridge1561: port 1(vlan712) entered disabled state
[ 2032.195502][T15934] device bridge1560 left promiscuous mode
[ 2032.201239][T15934] bridge1559: port 1(vlan711) entered disabled state
[ 2032.211465][T15934] device bridge1558 left promiscuous mode
[ 2032.217726][T15934] bridge1557: port 1(vlan710) entered disabled state
[ 2032.228170][T15934] device bridge1556 left promiscuous mode
[ 2032.233897][T15934] bridge1555: port 1(vlan709) entered disabled state
[ 2032.243401][T15934] device bridge1554 left promiscuous mode
[ 2032.251182][T15934] bridge1553: port 1(vlan708) entered disabled state
[ 2032.261000][T15934] device bridge1552 left promiscuous mode
[ 2032.268186][T15934] bridge1551: port 1(vlan707) entered disabled state
[ 2032.278329][T15934] device bridge1550 left promiscuous mode
[ 2032.284074][T15934] bridge1549: port 1(vlan706) entered disabled state
[ 2032.295040][T15934] device bridge1548 left promiscuous mode
[ 2032.300802][T15934] bridge1547: port 1(vlan705) entered disabled state
[ 2032.313416][T15934] device bridge1546 left promiscuous mode
[ 2032.322169][T15934] bridge1545: port 1(vlan704) entered disabled state
[ 2032.333102][T15934] device bridge1544 left promiscuous mode
[ 2032.339235][T15934] bridge1543: port 1(vlan703) entered disabled state
[ 2032.349005][T15934] device bridge1542 left promiscuous mode
[ 2032.356036][T15934] bridge1541: port 1(vlan702) entered disabled state
[ 2032.365937][T15934] device bridge1540 left promiscuous mode
[ 2032.371666][T15934] bridge1539: port 1(vlan701) entered disabled state
[ 2032.381357][T15934] device bridge1538 left promiscuous mode
[ 2032.387579][T15934] bridge1537: port 1(vlan700) entered disabled state
[ 2032.398973][T15934] device bridge1536 left promiscuous mode
[ 2032.405246][T15934] bridge1535: port 1(vlan699) entered disabled state
[ 2032.414352][T15934] device bridge1534 left promiscuous mode
[ 2032.420606][T15934] bridge1533: port 1(vlan698) entered disabled state
[ 2032.429705][T15934] device bridge1532 left promiscuous mode
[ 2032.435915][T15934] bridge1531: port 1(vlan697) entered disabled state
[ 2032.445835][T15934] device bridge1530 left promiscuous mode
[ 2032.451669][T15934] bridge1529: port 1(vlan696) entered disabled state
[ 2032.461693][T15934] device bridge1528 left promiscuous mode
[ 2032.467957][T15934] bridge1527: port 1(vlan695) entered disabled state
[ 2032.480054][T15934] device bridge1526 left promiscuous mode
[ 2032.486316][T15934] bridge1525: port 1(vlan694) entered disabled state
[ 2032.495938][T15934] device bridge1524 left promiscuous mode
[ 2032.501832][T15934] bridge1523: port 1(vlan693) entered disabled state
[ 2032.512956][T15934] device bridge1522 left promiscuous mode
[ 2032.519082][T15934] bridge1521: port 1(vlan692) entered disabled state
[ 2032.528661][T15934] device bridge1520 left promiscuous mode
[ 2032.534448][T15934] bridge1519: port 1(vlan691) entered disabled state
[ 2032.544055][T15934] device bridge1516 left promiscuous mode
[ 2032.550802][T15934] bridge1515: port 1(vlan689) entered disabled state
[ 2032.560494][T15934] device bridge1514 left promiscuous mode
[ 2032.566887][T15934] bridge1513: port 1(vlan688) entered disabled state
[ 2032.577386][T15934] device bridge1512 left promiscuous mode
[ 2032.583116][T15934] bridge1511: port 1(vlan687) entered disabled state
[ 2032.593048][T15934] device bridge1510 left promiscuous mode
[ 2032.599637][T15934] bridge1509: port 1(vlan686) entered disabled state
[ 2032.609386][T15934] device bridge1508 left promiscuous mode
[ 2032.615718][T15934] bridge1507: port 1(vlan685) entered disabled state
[ 2032.624274][T15934] device bridge1506 left promiscuous mode
[ 2032.631411][T15934] bridge1505: port 1(vlan684) entered disabled state
[ 2032.640709][T15934] device bridge1504 left promiscuous mode
[ 2032.647170][T15934] bridge1503: port 1(vlan683) entered disabled state
[ 2032.657137][T15934] device bridge1502 left promiscuous mode
[ 2032.662872][T15934] bridge1501: port 1(vlan682) entered disabled state
[ 2032.672566][T15934] device bridge1500 left promiscuous mode
[ 2032.680851][T15934] bridge1499: port 1(vlan681) entered disabled state
[ 2032.691236][T15934] device bridge1498 left promiscuous mode
[ 2032.697380][T15934] bridge1497: port 1(vlan680) entered disabled state
[ 2032.708189][T15934] device bridge1496 left promiscuous mode
[ 2032.713918][T15934] bridge1495: port 1(vlan679) entered disabled state
[ 2032.725153][T15934] device bridge1494 left promiscuous mode
[ 2032.730892][T15934] bridge1493: port 1(vlan678) entered disabled state
[ 2032.740904][T15934] device bridge1492 left promiscuous mode
[ 2032.747264][T15934] bridge1491: port 1(vlan677) entered disabled state
[ 2032.757248][T15934] device bridge1490 left promiscuous mode
[ 2032.762985][T15934] bridge1489: port 1(vlan676) entered disabled state
[ 2032.773179][T15934] device bridge1488 left promiscuous mode
[ 2032.779290][T15934] bridge1487: port 1(vlan675) entered disabled state
[ 2032.789511][T15934] device bridge1486 left promiscuous mode
[ 2032.796263][T15934] bridge1485: port 1(vlan674) entered disabled state
[ 2032.807824][T15934] device bridge1484 left promiscuous mode
[ 2032.813553][T15934] bridge1483: port 1(vlan673) entered disabled state
[ 2032.822701][T15934] device bridge1482 left promiscuous mode
[ 2032.828810][T15934] bridge1481: port 1(vlan672) entered disabled state
[ 2032.838320][T15934] device bridge1480 left promiscuous mode
[ 2032.844053][T15934] bridge1479: port 1(vlan671) entered disabled state
[ 2032.853964][T15934] device bridge1478 left promiscuous mode
[ 2032.860203][T15934] bridge1477: port 1(vlan670) entered disabled state
[ 2032.869795][T15934] device bridge1476 left promiscuous mode
[ 2032.876371][T15934] bridge1475: port 1(vlan669) entered disabled state
[ 2032.886492][T15934] device bridge1474 left promiscuous mode
[ 2032.892228][T15934] bridge1473: port 1(vlan668) entered disabled state
[ 2032.902930][T15934] device bridge1472 left promiscuous mode
[ 2032.910716][T15934] bridge1471: port 1(vlan667) entered disabled state
[ 2032.919959][T15934] device bridge1470 left promiscuous mode
[ 2032.926022][T15934] bridge1469: port 1(vlan666) entered disabled state
[ 2032.935477][T15934] device bridge1468 left promiscuous mode
[ 2032.941214][T15934] bridge1467: port 1(vlan665) entered disabled state
[ 2032.950762][T15934] device bridge1466 left promiscuous mode
[ 2032.956907][T15934] bridge1465: port 1(vlan664) entered disabled state
[ 2032.968244][T15934] device bridge1464 left promiscuous mode
[ 2032.973999][T15934] bridge1463: port 1(vlan663) entered disabled state
[ 2032.983566][T15934] device bridge1462 left promiscuous mode
[ 2032.989769][T15934] bridge1461: port 1(vlan662) entered disabled state
[ 2032.999339][T15934] device bridge1460 left promiscuous mode
[ 2033.005778][T15934] bridge1459: port 1(vlan661) entered disabled state
[ 2033.015261][T15934] device bridge1458 left promiscuous mode
[ 2033.021009][T15934] bridge1457: port 1(vlan660) entered disabled state
[ 2033.031085][T15934] device bridge1456 left promiscuous mode
[ 2033.037240][T15934] bridge1455: port 1(vlan659) entered disabled state
[ 2033.046997][T15934] device bridge1454 left promiscuous mode
[ 2033.052757][T15934] bridge1453: port 1(vlan658) entered disabled state
[ 2033.062809][T15934] device bridge1452 left promiscuous mode
[ 2033.068956][T15934] bridge1451: port 1(vlan657) entered disabled state
[ 2033.078936][T15934] device bridge1450 left promiscuous mode
[ 2033.085225][T15934] bridge1449: port 1(vlan656) entered disabled state
[ 2033.094235][T15934] device bridge1448 left promiscuous mode
[ 2033.100853][T15934] bridge1447: port 1(vlan655) entered disabled state
[ 2033.110267][T15934] device bridge1446 left promiscuous mode
[ 2033.116790][T15934] bridge1445: port 1(vlan654) entered disabled state
[ 2033.127267][T15934] device bridge1444 left promiscuous mode
[ 2033.132996][T15934] bridge1443: port 1(vlan653) entered disabled state
[ 2033.142260][T15934] device bridge1442 left promiscuous mode
[ 2033.148783][T15934] bridge1441: port 1(vlan652) entered disabled state
[ 2033.158371][T15934] device bridge1440 left promiscuous mode
[ 2033.164098][T15934] bridge1439: port 1(vlan651) entered disabled state
[ 2033.173659][T15934] device bridge1438 left promiscuous mode
[ 2033.179792][T15934] bridge1437: port 1(vlan650) entered disabled state
[ 2033.190826][T15934] device bridge1436 left promiscuous mode
[ 2033.197258][T15934] bridge1435: port 1(vlan649) entered disabled state
[ 2033.207725][T15934] device bridge1434 left promiscuous mode
[ 2033.213589][T15934] bridge1433: port 1(vlan648) entered disabled state
[ 2033.222870][T15934] device bridge1432 left promiscuous mode
[ 2033.228960][T15934] bridge1431: port 1(vlan647) entered disabled state
[ 2033.238885][T15934] device bridge1430 left promiscuous mode
[ 2033.245377][T15934] bridge1429: port 1(vlan646) entered disabled state
[ 2033.255652][T15934] device bridge1428 left promiscuous mode
[ 2033.261404][T15934] bridge1427: port 1(vlan645) entered disabled state
[ 2033.271556][T15934] device bridge1426 left promiscuous mode
[ 2033.279397][T15934] bridge1425: port 1(vlan644) entered disabled state
[ 2033.288924][T15934] device bridge1424 left promiscuous mode
[ 2033.295408][T15934] bridge1423: port 1(vlan643) entered disabled state
[ 2033.305350][T15934] device bridge1422 left promiscuous mode
[ 2033.311074][T15934] bridge1421: port 1(vlan642) entered disabled state
[ 2033.320546][T15934] device bridge1420 left promiscuous mode
[ 2033.326878][T15934] bridge1419: port 1(vlan641) entered disabled state
[ 2033.336706][T15934] device bridge1418 left promiscuous mode
[ 2033.342443][T15934] bridge1417: port 1(vlan640) entered disabled state
[ 2033.352206][T15934] device bridge1416 left promiscuous mode
[ 2033.359670][T15934] bridge1415: port 1(vlan639) entered disabled state
[ 2033.369767][T15934] device bridge1414 left promiscuous mode
[ 2033.376029][T15934] bridge1413: port 1(vlan638) entered disabled state
[ 2033.386043][T15934] device bridge1412 left promiscuous mode
[ 2033.391809][T15934] bridge1411: port 1(vlan637) entered disabled state
[ 2033.401463][T15934] device bridge1410 left promiscuous mode
[ 2033.407880][T15934] bridge1409: port 1(vlan636) entered disabled state
[ 2033.425412][T15934] device bridge1408 left promiscuous mode
[ 2033.431139][T15934] bridge1407: port 1(vlan635) entered disabled state
[ 2033.440159][T15934] device bridge1406 left promiscuous mode
[ 2033.446420][T15934] bridge1405: port 1(vlan634) entered disabled state
[ 2033.457372][T15934] device bridge1404 left promiscuous mode
[ 2033.463113][T15934] bridge1403: port 1(vlan633) entered disabled state
[ 2033.473266][T15934] device bridge1402 left promiscuous mode
[ 2033.479583][T15934] bridge1401: port 1(vlan632) entered disabled state
[ 2033.489297][T15934] device bridge1400 left promiscuous mode
[ 2033.495643][T15934] bridge1399: port 1(vlan631) entered disabled state
[ 2033.505128][T15934] device bridge1398 left promiscuous mode
[ 2033.510868][T15934] bridge1397: port 1(vlan630) entered disabled state
[ 2033.520284][T15934] device bridge1396 left promiscuous mode
[ 2033.527042][T15934] bridge1395: port 1(vlan629) entered disabled state
[ 2033.536610][T15934] device bridge1394 left promiscuous mode
[ 2033.542337][T15934] bridge1393: port 1(vlan628) entered disabled state
[ 2033.552160][T15934] device bridge1392 left promiscuous mode
[ 2033.558376][T15934] bridge1391: port 1(vlan627) entered disabled state
[ 2033.570174][T15934] device bridge1390 left promiscuous mode
[ 2033.576703][T15934] bridge1389: port 1(vlan626) entered disabled state
[ 2033.587366][T15934] device bridge1388 left promiscuous mode
[ 2033.593098][T15934] bridge1387: port 1(vlan625) entered disabled state
[ 2033.602687][T15934] device bridge1386 left promiscuous mode
[ 2033.610201][T15934] bridge1385: port 1(vlan624) entered disabled state
[ 2033.619276][T15934] device bridge1384 left promiscuous mode
[ 2033.625756][T15934] bridge1383: port 1(vlan623) entered disabled state
[ 2033.634275][T15934] device bridge1382 left promiscuous mode
[ 2033.641145][T15934] bridge1381: port 1(vlan622) entered disabled state
[ 2033.653368][T15934] device bridge1380 left promiscuous mode
[ 2033.659671][T15934] bridge1379: port 1(vlan621) entered disabled state
[ 2033.669299][T15934] device bridge1378 left promiscuous mode
[ 2033.675616][T15934] bridge1377: port 1(vlan620) entered disabled state
[ 2033.685111][T15934] device bridge1376 left promiscuous mode
[ 2033.690858][T15934] bridge1375: port 1(vlan619) entered disabled state
[ 2033.701011][T15934] device bridge1374 left promiscuous mode
[ 2033.707269][T15934] bridge1373: port 1(vlan618) entered disabled state
[ 2033.716409][T15934] device bridge1372 left promiscuous mode
[ 2033.722132][T15934] bridge1371: port 1(vlan617) entered disabled state
[ 2033.731725][T15934] device bridge1370 left promiscuous mode
[ 2033.737870][T15934] bridge1369: port 1(vlan616) entered disabled state
[ 2033.748868][T15934] device bridge1368 left promiscuous mode
[ 2033.756942][T15934] bridge1367: port 1(vlan615) entered disabled state
[ 2033.767360][T15934] device bridge1366 left promiscuous mode
[ 2033.773089][T15934] bridge1365: port 1(vlan614) entered disabled state
[ 2033.785034][T15934] device bridge1364 left promiscuous mode
[ 2033.790792][T15934] bridge1363: port 1(vlan613) entered disabled state
[ 2033.800813][T15934] device bridge1362 left promiscuous mode
[ 2033.807404][T15934] bridge1361: port 1(vlan612) entered disabled state
[ 2033.817157][T15934] device bridge1360 left promiscuous mode
[ 2033.822879][T15934] bridge1359: port 1(vlan611) entered disabled state
[ 2033.832051][T15934] device bridge1358 left promiscuous mode
[ 2033.838653][T15934] bridge1357: port 1(vlan610) entered disabled state
[ 2033.848080][T15934] device bridge1356 left promiscuous mode
[ 2033.853812][T15934] bridge1355: port 1(vlan609) entered disabled state
[ 2033.864301][T15934] device bridge1354 left promiscuous mode
[ 2033.870480][T15934] bridge1353: port 1(vlan608) entered disabled state
[ 2033.880147][T15934] device bridge1352 left promiscuous mode
[ 2033.886400][T15934] bridge1351: port 1(vlan607) entered disabled state
[ 2033.896007][T15934] device bridge1350 left promiscuous mode
[ 2033.901754][T15934] bridge1349: port 1(vlan606) entered disabled state
[ 2033.911603][T15934] device bridge1348 left promiscuous mode
[ 2033.918511][T15934] bridge1347: port 1(vlan605) entered disabled state
[ 2033.927951][T15934] device bridge1346 left promiscuous mode
[ 2033.934115][T15934] bridge1345: port 1(vlan604) entered disabled state
[ 2033.943706][T15934] device bridge1344 left promiscuous mode
[ 2033.950459][T15934] bridge1343: port 1(vlan603) entered disabled state
[ 2033.960892][T15934] device bridge1342 left promiscuous mode
[ 2033.967212][T15934] bridge1341: port 1(vlan602) entered disabled state
[ 2033.977341][T15934] device bridge1340 left promiscuous mode
[ 2033.983078][T15934] bridge1339: port 1(vlan601) entered disabled state
[ 2033.992988][T15934] device bridge1338 left promiscuous mode
[ 2033.999203][T15934] bridge1337: port 1(vlan600) entered disabled state
[ 2034.009327][T15934] device bridge1336 left promiscuous mode
[ 2034.015651][T15934] bridge1335: port 1(vlan599) entered disabled state
[ 2034.027594][T15934] device bridge1334 left promiscuous mode
[ 2034.033809][T15934] bridge1333: port 1(vlan598) entered disabled state
[ 2034.042974][T15934] device bridge1332 left promiscuous mode
[ 2034.049160][T15934] bridge1331: port 1(vlan597) entered disabled state
[ 2034.058693][T15934] device bridge1330 left promiscuous mode
[ 2034.064995][T15934] bridge1329: port 1(vlan596) entered disabled state
[ 2034.074057][T15934] device bridge1328 left promiscuous mode
[ 2034.080491][T15934] bridge1327: port 1(vlan595) entered disabled state
[ 2034.089935][T15934] device bridge1326 left promiscuous mode
[ 2034.096434][T15934] bridge1325: port 1(vlan594) entered disabled state
[ 2034.106536][T15934] device bridge1324 left promiscuous mode
[ 2034.112260][T15934] bridge1323: port 1(vlan593) entered disabled state
[ 2034.121939][T15934] device bridge1322 left promiscuous mode
[ 2034.128062][T15934] bridge1321: port 1(vlan592) entered disabled state
[ 2034.138481][T15934] device bridge1320 left promiscuous mode
[ 2034.144208][T15934] bridge1319: port 1(vlan591) entered disabled state
[ 2034.153646][T15934] device bridge1318 left promiscuous mode
[ 2034.161976][T15934] bridge1317: port 1(vlan590) entered disabled state
[ 2034.172097][T15934] device bridge1316 left promiscuous mode
[ 2034.178288][T15934] bridge1315: port 1(vlan589) entered disabled state
[ 2034.189548][T15934] device bridge1314 left promiscuous mode
[ 2034.195732][T15934] bridge1313: port 1(vlan588) entered disabled state
[ 2034.206478][T15934] device bridge1312 left promiscuous mode
[ 2034.212226][T15934] bridge1311: port 1(vlan587) entered disabled state
[ 2034.221317][T15934] device bridge1310 left promiscuous mode
[ 2034.227690][T15934] bridge1309: port 1(vlan586) entered disabled state
[ 2034.236743][T15934] device bridge1308 left promiscuous mode
[ 2034.242587][T15934] bridge1307: port 1(vlan585) entered disabled state
[ 2034.252634][T15934] device bridge1306 left promiscuous mode
[ 2034.258844][T15934] bridge1305: port 1(vlan584) entered disabled state
[ 2034.271574][T15934] device bridge1304 left promiscuous mode
[ 2034.277726][T15934] bridge1303: port 1(vlan583) entered disabled state
[ 2034.287918][T15934] device bridge1302 left promiscuous mode
[ 2034.293648][T15934] bridge1301: port 1(vlan582) entered disabled state
[ 2034.303510][T15934] device bridge1300 left promiscuous mode
[ 2034.310635][T15934] bridge1299: port 1(vlan581) entered disabled state
[ 2034.319938][T15934] device bridge1298 left promiscuous mode
[ 2034.327016][T15934] bridge1297: port 1(vlan580) entered disabled state
[ 2034.339525][T15934] device bridge1296 left promiscuous mode
[ 2034.346054][T15934] bridge1295: port 1(vlan579) entered disabled state
[ 2034.355484][T15934] device bridge1294 left promiscuous mode
[ 2034.361287][T15934] bridge1293: port 1(vlan578) entered disabled state
[ 2034.371680][T15934] device bridge1292 left promiscuous mode
[ 2034.379142][T15934] bridge1291: port 1(vlan577) entered disabled state
[ 2034.388971][T15934] device bridge1290 left promiscuous mode
[ 2034.395771][T15934] bridge1289: port 1(vlan576) entered disabled state
[ 2034.407322][T15934] device bridge1288 left promiscuous mode
[ 2034.413076][T15934] bridge1287: port 1(vlan575) entered disabled state
[ 2034.422951][T15934] device bridge1286 left promiscuous mode
[ 2034.429143][T15934] bridge1285: port 1(vlan574) entered disabled state
[ 2034.438071][T15934] device bridge1284 left promiscuous mode
[ 2034.443887][T15934] bridge1283: port 1(vlan573) entered disabled state
[ 2034.453404][T15934] device bridge1282 left promiscuous mode
[ 2034.459630][T15934] bridge1281: port 1(vlan572) entered disabled state
[ 2034.469413][T15934] device bridge1280 left promiscuous mode
[ 2034.475775][T15934] bridge1279: port 1(vlan571) entered disabled state
[ 2034.485148][T15934] device bridge1278 left promiscuous mode
[ 2034.490889][T15934] bridge1277: port 1(vlan570) entered disabled state
[ 2034.500796][T15934] device bridge1276 left promiscuous mode
[ 2034.507139][T15934] bridge1275: port 1(vlan569) entered disabled state
[ 2034.516407][T15934] device bridge1274 left promiscuous mode
[ 2034.522130][T15934] bridge1273: port 1(vlan568) entered disabled state
[ 2034.532121][T15934] device bridge1272 left promiscuous mode
[ 2034.538324][T15934] bridge1271: port 1(vlan567) entered disabled state
[ 2034.548487][T15934] device bridge1270 left promiscuous mode
[ 2034.554220][T15934] bridge1269: port 1(vlan566) entered disabled state
[ 2034.566814][T15934] device bridge1268 left promiscuous mode
[ 2034.572551][T15934] bridge1267: port 1(vlan565) entered disabled state
[ 2034.584862][T15934] device bridge1266 left promiscuous mode
[ 2034.590834][T15934] bridge1265: port 1(vlan564) entered disabled state
[ 2034.600989][T15934] device bridge1264 left promiscuous mode
[ 2034.608142][T15934] bridge1263: port 1(vlan563) entered disabled state
[ 2034.617529][T15934] device bridge1262 left promiscuous mode
[ 2034.623254][T15934] bridge1261: port 1(vlan562) entered disabled state
[ 2034.632854][T15934] device bridge1260 left promiscuous mode
[ 2034.638875][T15934] bridge1259: port 1(vlan561) entered disabled state
[ 2034.648895][T15934] device bridge1258 left promiscuous mode
[ 2034.655163][T15934] bridge1257: port 1(vlan560) entered disabled state
[ 2034.664172][T15934] device bridge1256 left promiscuous mode
[ 2034.671226][T15934] bridge1255: port 1(vlan559) entered disabled state
[ 2034.680786][T15934] device bridge1254 left promiscuous mode
[ 2034.687292][T15934] bridge1253: port 1(vlan558) entered disabled state
[ 2034.697467][T15934] device bridge1252 left promiscuous mode
[ 2034.703207][T15934] bridge1251: port 1(vlan557) entered disabled state
[ 2034.712748][T15934] device bridge1250 left promiscuous mode
[ 2034.718974][T15934] bridge1249: port 1(vlan556) entered disabled state
[ 2034.728211][T15934] device bridge1248 left promiscuous mode
[ 2034.733933][T15934] bridge1247: port 1(vlan555) entered disabled state
[ 2034.747714][T15934] device bridge1246 left promiscuous mode
[ 2034.753752][T15934] bridge1245: port 1(vlan554) entered disabled state
[ 2034.763375][T15934] device bridge1244 left promiscuous mode
[ 2034.769606][T15934] bridge1243: port 1(vlan553) entered disabled state
[ 2034.779720][T15934] device bridge1242 left promiscuous mode
[ 2034.786479][T15934] bridge1241: port 1(vlan552) entered disabled state
[ 2034.795790][T15934] device bridge1240 left promiscuous mode
[ 2034.801524][T15934] bridge1239: port 1(vlan551) entered disabled state
[ 2034.816117][T15934] device bridge1238 left promiscuous mode
[ 2034.821842][T15934] bridge1237: port 1(vlan550) entered disabled state
[ 2034.831302][T15934] device bridge1236 left promiscuous mode
[ 2034.837364][T15934] bridge1235: port 1(vlan549) entered disabled state
[ 2034.846852][T15934] device bridge1234 left promiscuous mode
[ 2034.852779][T15934] bridge1233: port 1(vlan548) entered disabled state
[ 2034.862195][T15934] device bridge1232 left promiscuous mode
[ 2034.868584][T15934] bridge1231: port 1(vlan547) entered disabled state
[ 2034.878169][T15934] device bridge1230 left promiscuous mode
[ 2034.883898][T15934] bridge1229: port 1(vlan546) entered disabled state
[ 2034.893689][T15934] device bridge1228 left promiscuous mode
[ 2034.901198][T15934] bridge1227: port 1(vlan545) entered disabled state
[ 2034.910696][T15934] device bridge1226 left promiscuous mode
[ 2034.918986][T15934] bridge1225: port 1(vlan544) entered disabled state
[ 2034.928054][T15934] device bridge1224 left promiscuous mode
[ 2034.933774][T15934] bridge1223: port 1(vlan543) entered disabled state
[ 2034.943571][T15934] device bridge1222 left promiscuous mode
[ 2034.949796][T15934] bridge1221: port 1(vlan542) entered disabled state
[ 2034.959774][T15934] device bridge1220 left promiscuous mode
[ 2034.965986][T15934] bridge1219: port 1(vlan541) entered disabled state
[ 2034.975323][T15934] device bridge1218 left promiscuous mode
[ 2034.981074][T15934] bridge1217: port 1(vlan540) entered disabled state
[ 2034.994015][T15934] device bridge1216 left promiscuous mode
[ 2035.001728][T15934] bridge1215: port 1(vlan539) entered disabled state
[ 2035.011198][T15934] device bridge1214 left promiscuous mode
[ 2035.018288][T15934] bridge1213: port 1(vlan538) entered disabled state
[ 2035.027965][T15934] device bridge1210 left promiscuous mode
[ 2035.033686][T15934] bridge1209: port 1(vlan537) entered disabled state
[ 2035.043934][T15934] device bridge1208 left promiscuous mode
[ 2035.050301][T15934] bridge1207: port 1(vlan536) entered disabled state
[ 2035.060559][T15934] device bridge1206 left promiscuous mode
[ 2035.066940][T15934] bridge1205: port 1(vlan535) entered disabled state
[ 2035.077764][T15934] device bridge1204 left promiscuous mode
[ 2035.083500][T15934] bridge1203: port 1(vlan534) entered disabled state
[ 2035.093080][T15934] device bridge1202 left promiscuous mode
[ 2035.099731][T15934] bridge1201: port 1(vlan533) entered disabled state
[ 2035.109396][T15934] device bridge1200 left promiscuous mode
[ 2035.116493][T15934] bridge1199: port 1(vlan532) entered disabled state
[ 2035.125727][T15934] device bridge1198 left promiscuous mode
[ 2035.131450][T15934] bridge1197: port 1(vlan531) entered disabled state
[ 2035.141022][T15934] device bridge1196 left promiscuous mode
[ 2035.147244][T15934] bridge1195: port 1(vlan530) entered disabled state
[ 2035.158020][T15934] device bridge1194 left promiscuous mode
[ 2035.164090][T15934] bridge1193: port 1(vlan529) entered disabled state
[ 2035.173555][T15934] device bridge1192 left promiscuous mode
[ 2035.179914][T15934] bridge1191: port 1(vlan528) entered disabled state
[ 2035.189358][T15934] device bridge1190 left promiscuous mode
[ 2035.195717][T15934] bridge1189: port 1(vlan527) entered disabled state
[ 2035.205500][T15934] device bridge1188 left promiscuous mode
[ 2035.211259][T15934] bridge1187: port 1(vlan526) entered disabled state
[ 2035.220759][T15934] device bridge1186 left promiscuous mode
[ 2035.226830][T15934] bridge1185: port 1(vlan525) entered disabled state
[ 2035.236569][T15934] device bridge1184 left promiscuous mode
[ 2035.242304][T15934] bridge1183: port 1(vlan524) entered disabled state
[ 2035.253200][T15934] device bridge1182 left promiscuous mode
[ 2035.259436][T15934] bridge1181: port 1(vlan523) entered disabled state
[ 2035.269458][T15934] device bridge1180 left promiscuous mode
[ 2035.275774][T15934] bridge1179: port 1(vlan522) entered disabled state
[ 2035.285717][T15934] device bridge1178 left promiscuous mode
[ 2035.291462][T15934] bridge1177: port 1(vlan521) entered disabled state
[ 2035.301044][T15934] device bridge1176 left promiscuous mode
[ 2035.307253][T15934] bridge1175: port 1(vlan520) entered disabled state
[ 2035.318110][T15934] device bridge1174 left promiscuous mode
[ 2035.323834][T15934] bridge1173: port 1(vlan519) entered disabled state
[ 2035.333615][T15934] device bridge1172 left promiscuous mode
[ 2035.339704][T15934] bridge1171: port 1(vlan518) entered disabled state
[ 2035.349215][T15934] device bridge1170 left promiscuous mode
[ 2035.355337][T15934] bridge1169: port 1(vlan517) entered disabled state
[ 2035.365741][T15934] device bridge1168 left promiscuous mode
[ 2035.371486][T15934] bridge1167: port 1(vlan516) entered disabled state
[ 2035.380864][T15934] device bridge1166 left promiscuous mode
[ 2035.386960][T15934] bridge1165: port 1(vlan515) entered disabled state
[ 2035.402229][T15934] device bridge1164 left promiscuous mode
[ 2035.408425][T15934] bridge1163: port 1(vlan514) entered disabled state
[ 2035.418202][T15934] device bridge1162 left promiscuous mode
[ 2035.423940][T15934] bridge1161: port 1(vlan513) entered disabled state
[ 2035.433451][T15934] device bridge1160 left promiscuous mode
[ 2035.439678][T15934] bridge1159: port 1(vlan512) entered disabled state
[ 2035.449311][T15934] device bridge1158 left promiscuous mode
[ 2035.455520][T15934] bridge1157: port 1(vlan511) entered disabled state
[ 2035.464682][T15934] device bridge1156 left promiscuous mode
[ 2035.470562][T15934] bridge1155: port 1(vlan510) entered disabled state
[ 2035.480371][T15934] device bridge1154 left promiscuous mode
[ 2035.486838][T15934] bridge1153: port 1(vlan509) entered disabled state
[ 2035.497045][T15934] device bridge1152 left promiscuous mode
[ 2035.502786][T15934] bridge1151: port 1(vlan508) entered disabled state
[ 2035.512499][T15934] device bridge1150 left promiscuous mode
[ 2035.518985][T15934] bridge1149: port 1(vlan507) entered disabled state
[ 2035.530313][T15934] device bridge1148 left promiscuous mode
[ 2035.536507][T15934] bridge1147: port 1(vlan506) entered disabled state
[ 2035.546379][T15934] device bridge1146 left promiscuous mode
[ 2035.552125][T15934] bridge1145: port 1(vlan505) entered disabled state
[ 2035.563793][T15934] device bridge1144 left promiscuous mode
[ 2035.570205][T15934] bridge1143: port 1(vlan504) entered disabled state
[ 2035.579762][T15934] device bridge1142 left promiscuous mode
[ 2035.585969][T15934] bridge1141: port 1(vlan503) entered disabled state
[ 2035.596548][T15934] device bridge1140 left promiscuous mode
[ 2035.602319][T15934] bridge1139: port 1(vlan502) entered disabled state
[ 2035.611669][T15934] device bridge1138 left promiscuous mode
[ 2035.618043][T15934] bridge1137: port 1(vlan501) entered disabled state
[ 2035.628182][T15934] device bridge1136 left promiscuous mode
[ 2035.633903][T15934] bridge1135: port 1(vlan500) entered disabled state
[ 2035.642874][T15934] device bridge1134 left promiscuous mode
[ 2035.649494][T15934] bridge1133: port 1(vlan499) entered disabled state
[ 2035.658844][T15934] device bridge1132 left promiscuous mode
[ 2035.665230][T15934] bridge1131: port 1(vlan498) entered disabled state
[ 2035.674281][T15934] device bridge1130 left promiscuous mode
[ 2035.680589][T15934] bridge1129: port 1(vlan497) entered disabled state
[ 2035.689970][T15934] device bridge1128 left promiscuous mode
[ 2035.696174][T15934] bridge1127: port 1(vlan496) entered disabled state
[ 2035.705675][T15934] device bridge1126 left promiscuous mode
[ 2035.711412][T15934] bridge1125: port 1(vlan495) entered disabled state
[ 2035.721661][T15934] device bridge1124 left promiscuous mode
[ 2035.727891][T15934] bridge1123: port 1(vlan494) entered disabled state
[ 2035.737116][T15934] device bridge1122 left promiscuous mode
[ 2035.742840][T15934] bridge1121: port 1(vlan493) entered disabled state
[ 2035.752187][T15934] device bridge1120 left promiscuous mode
[ 2035.758929][T15934] bridge1119: port 1(vlan492) entered disabled state
[ 2035.768602][T15934] device bridge1118 left promiscuous mode
[ 2035.774673][T15934] bridge1117: port 1(vlan491) entered disabled state
[ 2035.788238][T15934] device bridge1116 left promiscuous mode
[ 2035.793983][T15934] bridge1115: port 1(vlan490) entered disabled state
[ 2035.803359][T15934] device bridge1114 left promiscuous mode
[ 2035.809666][T15934] bridge1113: port 1(vlan489) entered disabled state
[ 2035.818530][T15934] device bridge1112 left promiscuous mode
[ 2035.824255][T15934] bridge1111: port 1(vlan488) entered disabled state
[ 2035.833146][T15934] device bridge1110 left promiscuous mode
[ 2035.841053][T15934] bridge1109: port 1(vlan487) entered disabled state
[ 2035.850948][T15934] device bridge1108 left promiscuous mode
[ 2035.857081][T15934] bridge1107: port 1(vlan486) entered disabled state
[ 2035.866980][T15934] device bridge1106 left promiscuous mode
[ 2035.872721][T15934] bridge1105: port 1(vlan485) entered disabled state
[ 2035.883970][T15934] device bridge1104 left promiscuous mode
[ 2035.891732][T15934] bridge1103: port 1(vlan484) entered disabled state
[ 2035.901210][T15934] device bridge1102 left promiscuous mode
[ 2035.908265][T15934] bridge1101: port 1(vlan483) entered disabled state
[ 2035.917435][T15934] device bridge1100 left promiscuous mode
[ 2035.923155][T15934] bridge1099: port 1(vlan482) entered disabled state
[ 2035.932694][T15934] device bridge1098 left promiscuous mode
[ 2035.938817][T15934] bridge1097: port 1(vlan481) entered disabled state
[ 2035.948211][T15934] device bridge1096 left promiscuous mode
[ 2035.953941][T15934] bridge1095: port 1(vlan480) entered disabled state
[ 2035.963394][T15934] device bridge1094 left promiscuous mode
[ 2035.969591][T15934] bridge1093: port 1(vlan479) entered disabled state
[ 2035.979662][T15934] device bridge1092 left promiscuous mode
[ 2035.985778][T15934] bridge1091: port 1(vlan478) entered disabled state
[ 2035.996635][T15934] device bridge1090 left promiscuous mode
[ 2036.002385][T15934] bridge1089: port 1(vlan477) entered disabled state
[ 2036.011607][T15934] device bridge1088 left promiscuous mode
[ 2036.017857][T15934] bridge1087: port 1(vlan476) entered disabled state
[ 2036.027768][T15934] device bridge1086 left promiscuous mode
[ 2036.033500][T15934] bridge1085: port 1(vlan475) entered disabled state
[ 2036.042564][T15934] device bridge1084 left promiscuous mode
[ 2036.048727][T15934] bridge1083: port 1(vlan474) entered disabled state
[ 2036.058268][T15934] device bridge1082 left promiscuous mode
[ 2036.063999][T15934] bridge1081: port 1(vlan473) entered disabled state
[ 2036.073441][T15934] device bridge1080 left promiscuous mode
[ 2036.079770][T15934] bridge1079: port 1(vlan472) entered disabled state
[ 2036.089385][T15934] device bridge1078 left promiscuous mode
[ 2036.095525][T15934] bridge1077: port 1(vlan471) entered disabled state
[ 2036.104359][T15934] device bridge1076 left promiscuous mode
[ 2036.112958][T15934] bridge1075: port 1(vlan470) entered disabled state
[ 2036.121845][T15934] device bridge1074 left promiscuous mode
[ 2036.127989][T15934] bridge1073: port 1(vlan469) entered disabled state
[ 2036.136879][T15934] device bridge1072 left promiscuous mode
[ 2036.142628][T15934] bridge1071: port 1(vlan468) entered disabled state
[ 2036.152403][T15934] device bridge1070 left promiscuous mode
[ 2036.158510][T15934] bridge1069: port 1(vlan467) entered disabled state
[ 2036.167936][T15934] device bridge1068 left promiscuous mode
[ 2036.173674][T15934] bridge1067: port 1(vlan466) entered disabled state
[ 2036.184857][T15934] device bridge1066 left promiscuous mode
[ 2036.190766][T15934] bridge1065: port 1(vlan465) entered disabled state
[ 2036.201146][T15934] device bridge1064 left promiscuous mode
[ 2036.208551][T15934] bridge1063: port 1(vlan464) entered disabled state
[ 2036.218241][T15934] device bridge1062 left promiscuous mode
[ 2036.223967][T15934] bridge1061: port 1(vlan463) entered disabled state
[ 2036.232904][T15934] device bridge1060 left promiscuous mode
[ 2036.239007][T15934] bridge1059: port 1(vlan462) entered disabled state
[ 2036.248709][T15934] device bridge1058 left promiscuous mode
[ 2036.255101][T15934] bridge1057: port 1(vlan461) entered disabled state
[ 2036.264015][T15934] device bridge1056 left promiscuous mode
[ 2036.270229][T15934] bridge1055: port 1(vlan460) entered disabled state
[ 2036.279452][T15934] device bridge1054 left promiscuous mode
[ 2036.286226][T15934] bridge1053: port 1(vlan459) entered disabled state
[ 2036.295855][T15934] device bridge1052 left promiscuous mode
[ 2036.301588][T15934] bridge1051: port 1(vlan458) entered disabled state
[ 2036.311892][T15934] device bridge1048 left promiscuous mode
[ 2036.318530][T15934] bridge1047: port 1(vlan456) entered disabled state
[ 2036.327829][T15934] device bridge1046 left promiscuous mode
[ 2036.333554][T15934] bridge1045: port 1(vlan455) entered disabled state
[ 2036.343984][T15934] device bridge1044 left promiscuous mode
[ 2036.350062][T15934] bridge1043: port 1(vlan454) entered disabled state
[ 2036.364758][T15934] device bridge1042 left promiscuous mode
[ 2036.370516][T15934] bridge1041: port 1(vlan453) entered disabled state
[ 2036.380466][T15934] device bridge1040 left promiscuous mode
[ 2036.386637][T15934] bridge1039: port 1(vlan452) entered disabled state
[ 2036.397296][T15934] device bridge1038 left promiscuous mode
[ 2036.403131][T15934] bridge1037: port 1(vlan451) entered disabled state
[ 2036.412611][T15934] device bridge1036 left promiscuous mode
[ 2036.418755][T15934] bridge1035: port 1(vlan450) entered disabled state
[ 2036.427916][T15934] device bridge1034 left promiscuous mode
[ 2036.433659][T15934] bridge1033: port 1(vlan449) entered disabled state
[ 2036.442957][T15934] device bridge1032 left promiscuous mode
[ 2036.449651][T15934] bridge1031: port 1(vlan448) entered disabled state
[ 2036.459168][T15934] device bridge1030 left promiscuous mode
[ 2036.465475][T15934] bridge1029: port 1(vlan447) entered disabled state
[ 2036.474345][T15934] device bridge1028 left promiscuous mode
[ 2036.480767][T15934] bridge1027: port 1(vlan446) entered disabled state
[ 2036.491226][T15934] device bridge1024 left promiscuous mode
[ 2036.497472][T15934] bridge1023: port 1(vlan445) entered disabled state
[ 2036.507998][T15934] device bridge1022 left promiscuous mode
[ 2036.513722][T15934] bridge1021: port 1(vlan444) entered disabled state
[ 2036.522788][T15934] device bridge1020 left promiscuous mode
[ 2036.529032][T15934] bridge1019: port 1(vlan443) entered disabled state
[ 2036.538569][T15934] device bridge1016 left promiscuous mode
[ 2036.544296][T15934] bridge1015: port 1(vlan442) entered disabled state
[ 2036.553897][T15934] device bridge1014 left promiscuous mode
[ 2036.560542][T15934] bridge1013: port 1(vlan441) entered disabled state
[ 2036.569890][T15934] device bridge1012 left promiscuous mode
[ 2036.576209][T15934] bridge1011: port 1(vlan440) entered disabled state
[ 2036.585351][T15934] device bridge1010 left promiscuous mode
[ 2036.591094][T15934] bridge1009: port 1(vlan439) entered disabled state
[ 2036.601023][T15934] device bridge1008 left promiscuous mode
[ 2036.607152][T15934] bridge1007: port 1(vlan438) entered disabled state
[ 2036.616404][T15934] device bridge1006 left promiscuous mode
[ 2036.622122][T15934] bridge1005: port 1(vlan437) entered disabled state
[ 2036.631435][T15934] device bridge1004 left promiscuous mode
[ 2036.637515][T15934] bridge1003: port 1(vlan436) entered disabled state
[ 2036.647171][T15934] device bridge1002 left promiscuous mode
[ 2036.652898][T15934] bridge1001: port 1(vlan435) entered disabled state
[ 2036.662719][T15934] device bridge1000 left promiscuous mode
[ 2036.669749][T15934] bridge999: port 1(vlan434) entered disabled state
[ 2036.679215][T15934] device bridge998 left promiscuous mode
[ 2036.685482][T15934] bridge997: port 1(vlan433) entered disabled state
[ 2036.694255][T15934] device bridge996 left promiscuous mode
[ 2036.700667][T15934] bridge995: port 1(vlan432) entered disabled state
[ 2036.709739][T15934] device bridge994 left promiscuous mode
[ 2036.715861][T15934] bridge993: port 1(vlan431) entered disabled state
[ 2036.724196][T15934] device bridge992 left promiscuous mode
[ 2036.730360][T15934] bridge991: port 1(vlan430) entered disabled state
[ 2036.739004][T15934] device bridge990 left promiscuous mode
[ 2036.745172][T15934] bridge989: port 1(vlan429) entered disabled state
[ 2036.753895][T15934] device bridge988 left promiscuous mode
[ 2036.760192][T15934] bridge987: port 1(vlan428) entered disabled state
[ 2036.771569][T15934] device bridge984 left promiscuous mode
[ 2036.777625][T15934] bridge983: port 1(vlan427) entered disabled state
[ 2036.788091][T15934] device bridge982 left promiscuous mode
[ 2036.793747][T15934] bridge981: port 1(vlan426) entered disabled state
[ 2036.803591][T15934] device bridge980 left promiscuous mode
[ 2036.809694][T15934] bridge979: port 1(vlan425) entered disabled state
[ 2036.818693][T15934] device bridge978 left promiscuous mode
[ 2036.824331][T15934] bridge977: port 1(vlan424) entered disabled state
[ 2036.834293][T15934] device bridge976 left promiscuous mode
[ 2036.840375][T15934] bridge975: port 1(vlan423) entered disabled state
[ 2036.849473][T15934] device bridge974 left promiscuous mode
[ 2036.855762][T15934] bridge973: port 1(vlan422) entered disabled state
[ 2036.865075][T15934] device bridge972 left promiscuous mode
[ 2036.870947][T15934] bridge971: port 1(vlan421) entered disabled state
[ 2036.881492][T15934] device bridge970 left promiscuous mode
[ 2036.887587][T15934] bridge969: port 1(vlan420) entered disabled state
[ 2036.897445][T15934] device bridge968 left promiscuous mode
[ 2036.903393][T15934] bridge967: port 1(vlan419) entered disabled state
[ 2036.912568][T15934] device bridge966 left promiscuous mode
[ 2036.918662][T15934] bridge965: port 1(vlan418) entered disabled state
[ 2036.927494][T15934] device bridge964 left promiscuous mode
[ 2036.933134][T15934] bridge963: port 1(vlan417) entered disabled state
[ 2036.943943][T15934] device bridge962 left promiscuous mode
[ 2036.949940][T15934] bridge961: port 1(vlan416) entered disabled state
[ 2036.959236][T15934] device bridge960 left promiscuous mode
[ 2036.965370][T15934] bridge959: port 1(vlan415) entered disabled state
[ 2036.974065][T15934] device bridge958 left promiscuous mode
[ 2036.980311][T15934] bridge957: port 1(vlan414) entered disabled state
[ 2036.989917][T15934] device bridge956 left promiscuous mode
[ 2036.996097][T15934] bridge955: port 1(vlan413) entered disabled state
[ 2037.008523][T15934] device bridge952 left promiscuous mode
[ 2037.014169][T15934] bridge951: port 1(vlan412) entered disabled state
[ 2037.023613][T15934] device bridge950 left promiscuous mode
[ 2037.029679][T15934] bridge949: port 1(vlan411) entered disabled state
[ 2037.038366][T15934] device bridge948 left promiscuous mode
[ 2037.044002][T15934] bridge947: port 1(vlan410) entered disabled state
[ 2037.053757][T15934] device bridge946 left promiscuous mode
[ 2037.061220][T15934] bridge945: port 1(vlan409) entered disabled state
[ 2037.070512][T15934] device bridge944 left promiscuous mode
[ 2037.077514][T15934] bridge943: port 1(vlan408) entered disabled state
[ 2037.087084][T15934] device bridge940 left promiscuous mode
[ 2037.092727][T15934] bridge939: port 1(vlan407) entered disabled state
[ 2037.102796][T15934] device bridge938 left promiscuous mode
[ 2037.109144][T15934] bridge937: port 1(vlan406) entered disabled state
[ 2037.121993][ T1240] ieee802154 phy0 wpan0: encryption failed: -22
[ 2037.128620][ T1240] ieee802154 phy1 wpan1: encryption failed: -22
[ 2037.130457][T15934] device bridge936 left promiscuous mode
[ 2037.142665][T15934] bridge935: port 1(vlan405) entered disabled state
[ 2037.152159][T15934] device bridge934 left promiscuous mode
[ 2037.159151][T15934] bridge933: port 1(vlan404) entered disabled state
[ 2037.168376][T15934] device bridge932 left promiscuous mode
[ 2037.174023][T15934] bridge931: port 1(vlan403) entered disabled state
[ 2037.183547][T15934] device bridge930 left promiscuous mode
[ 2037.189655][T15934] bridge929: port 1(vlan402) entered disabled state
[ 2037.199002][T15934] device bridge928 left promiscuous mode
[ 2037.205174][T15934] bridge927: port 1(vlan401) entered disabled state
[ 2037.214289][T15934] device bridge926 left promiscuous mode
[ 2037.220548][T15934] bridge925: port 1(vlan400) entered disabled state
[ 2037.229670][T15934] device bridge924 left promiscuous mode
[ 2037.235770][T15934] bridge923: port 1(vlan399) entered disabled state
[ 2037.244183][T15934] device bridge922 left promiscuous mode
[ 2037.250320][T15934] bridge921: port 1(vlan398) entered disabled state
[ 2037.259315][T15934] device bridge920 left promiscuous mode
[ 2037.265408][T15934] bridge919: port 1(vlan397) entered disabled state
[ 2037.274153][T15934] device bridge918 left promiscuous mode
[ 2037.281709][T15934] bridge917: port 1(vlan396) entered disabled state
[ 2037.290981][T15934] device bridge916 left promiscuous mode
[ 2037.297129][T15934] bridge915: port 1(vlan395) entered disabled state
[ 2037.307150][T15934] device bridge914 left promiscuous mode
[ 2037.313122][T15934] bridge913: port 1(vlan394) entered disabled state
[ 2037.323282][T15934] device bridge912 left promiscuous mode
[ 2037.329230][T15934] bridge911: port 1(vlan393) entered disabled state
[ 2037.338113][T15934] device bridge910 left promiscuous mode
[ 2037.343751][T15934] bridge909: port 1(vlan392) entered disabled state
[ 2037.352914][T15934] device bridge908 left promiscuous mode
[ 2037.359040][T15934] bridge907: port 1(vlan391) entered disabled state
[ 2037.368520][T15934] device bridge906 left promiscuous mode
[ 2037.374160][T15934] bridge905: port 1(vlan390) entered disabled state
[ 2037.383309][T15934] device bridge904 left promiscuous mode
[ 2037.389437][T15934] bridge903: port 1(vlan389) entered disabled state
[ 2037.398633][T15934] device bridge902 left promiscuous mode
[ 2037.404278][T15934] bridge901: port 1(vlan388) entered disabled state
[ 2037.415123][T15934] device bridge898 left promiscuous mode
[ 2037.420775][T15934] bridge897: port 1(vlan387) entered disabled state
[ 2037.431014][T15934] device bridge896 left promiscuous mode
[ 2037.437040][T15934] bridge895: port 1(vlan386) entered disabled state
[ 2037.447618][T15934] device bridge894 left promiscuous mode
[ 2037.453287][T15934] bridge893: port 1(vlan385) entered disabled state
[ 2037.462412][T15934] device bridge892 left promiscuous mode
[ 2037.469644][T15934] bridge891: port 1(vlan384) entered disabled state
[ 2037.478852][T15934] device bridge890 left promiscuous mode
[ 2037.485078][T15934] bridge889: port 1(vlan383) entered disabled state
[ 2037.495018][T15934] device bridge886 left promiscuous mode
[ 2037.500677][T15934] bridge885: port 1(vlan381) entered disabled state
[ 2037.511369][T15934] device bridge884 left promiscuous mode
[ 2037.517733][T15934] bridge883: port 1(vlan380) entered disabled state
[ 2037.527522][T15934] device bridge882 left promiscuous mode
[ 2037.533158][T15934] bridge881: port 1(vlan379) entered disabled state
[ 2037.542534][T15934] device bridge880 left promiscuous mode
[ 2037.548701][T15934] bridge879: port 1(vlan378) entered disabled state
[ 2037.558906][T15934] device bridge878 left promiscuous mode
[ 2037.565005][T15934] bridge877: port 1(vlan377) entered disabled state
[ 2037.573814][T15934] device bridge876 left promiscuous mode
[ 2037.580052][T15934] bridge875: port 1(vlan376) entered disabled state
[ 2037.589031][T15934] device bridge874 left promiscuous mode
[ 2037.595657][T15934] bridge873: port 1(vlan375) entered disabled state
[ 2037.604357][T15934] device bridge872 left promiscuous mode
[ 2037.610328][T15934] bridge871: port 1(vlan374) entered disabled state
[ 2037.619628][T15934] device bridge870 left promiscuous mode
[ 2037.625833][T15934] bridge869: port 1(vlan373) entered disabled state
[ 2037.634112][T15934] device bridge868 left promiscuous mode
[ 2037.640279][T15934] bridge867: port 1(vlan372) entered disabled state
[ 2037.649853][T15934] device bridge866 left promiscuous mode
[ 2037.656071][T15934] bridge865: port 1(vlan371) entered disabled state
[ 2037.665544][T15934] device bridge864 left promiscuous mode
[ 2037.671213][T15934] bridge863: port 1(vlan370) entered disabled state
[ 2037.680406][T15934] device bridge862 left promiscuous mode
[ 2037.686841][T15934] bridge861: port 1(vlan369) entered disabled state
[ 2037.696489][T15934] device bridge860 left promiscuous mode
[ 2037.702132][T15934] bridge859: port 1(vlan368) entered disabled state
[ 2037.711939][T15934] device bridge858 left promiscuous mode
[ 2037.717859][T15934] bridge857: port 1(vlan367) entered disabled state
[ 2037.727882][T15934] device bridge856 left promiscuous mode
[ 2037.733527][T15934] bridge855: port 1(vlan366) entered disabled state
[ 2037.742192][T15934] device bridge854 left promiscuous mode
[ 2037.748286][T15934] bridge853: port 1(vlan365) entered disabled state
[ 2037.758887][T15934] device bridge852 left promiscuous mode
[ 2037.764855][T15934] bridge851: port 1(vlan364) entered disabled state
[ 2037.773546][T15934] device bridge850 left promiscuous mode
[ 2037.779735][T15934] bridge849: port 1(vlan363) entered disabled state
[ 2037.788851][T15934] device bridge848 left promiscuous mode
[ 2037.795021][T15934] bridge847: port 1(vlan362) entered disabled state
[ 2037.804079][T15934] device bridge846 left promiscuous mode
[ 2037.810166][T15934] bridge845: port 1(vlan361) entered disabled state
[ 2037.818885][T15934] device bridge844 left promiscuous mode
[ 2037.825407][T15934] bridge843: port 1(vlan360) entered disabled state
[ 2037.833680][T15934] device bridge842 left promiscuous mode
[ 2037.839879][T15934] bridge841: port 1(vlan359) entered disabled state
[ 2037.849940][T15934] device bridge840 left promiscuous mode
[ 2037.856101][T15934] bridge839: port 1(vlan358) entered disabled state
[ 2037.866528][T15934] device bridge838 left promiscuous mode
[ 2037.872174][T15934] bridge837: port 1(vlan357) entered disabled state
[ 2037.883741][T15934] device bridge832 left promiscuous mode
[ 2037.891044][T15934] bridge831: port 1(vlan356) entered disabled state
[ 2037.900920][T15934] device bridge828 left promiscuous mode
[ 2037.907449][T15934] bridge827: port 1(vlan355) entered disabled state
[ 2037.917732][T15934] device bridge826 left promiscuous mode
[ 2037.923372][T15934] bridge825: port 1(vlan354) entered disabled state
[ 2037.933128][T15934] device bridge822 left promiscuous mode
[ 2037.939106][T15934] bridge821: port 1(vlan353) entered disabled state
[ 2037.948788][T15934] device bridge818 left promiscuous mode
[ 2037.955426][T15934] bridge817: port 1(vlan352) entered disabled state
[ 2037.966325][T15934] device bridge810 left promiscuous mode
[ 2037.971973][T15934] bridge809: port 1(vlan351) entered disabled state
[ 2037.981954][T15934] device bridge806 left promiscuous mode
[ 2037.988146][T15934] bridge805: port 1(vlan350) entered disabled state
[ 2037.997716][T15934] device bridge804 left promiscuous mode
[ 2038.003358][T15934] bridge803: port 1(vlan349) entered disabled state
[ 2038.012999][T15934] device bridge800 left promiscuous mode
[ 2038.020015][T15934] bridge799: port 1(vlan348) entered disabled state
[ 2038.028995][T15934] device bridge798 left promiscuous mode
[ 2038.035271][T15934] bridge797: port 1(vlan347) entered disabled state
[ 2038.044348][T15934] device bridge794 left promiscuous mode
[ 2038.050513][T15934] bridge793: port 1(vlan346) entered disabled state
[ 2038.060212][T15934] device bridge790 left promiscuous mode
[ 2038.066402][T15934] bridge789: port 1(vlan345) entered disabled state
[ 2038.076736][T15934] device bridge786 left promiscuous mode
[ 2038.082379][T15934] bridge785: port 1(vlan344) entered disabled state
[ 2038.092416][T15934] device bridge782 left promiscuous mode
[ 2038.098496][T15934] bridge781: port 1(vlan343) entered disabled state
[ 2038.108247][T15934] device bridge778 left promiscuous mode
[ 2038.113883][T15934] bridge777: port 1(vlan342) entered disabled state
[ 2038.147188][T15934] device bridge708 left promiscuous mode
[ 2038.152844][T15934] bridge707: port 1(vlan341) entered disabled state
[ 2038.163226][T15934] device bridge706 left promiscuous mode
[ 2038.171258][T15934] bridge705: port 1(vlan340) entered disabled state
[ 2038.181449][T15934] device bridge704 left promiscuous mode
[ 2038.187449][T15934] bridge703: port 1(vlan339) entered disabled state
[ 2038.198310][T15934] device bridge702 left promiscuous mode
[ 2038.203969][T15934] bridge701: port 1(vlan338) entered disabled state
[ 2038.212944][T15934] device bridge700 left promiscuous mode
[ 2038.219187][T15934] bridge699: port 1(vlan337) entered disabled state
[ 2038.227966][T15934] device bridge698 left promiscuous mode
[ 2038.233757][T15934] bridge697: port 1(vlan336) entered disabled state
[ 2038.242813][T15934] device bridge696 left promiscuous mode
[ 2038.249254][T15934] bridge695: port 1(vlan335) entered disabled state
[ 2038.262717][T15934] device bridge692 left promiscuous mode
[ 2038.269018][T15934] bridge691: port 1(vlan334) entered disabled state
[ 2038.279023][T15934] device bridge690 left promiscuous mode
[ 2038.285299][T15934] bridge689: port 1(vlan333) entered disabled state
[ 2038.293974][T15934] device bridge688 left promiscuous mode
[ 2038.300448][T15934] bridge687: port 1(vlan332) entered disabled state
[ 2038.309973][T15934] device bridge686 left promiscuous mode
[ 2038.316152][T15934] bridge685: port 1(vlan331) entered disabled state
[ 2038.325158][T15934] device bridge684 left promiscuous mode
[ 2038.330817][T15934] bridge683: port 1(vlan330) entered disabled state
[ 2038.339924][T15934] device bridge682 left promiscuous mode
[ 2038.345870][T15934] bridge681: port 1(vlan329) entered disabled state
[ 2038.355237][T15934] device bridge680 left promiscuous mode
[ 2038.360999][T15934] bridge679: port 1(vlan328) entered disabled state
[ 2038.370207][T15934] device bridge678 left promiscuous mode
[ 2038.376187][T15934] bridge677: port 1(vlan327) entered disabled state
[ 2038.386206][T15934] device bridge676 left promiscuous mode
[ 2038.391885][T15934] bridge675: port 1(vlan326) entered disabled state
[ 2038.407619][T15934] device bridge674 left promiscuous mode
[ 2038.413274][T15934] bridge673: port 1(vlan325) entered disabled state
[ 2038.422276][T15934] device bridge672 left promiscuous mode
[ 2038.428355][T15934] bridge671: port 1(vlan324) entered disabled state
[ 2038.438913][T15934] device bridge670 left promiscuous mode
[ 2038.445109][T15934] bridge669: port 1(vlan323) entered disabled state
[ 2038.453856][T15934] device bridge668 left promiscuous mode
[ 2038.459956][T15934] bridge667: port 1(vlan322) entered disabled state
[ 2038.468963][T15934] device bridge666 left promiscuous mode
[ 2038.475113][T15934] bridge665: port 1(vlan321) entered disabled state
[ 2038.484257][T15934] device bridge664 left promiscuous mode
[ 2038.490398][T15934] bridge663: port 1(vlan320) entered disabled state
[ 2038.500837][T15934] device bridge662 left promiscuous mode
[ 2038.506900][T15934] bridge661: port 1(vlan319) entered disabled state
[ 2038.516453][T15934] device bridge660 left promiscuous mode
[ 2038.522106][T15934] bridge659: port 1(vlan318) entered disabled state
[ 2038.532088][T15934] device bridge658 left promiscuous mode
[ 2038.539092][T15934] bridge657: port 1(vlan317) entered disabled state
[ 2038.547928][T15934] device bridge656 left promiscuous mode
[ 2038.553588][T15934] bridge655: port 1(vlan316) entered disabled state
[ 2038.567370][T15934] device bridge654 left promiscuous mode
[ 2038.573050][T15934] bridge653: port 1(vlan315) entered disabled state
[ 2038.582294][T15934] device bridge652 left promiscuous mode
[ 2038.588532][T15934] bridge651: port 1(vlan314) entered disabled state
[ 2038.597656][T15934] device bridge650 left promiscuous mode
[ 2038.603300][T15934] bridge649: port 1(vlan313) entered disabled state
[ 2038.612692][T15934] device bridge648 left promiscuous mode
[ 2038.618635][T15934] bridge647: port 1(vlan312) entered disabled state
[ 2038.627872][T15934] device bridge644 left promiscuous mode
[ 2038.633510][T15934] bridge643: port 1(vlan311) entered disabled state
[ 2038.643219][T15934] device bridge642 left promiscuous mode
[ 2038.650585][T15934] bridge641: port 1(vlan310) entered disabled state
[ 2038.659764][T15934] device bridge640 left promiscuous mode
[ 2038.666781][T15934] bridge639: port 1(vlan309) entered disabled state
[ 2038.676158][T15934] device bridge638 left promiscuous mode
[ 2038.681800][T15934] bridge637: port 1(vlan308) entered disabled state
[ 2038.690750][T15934] device bridge636 left promiscuous mode
[ 2038.696971][T15934] bridge635: port 1(vlan307) entered disabled state
[ 2038.708368][T15934] device bridge634 left promiscuous mode
[ 2038.714011][T15934] bridge633: port 1(vlan306) entered disabled state
[ 2038.722720][T15934] device bridge632 left promiscuous mode
[ 2038.728812][T15934] bridge631: port 1(vlan305) entered disabled state
[ 2038.737596][T15934] device bridge630 left promiscuous mode
[ 2038.743588][T15934] bridge629: port 1(vlan304) entered disabled state
[ 2038.753100][T15934] device bridge628 left promiscuous mode
[ 2038.759152][T15934] bridge627: port 1(vlan303) entered disabled state
[ 2038.768197][T15934] device bridge626 left promiscuous mode
[ 2038.773842][T15934] bridge625: port 1(vlan302) entered disabled state
[ 2038.782875][T15934] device bridge624 left promiscuous mode
[ 2038.790099][T15934] bridge623: port 1(vlan301) entered disabled state
[ 2038.799782][T15934] device bridge620 left promiscuous mode
[ 2038.806855][T15934] bridge619: port 1(vlan300) entered disabled state
[ 2038.815975][T15934] device bridge617 left promiscuous mode
[ 2038.821608][T15934] bridge616: port 1(vlan299) entered disabled state
[ 2038.831747][T15934] device bridge615 left promiscuous mode
[ 2038.837710][T15934] bridge614: port 1(vlan298) entered disabled state
[ 2038.847682][T15934] device bridge613 left promiscuous mode
[ 2038.853325][T15934] bridge612: port 1(vlan297) entered disabled state
[ 2038.862748][T15934] device bridge611 left promiscuous mode
[ 2038.868861][T15934] bridge610: port 1(vlan296) entered disabled state
[ 2038.878514][T15934] device bridge609 left promiscuous mode
[ 2038.884155][T15934] bridge608: port 1(vlan295) entered disabled state
[ 2038.893142][T15934] device bridge607 left promiscuous mode
[ 2038.899178][T15934] bridge606: port 1(vlan294) entered disabled state
[ 2038.908444][T15934] device bridge605 left promiscuous mode
[ 2038.914082][T15934] bridge604: port 1(vlan293) entered disabled state
[ 2038.922831][T15934] device bridge603 left promiscuous mode
[ 2038.928913][T15934] bridge602: port 1(vlan292) entered disabled state
[ 2038.938902][T15934] device bridge601 left promiscuous mode
[ 2038.946778][T15934] bridge600: port 1(vlan291) entered disabled state
[ 2038.957773][T15934] device bridge599 left promiscuous mode
[ 2038.963424][T15934] bridge598: port 1(vlan290) entered disabled state
[ 2038.973828][T15934] device bridge597 left promiscuous mode
[ 2038.980125][T15934] bridge596: port 1(vlan289) entered disabled state
[ 2038.989659][T15934] device bridge595 left promiscuous mode
[ 2038.995694][T15934] bridge594: port 1(vlan288) entered disabled state
[ 2039.004269][T15934] device bridge593 left promiscuous mode
[ 2039.010310][T15934] bridge592: port 1(vlan287) entered disabled state
[ 2039.018850][T15934] device bridge591 left promiscuous mode
[ 2039.024939][T15934] bridge590: port 1(vlan286) entered disabled state
[ 2039.034984][T15934] device bridge589 left promiscuous mode
[ 2039.040633][T15934] bridge588: port 1(vlan285) entered disabled state
[ 2039.050695][T15934] device bridge587 left promiscuous mode
[ 2039.056647][T15934] bridge586: port 1(vlan284) entered disabled state
[ 2039.066243][T15934] device bridge585 left promiscuous mode
[ 2039.071906][T15934] bridge584: port 1(vlan283) entered disabled state
[ 2039.081460][T15934] device bridge583 left promiscuous mode
[ 2039.087544][T15934] bridge582: port 1(vlan282) entered disabled state
[ 2039.098891][T15934] device bridge579 left promiscuous mode
[ 2039.104832][T15934] bridge578: port 1(vlan281) entered disabled state
[ 2039.113139][T15934] device bridge577 left promiscuous mode
[ 2039.119180][T15934] bridge576: port 1(vlan280) entered disabled state
[ 2039.128022][T15934] device bridge575 left promiscuous mode
[ 2039.133671][T15934] bridge574: port 1(vlan279) entered disabled state
[ 2039.142402][T15934] device bridge573 left promiscuous mode
[ 2039.148509][T15934] bridge572: port 1(vlan278) entered disabled state
[ 2039.158055][T15934] device bridge571 left promiscuous mode
[ 2039.163696][T15934] bridge570: port 1(vlan277) entered disabled state
[ 2039.172710][T15934] device bridge569 left promiscuous mode
[ 2039.178720][T15934] bridge568: port 1(vlan276) entered disabled state
[ 2039.189434][T15934] device bridge567 left promiscuous mode
[ 2039.195569][T15934] bridge566: port 1(vlan275) entered disabled state
[ 2039.204073][T15934] device bridge565 left promiscuous mode
[ 2039.210138][T15934] bridge564: port 1(vlan274) entered disabled state
[ 2039.221459][T15934] device bridge563 left promiscuous mode
[ 2039.227490][T15934] bridge562: port 1(vlan273) entered disabled state
[ 2039.237152][T15934] device bridge561 left promiscuous mode
[ 2039.242790][T15934] bridge560: port 1(vlan272) entered disabled state
[ 2039.251802][T15934] device bridge559 left promiscuous mode
[ 2039.258641][T15934] bridge558: port 1(vlan271) entered disabled state
[ 2039.268088][T15934] device bridge557 left promiscuous mode
[ 2039.273735][T15934] bridge556: port 1(vlan270) entered disabled state
[ 2039.283573][T15934] device bridge555 left promiscuous mode
[ 2039.289516][T15934] bridge554: port 1(vlan269) entered disabled state
[ 2039.298891][T15934] device bridge553 left promiscuous mode
[ 2039.304971][T15934] bridge552: port 1(vlan268) entered disabled state
[ 2039.313277][T15934] device bridge551 left promiscuous mode
[ 2039.319513][T15934] bridge550: port 1(vlan267) entered disabled state
[ 2039.328075][T15934] device bridge549 left promiscuous mode
[ 2039.333706][T15934] bridge548: port 1(vlan266) entered disabled state
[ 2039.342368][T15934] device bridge547 left promiscuous mode
[ 2039.348385][T15934] bridge546: port 1(vlan265) entered disabled state
[ 2039.359608][T15934] device bridge545 left promiscuous mode
[ 2039.365543][T15934] bridge544: port 1(vlan264) entered disabled state
[ 2039.374093][T15934] device bridge543 left promiscuous mode
[ 2039.380815][T15934] bridge542: port 1(vlan263) entered disabled state
[ 2039.389822][T15934] device bridge541 left promiscuous mode
[ 2039.395871][T15934] bridge540: port 1(vlan262) entered disabled state
[ 2039.406484][T15934] device bridge539 left promiscuous mode
[ 2039.412138][T15934] bridge538: port 1(vlan261) entered disabled state
[ 2039.421476][T15934] device bridge537 left promiscuous mode
[ 2039.427369][T15934] bridge536: port 1(vlan260) entered disabled state
[ 2039.438596][T15934] device bridge535 left promiscuous mode
[ 2039.444292][T15934] bridge534: port 1(vlan259) entered disabled state
[ 2039.453174][T15934] device bridge533 left promiscuous mode
[ 2039.459415][T15934] bridge532: port 1(vlan258) entered disabled state
[ 2039.468500][T15934] device bridge531 left promiscuous mode
[ 2039.474144][T15934] bridge530: port 1(vlan257) entered disabled state
[ 2039.483121][T15934] device bridge529 left promiscuous mode
[ 2039.489586][T15934] bridge528: port 1(vlan256) entered disabled state
[ 2039.500612][T15934] device bridge527 left promiscuous mode
[ 2039.506652][T15934] bridge526: port 1(vlan255) entered disabled state
[ 2039.516598][T15934] device bridge525 left promiscuous mode
[ 2039.522291][T15934] bridge524: port 1(vlan254) entered disabled state
[ 2039.530799][T15934] device bridge523 left promiscuous mode
[ 2039.536845][T15934] bridge522: port 1(vlan253) entered disabled state
[ 2039.545454][T15934] device bridge521 left promiscuous mode
[ 2039.551109][T15934] bridge520: port 1(vlan252) entered disabled state
[ 2039.560446][T15934] device bridge519 left promiscuous mode
[ 2039.566586][T15934] bridge518: port 1(vlan251) entered disabled state
[ 2039.575547][T15934] device bridge517 left promiscuous mode
[ 2039.581205][T15934] bridge516: port 1(vlan250) entered disabled state
[ 2039.590503][T15934] device bridge515 left promiscuous mode
[ 2039.597721][T15934] bridge514: port 1(vlan249) entered disabled state
[ 2039.607620][T15934] device bridge513 left promiscuous mode
[ 2039.613275][T15934] bridge512: port 1(vlan248) entered disabled state
[ 2039.621849][T15934] device bridge511 left promiscuous mode
[ 2039.627904][T15934] bridge510: port 1(vlan247) entered disabled state
[ 2039.638581][T15934] device bridge509 left promiscuous mode
[ 2039.644218][T15934] bridge508: port 1(vlan246) entered disabled state
[ 2039.653149][T15934] device bridge507 left promiscuous mode
[ 2039.659260][T15934] bridge506: port 1(vlan245) entered disabled state
[ 2039.668365][T15934] device bridge505 left promiscuous mode
[ 2039.674014][T15934] bridge504: port 1(vlan244) entered disabled state
[ 2039.684919][T15934] device bridge503 left promiscuous mode
[ 2039.690583][T15934] bridge502: port 1(vlan243) entered disabled state
[ 2039.700127][T15934] device bridge501 left promiscuous mode
[ 2039.706244][T15934] bridge500: port 1(vlan242) entered disabled state
[ 2039.715614][T15934] device bridge499 left promiscuous mode
[ 2039.721272][T15934] bridge498: port 1(vlan241) entered disabled state
[ 2039.729875][T15934] device bridge497 left promiscuous mode
[ 2039.736596][T15934] bridge496: port 1(vlan240) entered disabled state
[ 2039.745624][T15934] device bridge495 left promiscuous mode
[ 2039.751286][T15934] bridge494: port 1(vlan239) entered disabled state
[ 2039.761299][T15934] device bridge493 left promiscuous mode
[ 2039.767634][T15934] bridge492: port 1(vlan238) entered disabled state
[ 2039.777606][T15934] device bridge491 left promiscuous mode
[ 2039.783273][T15934] bridge490: port 1(vlan237) entered disabled state
[ 2039.792483][T15934] device bridge489 left promiscuous mode
[ 2039.799747][T15934] bridge488: port 1(vlan236) entered disabled state
[ 2039.808711][T15934] device bridge487 left promiscuous mode
[ 2039.814352][T15934] bridge486: port 1(vlan235) entered disabled state
[ 2039.822634][T15934] device bridge485 left promiscuous mode
[ 2039.830304][T15934] bridge484: port 1(vlan234) entered disabled state
[ 2039.838834][T15934] device bridge483 left promiscuous mode
[ 2039.845099][T15934] bridge482: port 1(vlan233) entered disabled state
[ 2039.853627][T15934] device bridge481 left promiscuous mode
[ 2039.859670][T15934] bridge480: port 1(vlan232) entered disabled state
[ 2039.869941][T15934] device bridge479 left promiscuous mode
[ 2039.876053][T15934] bridge478: port 1(vlan231) entered disabled state
[ 2039.884988][T15934] device bridge477 left promiscuous mode
[ 2039.890648][T15934] bridge476: port 1(vlan230) entered disabled state
[ 2039.899965][T15934] device bridge475 left promiscuous mode
[ 2039.906062][T15934] bridge474: port 1(vlan229) entered disabled state
[ 2039.914359][T15934] device bridge473 left promiscuous mode
[ 2039.920139][T15934] bridge472: port 1(vlan228) entered disabled state
[ 2039.928946][T15934] device bridge471 left promiscuous mode
[ 2039.935053][T15934] bridge470: port 1(vlan227) entered disabled state
[ 2039.943353][T15934] device bridge469 left promiscuous mode
[ 2039.950531][T15934] bridge468: port 1(vlan226) entered disabled state
[ 2039.960242][T15934] device bridge467 left promiscuous mode
[ 2039.966518][T15934] bridge466: port 1(vlan225) entered disabled state
[ 2039.976240][T15934] device bridge465 left promiscuous mode
[ 2039.981881][T15934] bridge464: port 1(vlan224) entered disabled state
[ 2039.991990][T15934] device bridge463 left promiscuous mode
[ 2039.998113][T15934] bridge462: port 1(vlan223) entered disabled state
[ 2040.008828][T15934] device bridge461 left promiscuous mode
[ 2040.014795][T15934] bridge460: port 1(vlan222) entered disabled state
[ 2040.023025][T15934] device bridge459 left promiscuous mode
[ 2040.029170][T15934] bridge458: port 1(vlan221) entered disabled state
[ 2040.038075][T15934] device bridge457 left promiscuous mode
[ 2040.043719][T15934] bridge456: port 1(vlan220) entered disabled state
[ 2040.052560][T15934] device bridge455 left promiscuous mode
[ 2040.058577][T15934] bridge454: port 1(vlan219) entered disabled state
[ 2040.068068][T15934] device bridge453 left promiscuous mode
[ 2040.073718][T15934] bridge452: port 1(vlan218) entered disabled state
[ 2040.083811][T15934] device bridge451 left promiscuous mode
[ 2040.089886][T15934] bridge450: port 1(vlan217) entered disabled state
[ 2040.099088][T15934] device bridge449 left promiscuous mode
[ 2040.105507][T15934] bridge448: port 1(vlan216) entered disabled state
[ 2040.113866][T15934] device bridge447 left promiscuous mode
[ 2040.119948][T15934] bridge446: port 1(vlan215) entered disabled state
[ 2040.128503][T15934] device bridge445 left promiscuous mode
[ 2040.134138][T15934] bridge444: port 1(vlan214) entered disabled state
[ 2040.145263][T15934] device bridge443 left promiscuous mode
[ 2040.150933][T15934] bridge442: port 1(vlan213) entered disabled state
[ 2040.161152][T15934] device bridge441 left promiscuous mode
[ 2040.168228][T15934] bridge440: port 1(vlan212) entered disabled state
[ 2040.178278][T15934] device bridge439 left promiscuous mode
[ 2040.183953][T15934] bridge438: port 1(vlan211) entered disabled state
[ 2040.194168][T15934] device bridge435 left promiscuous mode
[ 2040.200111][T15934] bridge434: port 1(vlan210) entered disabled state
[ 2040.208982][T15934] device bridge433 left promiscuous mode
[ 2040.214988][T15934] bridge432: port 1(vlan209) entered disabled state
[ 2040.223203][T15934] device bridge431 left promiscuous mode
[ 2040.229323][T15934] bridge430: port 1(vlan208) entered disabled state
[ 2040.237811][T15934] device bridge429 left promiscuous mode
[ 2040.243474][T15934] bridge428: port 1(vlan207) entered disabled state
[ 2040.252457][T15934] device bridge427 left promiscuous mode
[ 2040.258580][T15934] bridge426: port 1(vlan206) entered disabled state
[ 2040.268552][T15934] device bridge425 left promiscuous mode
[ 2040.274204][T15934] bridge424: port 1(vlan205) entered disabled state
[ 2040.284200][T15934] device bridge423 left promiscuous mode
[ 2040.290333][T15934] bridge422: port 1(vlan204) entered disabled state
[ 2040.299903][T15934] device bridge420 left promiscuous mode
[ 2040.305932][T15934] bridge419: port 1(vlan202) entered disabled state
[ 2040.314254][T15934] device bridge418 left promiscuous mode
[ 2040.320416][T15934] bridge417: port 1(vlan201) entered disabled state
[ 2040.329814][T15934] device bridge416 left promiscuous mode
[ 2040.335787][T15934] bridge415: port 1(vlan200) entered disabled state
[ 2040.344099][T15934] device bridge414 left promiscuous mode
[ 2040.350454][T15934] bridge413: port 1(vlan199) entered disabled state
[ 2040.359184][T15934] device bridge412 left promiscuous mode
[ 2040.365279][T15934] bridge411: port 1(vlan198) entered disabled state
[ 2040.373788][T15934] device bridge410 left promiscuous mode
[ 2040.380458][T15934] bridge409: port 1(vlan197) entered disabled state
[ 2040.389386][T15934] device bridge408 left promiscuous mode
[ 2040.397776][T15934] bridge407: port 1(vlan196) entered disabled state
[ 2040.407521][T15934] device bridge406 left promiscuous mode
[ 2040.413162][T15934] bridge405: port 1(vlan195) entered disabled state
[ 2040.422359][T15934] device bridge404 left promiscuous mode
[ 2040.429556][T15934] bridge403: port 1(vlan194) entered disabled state
[ 2040.438140][T15934] device bridge402 left promiscuous mode
[ 2040.443783][T15934] bridge401: port 1(vlan193) entered disabled state
[ 2040.452652][T15934] device bridge400 left promiscuous mode
[ 2040.458625][T15934] bridge399: port 1(vlan192) entered disabled state
[ 2040.467862][T15934] device bridge398 left promiscuous mode
[ 2040.473513][T15934] bridge397: port 1(vlan191) entered disabled state
[ 2040.482478][T15934] device bridge396 left promiscuous mode
[ 2040.489307][T15934] bridge395: port 1(vlan190) entered disabled state
[ 2040.498270][T15934] device bridge394 left promiscuous mode
[ 2040.503915][T15934] bridge393: port 1(vlan189) entered disabled state
[ 2040.513067][T15934] device bridge392 left promiscuous mode
[ 2040.519287][T15934] bridge391: port 1(vlan188) entered disabled state
[ 2040.527867][T15934] device bridge390 left promiscuous mode
[ 2040.533501][T15934] bridge389: port 1(vlan187) entered disabled state
[ 2040.542174][T15934] device bridge388 left promiscuous mode
[ 2040.548133][T15934] bridge387: port 1(vlan186) entered disabled state
[ 2040.557646][T15934] device bridge386 left promiscuous mode
[ 2040.563295][T15934] bridge385: port 1(vlan185) entered disabled state
[ 2040.572093][T15934] device bridge384 left promiscuous mode
[ 2040.578085][T15934] bridge383: port 1(vlan184) entered disabled state
[ 2040.589588][T15934] device bridge382 left promiscuous mode
[ 2040.595560][T15934] bridge381: port 1(vlan183) entered disabled state
[ 2040.603984][T15934] device bridge380 left promiscuous mode
[ 2040.610177][T15934] bridge379: port 1(vlan182) entered disabled state
[ 2040.619249][T15934] device bridge378 left promiscuous mode
[ 2040.625261][T15934] bridge377: port 1(vlan181) entered disabled state
[ 2040.633471][T15934] device bridge376 left promiscuous mode
[ 2040.641458][T15934] bridge375: port 1(vlan180) entered disabled state
[ 2040.651351][T15934] device bridge374 left promiscuous mode
[ 2040.657369][T15934] bridge373: port 1(vlan179) entered disabled state
[ 2040.670060][T15934] device bridge372 left promiscuous mode
[ 2040.676009][T15934] bridge371: port 1(vlan178) entered disabled state
[ 2040.684602][T15934] device bridge370 left promiscuous mode
[ 2040.690450][T15934] bridge369: port 1(vlan177) entered disabled state
[ 2040.700001][T15934] device bridge368 left promiscuous mode
[ 2040.706102][T15934] bridge367: port 1(vlan176) entered disabled state
[ 2040.714349][T15934] device bridge366 left promiscuous mode
[ 2040.721250][T15934] bridge365: port 1(vlan175) entered disabled state
[ 2040.730910][T15934] device bridge364 left promiscuous mode
[ 2040.737150][T15934] bridge363: port 1(vlan174) entered disabled state
[ 2040.746288][T15934] device bridge362 left promiscuous mode
[ 2040.751934][T15934] bridge361: port 1(vlan173) entered disabled state
[ 2040.760785][T15934] device bridge360 left promiscuous mode
[ 2040.766826][T15934] bridge359: port 1(vlan172) entered disabled state
[ 2040.776140][T15934] device bridge358 left promiscuous mode
[ 2040.781798][T15934] bridge357: port 1(vlan171) entered disabled state
[ 2040.790629][T15934] device bridge356 left promiscuous mode
[ 2040.796858][T15934] bridge355: port 1(vlan170) entered disabled state
[ 2040.806346][T15934] device bridge354 left promiscuous mode
[ 2040.811996][T15934] bridge353: port 1(vlan169) entered disabled state
[ 2040.820511][T15934] device bridge352 left promiscuous mode
[ 2040.826419][T15934] bridge351: port 1(vlan168) entered disabled state
[ 2040.836162][T15934] device bridge350 left promiscuous mode
[ 2040.841806][T15934] bridge349: port 1(vlan167) entered disabled state
[ 2040.851171][T15934] device bridge348 left promiscuous mode
[ 2040.857111][T15934] bridge347: port 1(vlan166) entered disabled state
[ 2040.867374][T15934] device bridge346 left promiscuous mode
[ 2040.873032][T15934] bridge345: port 1(vlan165) entered disabled state
[ 2040.882431][T15934] device bridge344 left promiscuous mode
[ 2040.889707][T15934] bridge343: port 1(vlan164) entered disabled state
[ 2040.899004][T15934] device bridge342 left promiscuous mode
[ 2040.905162][T15934] bridge341: port 1(vlan163) entered disabled state
[ 2040.913412][T15934] device bridge340 left promiscuous mode
[ 2040.919514][T15934] bridge339: port 1(vlan162) entered disabled state
[ 2040.927954][T15934] device bridge338 left promiscuous mode
[ 2040.933585][T15934] bridge337: port 1(vlan161) entered disabled state
[ 2040.942216][T15934] device bridge336 left promiscuous mode
[ 2040.948899][T15934] bridge335: port 1(vlan160) entered disabled state
[ 2040.959136][T15934] device bridge334 left promiscuous mode
[ 2040.965168][T15934] bridge333: port 1(vlan159) entered disabled state
[ 2040.973612][T15934] device bridge332 left promiscuous mode
[ 2040.979743][T15934] bridge331: port 1(vlan158) entered disabled state
[ 2040.988768][T15934] device bridge330 left promiscuous mode
[ 2040.994960][T15934] bridge329: port 1(vlan157) entered disabled state
[ 2041.005870][T15934] device bridge328 left promiscuous mode
[ 2041.011533][T15934] bridge327: port 1(vlan156) entered disabled state
[ 2041.020025][T15934] device bridge326 left promiscuous mode
[ 2041.026069][T15934] bridge325: port 1(vlan155) entered disabled state
[ 2041.034190][T15934] device bridge324 left promiscuous mode
[ 2041.040217][T15934] bridge323: port 1(vlan154) entered disabled state
[ 2041.048837][T15934] device bridge321 left promiscuous mode
[ 2041.055818][T15934] bridge322: port 1(vlan153) entered disabled state
[ 2041.065345][T15934] device bridge320 left promiscuous mode
[ 2041.071026][T15934] bridge319: port 1(vlan152) entered disabled state
[ 2041.079905][T15934] device bridge318 left promiscuous mode
[ 2041.085986][T15934] bridge317: port 1(vlan151) entered disabled state
[ 2041.095007][T15934] device bridge316 left promiscuous mode
[ 2041.101135][T15934] bridge315: port 1(vlan150) entered disabled state
[ 2041.109827][T15934] device bridge314 left promiscuous mode
[ 2041.115713][T15934] bridge313: port 1(vlan149) entered disabled state
[ 2041.123835][T15934] device bridge312 left promiscuous mode
[ 2041.129973][T15934] bridge311: port 1(vlan148) entered disabled state
[ 2041.138264][T15934] device bridge310 left promiscuous mode
[ 2041.143903][T15934] bridge309: port 1(vlan147) entered disabled state
[ 2041.152623][T15934] device bridge308 left promiscuous mode
[ 2041.158694][T15934] bridge307: port 1(vlan146) entered disabled state
[ 2041.168536][T15934] device bridge306 left promiscuous mode
[ 2041.174204][T15934] bridge305: port 1(vlan145) entered disabled state
[ 2041.183648][T15934] device bridge304 left promiscuous mode
[ 2041.189727][T15934] bridge303: port 1(vlan144) entered disabled state
[ 2041.198555][T15934] device bridge302 left promiscuous mode
[ 2041.204981][T15934] bridge301: port 1(vlan143) entered disabled state
[ 2041.213895][T15934] device bridge300 left promiscuous mode
[ 2041.219858][T15934] bridge299: port 1(vlan142) entered disabled state
[ 2041.228261][T15934] device bridge298 left promiscuous mode
[ 2041.233896][T15934] bridge297: port 1(vlan141) entered disabled state
[ 2041.242543][T15934] device bridge296 left promiscuous mode
[ 2041.248558][T15934] bridge295: port 1(vlan140) entered disabled state
[ 2041.257723][T15934] device bridge294 left promiscuous mode
[ 2041.263370][T15934] bridge293: port 1(vlan139) entered disabled state
[ 2041.273127][T15934] device bridge292 left promiscuous mode
[ 2041.279716][T15934] bridge291: port 1(vlan138) entered disabled state
[ 2041.288593][T15934] device bridge290 left promiscuous mode
[ 2041.294244][T15934] bridge289: port 1(vlan137) entered disabled state
[ 2041.303574][T15934] device bridge288 left promiscuous mode
[ 2041.309548][T15934] bridge287: port 1(vlan136) entered disabled state
[ 2041.318152][T15934] device bridge286 left promiscuous mode
[ 2041.323787][T15934] bridge285: port 1(vlan135) entered disabled state
[ 2041.332591][T15934] device bridge284 left promiscuous mode
[ 2041.338645][T15934] bridge283: port 1(vlan134) entered disabled state
[ 2041.347195][T15934] device bridge282 left promiscuous mode
[ 2041.352837][T15934] bridge281: port 1(vlan133) entered disabled state
[ 2041.361579][T15934] device bridge280 left promiscuous mode
[ 2041.367601][T15934] bridge279: port 1(vlan132) entered disabled state
[ 2041.378147][T15934] device bridge278 left promiscuous mode
[ 2041.383814][T15934] bridge277: port 1(vlan131) entered disabled state
[ 2041.393963][T15934] device bridge276 left promiscuous mode
[ 2041.401448][T15934] bridge275: port 1(vlan130) entered disabled state
[ 2041.410268][T15934] device bridge274 left promiscuous mode
[ 2041.416199][T15934] bridge273: port 1(vlan129) entered disabled state
[ 2041.424286][T15934] device bridge272 left promiscuous mode
[ 2041.430426][T15934] bridge271: port 1(vlan128) entered disabled state
[ 2041.438855][T15934] device bridge270 left promiscuous mode
[ 2041.445187][T15934] bridge269: port 1(vlan127) entered disabled state
[ 2041.455217][T15934] device bridge268 left promiscuous mode
[ 2041.460874][T15934] bridge267: port 1(vlan126) entered disabled state
[ 2041.469622][T15934] device bridge266 left promiscuous mode
[ 2041.477792][T15934] bridge265: port 1(vlan125) entered disabled state
[ 2041.486840][T15934] device bridge264 left promiscuous mode
[ 2041.492491][T15934] bridge263: port 1(vlan124) entered disabled state
[ 2041.502430][T15934] device bridge262 left promiscuous mode
[ 2041.509463][T15934] bridge261: port 1(vlan123) entered disabled state
[ 2041.518071][T15934] device bridge260 left promiscuous mode
[ 2041.523712][T15934] bridge259: port 1(vlan122) entered disabled state
[ 2041.533233][T15934] device bridge258 left promiscuous mode
[ 2041.539133][T15934] bridge257: port 1(vlan121) entered disabled state
[ 2041.548415][T15934] device bridge256 left promiscuous mode
[ 2041.554052][T15934] bridge255: port 1(vlan120) entered disabled state
[ 2041.562946][T15934] device bridge254 left promiscuous mode
[ 2041.569409][T15934] bridge253: port 1(vlan119) entered disabled state
[ 2041.578229][T15934] device bridge252 left promiscuous mode
[ 2041.583869][T15934] bridge251: port 1(vlan118) entered disabled state
[ 2041.593279][T15934] device bridge250 left promiscuous mode
[ 2041.600727][T15934] bridge249: port 1(vlan117) entered disabled state
[ 2041.609551][T15934] device bridge248 left promiscuous mode
[ 2041.616163][T15934] bridge247: port 1(vlan116) entered disabled state
[ 2041.625288][T15934] device bridge246 left promiscuous mode
[ 2041.630925][T15934] bridge245: port 1(vlan115) entered disabled state
[ 2041.639524][T15934] device bridge244 left promiscuous mode
[ 2041.645559][T15934] bridge243: port 1(vlan114) entered disabled state
[ 2041.653886][T15934] device bridge242 left promiscuous mode
[ 2041.659875][T15934] bridge241: port 1(vlan113) entered disabled state
[ 2041.668499][T15934] device bridge240 left promiscuous mode
[ 2041.674143][T15934] bridge239: port 1(vlan112) entered disabled state
[ 2041.684397][T15934] device bridge238 left promiscuous mode
[ 2041.690537][T15934] bridge237: port 1(vlan111) entered disabled state
[ 2041.699774][T15934] device bridge236 left promiscuous mode
[ 2041.705872][T15934] bridge235: port 1(vlan110) entered disabled state
[ 2041.716311][T15934] device bridge234 left promiscuous mode
[ 2041.721962][T15934] bridge233: port 1(vlan109) entered disabled state
[ 2041.730697][T15934] device bridge232 left promiscuous mode
[ 2041.736601][T15934] bridge231: port 1(vlan108) entered disabled state
[ 2041.745529][T15934] device bridge230 left promiscuous mode
[ 2041.751184][T15934] bridge229: port 1(vlan107) entered disabled state
[ 2041.760001][T15934] device bridge228 left promiscuous mode
[ 2041.765973][T15934] bridge227: port 1(vlan106) entered disabled state
[ 2041.774273][T15934] device bridge226 left promiscuous mode
[ 2041.780274][T15934] bridge225: port 1(vlan105) entered disabled state
[ 2041.789041][T15934] device bridge224 left promiscuous mode
[ 2041.794995][T15934] bridge223: port 1(vlan104) entered disabled state
[ 2041.803331][T15934] device bridge222 left promiscuous mode
[ 2041.809524][T15934] bridge221: port 1(vlan103) entered disabled state
[ 2041.818442][T15934] device bridge220 left promiscuous mode
[ 2041.824075][T15934] bridge219: port 1(vlan102) entered disabled state
[ 2041.833721][T15934] device bridge218 left promiscuous mode
[ 2041.841037][T15934] bridge217: port 1(vlan101) entered disabled state
[ 2041.850245][T15934] device bridge216 left promiscuous mode
[ 2041.857139][T15934] bridge215: port 1(vlan100) entered disabled state
[ 2041.865869][T15934] device bridge214 left promiscuous mode
[ 2041.871516][T15934] bridge213: port 1(vlan99) entered disabled state
[ 2041.881099][T15934] device bridge212 left promiscuous mode
[ 2041.887042][T15934] bridge211: port 1(vlan98) entered disabled state
[ 2041.896281][T15934] device bridge210 left promiscuous mode
[ 2041.901940][T15934] bridge209: port 1(vlan97) entered disabled state
[ 2041.910557][T15934] device bridge208 left promiscuous mode
[ 2041.916434][T15934] bridge207: port 1(vlan96) entered disabled state
[ 2041.925554][T15934] device bridge206 left promiscuous mode
[ 2041.931277][T15934] bridge205: port 1(vlan95) entered disabled state
[ 2041.940084][T15934] device bridge204 left promiscuous mode
[ 2041.947516][T15934] bridge203: port 1(vlan94) entered disabled state
[ 2041.956038][T15934] device bridge202 left promiscuous mode
[ 2041.961679][T15934] bridge201: port 1(vlan93) entered disabled state
[ 2041.971236][T15934] device bridge200 left promiscuous mode
[ 2041.977229][T15934] bridge199: port 1(vlan92) entered disabled state
[ 2041.986467][T15934] device bridge198 left promiscuous mode
[ 2041.992127][T15934] bridge197: port 1(vlan91) entered disabled state
[ 2042.000701][T15934] device bridge196 left promiscuous mode
[ 2042.006593][T15934] bridge195: port 1(vlan90) entered disabled state
[ 2042.015398][T15934] device bridge194 left promiscuous mode
[ 2042.021342][T15934] bridge193: port 1(vlan89) entered disabled state
[ 2042.029736][T15934] device bridge192 left promiscuous mode
[ 2042.035710][T15934] bridge191: port 1(vlan88) entered disabled state
[ 2042.046239][T15934] device bridge190 left promiscuous mode
[ 2042.051968][T15934] bridge189: port 1(vlan87) entered disabled state
[ 2042.060592][T15934] device bridge188 left promiscuous mode
[ 2042.066574][T15934] bridge187: port 1(vlan86) entered disabled state
[ 2042.075918][T15934] device bridge186 left promiscuous mode
[ 2042.081574][T15934] bridge185: port 1(vlan85) entered disabled state
[ 2042.090105][T15934] device bridge184 left promiscuous mode
[ 2042.096100][T15934] bridge183: port 1(vlan84) entered disabled state
[ 2042.104291][T15934] device bridge182 left promiscuous mode
[ 2042.110287][T15934] bridge181: port 1(vlan83) entered disabled state
[ 2042.118604][T15934] device bridge180 left promiscuous mode
[ 2042.124966][T15934] bridge179: port 1(vlan82) entered disabled state
[ 2042.133621][T15934] device bridge178 left promiscuous mode
[ 2042.139671][T15934] bridge177: port 1(vlan81) entered disabled state
[ 2042.148079][T15934] device bridge176 left promiscuous mode
[ 2042.153754][T15934] bridge175: port 1(vlan80) entered disabled state
[ 2042.163262][T15934] device bridge174 left promiscuous mode
[ 2042.170185][T15934] bridge173: port 1(vlan79) entered disabled state
[ 2042.178918][T15934] device bridge172 left promiscuous mode
[ 2042.185097][T15934] bridge171: port 1(vlan78) entered disabled state
[ 2042.193347][T15934] device bridge170 left promiscuous mode
[ 2042.199375][T15934] bridge169: port 1(vlan77) entered disabled state
[ 2042.207852][T15934] device bridge168 left promiscuous mode
[ 2042.213491][T15934] bridge167: port 1(vlan76) entered disabled state
[ 2042.221842][T15934] device bridge166 left promiscuous mode
[ 2042.228100][T15934] bridge165: port 1(vlan75) entered disabled state
[ 2042.242072][T15934] device bridge164 left promiscuous mode
[ 2042.247975][T15934] bridge163: port 1(vlan74) entered disabled state
[ 2042.257268][T15934] device bridge162 left promiscuous mode
[ 2042.262923][T15934] bridge161: port 1(vlan73) entered disabled state
[ 2042.271468][T15934] device bridge160 left promiscuous mode
[ 2042.277881][T15934] bridge159: port 1(vlan72) entered disabled state
[ 2042.286501][T15934] device bridge158 left promiscuous mode
[ 2042.292141][T15934] bridge157: port 1(vlan71) entered disabled state
[ 2042.302954][T15934] device bridge156 left promiscuous mode
[ 2042.308835][T15934] bridge155: port 1(vlan70) entered disabled state
[ 2042.318235][T15934] device bridge154 left promiscuous mode
[ 2042.323869][T15934] bridge153: port 1(vlan69) entered disabled state
[ 2042.333301][T15934] device bridge152 left promiscuous mode
[ 2042.339423][T15934] bridge151: port 1(vlan68) entered disabled state
[ 2042.348031][T15934] device bridge150 left promiscuous mode
[ 2042.353669][T15934] bridge149: port 1(vlan67) entered disabled state
[ 2042.362184][T15934] device bridge148 left promiscuous mode
[ 2042.368081][T15934] bridge147: port 1(vlan66) entered disabled state
[ 2042.377963][T15934] device bridge146 left promiscuous mode
[ 2042.383604][T15934] bridge145: port 1(vlan65) entered disabled state
[ 2042.392301][T15934] device bridge144 left promiscuous mode
[ 2042.398274][T15934] bridge143: port 1(vlan64) entered disabled state
[ 2042.407673][T15934] device bridge142 left promiscuous mode
[ 2042.413312][T15934] bridge141: port 1(vlan63) entered disabled state
[ 2042.421640][T15934] device bridge140 left promiscuous mode
[ 2042.427677][T15934] bridge139: port 1(vlan62) entered disabled state
[ 2042.437473][T15934] device bridge138 left promiscuous mode
[ 2042.443126][T15934] bridge137: port 1(vlan61) entered disabled state
[ 2042.453601][T15934] device bridge136 left promiscuous mode
[ 2042.460763][T15934] bridge135: port 1(vlan60) entered disabled state
[ 2042.469574][T15934] device bridge134 left promiscuous mode
[ 2042.477558][T15934] bridge133: port 1(vlan59) entered disabled state
[ 2042.486600][T15934] device bridge132 left promiscuous mode
[ 2042.492245][T15934] bridge131: port 1(vlan58) entered disabled state
[ 2042.502036][T15934] device bridge130 left promiscuous mode
[ 2042.507975][T15934] bridge129: port 1(vlan57) entered disabled state
[ 2042.519394][T15934] device bridge128 left promiscuous mode
[ 2042.525255][T15934] bridge127: port 1(vlan56) entered disabled state
[ 2042.533794][T15934] device bridge126 left promiscuous mode
[ 2042.541146][T15934] bridge125: port 1(vlan55) entered disabled state
[ 2042.549534][T15934] device bridge124 left promiscuous mode
[ 2042.555669][T15934] bridge123: port 1(vlan54) entered disabled state
[ 2042.563861][T15934] device bridge122 left promiscuous mode
[ 2042.569922][T15934] bridge121: port 1(vlan53) entered disabled state
[ 2042.578408][T15934] device bridge120 left promiscuous mode
[ 2042.584051][T15934] bridge119: port 1(vlan52) entered disabled state
[ 2042.592718][T15934] device bridge118 left promiscuous mode
[ 2042.598744][T15934] bridge117: port 1(vlan51) entered disabled state
[ 2042.609545][T15934] device bridge116 left promiscuous mode
[ 2042.615421][T15934] bridge115: port 1(vlan50) entered disabled state
[ 2042.623399][T15934] device bridge114 left promiscuous mode
[ 2042.629635][T15934] bridge113: port 1(vlan49) entered disabled state
[ 2042.639204][T15934] device bridge112 left promiscuous mode
[ 2042.645129][T15934] bridge111: port 1(vlan48) entered disabled state
[ 2042.653293][T15934] device bridge110 left promiscuous mode
[ 2042.659410][T15934] bridge109: port 1(vlan47) entered disabled state
[ 2042.668027][T15934] device bridge108 left promiscuous mode
[ 2042.673679][T15934] bridge107: port 1(vlan46) entered disabled state
[ 2042.682920][T15934] device bridge106 left promiscuous mode
[ 2042.689148][T15934] bridge105: port 1(vlan45) entered disabled state
[ 2042.697989][T15934] device bridge104 left promiscuous mode
[ 2042.703628][T15934] bridge103: port 1(vlan44) entered disabled state
[ 2042.712238][T15934] device bridge102 left promiscuous mode
[ 2042.718849][T15934] bridge101: port 1(vlan43) entered disabled state
[ 2042.727301][T15934] device bridge100 left promiscuous mode
[ 2042.732935][T15934] bridge99: port 1(vlan42) entered disabled state
[ 2042.741277][T15934] device bridge98 left promiscuous mode
[ 2042.747659][T15934] bridge97: port 1(vlan41) entered disabled state
[ 2042.756831][T15934] device bridge96 left promiscuous mode
[ 2042.762391][T15934] bridge95: port 1(vlan40) entered disabled state
[ 2042.771149][T15934] device bridge94 left promiscuous mode
[ 2042.776982][T15934] bridge93: port 1(vlan39) entered disabled state
[ 2042.786076][T15934] device bridge92 left promiscuous mode
[ 2042.791646][T15934] bridge91: port 1(vlan38) entered disabled state
[ 2042.800443][T15934] device bridge90 left promiscuous mode
[ 2042.806433][T15934] bridge89: port 1(vlan37) entered disabled state
[ 2042.814348][T15934] device bridge88 left promiscuous mode
[ 2042.819937][T15934] bridge87: port 1(vlan36) entered disabled state
[ 2042.828754][T15934] device bridge86 left promiscuous mode
[ 2042.834303][T15934] bridge85: port 1(vlan35) entered disabled state
[ 2042.842591][T15934] device bridge84 left promiscuous mode
[ 2042.848423][T15934] bridge83: port 1(vlan34) entered disabled state
[ 2042.857553][T15934] device bridge80 left promiscuous mode
[ 2042.863110][T15934] bridge79: port 1(vlan33) entered disabled state
[ 2042.871956][T15934] device bridge78 left promiscuous mode
[ 2042.878229][T15934] bridge77: port 1(vlan32) entered disabled state
[ 2042.886979][T15934] device bridge76 left promiscuous mode
[ 2042.892534][T15934] bridge75: port 1(vlan31) entered disabled state
[ 2042.900906][T15934] device bridge74 left promiscuous mode
[ 2042.906888][T15934] bridge73: port 1(vlan30) entered disabled state
[ 2042.915280][T15934] device bridge72 left promiscuous mode
[ 2042.920840][T15934] bridge71: port 1(vlan29) entered disabled state
[ 2042.929439][T15934] device bridge70 left promiscuous mode
[ 2042.935442][T15934] bridge69: port 1(vlan28) entered disabled state
[ 2042.943817][T15934] device bridge68 left promiscuous mode
[ 2042.950156][T15934] bridge67: port 1(vlan27) entered disabled state
[ 2042.958616][T15934] device bridge66 left promiscuous mode
[ 2042.964166][T15934] bridge65: port 1(vlan26) entered disabled state
[ 2042.972591][T15934] device bridge64 left promiscuous mode
[ 2042.978638][T15934] bridge63: port 1(vlan25) entered disabled state
[ 2042.987374][T15934] device bridge62 left promiscuous mode
[ 2042.992930][T15934] bridge61: port 1(vlan24) entered disabled state
[ 2043.002060][T15934] device bridge60 left promiscuous mode
[ 2043.008131][T15934] bridge59: port 1(vlan23) entered disabled state
[ 2043.016983][T15934] device bridge58 left promiscuous mode
[ 2043.022541][T15934] bridge57: port 1(vlan22) entered disabled state
[ 2043.031635][T15934] device bridge56 left promiscuous mode
[ 2043.037926][T15934] bridge55: port 1(vlan21) entered disabled state
[ 2043.047917][T15934] device bridge54 left promiscuous mode
[ 2043.053473][T15934] bridge53: port 1(vlan20) entered disabled state
[ 2043.062014][T15934] device bridge52 left promiscuous mode
[ 2043.067896][T15934] bridge51: port 1(vlan19) entered disabled state
[ 2043.077058][T15934] device bridge50 left promiscuous mode
[ 2043.082612][T15934] bridge49: port 1(vlan18) entered disabled state
[ 2043.090983][T15934] device bridge48 left promiscuous mode
[ 2043.097228][T15934] bridge47: port 1(vlan17) entered disabled state
[ 2043.105915][T15934] device bridge46 left promiscuous mode
[ 2043.111468][T15934] bridge45: port 1(vlan16) entered disabled state
[ 2043.120363][T15934] device bridge44 left promiscuous mode
[ 2043.127098][T15934] bridge43: port 1(vlan15) entered disabled state
[ 2043.135329][T15934] device bridge42 left promiscuous mode
[ 2043.140894][T15934] bridge41: port 1(vlan14) entered disabled state
[ 2043.150241][T15934] device bridge40 left promiscuous mode
[ 2043.156185][T15934] bridge39: port 1(vlan13) entered disabled state
[ 2043.166317][T15934] device bridge38 left promiscuous mode
[ 2043.171878][T15934] bridge37: port 1(vlan12) entered disabled state
[ 2043.180282][T15934] device bridge36 left promiscuous mode
[ 2043.186060][T15934] bridge35: port 1(vlan11) entered disabled state
[ 2043.196472][T15934] device vlan9 left promiscuous mode
[ 2043.201768][T15934] device bridge30 left promiscuous mode
[ 2043.208051][T15934] bridge29: port 1(vlan9) entered disabled state
[ 2043.228551][T15934] device hsr_slave_0 left promiscuous mode
[ 2043.236482][T15934] device hsr_slave_1 left promiscuous mode
[ 2043.242644][T15934] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2043.251360][T15934] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2043.262036][T15934] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2043.270387][T15934] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2043.280250][T15934] device bridge_slave_1 left promiscuous mode
[ 2043.286715][T15934] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2043.294726][T15934] device bridge_slave_0 left promiscuous mode
[ 2043.300873][T15934] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2044.456821][T15934] device veth1_macvtap left promiscuous mode
[ 2044.462893][T15934] device veth0_macvtap left promiscuous mode
[ 2044.470218][T15934] device veth1_vlan left promiscuous mode
[ 2044.477088][T15934] device veth0_vlan left promiscuous mode
[ 2089.194648][ T3648] Bluetooth: hci6: Opcode 0x c03 failed: -110
[ 2093.675764][ T3648] Bluetooth: hci6: Opcode 0x c03 failed: -110
[ 2098.154701][ T3648] Bluetooth: hci6: Opcode 0x c03 failed: -110
[ 2098.557976][ T1240] ieee802154 phy0 wpan0: encryption failed: -22
[ 2098.564299][ T1240] ieee802154 phy1 wpan1: encryption failed: -22
[ 2102.634689][ T3648] Bluetooth: hci6: Opcode 0x c03 failed: -110
[ 2107.114712][ T3648] Bluetooth: hci6: Opcode 0x c03 failed: -110
[ 2111.594671][ T3648] Bluetooth: hci6: Opcode 0x c03 failed: -110
[ 2116.074709][ T3648] Bluetooth: hci6: Opcode 0x c03 failed: -110
[ 2120.554677][ T3648] Bluetooth: hci6: Opcode 0x c03 failed: -110
[ 2125.034654][ T3648] Bluetooth: hci6: Opcode 0x c03 failed: -110
[ 2127.438560][T13400] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 2127.447807][T13400] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 2127.456256][T13400] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 2127.463666][T13400] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 2127.471504][T13400] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[ 2127.479170][T13400] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 2127.487062][T13433] Bluetooth: hci6: HCI_REQ-0x0c1a
[ 2129.514746][T13400] Bluetooth: hci6: command 0x0409 tx timeout
[ 2131.594864][T13400] Bluetooth: hci6: command 0x041b tx timeout
[ 2133.674647][T13400] Bluetooth: hci6: command 0x040f tx timeout
[ 2135.754802][ T3648] Bluetooth: hci6: command 0x0419 tx timeout
[ 2146.715705][ T3648] Bluetooth: hci4: command 0x0406 tx timeout
[ 2159.998892][ T1240] ieee802154 phy0 wpan0: encryption failed: -22
[ 2160.005523][ T1240] ieee802154 phy1 wpan1: encryption failed: -22