516] total_unevictable 0 [ 2690.575193][T29516] anon_cost 0 [ 2690.582461][T29516] file_cost 0 20:24:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x1800}, 0x0) [ 2690.596808][T29516] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14112,uid=0 [ 2690.656197][T29516] Memory cgroup out of memory: Killed process 14112 (syz-executor.1) total-vm:54508kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2690.692702][T14140] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 20:24:39 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000003000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2690.700500][T14140] IPv6: NLM_F_CREATE should be set when creating new route 20:24:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000001400000c00080008"], 0x3c}}, 0x0) 20:24:39 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x49, 0x0, &(0x7f00000004c0)) [ 2690.945924][T14145] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2690.954689][T14145] IPv6: NLM_F_CREATE should be set when creating new route 20:24:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x2000}, 0x0) 20:24:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000884700000c00080008"], 0x3c}}, 0x0) [ 2691.000090][T14149] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2691.007837][T14149] IPv6: NLM_F_CREATE should be set when creating new route 20:24:39 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000004000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000884800000c00080008"], 0x3c}}, 0x0) [ 2691.135392][T14148] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2691.185767][T14148] CPU: 0 PID: 14148 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2691.196253][T14148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2691.206440][T14148] Call Trace: [ 2691.209759][T14148] [ 2691.211309][T14155] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2691.212735][T14148] dump_stack_lvl+0x1e7/0x2e0 [ 2691.212780][T14148] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2691.221529][T14155] IPv6: NLM_F_CREATE should be set when creating new route [ 2691.224644][T14148] ? __pfx__printk+0x10/0x10 [ 2691.241689][T14148] ? ___ratelimit+0x4c4/0x670 [ 2691.246426][T14148] ? __pfx____ratelimit+0x10/0x10 [ 2691.251503][T14148] dump_header+0xda/0x6a0 [ 2691.255887][T14148] oom_kill_process+0x3a7/0x930 [ 2691.260787][T14148] out_of_memory+0xf67/0x1320 [ 2691.265521][T14148] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2691.271199][T14148] ? __pfx___mutex_lock+0x10/0x10 [ 2691.276304][T14148] ? __pfx_out_of_memory+0x10/0x10 20:24:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x2100}, 0x0) [ 2691.281482][T14148] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2691.287090][T14148] ? __pfx_lock_release+0x10/0x10 [ 2691.292182][T14148] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2691.298310][T14148] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2691.303583][T14148] ? mem_cgroup_iter+0x3e9/0x560 [ 2691.308574][T14148] try_charge_memcg+0xda2/0x18a0 [ 2691.313555][T14148] ? mark_lock+0x9a/0x350 [ 2691.317957][T14148] ? __pfx_try_charge_memcg+0x10/0x10 [ 2691.323405][T14148] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2691.329605][T14148] charge_memcg+0xa2/0x160 20:24:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000008a5100000c00080008"], 0x3c}}, 0x0) [ 2691.334098][T14148] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2691.340215][T14148] __read_swap_cache_async+0x480/0x8b0 [ 2691.345722][T14148] ? mark_lock+0x9a/0x350 [ 2691.350108][T14148] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2691.356174][T14148] swap_cluster_readahead+0x67c/0x810 [ 2691.361613][T14148] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2691.367588][T14148] ? __pfx_lock_release+0x10/0x10 [ 2691.372680][T14148] ? xas_descend+0x37e/0x470 [ 2691.377330][T14148] swapin_readahead+0x1ea/0x1070 [ 2691.382319][T14148] ? filemap_get_entry+0x127/0x4e0 [ 2691.387486][T14148] ? __pfx_swapin_readahead+0x10/0x10 [ 2691.392912][T14148] ? __filemap_get_folio+0x935/0xbc0 [ 2691.398262][T14148] ? swap_cache_get_folio+0x9f/0x570 [ 2691.403604][T14148] do_swap_page+0x8ab/0x3da0 [ 2691.408254][T14148] ? __pte_offset_map+0x2c4/0x380 [ 2691.413332][T14148] ? do_swap_page+0x154/0x3da0 [ 2691.418140][T14148] ? __pfx_do_swap_page+0x10/0x10 [ 2691.423201][T14148] ? pte_offset_map_nolock+0x137/0x1f0 [ 2691.426564][T14161] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2691.428688][T14148] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2691.428726][T14148] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2691.428766][T14148] __handle_mm_fault+0x15e8/0x72d0 [ 2691.437688][T14161] IPv6: NLM_F_CREATE should be set when creating new route [ 2691.441803][T14148] ? reacquire_held_locks+0x3eb/0x690 [ 2691.464711][T14148] ? __pfx___handle_mm_fault+0x10/0x10 [ 2691.470234][T14148] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2691.476023][T14148] ? mtree_range_walk+0x6fd/0x8e0 [ 2691.481101][T14148] ? lock_vma_under_rcu+0x18a/0x730 20:24:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x2500}, 0x0) [ 2691.486354][T14148] ? __pfx_lock_release+0x10/0x10 [ 2691.491431][T14148] ? lock_vma_under_rcu+0x2f9/0x730 [ 2691.496705][T14148] ? lock_vma_under_rcu+0x18a/0x730 [ 2691.501946][T14148] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2691.507547][T14148] handle_mm_fault+0x3c1/0x8a0 [ 2691.512428][T14148] exc_page_fault+0x456/0x870 [ 2691.517181][T14148] asm_exc_page_fault+0x26/0x30 [ 2691.522094][T14148] RIP: 0033:0x7f091a88708e 20:24:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000655800000c00080008"], 0x3c}}, 0x0) [ 2691.526568][T14148] Code: 00 48 8d 3d 7c b6 06 00 e8 6f 57 fb ff 48 8d 3d a8 b5 06 00 31 c0 e8 a1 f8 ff ff 90 55 53 48 83 ec 08 48 85 ff 74 45 48 89 fb <48> 8b 3d b3 e6 c4 00 be 10 00 00 00 48 8d 6f 0e 48 83 c7 10 e8 79 [ 2691.546226][T14148] RSP: 002b:00007ffdf4c5ca40 EFLAGS: 00010206 [ 2691.552345][T14148] RAX: 00007f091b5599d0 RBX: 00007f091b5596c0 RCX: 00007f091a87de67 [ 2691.560360][T14148] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f091b5596c0 [ 2691.568378][T14148] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 [ 2691.576425][T14148] R10: 0000000000021000 R11: 0000000000000206 R12: 00007ffdf4c5cd00 [ 2691.584443][T14148] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 2691.592481][T14148] [ 2691.604561][T14148] memory: usage 307180kB, limit 307200kB, failcnt 164711 [ 2691.611909][T14148] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0 [ 2691.620117][T14148] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2691.628602][T14148] Memory cgroup stats for /syz1: [ 2691.628746][T14148] cache 0 [ 2691.637286][T14148] rss 12288 [ 2691.641387][T14148] rss_huge 0 [ 2691.644629][T14148] shmem 0 [ 2691.647861][T14148] mapped_file 0 [ 2691.666192][T14148] dirty 0 [ 2691.669195][T14148] writeback 0 [ 2691.672498][T14148] workingset_refault_anon 54557 [ 2691.685033][T14148] workingset_refault_file 0 [ 2691.698976][T14148] swap 233472 [ 2691.702326][T14148] swapcached 8192 [ 2691.717099][T14148] pgpgin 202455 [ 2691.720621][T14148] pgpgout 202452 [ 2691.724201][T14148] pgfault 461061 [ 2691.729827][T14148] pgmajfault 52388 [ 2691.733692][T14148] inactive_anon 4096 [ 2691.740628][T14148] active_anon 8192 [ 2691.744501][T14148] inactive_file 0 [ 2691.749261][T14148] active_file 0 [ 2691.752850][T14148] unevictable 0 [ 2691.756993][T14148] hierarchical_memory_limit 314572800 [ 2691.762490][T14148] hierarchical_memsw_limit 9223372036854771712 [ 2691.769564][T14148] total_cache 0 [ 2691.773165][T14148] total_rss 12288 [ 2691.777921][T14148] total_rss_huge 0 [ 2691.781785][T14148] total_shmem 0 [ 2691.785356][T14148] total_mapped_file 0 [ 2691.793288][T14148] total_dirty 0 [ 2691.797312][T14148] total_writeback 0 [ 2691.801241][T14148] total_workingset_refault_anon 54557 [ 2691.807814][T14148] total_workingset_refault_file 0 [ 2691.813168][T14148] total_swap 233472 [ 2691.820796][T14148] total_swapcached 8192 [ 2691.825177][T14148] total_pgpgin 202455 [ 2691.830804][T14148] total_pgpgout 202452 [ 2691.835104][T14148] total_pgfault 461061 [ 2691.840934][T14148] total_pgmajfault 52388 [ 2691.845534][T14148] total_inactive_anon 4096 [ 2691.856280][T14148] total_active_anon 8192 [ 2691.858566][T14167] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2691.860887][T14148] total_inactive_file 0 [ 2691.869457][T14167] IPv6: NLM_F_CREATE should be set when creating new route [ 2691.879973][T14148] total_active_file 0 [ 2691.886944][T14168] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2691.890142][T14148] total_unevictable 0 [ 2691.894684][T14168] IPv6: NLM_F_CREATE should be set when creating new route [ 2691.904660][T14148] anon_cost 0 [ 2691.923979][T14148] file_cost 0 20:24:40 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000005000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x3f00}, 0x0) 20:24:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000006000000c00080008"], 0x3c}}, 0x0) [ 2691.929793][T14148] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14148,uid=0 [ 2691.947421][T14148] Memory cgroup out of memory: Killed process 14148 (syz-executor.1) total-vm:54508kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:24:40 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000540)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0x1f}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x44}}, 0x0) [ 2692.095215][T14173] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2692.102809][T14173] IPv6: NLM_F_CREATE should be set when creating new route 20:24:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000586500000c00080008"], 0x3c}}, 0x0) 20:24:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000006000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2692.251333][T14178] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2692.260123][T14178] IPv6: NLM_F_CREATE should be set when creating new route 20:24:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 20:24:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000008100000c00080008"], 0x3c}}, 0x0) 20:24:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000478800000c00080008"], 0x3c}}, 0x0) [ 2692.401050][T14185] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2692.408786][T14185] IPv6: NLM_F_CREATE should be set when creating new route 20:24:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000007000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2692.455866][T14177] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2692.471973][T14177] CPU: 0 PID: 14177 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2692.482455][T14177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2692.492556][T14177] Call Trace: [ 2692.495870][T14177] [ 2692.498836][T14177] dump_stack_lvl+0x1e7/0x2e0 [ 2692.503571][T14177] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2692.508823][T14177] ? __pfx__printk+0x10/0x10 [ 2692.513539][T14177] ? ___ratelimit+0x4c4/0x670 [ 2692.518263][T14177] ? __pfx____ratelimit+0x10/0x10 [ 2692.523362][T14177] dump_header+0xda/0x6a0 [ 2692.527740][T14177] oom_kill_process+0x3a7/0x930 [ 2692.532644][T14177] out_of_memory+0xf67/0x1320 [ 2692.537371][T14177] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2692.543056][T14177] ? __pfx___mutex_lock+0x10/0x10 [ 2692.548138][T14177] ? __pfx_out_of_memory+0x10/0x10 [ 2692.553389][T14177] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2692.558985][T14177] ? __pfx_lock_release+0x10/0x10 [ 2692.564058][T14177] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2692.570176][T14177] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2692.575408][T14177] ? mem_cgroup_iter+0x3e9/0x560 [ 2692.580391][T14177] try_charge_memcg+0xda2/0x18a0 [ 2692.585344][T14177] ? mark_lock+0x9a/0x350 [ 2692.589699][T14177] ? __pfx_try_charge_memcg+0x10/0x10 [ 2692.595106][T14177] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2692.601266][T14177] charge_memcg+0xa2/0x160 [ 2692.605697][T14177] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2692.611772][T14177] __read_swap_cache_async+0x480/0x8b0 [ 2692.617416][T14177] ? mark_lock+0x9a/0x350 [ 2692.621784][T14177] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2692.627792][T14177] swap_cluster_readahead+0x67c/0x810 [ 2692.633191][T14177] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2692.639108][T14177] ? __pfx_lock_release+0x10/0x10 [ 2692.644149][T14177] ? xas_descend+0x37e/0x470 [ 2692.648759][T14177] swapin_readahead+0x1ea/0x1070 [ 2692.653710][T14177] ? filemap_get_entry+0x127/0x4e0 [ 2692.658856][T14177] ? __pfx_swapin_readahead+0x10/0x10 [ 2692.664253][T14177] ? __filemap_get_folio+0x935/0xbc0 [ 2692.669561][T14177] ? swap_cache_get_folio+0x9f/0x570 [ 2692.674887][T14177] do_swap_page+0x8ab/0x3da0 [ 2692.679499][T14177] ? __pte_offset_map+0x2c4/0x380 [ 2692.685067][T14177] ? do_swap_page+0x154/0x3da0 [ 2692.689847][T14177] ? __pfx_do_swap_page+0x10/0x10 [ 2692.694882][T14177] ? pte_offset_map_nolock+0x137/0x1f0 [ 2692.700381][T14177] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2692.706244][T14177] __handle_mm_fault+0x15e8/0x72d0 [ 2692.711413][T14177] ? reacquire_held_locks+0x3eb/0x690 [ 2692.716798][T14177] ? __pfx___handle_mm_fault+0x10/0x10 [ 2692.722283][T14177] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2692.728041][T14177] ? mtree_range_walk+0x6fd/0x8e0 [ 2692.733083][T14177] ? lock_vma_under_rcu+0x18a/0x730 [ 2692.738328][T14177] ? __pfx_lock_release+0x10/0x10 [ 2692.743376][T14177] ? lock_vma_under_rcu+0x2f9/0x730 [ 2692.748608][T14177] ? lock_vma_under_rcu+0x18a/0x730 [ 2692.753819][T14177] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2692.759395][T14177] handle_mm_fault+0x3c1/0x8a0 [ 2692.764236][T14177] exc_page_fault+0x456/0x870 [ 2692.768974][T14177] asm_exc_page_fault+0x26/0x30 [ 2692.773862][T14177] RIP: 0033:0x7f091a85283e [ 2692.778318][T14177] Code: 31 ff 4d 01 f2 41 0f 92 c7 72 a6 48 8b 44 24 08 48 8d 84 06 00 08 00 00 4c 01 f0 48 21 d8 49 39 c2 72 8e 31 c0 be 01 00 00 00 0f b1 35 9a 8a c8 00 0f 85 26 0a 00 00 c1 e1 02 48 8b 05 aa 8a [ 2692.797953][T14177] RSP: 002b:00007ffdf4c5ca60 EFLAGS: 00010246 [ 2692.804036][T14177] RAX: 0000000000000000 RBX: fffffffffffff000 RCX: 0000000000000006 [ 2692.812043][T14177] RDX: 000000000000003f RSI: 0000000000000001 RDI: 00007ffdf4c5ccb8 [ 2692.820043][T14177] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2692.828031][T14177] R10: 0000000000021000 R11: 0000000000020000 R12: 00007ffdf4c5cd00 [ 2692.836009][T14177] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 2692.844005][T14177] [ 2692.890827][T14177] memory: usage 307180kB, limit 307200kB, failcnt 164964 [ 2692.901146][T14177] memory+swap: usage 307432kB, limit 9007199254740988kB, failcnt 0 [ 2692.910161][T14177] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2692.929403][T14177] Memory cgroup stats for /syz1: [ 2692.929568][T14177] cache 0 [ 2692.942478][T14192] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2692.950216][T14192] IPv6: NLM_F_CREATE should be set when creating new route [ 2692.963360][T14177] rss 12288 20:24:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x44c1}, 0x0) 20:24:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000008000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000488800000c00080008"], 0x3c}}, 0x0) [ 2693.001785][T14177] rss_huge 0 [ 2693.005118][T14177] shmem 0 [ 2693.008222][T14177] mapped_file 0 [ 2693.011774][T14177] dirty 0 [ 2693.014748][T14177] writeback 0 [ 2693.020479][T14177] workingset_refault_anon 54650 [ 2693.025435][T14177] workingset_refault_file 0 [ 2693.030943][T14177] swap 258048 [ 2693.049225][T14177] swapcached 8192 [ 2693.058717][T14177] pgpgin 202558 [ 2693.062228][T14177] pgpgout 202555 [ 2693.065812][T14177] pgfault 461202 [ 2693.129445][T14177] pgmajfault 52457 [ 2693.133344][T14177] inactive_anon 0 [ 2693.138723][T14177] active_anon 12288 [ 2693.142759][T14177] inactive_file 0 [ 2693.152163][T14177] active_file 0 [ 2693.155761][T14177] unevictable 0 [ 2693.159832][T14177] hierarchical_memory_limit 314572800 [ 2693.165721][T14177] hierarchical_memsw_limit 9223372036854771712 [ 2693.174122][T14177] total_cache 0 [ 2693.178486][T14177] total_rss 12288 [ 2693.182285][T14177] total_rss_huge 0 [ 2693.186803][T14177] total_shmem 0 [ 2693.190385][T14177] total_mapped_file 0 [ 2693.194476][T14177] total_dirty 0 [ 2693.198836][T14177] total_writeback 0 [ 2693.202761][T14177] total_workingset_refault_anon 54650 [ 2693.209612][T14177] total_workingset_refault_file 0 [ 2693.214745][T14177] total_swap 258048 [ 2693.219317][T14177] total_swapcached 8192 [ 2693.223593][T14177] total_pgpgin 202558 [ 2693.228677][T14177] total_pgpgout 202555 [ 2693.232911][T14177] total_pgfault 461202 [ 2693.239397][T14177] total_pgmajfault 52457 [ 2693.260660][T14177] total_inactive_anon 0 [ 2693.264951][T14177] total_active_anon 12288 [ 2693.272502][T14177] total_inactive_file 0 20:24:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000518a00000c00080008"], 0x3c}}, 0x0) [ 2693.277472][T14177] total_active_file 0 [ 2693.281579][T14177] total_unevictable 0 [ 2693.285663][T14177] anon_cost 0 [ 2693.289825][T14177] file_cost 0 [ 2693.293253][T14177] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14177,uid=0 20:24:42 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f0000000380)={&(0x7f0000000100)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x20}, 0x1c, 0x0, 0x0, &(0x7f0000000280)=[@hopopts_2292={{0x18}}, @dontfrag={{0x14}}], 0x30}, 0x0) [ 2693.336436][T14177] Memory cgroup out of memory: Killed process 14177 (syz-executor.1) total-vm:54376kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2693.368091][T14200] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2693.375809][T14200] IPv6: NLM_F_CREATE should be set when creating new route [ 2693.396525][T14201] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2693.405183][T14201] IPv6: NLM_F_CREATE should be set when creating new route 20:24:42 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000009000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a0000000000000000fc00000c00080008"], 0x3c}}, 0x0) 20:24:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x44c2}, 0x0) [ 2693.608457][T14209] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2693.616316][T14209] IPv6: NLM_F_CREATE should be set when creating new route 20:24:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a0000000000000000ff00000c00080008"], 0x3c}}, 0x0) 20:24:42 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a0002004000000000000a000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2693.727335][T14212] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2693.736257][T14212] IPv6: NLM_F_CREATE should be set when creating new route 20:24:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000004003000c00080008"], 0x3c}}, 0x0) 20:24:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x4800}, 0x0) [ 2693.842389][T14204] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2693.876585][T14204] CPU: 0 PID: 14204 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2693.887070][T14204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2693.897165][T14204] Call Trace: [ 2693.900482][T14204] [ 2693.903439][T14204] dump_stack_lvl+0x1e7/0x2e0 [ 2693.908166][T14204] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2693.913408][T14204] ? __pfx__printk+0x10/0x10 [ 2693.918059][T14204] ? ___ratelimit+0x4c4/0x670 [ 2693.922793][T14204] ? __pfx____ratelimit+0x10/0x10 [ 2693.927873][T14204] dump_header+0xda/0x6a0 [ 2693.932250][T14204] oom_kill_process+0x3a7/0x930 [ 2693.937132][T14204] out_of_memory+0xf67/0x1320 [ 2693.941850][T14204] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2693.947513][T14204] ? __pfx___mutex_lock+0x10/0x10 [ 2693.952581][T14204] ? __pfx_out_of_memory+0x10/0x10 [ 2693.957727][T14204] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2693.963298][T14204] ? __pfx_lock_release+0x10/0x10 [ 2693.968351][T14204] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2693.974438][T14204] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2693.979654][T14204] ? mem_cgroup_iter+0x3e9/0x560 [ 2693.984627][T14204] try_charge_memcg+0xda2/0x18a0 [ 2693.989574][T14204] ? mark_lock+0x9a/0x350 [ 2693.993938][T14204] ? __pfx_try_charge_memcg+0x10/0x10 [ 2693.999370][T14204] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2694.005529][T14204] charge_memcg+0xa2/0x160 [ 2694.009976][T14204] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2694.016229][T14204] __read_swap_cache_async+0x480/0x8b0 [ 2694.021700][T14204] ? mark_lock+0x9a/0x350 [ 2694.026061][T14204] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2694.032092][T14204] swap_cluster_readahead+0x67c/0x810 [ 2694.037512][T14204] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2694.043428][T14204] ? __pfx_lock_release+0x10/0x10 [ 2694.048475][T14204] ? xas_descend+0x37e/0x470 [ 2694.053088][T14204] swapin_readahead+0x1ea/0x1070 [ 2694.058045][T14204] ? filemap_get_entry+0x127/0x4e0 [ 2694.063178][T14204] ? __pfx_swapin_readahead+0x10/0x10 [ 2694.068573][T14204] ? __filemap_get_folio+0x935/0xbc0 [ 2694.073963][T14204] ? swap_cache_get_folio+0x9f/0x570 [ 2694.079268][T14204] do_swap_page+0x8ab/0x3da0 [ 2694.083874][T14204] ? __pte_offset_map+0x2c4/0x380 [ 2694.088920][T14204] ? do_swap_page+0x154/0x3da0 [ 2694.093697][T14204] ? __pfx_do_swap_page+0x10/0x10 [ 2694.098736][T14204] ? pte_offset_map_nolock+0x137/0x1f0 [ 2694.104210][T14204] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2694.110036][T14204] __handle_mm_fault+0x15e8/0x72d0 [ 2694.115185][T14204] ? reacquire_held_locks+0x3eb/0x690 [ 2694.120565][T14204] ? __pfx___handle_mm_fault+0x10/0x10 [ 2694.126060][T14204] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2694.131814][T14204] ? mtree_range_walk+0x6fd/0x8e0 [ 2694.136854][T14204] ? lock_vma_under_rcu+0x18a/0x730 [ 2694.142066][T14204] ? __pfx_lock_release+0x10/0x10 [ 2694.147104][T14204] ? lock_vma_under_rcu+0x2f9/0x730 [ 2694.152353][T14204] ? lock_vma_under_rcu+0x18a/0x730 [ 2694.157635][T14204] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2694.163222][T14204] handle_mm_fault+0x3c1/0x8a0 [ 2694.168023][T14204] exc_page_fault+0x456/0x870 [ 2694.172733][T14204] asm_exc_page_fault+0x26/0x30 [ 2694.177610][T14204] RIP: 0033:0x7f091a87dbf0 [ 2694.182038][T14204] Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 0f 1f 40 00 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 <48> 8b 05 e1 23 10 00 48 85 c0 74 01 c3 50 48 8d 0d 3b 3a 07 00 ba [ 2694.201763][T14204] RSP: 002b:00007ffdf4c5cb88 EFLAGS: 00010202 [ 2694.207850][T14204] RAX: 0000000000000000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a87dda9 [ 2694.215856][T14204] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ffdf4c5cd00 [ 2694.223840][T14204] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2694.231821][T14204] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007f091a9abf80 [ 2694.239842][T14204] R13: 00007ffdf4c5cd00 R14: 00007f091a9abf80 R15: 00007f091a834bb0 [ 2694.247946][T14204] [ 2694.302276][T14220] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2694.310107][T14204] memory: usage 307180kB, limit 307200kB, failcnt 165162 [ 2694.310117][T14220] IPv6: NLM_F_CREATE should be set when creating new route [ 2694.315524][T14221] __nla_validate_parse: 38 callbacks suppressed [ 2694.315546][T14221] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2694.320479][T14204] memory+swap: usage 307392kB, limit 9007199254740988kB, failcnt 0 20:24:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000340000c00080008"], 0x3c}}, 0x0) 20:24:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a0002004000000000000b000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2694.365532][T14222] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2694.374221][T14222] IPv6: NLM_F_CREATE should be set when creating new route [ 2694.386358][T14204] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2694.406360][T14204] Memory cgroup stats for /syz1: [ 2694.406515][T14204] cache 0 20:24:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x4c00}, 0x0) [ 2694.414601][T14204] rss 12288 [ 2694.421672][T14204] rss_huge 0 [ 2694.425834][T14204] shmem 0 [ 2694.446366][T14204] mapped_file 0 20:24:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000010c00080008"], 0x3c}}, 0x0) [ 2694.457420][T14225] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2694.470203][T14204] dirty 0 [ 2694.476822][T14226] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2694.485440][T14204] writeback 0 [ 2694.495169][T14204] workingset_refault_anon 54700 [ 2694.510130][T14204] workingset_refault_file 0 [ 2694.514940][T14204] swap 217088 [ 2694.523841][T14204] swapcached 8192 [ 2694.531669][T14204] pgpgin 202640 [ 2694.539959][T14204] pgpgout 202637 [ 2694.549333][T14204] pgfault 461331 [ 2694.560056][T14204] pgmajfault 52518 [ 2694.569596][T14204] inactive_anon 4096 [ 2694.572743][T14228] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2694.591429][T14204] active_anon 8192 [ 2694.595369][T14204] inactive_file 0 [ 2694.606842][T14204] active_file 0 [ 2694.614743][T14204] unevictable 0 [ 2694.619400][T14204] hierarchical_memory_limit 314572800 [ 2694.630803][T14204] hierarchical_memsw_limit 9223372036854771712 [ 2694.640676][T14204] total_cache 0 [ 2694.644463][T14204] total_rss 12288 [ 2694.653227][T14204] total_rss_huge 0 [ 2694.660816][T14204] total_shmem 0 [ 2694.664272][T14230] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2694.664765][T14204] total_mapped_file 0 [ 2694.671984][T14230] IPv6: NLM_F_CREATE should be set when creating new route [ 2694.678766][T14231] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2694.694561][T14232] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2694.695211][T14204] total_dirty 0 [ 2694.703393][T14232] IPv6: NLM_F_CREATE should be set when creating new route 20:24:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a0002004000000000000c000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000020c00080008"], 0x3c}}, 0x0) [ 2694.720315][T14204] total_writeback 0 [ 2694.724375][T14204] total_workingset_refault_anon 54700 [ 2694.739111][T14204] total_workingset_refault_file 0 [ 2694.744413][T14204] total_swap 217088 [ 2694.754813][T14204] total_swapcached 8192 20:24:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x6000}, 0x0) [ 2694.772975][T14204] total_pgpgin 202640 [ 2694.777983][T14204] total_pgpgout 202637 [ 2694.783531][T14204] total_pgfault 461331 [ 2694.805579][T14234] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2694.810412][T14204] total_pgmajfault 52518 [ 2694.836739][T14204] total_inactive_anon 4096 [ 2694.855043][T14204] total_active_anon 8192 [ 2694.866382][T14204] total_inactive_file 0 [ 2694.876955][T14204] total_active_file 0 [ 2694.882527][T14204] total_unevictable 0 [ 2694.887222][T14204] anon_cost 0 [ 2694.890678][T14204] file_cost 0 [ 2694.894154][T14204] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14204,uid=0 [ 2694.908681][T14236] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2694.911431][T14204] Memory cgroup out of memory: Killed process 14204 (syz-executor.1) total-vm:54376kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:24:43 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$packet(r0, 0x0, 0x0) 20:24:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000030c00080008"], 0x3c}}, 0x0) [ 2694.936607][T14237] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2694.945309][T14237] IPv6: NLM_F_CREATE should be set when creating new route 20:24:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a0002004000000000000f000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2695.012886][T14239] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2695.093502][T14242] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2695.112033][T14243] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2695.120781][T14243] IPv6: NLM_F_CREATE should be set when creating new route 20:24:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000040c00080008"], 0x3c}}, 0x0) [ 2695.140649][T14245] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:24:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x6800}, 0x0) 20:24:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000050c00080008"], 0x3c}}, 0x0) [ 2695.256273][T14246] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2695.264048][T14246] IPv6: NLM_F_CREATE should be set when creating new route 20:24:44 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000010000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2695.479651][T14254] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2695.488676][T14254] IPv6: NLM_F_CREATE should be set when creating new route [ 2695.507599][T14240] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2695.518527][T14240] CPU: 0 PID: 14240 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2695.528986][T14240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2695.539077][T14240] Call Trace: [ 2695.542387][T14240] [ 2695.545348][T14240] dump_stack_lvl+0x1e7/0x2e0 [ 2695.550088][T14240] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2695.555336][T14240] ? __pfx__printk+0x10/0x10 [ 2695.559965][T14240] ? ___ratelimit+0x4c4/0x670 [ 2695.564697][T14240] ? __pfx____ratelimit+0x10/0x10 [ 2695.569813][T14240] dump_header+0xda/0x6a0 [ 2695.574203][T14240] oom_kill_process+0x3a7/0x930 [ 2695.579113][T14240] out_of_memory+0xf67/0x1320 [ 2695.583840][T14240] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2695.589506][T14240] ? __pfx___mutex_lock+0x10/0x10 [ 2695.594569][T14240] ? __pfx_out_of_memory+0x10/0x10 [ 2695.599720][T14240] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2695.605303][T14240] ? __pfx_lock_release+0x10/0x10 [ 2695.610367][T14240] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2695.616468][T14240] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2695.619228][T14256] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2695.621679][T14240] ? mem_cgroup_iter+0x3e9/0x560 [ 2695.629415][T14256] IPv6: NLM_F_CREATE should be set when creating new route [ 2695.633807][T14240] try_charge_memcg+0xda2/0x18a0 [ 2695.646009][T14240] ? __pfx_try_charge_memcg+0x10/0x10 [ 2695.651415][T14240] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2695.657169][T14240] ? __pfx_lock_release+0x10/0x10 [ 2695.659214][ T2986] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2695.662221][T14240] ? memcg_account_kmem+0x1e7/0x210 [ 2695.677620][T14240] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2695.683465][T14240] __memcg_kmem_charge_page+0xe1/0x250 [ 2695.688973][T14240] memcg_charge_kernel_stack+0x210/0x550 [ 2695.694658][T14240] dup_task_struct+0x40d/0x7d0 [ 2695.699466][T14240] copy_process+0x5d5/0x3fc0 [ 2695.704107][T14240] ? __might_fault+0xa9/0x120 [ 2695.708820][T14240] ? __pfx_lock_release+0x10/0x10 [ 2695.713863][T14240] ? __pfx_copy_process+0x10/0x10 [ 2695.718891][T14240] ? __might_fault+0xc5/0x120 [ 2695.723575][T14240] ? __asan_memset+0x23/0x50 [ 2695.728194][T14240] kernel_clone+0x21d/0x8d0 [ 2695.732745][T14240] ? __pfx_kernel_clone+0x10/0x10 [ 2695.737833][T14240] __se_sys_clone3+0x2cb/0x350 [ 2695.742603][T14240] ? __pfx___se_sys_clone3+0x10/0x10 [ 2695.747913][T14240] ? do_syscall_64+0x108/0x240 [ 2695.752686][T14240] ? do_syscall_64+0xb4/0x240 [ 2695.757372][T14240] do_syscall_64+0xf9/0x240 [ 2695.761886][T14240] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2695.767822][T14240] RIP: 0033:0x7f091a8a9b99 [ 2695.772256][T14240] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2695.791881][T14240] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2695.800304][T14240] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2695.808280][T14240] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2695.816267][T14240] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 20:24:44 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000011000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000060c00080008"], 0x3c}}, 0x0) 20:24:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x6c00}, 0x0) [ 2695.824298][T14240] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2695.832327][T14240] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2695.840350][T14240] [ 2695.862655][T14240] memory: usage 307200kB, limit 307200kB, failcnt 165460 [ 2695.882261][T14240] memory+swap: usage 307388kB, limit 9007199254740988kB, failcnt 0 [ 2695.900577][T14240] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0 [ 2695.923552][T14240] Memory cgroup stats for /syz1: [ 2695.923705][T14240] cache 0 [ 2695.943558][T14240] rss 12288 [ 2695.952128][T14240] rss_huge 0 [ 2695.955385][T14240] shmem 0 [ 2695.968557][T14240] mapped_file 0 [ 2695.972071][T14240] dirty 0 [ 2695.975118][T14240] writeback 0 [ 2695.984089][T14240] workingset_refault_anon 54784 [ 2695.989599][T14240] workingset_refault_file 0 [ 2695.994150][T14240] swap 192512 [ 2696.006711][T14240] swapcached 12288 [ 2696.010511][T14240] pgpgin 202750 [ 2696.014004][T14240] pgpgout 202747 [ 2696.020221][T14240] pgfault 461507 [ 2696.026835][T14240] pgmajfault 52613 [ 2696.036326][T14240] inactive_anon 0 20:24:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000070c00080008"], 0x3c}}, 0x0) [ 2696.043595][T14240] active_anon 12288 [ 2696.049920][T14240] inactive_file 0 [ 2696.058939][T14240] active_file 0 [ 2696.066145][T14240] unevictable 0 [ 2696.076558][T14240] hierarchical_memory_limit 314572800 [ 2696.085650][T14240] hierarchical_memsw_limit 9223372036854771712 [ 2696.100865][T14240] total_cache 0 [ 2696.109572][T14240] total_rss 12288 [ 2696.117528][T14240] total_rss_huge 0 [ 2696.122719][T14240] total_shmem 0 [ 2696.126882][T14240] total_mapped_file 0 [ 2696.131140][T14240] total_dirty 0 [ 2696.134866][T14240] total_writeback 0 [ 2696.140804][T14240] total_workingset_refault_anon 54784 [ 2696.146718][T14240] total_workingset_refault_file 0 [ 2696.152043][T14240] total_swap 192512 [ 2696.156679][T14240] total_swapcached 12288 [ 2696.161073][T14240] total_pgpgin 202750 [ 2696.165255][T14240] total_pgpgout 202747 [ 2696.168992][T14263] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2696.177176][T14263] IPv6: NLM_F_CREATE should be set when creating new route [ 2696.183209][T14240] total_pgfault 461507 [ 2696.190282][T14240] total_pgmajfault 52613 [ 2696.194818][T14240] total_inactive_anon 0 20:24:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000080c00080008"], 0x3c}}, 0x0) 20:24:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000014000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2696.200312][T14264] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2696.209050][T14264] IPv6: NLM_F_CREATE should be set when creating new route [ 2696.218834][T14240] total_active_anon 12288 [ 2696.223869][T14240] total_inactive_file 0 20:24:45 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x7400}, 0x0) [ 2696.264436][T14240] total_active_file 0 [ 2696.286461][T14240] total_unevictable 0 [ 2696.296324][T14240] anon_cost 0 [ 2696.310610][T14240] file_cost 0 [ 2696.325748][T14240] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14240,uid=0 [ 2696.358091][T14240] Memory cgroup out of memory: Killed process 14240 (syz-executor.1) total-vm:54508kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:24:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000090c00080008"], 0x3c}}, 0x0) 20:24:45 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x1}, 0x14}}, 0x0) 20:24:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000015000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2696.514015][T14273] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2696.521870][T14273] IPv6: NLM_F_CREATE should be set when creating new route [ 2696.540554][T14274] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2696.549363][T14274] IPv6: NLM_F_CREATE should be set when creating new route 20:24:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000000a0c00080008"], 0x3c}}, 0x0) 20:24:45 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x7a00}, 0x0) [ 2696.729579][T14277] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2696.741847][T14277] CPU: 0 PID: 14277 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2696.752321][T14277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2696.762417][T14277] Call Trace: [ 2696.765734][T14277] [ 2696.768797][T14277] dump_stack_lvl+0x1e7/0x2e0 [ 2696.773526][T14277] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2696.778778][T14277] ? __pfx__printk+0x10/0x10 [ 2696.783412][T14277] ? ___ratelimit+0x4c4/0x670 [ 2696.788142][T14277] ? __pfx____ratelimit+0x10/0x10 [ 2696.793225][T14277] dump_header+0xda/0x6a0 [ 2696.797609][T14277] oom_kill_process+0x3a7/0x930 [ 2696.802514][T14277] out_of_memory+0xf67/0x1320 [ 2696.807246][T14277] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2696.812923][T14277] ? __pfx___mutex_lock+0x10/0x10 [ 2696.818015][T14277] ? __pfx_out_of_memory+0x10/0x10 [ 2696.820798][T14284] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2696.823162][T14277] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2696.830890][T14284] IPv6: NLM_F_CREATE should be set when creating new route [ 2696.835889][T14277] ? __pfx_lock_release+0x10/0x10 [ 2696.848168][T14277] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2696.854292][T14277] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2696.859542][T14277] ? mem_cgroup_iter+0x3e9/0x560 [ 2696.864534][T14277] try_charge_memcg+0xda2/0x18a0 [ 2696.869512][T14277] ? mark_lock+0x9a/0x350 [ 2696.873907][T14277] ? __pfx_try_charge_memcg+0x10/0x10 [ 2696.879347][T14277] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2696.885541][T14277] charge_memcg+0xa2/0x160 [ 2696.890016][T14277] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2696.896127][T14277] __read_swap_cache_async+0x480/0x8b0 [ 2696.901648][T14277] ? mark_lock+0x9a/0x350 [ 2696.906032][T14277] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2696.912070][T14277] swap_cluster_readahead+0x67c/0x810 [ 2696.917505][T14277] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2696.923586][T14277] ? __pfx_lock_release+0x10/0x10 20:24:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000060000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000000b0c00080008"], 0x3c}}, 0x0) [ 2696.928701][T14277] ? xas_descend+0x37e/0x470 [ 2696.933349][T14277] swapin_readahead+0x1ea/0x1070 [ 2696.938323][T14277] ? filemap_get_entry+0x127/0x4e0 [ 2696.943499][T14277] ? __pfx_swapin_readahead+0x10/0x10 [ 2696.948937][T14277] ? __filemap_get_folio+0x935/0xbc0 [ 2696.954288][T14277] ? swap_cache_get_folio+0x9f/0x570 [ 2696.959636][T14277] do_swap_page+0x8ab/0x3da0 [ 2696.964376][T14277] ? __pte_offset_map+0x2c4/0x380 [ 2696.969468][T14277] ? do_swap_page+0x154/0x3da0 [ 2696.974277][T14277] ? __pfx_do_swap_page+0x10/0x10 [ 2696.979354][T14277] ? pte_offset_map_nolock+0x137/0x1f0 [ 2696.984866][T14277] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2696.990998][T14277] __handle_mm_fault+0x15e8/0x72d0 [ 2696.996184][T14277] ? reacquire_held_locks+0x3eb/0x690 [ 2697.001595][T14277] ? __pfx___handle_mm_fault+0x10/0x10 [ 2697.007116][T14277] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2697.012889][T14277] ? mtree_range_walk+0x6fd/0x8e0 [ 2697.017980][T14277] ? lock_vma_under_rcu+0x18a/0x730 [ 2697.023318][T14277] ? __pfx_lock_release+0x10/0x10 [ 2697.028390][T14277] ? lock_vma_under_rcu+0x2f9/0x730 [ 2697.033668][T14277] ? lock_vma_under_rcu+0x18a/0x730 [ 2697.038920][T14277] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2697.044521][T14277] handle_mm_fault+0x3c1/0x8a0 [ 2697.049429][T14277] exc_page_fault+0x456/0x870 [ 2697.054157][T14277] asm_exc_page_fault+0x26/0x30 [ 2697.059054][T14277] RIP: 0033:0x7f091a87dbf0 [ 2697.063506][T14277] Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 0f 1f 40 00 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 <48> 8b 05 e1 23 10 00 48 85 c0 74 01 c3 50 48 8d 0d 3b 3a 07 00 ba [ 2697.083160][T14277] RSP: 002b:00007ffdf4c5cb88 EFLAGS: 00010202 [ 2697.089277][T14277] RAX: 0000000000000000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a87dda9 [ 2697.097294][T14277] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ffdf4c5cd00 [ 2697.105313][T14277] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2697.113417][T14277] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007f091a9abf80 [ 2697.121448][T14277] R13: 00007ffdf4c5cd00 R14: 00007f091a9abf80 R15: 00007f091a834bb0 [ 2697.129471][T14277] 20:24:46 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x7e12}, 0x0) 20:24:46 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000000c0c00080008"], 0x3c}}, 0x0) [ 2697.161656][T14277] memory: usage 307180kB, limit 307200kB, failcnt 165706 [ 2697.169613][T14277] memory+swap: usage 307396kB, limit 9007199254740988kB, failcnt 0 [ 2697.178140][T14290] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2697.185805][T14290] IPv6: NLM_F_CREATE should be set when creating new route 20:24:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000030c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2697.241115][T14277] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2697.254581][T14277] Memory cgroup stats for /syz1: [ 2697.254749][T14277] cache 0 [ 2697.294209][T14277] rss 12288 [ 2697.305531][T14277] rss_huge 0 [ 2697.310553][T14277] shmem 0 [ 2697.313752][T14277] mapped_file 0 [ 2697.317985][T14277] dirty 0 [ 2697.321140][T14277] writeback 0 [ 2697.324640][T14277] workingset_refault_anon 54844 [ 2697.330612][T14277] workingset_refault_file 0 [ 2697.335498][T14277] swap 221184 [ 2697.339674][T14277] swapcached 8192 [ 2697.343554][T14277] pgpgin 202835 [ 2697.348227][T14277] pgpgout 202832 [ 2697.348687][T14294] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2697.352013][T14277] pgfault 461632 [ 2697.360727][T14294] IPv6: NLM_F_CREATE should be set when creating new route [ 2697.365985][T14277] pgmajfault 52668 [ 2697.376773][T14277] inactive_anon 0 [ 2697.380672][T14277] active_anon 12288 [ 2697.384720][T14277] inactive_file 0 [ 2697.390723][T14277] active_file 0 20:24:46 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x8402}, 0x0) [ 2697.402166][T14277] unevictable 0 [ 2697.412929][T14277] hierarchical_memory_limit 314572800 [ 2697.423051][T14277] hierarchical_memsw_limit 9223372036854771712 [ 2697.435731][T14277] total_cache 0 [ 2697.441919][T14277] total_rss 12288 [ 2697.445796][T14277] total_rss_huge 0 [ 2697.455720][T14277] total_shmem 0 [ 2697.462229][T14277] total_mapped_file 0 [ 2697.487963][T14277] total_dirty 0 [ 2697.496193][T14277] total_writeback 0 20:24:46 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000000f0c00080008"], 0x3c}}, 0x0) [ 2697.503275][T14277] total_workingset_refault_anon 54844 [ 2697.513675][T14277] total_workingset_refault_file 0 [ 2697.539167][T14277] total_swap 221184 [ 2697.543157][T14277] total_swapcached 8192 [ 2697.579626][T14277] total_pgpgin 202835 [ 2697.583816][T14277] total_pgpgout 202832 [ 2697.600285][T14299] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2697.608058][T14299] IPv6: NLM_F_CREATE should be set when creating new route [ 2697.615410][T14277] total_pgfault 461632 [ 2697.620579][T14277] total_pgmajfault 52668 [ 2697.625003][T14277] total_inactive_anon 0 [ 2697.630803][T14277] total_active_anon 12288 [ 2697.635395][T14302] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2697.635539][T14277] total_inactive_file 0 [ 2697.644163][T14302] IPv6: NLM_F_CREATE should be set when creating new route [ 2697.648225][T14277] total_active_file 0 [ 2697.659202][T14277] total_unevictable 0 [ 2697.663440][T14277] anon_cost 0 [ 2697.667859][T14277] file_cost 0 20:24:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000050c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:46 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000100c00080008"], 0x3c}}, 0x0) 20:24:46 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x8602}, 0x0) [ 2697.671442][T14277] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14277,uid=0 [ 2697.691449][T14277] Memory cgroup out of memory: Killed process 14277 (syz-executor.1) total-vm:54376kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:24:46 executing program 1: r0 = socket(0x29, 0x2, 0x0) sendmsg$netlink(r0, &(0x7f0000001b40)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)={0x10}, 0x10}, {0x0}], 0x2}, 0x0) 20:24:46 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000140c00080008"], 0x3c}}, 0x0) [ 2697.898540][T14310] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2697.906376][T14310] IPv6: NLM_F_CREATE should be set when creating new route 20:24:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000060c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:46 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000600c00080008"], 0x3c}}, 0x0) 20:24:46 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xc144}, 0x0) [ 2698.081216][T14312] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2698.109657][T14312] CPU: 1 PID: 14312 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2698.120154][T14312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2698.130254][T14312] Call Trace: [ 2698.133572][T14312] [ 2698.136539][T14312] dump_stack_lvl+0x1e7/0x2e0 [ 2698.141295][T14312] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2698.146551][T14312] ? __pfx__printk+0x10/0x10 [ 2698.151186][T14312] ? ___ratelimit+0x4c4/0x670 [ 2698.155924][T14312] ? __pfx____ratelimit+0x10/0x10 [ 2698.161004][T14312] dump_header+0xda/0x6a0 [ 2698.165405][T14312] oom_kill_process+0x3a7/0x930 [ 2698.170316][T14312] out_of_memory+0xf67/0x1320 [ 2698.175052][T14312] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2698.180742][T14312] ? __pfx___mutex_lock+0x10/0x10 [ 2698.185858][T14312] ? __pfx_out_of_memory+0x10/0x10 [ 2698.191038][T14312] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2698.196636][T14312] ? __pfx_lock_release+0x10/0x10 [ 2698.201719][T14312] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2698.207834][T14312] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2698.213080][T14312] ? mem_cgroup_iter+0x3e9/0x560 [ 2698.218069][T14312] try_charge_memcg+0xda2/0x18a0 [ 2698.223053][T14312] ? mark_lock+0x9a/0x350 [ 2698.227451][T14312] ? __pfx_try_charge_memcg+0x10/0x10 [ 2698.232896][T14312] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2698.239100][T14312] charge_memcg+0xa2/0x160 [ 2698.243584][T14312] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2698.249792][T14312] __read_swap_cache_async+0x480/0x8b0 [ 2698.255302][T14312] ? mark_lock+0x9a/0x350 [ 2698.259686][T14312] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2698.265746][T14312] swap_cluster_readahead+0x67c/0x810 [ 2698.271193][T14312] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2698.277149][T14312] ? __pfx_lock_release+0x10/0x10 [ 2698.282228][T14312] ? xas_descend+0x37e/0x470 [ 2698.286881][T14312] swapin_readahead+0x1ea/0x1070 [ 2698.291878][T14312] ? filemap_get_entry+0x127/0x4e0 [ 2698.297061][T14312] ? __pfx_swapin_readahead+0x10/0x10 [ 2698.302489][T14312] ? __filemap_get_folio+0x935/0xbc0 [ 2698.307839][T14312] ? swap_cache_get_folio+0x9f/0x570 [ 2698.313181][T14312] do_swap_page+0x8ab/0x3da0 [ 2698.317820][T14312] ? __pte_offset_map+0x2c4/0x380 [ 2698.322835][T14322] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2698.322896][T14312] ? __pfx_lock_acquire+0x10/0x10 [ 2698.331776][T14322] IPv6: NLM_F_CREATE should be set when creating new route [ 2698.335103][T14312] ? do_swap_page+0x154/0x3da0 [ 2698.347121][T14312] ? __pfx_do_swap_page+0x10/0x10 [ 2698.352268][T14312] ? pte_offset_map_nolock+0x137/0x1f0 [ 2698.357773][T14312] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2698.363654][T14312] __handle_mm_fault+0x15e8/0x72d0 [ 2698.368850][T14312] ? reacquire_held_locks+0x3eb/0x690 [ 2698.374261][T14312] ? __pfx___handle_mm_fault+0x10/0x10 [ 2698.379779][T14312] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2698.385557][T14312] ? mtree_range_walk+0x6fd/0x8e0 [ 2698.390628][T14312] ? lock_vma_under_rcu+0x18a/0x730 [ 2698.395867][T14312] ? __pfx_lock_release+0x10/0x10 [ 2698.400936][T14312] ? lock_vma_under_rcu+0x2f9/0x730 [ 2698.406201][T14312] ? lock_vma_under_rcu+0x18a/0x730 [ 2698.411440][T14312] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2698.417037][T14312] handle_mm_fault+0x3c1/0x8a0 [ 2698.421866][T14312] exc_page_fault+0x456/0x870 [ 2698.426595][T14312] asm_exc_page_fault+0x26/0x30 20:24:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000058650c00080008"], 0x3c}}, 0x0) 20:24:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000810c00080008"], 0x3c}}, 0x0) 20:24:47 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xc244}, 0x0) [ 2698.431489][T14312] RIP: 0033:0x7f091a87dbf0 [ 2698.435924][T14312] Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 0f 1f 40 00 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 <48> 8b 05 e1 23 10 00 48 85 c0 74 01 c3 50 48 8d 0d 3b 3a 07 00 ba [ 2698.455566][T14312] RSP: 002b:00007ffdf4c5cb88 EFLAGS: 00010202 [ 2698.461678][T14312] RAX: 0000000000000000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a87dda9 [ 2698.469700][T14312] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ffdf4c5cd00 [ 2698.477710][T14312] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2698.485716][T14312] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007f091a9abf80 [ 2698.493725][T14312] R13: 00007ffdf4c5cd00 R14: 00007f091a9abf80 R15: 00007f091a834bb0 [ 2698.501753][T14312] [ 2698.544692][T14312] memory: usage 307180kB, limit 307200kB, failcnt 165928 [ 2698.555565][T14312] memory+swap: usage 307420kB, limit 9007199254740988kB, failcnt 0 [ 2698.563740][T14312] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2698.571712][T14312] Memory cgroup stats for /syz1: [ 2698.571845][T14312] cache 0 [ 2698.579888][T14312] rss 12288 [ 2698.583114][T14312] rss_huge 0 [ 2698.590191][T14312] shmem 0 [ 2698.602818][T14325] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2698.610562][T14325] IPv6: NLM_F_CREATE should be set when creating new route [ 2698.618521][T14312] mapped_file 0 [ 2698.622168][T14312] dirty 0 [ 2698.625263][T14312] writeback 0 [ 2698.630269][T14312] workingset_refault_anon 54927 [ 2698.635299][T14312] workingset_refault_file 0 [ 2698.640232][T14312] swap 245760 [ 2698.643690][T14312] swapcached 8192 [ 2698.647857][T14312] pgpgin 202928 20:24:47 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000070c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000047880c00080008"], 0x3c}}, 0x0) [ 2698.651460][T14312] pgpgout 202925 [ 2698.655209][T14312] pgfault 461775 [ 2698.659226][T14312] pgmajfault 52740 [ 2698.663120][T14312] inactive_anon 12288 [ 2698.667860][T14312] active_anon 0 [ 2698.671489][T14312] inactive_file 0 [ 2698.675263][T14312] active_file 0 [ 2698.681245][T14312] unevictable 0 [ 2698.685175][T14312] hierarchical_memory_limit 314572800 [ 2698.691381][T14312] hierarchical_memsw_limit 9223372036854771712 [ 2698.699211][T14312] total_cache 0 [ 2698.702855][T14312] total_rss 12288 [ 2698.716971][T14312] total_rss_huge 0 [ 2698.720956][T14312] total_shmem 0 [ 2698.726520][T14312] total_mapped_file 0 [ 2698.734082][T14312] total_dirty 0 [ 2698.747577][T14312] total_writeback 0 [ 2698.755136][T14312] total_workingset_refault_anon 54927 [ 2698.781092][T14312] total_workingset_refault_file 0 [ 2698.783586][T14332] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2698.789364][T14312] total_swap 245760 [ 2698.794986][T14332] IPv6: NLM_F_CREATE should be set when creating new route [ 2698.806100][T14312] total_swapcached 8192 [ 2698.811672][T14312] total_pgpgin 202928 [ 2698.821549][T14312] total_pgpgout 202925 20:24:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000048880c00080008"], 0x3c}}, 0x0) [ 2698.832237][T14312] total_pgfault 461775 [ 2698.840659][T14312] total_pgmajfault 52740 [ 2698.845772][T14312] total_inactive_anon 12288 [ 2698.857031][T14312] total_active_anon 0 [ 2698.861219][T14312] total_inactive_file 0 [ 2698.865533][T14312] total_active_file 0 20:24:47 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xfc00}, 0x0) [ 2698.879654][T14312] total_unevictable 0 [ 2698.904319][T14312] anon_cost 0 [ 2698.908378][T14312] file_cost 0 [ 2698.911816][T14312] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14312,uid=0 [ 2698.935267][T14312] Memory cgroup out of memory: Killed process 14312 (syz-executor.1) total-vm:54376kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:24:47 executing program 1: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0xf, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x3}}, &(0x7f0000000300)='syzkaller\x00', 0xe}, 0x90) 20:24:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000ffffa8880c00080008"], 0x3c}}, 0x0) 20:24:47 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000090c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2698.970596][T14335] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2698.978416][T14335] IPv6: NLM_F_CREATE should be set when creating new route [ 2699.141302][T14340] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2699.150230][T14340] IPv6: NLM_F_CREATE should be set when creating new route 20:24:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000518a0c00080008"], 0x3c}}, 0x0) 20:24:48 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xff00}, 0x0) [ 2699.335114][T14346] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2699.342870][T14346] IPv6: NLM_F_CREATE should be set when creating new route 20:24:48 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a000200400000000000000a0c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2699.393800][T14349] __nla_validate_parse: 38 callbacks suppressed [ 2699.393823][T14349] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2699.419503][T14350] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:24:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000ffffffe00c00080008"], 0x3c}}, 0x0) [ 2699.561488][T14351] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2699.570237][T14351] IPv6: NLM_F_CREATE should be set when creating new route [ 2699.592349][T14354] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:24:48 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x1000000}, 0x0) [ 2699.606757][T14355] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:24:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000fffffff00c00080008"], 0x3c}}, 0x0) [ 2699.770578][T14356] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2699.778418][T14356] IPv6: NLM_F_CREATE should be set when creating new route [ 2699.799195][T14358] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:24:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000fc0c00080008"], 0x3c}}, 0x0) 20:24:48 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a000200400000000000000b0c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2699.826644][T14360] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2699.972995][T29516] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2699.995406][T29516] CPU: 0 PID: 29516 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2700.005927][T29516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2700.009982][T14361] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2700.016004][T29516] Call Trace: [ 2700.016018][T29516] [ 2700.016028][T29516] dump_stack_lvl+0x1e7/0x2e0 [ 2700.016072][T29516] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2700.016105][T29516] ? __pfx__printk+0x10/0x10 [ 2700.024786][T14361] IPv6: NLM_F_CREATE should be set when creating new route [ 2700.026558][T29516] ? ___ratelimit+0x4c4/0x670 [ 2700.026595][T29516] ? __pfx____ratelimit+0x10/0x10 [ 2700.026629][T29516] dump_header+0xda/0x6a0 [ 2700.032795][T14365] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2700.034234][T29516] oom_kill_process+0x3a7/0x930 [ 2700.041794][T14364] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2700.043999][T29516] out_of_memory+0xf67/0x1320 [ 2700.044039][T29516] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2700.044068][T29516] ? __pfx___mutex_lock+0x10/0x10 [ 2700.104105][T29516] ? __pfx_out_of_memory+0x10/0x10 [ 2700.109359][T29516] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2700.113685][T14366] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2700.114918][T29516] ? __pfx_lock_release+0x10/0x10 [ 2700.114958][T29516] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2700.122655][T14366] IPv6: NLM_F_CREATE should be set when creating new route [ 2700.127154][T29516] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2700.127187][T29516] ? mem_cgroup_iter+0x3e9/0x560 [ 2700.127220][T29516] try_charge_memcg+0xda2/0x18a0 [ 2700.155633][T29516] ? mark_lock+0x9a/0x350 [ 2700.160033][T29516] ? __pfx_try_charge_memcg+0x10/0x10 [ 2700.165483][T29516] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2700.171755][T29516] charge_memcg+0xa2/0x160 [ 2700.176190][T29516] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2700.182266][T29516] __read_swap_cache_async+0x480/0x8b0 [ 2700.187746][T29516] ? mark_lock+0x9a/0x350 [ 2700.192140][T29516] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2700.198206][T29516] ? blk_start_plug+0x6f/0x1b0 [ 2700.202998][T29516] swap_cluster_readahead+0x398/0x810 [ 2700.208417][T29516] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2700.214342][T29516] ? __pfx_lock_release+0x10/0x10 [ 2700.219376][T29516] ? xas_descend+0x37e/0x470 [ 2700.223980][T29516] swapin_readahead+0x1ea/0x1070 [ 2700.228924][T29516] ? filemap_get_entry+0x127/0x4e0 [ 2700.234071][T29516] ? __pfx_swapin_readahead+0x10/0x10 [ 2700.239498][T29516] ? __filemap_get_folio+0x935/0xbc0 [ 2700.244820][T29516] ? swap_cache_get_folio+0x9f/0x570 [ 2700.250119][T29516] do_swap_page+0x8ab/0x3da0 [ 2700.254718][T29516] ? __pte_offset_map+0x2c4/0x380 [ 2700.259757][T29516] ? do_swap_page+0x154/0x3da0 [ 2700.264522][T29516] ? __pfx_do_swap_page+0x10/0x10 [ 2700.269571][T29516] ? pte_offset_map_nolock+0x137/0x1f0 [ 2700.275034][T29516] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2700.280845][T29516] ? __pfx_validate_chain+0x10/0x10 [ 2700.286065][T29516] __handle_mm_fault+0x15e8/0x72d0 [ 2700.291246][T29516] ? __pfx___handle_mm_fault+0x10/0x10 [ 2700.296723][T29516] ? mt_find+0x226/0x850 [ 2700.301058][T29516] ? __pfx_lock_release+0x10/0x10 [ 2700.306138][T29516] ? mt_find+0x62d/0x850 [ 2700.310400][T29516] ? mt_find+0x226/0x850 [ 2700.314673][T29516] ? find_vma+0x142/0x1c0 [ 2700.319010][T29516] ? __pfx_find_vma+0x10/0x10 [ 2700.323695][T29516] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2700.329689][T29516] handle_mm_fault+0x3c1/0x8a0 [ 2700.334486][T29516] exc_page_fault+0x2ad/0x870 [ 2700.339188][T29516] asm_exc_page_fault+0x26/0x30 [ 2700.344052][T29516] RIP: 0010:__get_user_8+0x11/0x20 [ 2700.349171][T29516] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2700.368785][T29516] RSP: 0018:ffffc90003767d98 EFLAGS: 00050202 [ 2700.374856][T29516] RAX: 0000555555e1bda8 RBX: ffff88802157b2f8 RCX: ffffc90003767c03 [ 2700.382829][T29516] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6da0 [ 2700.390801][T29516] RBP: ffffc90003767ec8 R08: ffffffff8f8567ef R09: 1ffffffff1f0acfd [ 2700.398779][T29516] R10: dffffc0000000000 R11: fffffbfff1f0acfe R12: ffffc90003767da0 [ 2700.406848][T29516] R13: ffffc90003767fd8 R14: dffffc0000000000 R15: ffff888021579dc0 [ 2700.414862][T29516] __rseq_handle_notify_resume+0x158/0x1490 [ 2700.420790][T29516] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2700.427147][T29516] ? syscall_exit_to_user_mode+0xa2/0x370 [ 2700.432884][T29516] syscall_exit_to_user_mode+0x113/0x370 [ 2700.438534][T29516] do_syscall_64+0x108/0x240 [ 2700.443162][T29516] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2700.449083][T29516] RIP: 0033:0x7f091a8a91b5 [ 2700.453514][T29516] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8 20:24:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a000200400000000000000c0c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2700.473129][T29516] RSP: 002b:00007ffdf4c5cd60 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 2700.481556][T29516] RAX: 0000000000000000 RBX: 00000000000001ca RCX: 00007f091a8a91b5 [ 2700.489532][T29516] RDX: 00007ffdf4c5cda0 RSI: 0000000000000000 RDI: 0000000000000000 [ 2700.497503][T29516] RBP: 00007ffdf4c5ce2c R08: 0000000000000000 R09: 00007ffdf4c840b0 [ 2700.505479][T29516] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2700.513452][T29516] R13: 0000000000292f4e R14: 0000000000292f4e R15: 0000000000000000 [ 2700.521442][T29516] 20:24:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000ffff80fe0c00080008"], 0x3c}}, 0x0) 20:24:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) [ 2700.563074][T29516] memory: usage 307200kB, limit 307200kB, failcnt 166714 [ 2700.597306][T29516] memory+swap: usage 307404kB, limit 9007199254740988kB, failcnt 0 [ 2700.605268][T29516] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2700.624326][T14368] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2700.629065][T29516] Memory cgroup stats for /syz1: [ 2700.633807][T29516] cache 0 [ 2700.649208][T29516] rss 8192 [ 2700.655831][T29516] rss_huge 0 [ 2700.662115][T29516] shmem 0 [ 2700.667746][T29516] mapped_file 0 [ 2700.671393][T29516] dirty 0 [ 2700.674521][T29516] writeback 0 [ 2700.679546][T29516] workingset_refault_anon 55135 [ 2700.684584][T29516] workingset_refault_file 0 [ 2700.689315][T29516] swap 196608 [ 2700.692763][T29516] swapcached 12288 [ 2700.697175][T29516] pgpgin 203159 [ 2700.700849][T29516] pgpgout 203156 [ 2700.704592][T29516] pgfault 462099 [ 2700.708418][T29516] pgmajfault 52932 [ 2700.712311][T29516] inactive_anon 0 [ 2700.716178][T29516] active_anon 8192 [ 2700.722328][T29516] inactive_file 0 [ 2700.726468][T29516] active_file 0 [ 2700.730108][T29516] unevictable 0 [ 2700.733754][T29516] hierarchical_memory_limit 314572800 [ 2700.739448][T29516] hierarchical_memsw_limit 9223372036854771712 [ 2700.745826][T29516] total_cache 0 [ 2700.756689][T29516] total_rss 8192 [ 2700.760450][T29516] total_rss_huge 0 [ 2700.769606][T14370] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2700.770921][T29516] total_shmem 0 [ 2700.783966][T29516] total_mapped_file 0 [ 2700.790888][T29516] total_dirty 0 [ 2700.794616][T29516] total_writeback 0 [ 2700.800307][T29516] total_workingset_refault_anon 55135 [ 2700.805893][T29516] total_workingset_refault_file 0 [ 2700.811620][T29516] total_swap 196608 [ 2700.815645][T29516] total_swapcached 12288 [ 2700.820647][T29516] total_pgpgin 203159 20:24:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000ffffc0fe0c00080008"], 0x3c}}, 0x0) [ 2700.824794][T29516] total_pgpgout 203156 [ 2700.838463][T29516] total_pgfault 462099 [ 2700.845568][T29516] total_pgmajfault 52932 [ 2700.851547][T29516] total_inactive_anon 0 [ 2700.856115][T29516] total_active_anon 8192 [ 2700.860813][T29516] total_inactive_file 0 [ 2700.865217][T29516] total_active_file 0 [ 2700.870289][T29516] total_unevictable 0 [ 2700.874556][T29516] anon_cost 0 [ 2700.878705][T29516] file_cost 0 [ 2700.882315][T29516] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14345,uid=0 [ 2700.927258][T14373] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2700.927255][T29516] Memory cgroup out of memory: Killed process 14345 (syz-executor.1) total-vm:54508kB, anon-rss:516kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2700.934975][T14373] IPv6: NLM_F_CREATE should be set when creating new route 20:24:49 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001800), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, r1, 0x1, 0x0, 0x0, {0xf}}, 0x14}}, 0x0) 20:24:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000ff0c00080008"], 0x3c}}, 0x0) [ 2700.976758][T14374] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2700.985530][T14374] IPv6: NLM_F_CREATE should be set when creating new route 20:24:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a000200400000000000000f0c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x3000000}, 0x0) 20:24:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000ffff0c00080008"], 0x3c}}, 0x0) [ 2701.157740][ T2986] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2701.293274][T14377] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2701.309087][T14384] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2701.312246][T14377] CPU: 1 PID: 14377 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2701.317919][T14384] IPv6: NLM_F_CREATE should be set when creating new route [ 2701.326739][T14377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2701.326756][T14377] Call Trace: [ 2701.326767][T14377] [ 2701.326777][T14377] dump_stack_lvl+0x1e7/0x2e0 [ 2701.326819][T14377] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2701.326852][T14377] ? __pfx__printk+0x10/0x10 [ 2701.364913][T14377] ? ___ratelimit+0x4c4/0x670 [ 2701.369637][T14377] ? __pfx____ratelimit+0x10/0x10 [ 2701.374805][T14377] dump_header+0xda/0x6a0 [ 2701.379188][T14377] oom_kill_process+0x3a7/0x930 [ 2701.384087][T14377] out_of_memory+0xf67/0x1320 [ 2701.388812][T14377] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2701.394490][T14377] ? __pfx___mutex_lock+0x10/0x10 [ 2701.399568][T14377] ? __pfx_out_of_memory+0x10/0x10 [ 2701.404744][T14377] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2701.410336][T14377] ? __pfx_lock_release+0x10/0x10 [ 2701.415416][T14377] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2701.421532][T14377] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2701.426775][T14377] ? mem_cgroup_iter+0x3e9/0x560 [ 2701.431767][T14377] try_charge_memcg+0xda2/0x18a0 [ 2701.436785][T14377] ? __pfx_try_charge_memcg+0x10/0x10 [ 2701.442205][T14377] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2701.447986][T14377] ? __pfx_lock_release+0x10/0x10 [ 2701.453058][T14377] ? memcg_account_kmem+0x1e7/0x210 [ 2701.458312][T14377] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2701.464168][T14377] __memcg_kmem_charge_page+0xe1/0x250 [ 2701.469673][T14377] memcg_charge_kernel_stack+0x37e/0x550 [ 2701.475340][T14377] dup_task_struct+0x15d/0x7d0 [ 2701.480146][T14377] copy_process+0x5d5/0x3fc0 [ 2701.484801][T14377] ? __might_fault+0xa9/0x120 20:24:50 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) [ 2701.489505][T14377] ? __pfx_lock_release+0x10/0x10 [ 2701.494581][T14377] ? __pfx_copy_process+0x10/0x10 [ 2701.499633][T14377] ? __might_fault+0xc5/0x120 [ 2701.502243][T14385] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2701.504343][T14377] ? __asan_memset+0x23/0x50 [ 2701.504385][T14377] kernel_clone+0x21d/0x8d0 [ 2701.504419][T14377] ? __pfx_kernel_clone+0x10/0x10 [ 2701.512138][T14385] IPv6: NLM_F_CREATE should be set when creating new route [ 2701.516202][T14377] __se_sys_clone3+0x2cb/0x350 [ 2701.516240][T14377] ? __pfx___se_sys_clone3+0x10/0x10 20:24:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000fe80ffff0c00080008"], 0x3c}}, 0x0) [ 2701.533972][T14390] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2701.537760][T14377] ? do_syscall_64+0x108/0x240 [ 2701.537808][T14377] ? do_syscall_64+0xb4/0x240 [ 2701.537843][T14377] do_syscall_64+0xf9/0x240 [ 2701.544704][T14390] IPv6: NLM_F_CREATE should be set when creating new route [ 2701.550315][T14377] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2701.550357][T14377] RIP: 0033:0x7f091a8a9b99 20:24:50 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000110c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2701.550384][T14377] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2701.601676][T14377] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2701.610136][T14377] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2701.618149][T14377] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2701.626159][T14377] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2701.634166][T14377] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 20:24:50 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x5000000}, 0x0) 20:24:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a0000000000000088a8ffff0c00080008"], 0x3c}}, 0x0) [ 2701.642188][T14377] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2701.650223][T14377] [ 2701.680759][T14377] memory: usage 307200kB, limit 307200kB, failcnt 166910 [ 2701.688837][T14377] memory+swap: usage 307440kB, limit 9007199254740988kB, failcnt 0 [ 2701.697237][T14377] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2701.704566][T14377] Memory cgroup stats for /syz1: [ 2701.704722][T14377] cache 0 [ 2701.736179][T14377] rss 16384 [ 2701.739357][T14377] rss_huge 0 [ 2701.742574][T14377] shmem 0 [ 2701.745526][T14377] mapped_file 0 [ 2701.761464][T14377] dirty 0 [ 2701.764543][T14377] writeback 0 [ 2701.776324][T14377] workingset_refault_anon 55195 [ 2701.781317][T14377] workingset_refault_file 0 [ 2701.786466][T14377] swap 229376 [ 2701.791110][T14377] swapcached 8192 [ 2701.796908][T14377] pgpgin 203230 [ 2701.800422][T14377] pgpgout 203226 [ 2701.804002][T14377] pgfault 462205 [ 2701.829432][T14377] pgmajfault 52976 [ 2701.833244][T14377] inactive_anon 8192 [ 2701.838151][T14377] active_anon 8192 [ 2701.839212][T14399] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2701.841895][T14377] inactive_file 0 [ 2701.841908][T14377] active_file 0 [ 2701.841918][T14377] unevictable 0 [ 2701.841927][T14377] hierarchical_memory_limit 314572800 [ 2701.841938][T14377] hierarchical_memsw_limit 9223372036854771712 [ 2701.841949][T14377] total_cache 0 20:24:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000fec0ffff0c00080008"], 0x3c}}, 0x0) [ 2701.849634][T14399] IPv6: NLM_F_CREATE should be set when creating new route [ 2701.853593][T14377] total_rss 16384 [ 2701.898880][T14377] total_rss_huge 0 [ 2701.911119][T14377] total_shmem 0 [ 2701.914639][T14377] total_mapped_file 0 [ 2701.919255][T14377] total_dirty 0 [ 2701.922809][T14377] total_writeback 0 20:24:50 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000140c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2701.927013][T14377] total_workingset_refault_anon 55195 [ 2701.932418][T14377] total_workingset_refault_file 0 [ 2701.938080][T14377] total_swap 229376 [ 2701.941923][T14377] total_swapcached 8192 [ 2701.979746][T14377] total_pgpgin 203230 [ 2701.983963][T14377] total_pgpgout 203226 [ 2701.989746][T14377] total_pgfault 462205 [ 2701.993855][T14377] total_pgmajfault 52976 [ 2702.006907][T14377] total_inactive_anon 8192 [ 2702.011382][T14377] total_active_anon 8192 [ 2702.015656][T14377] total_inactive_file 0 [ 2702.022926][T14377] total_active_file 0 [ 2702.023121][T14400] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2702.029483][T14377] total_unevictable 0 [ 2702.035801][T14400] IPv6: NLM_F_CREATE should be set when creating new route [ 2702.041593][T14377] anon_cost 0 [ 2702.049169][T14377] file_cost 0 [ 2702.053077][T14377] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14377,uid=0 20:24:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000007fffffff0c00080008"], 0x3c}}, 0x0) [ 2702.071640][T14377] Memory cgroup out of memory: Killed process 14377 (syz-executor.1) total-vm:54508kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:24:51 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x6000000}, 0x0) 20:24:51 executing program 1: socketpair(0x22, 0x2, 0x22, &(0x7f0000000040)) [ 2702.235034][T14405] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2702.242779][T14405] IPv6: NLM_F_CREATE should be set when creating new route 20:24:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000150c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:51 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000e0ffffff0c00080008"], 0x3c}}, 0x0) 20:24:51 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000f0ffffff0c00080008"], 0x3c}}, 0x0) [ 2702.367972][T14411] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2702.376793][T14411] IPv6: NLM_F_CREATE should be set when creating new route 20:24:51 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x7000000}, 0x0) [ 2702.541742][T14417] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2702.549544][T14417] IPv6: NLM_F_CREATE should be set when creating new route 20:24:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000088470c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:51 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000400080008"], 0x3c}}, 0x0) [ 2702.685737][T14421] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2702.694488][T14421] IPv6: NLM_F_CREATE should be set when creating new route [ 2702.763951][T14410] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2702.775670][T14410] CPU: 0 PID: 14410 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2702.786138][T14410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2702.796235][T14410] Call Trace: [ 2702.799551][T14410] [ 2702.802513][T14410] dump_stack_lvl+0x1e7/0x2e0 [ 2702.807246][T14410] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2702.812488][T14410] ? __pfx__printk+0x10/0x10 [ 2702.817109][T14410] ? ___ratelimit+0x4c4/0x670 [ 2702.821845][T14410] ? __pfx____ratelimit+0x10/0x10 [ 2702.826921][T14410] dump_header+0xda/0x6a0 [ 2702.831296][T14410] oom_kill_process+0x3a7/0x930 [ 2702.836202][T14410] out_of_memory+0xf67/0x1320 [ 2702.840896][T14410] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2702.846547][T14410] ? __pfx___mutex_lock+0x10/0x10 [ 2702.851596][T14410] ? __pfx_out_of_memory+0x10/0x10 [ 2702.856731][T14410] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2702.862289][T14410] ? __pfx_lock_release+0x10/0x10 [ 2702.867330][T14410] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2702.873473][T14410] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2702.878722][T14410] ? mem_cgroup_iter+0x3e9/0x560 [ 2702.883710][T14410] try_charge_memcg+0xda2/0x18a0 [ 2702.888686][T14410] ? mark_lock+0x9a/0x350 [ 2702.893082][T14410] ? __pfx_try_charge_memcg+0x10/0x10 [ 2702.898519][T14410] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2702.904715][T14410] charge_memcg+0xa2/0x160 [ 2702.909169][T14410] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2702.915296][T14410] __read_swap_cache_async+0x480/0x8b0 [ 2702.920874][T14410] ? mark_lock+0x9a/0x350 [ 2702.925240][T14410] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2702.931527][T14410] swap_cluster_readahead+0x67c/0x810 [ 2702.936952][T14410] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2702.942922][T14410] ? __pfx_lock_release+0x10/0x10 [ 2702.947986][T14410] ? xas_descend+0x37e/0x470 [ 2702.952621][T14410] swapin_readahead+0x1ea/0x1070 [ 2702.957597][T14410] ? filemap_get_entry+0x127/0x4e0 [ 2702.962750][T14410] ? __pfx_swapin_readahead+0x10/0x10 [ 2702.968168][T14410] ? __filemap_get_folio+0x935/0xbc0 [ 2702.973487][T14410] ? swap_cache_get_folio+0x9f/0x570 [ 2702.978803][T14410] do_swap_page+0x8ab/0x3da0 [ 2702.983410][T14410] ? __pte_offset_map+0x2c4/0x380 [ 2702.988562][T14410] ? do_swap_page+0x154/0x3da0 [ 2702.993362][T14410] ? __pfx_do_swap_page+0x10/0x10 [ 2702.998415][T14410] ? pte_offset_map_nolock+0x137/0x1f0 [ 2703.003975][T14410] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2703.009829][T14410] __handle_mm_fault+0x15e8/0x72d0 [ 2703.014989][T14410] ? reacquire_held_locks+0x3eb/0x690 [ 2703.020375][T14410] ? __pfx___handle_mm_fault+0x10/0x10 [ 2703.025860][T14410] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2703.031614][T14410] ? mtree_range_walk+0x6fd/0x8e0 [ 2703.036661][T14410] ? lock_vma_under_rcu+0x18a/0x730 [ 2703.041877][T14410] ? __pfx_lock_release+0x10/0x10 [ 2703.046918][T14410] ? lock_vma_under_rcu+0x2f9/0x730 [ 2703.052149][T14410] ? lock_vma_under_rcu+0x18a/0x730 [ 2703.057360][T14410] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2703.062932][T14410] handle_mm_fault+0x3c1/0x8a0 [ 2703.067718][T14410] exc_page_fault+0x456/0x870 [ 2703.072420][T14410] asm_exc_page_fault+0x26/0x30 [ 2703.077373][T14410] RIP: 0033:0x7f091a87dbf0 [ 2703.081827][T14410] Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 0f 1f 40 00 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 <48> 8b 05 e1 23 10 00 48 85 c0 74 01 c3 50 48 8d 0d 3b 3a 07 00 ba [ 2703.101462][T14410] RSP: 002b:00007ffdf4c5cb88 EFLAGS: 00010202 [ 2703.107561][T14410] RAX: 0000000000000000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a87dda9 [ 2703.115541][T14410] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ffdf4c5cd00 [ 2703.123519][T14410] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2703.131502][T14410] R10: 00007f091a400078 R11: 0000000000000246 R12: 00007f091a9abf80 [ 2703.139485][T14410] R13: 00007ffdf4c5cd00 R14: 00007f091a9abf80 R15: 00007f091a834bb0 [ 2703.147482][T14410] 20:24:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x8000000}, 0x0) 20:24:52 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000600080008"], 0x3c}}, 0x0) [ 2703.208034][T14424] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2703.215752][T14424] IPv6: NLM_F_CREATE should be set when creating new route [ 2703.224049][T14410] memory: usage 307180kB, limit 307200kB, failcnt 167300 [ 2703.240469][T14410] memory+swap: usage 307400kB, limit 9007199254740988kB, failcnt 0 20:24:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000088480c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2703.266657][T14410] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2703.276765][T14410] Memory cgroup stats for /syz1: [ 2703.276926][T14410] cache 0 [ 2703.290417][T14410] rss 12288 [ 2703.296890][T14410] rss_huge 0 [ 2703.304199][T14410] shmem 0 20:24:52 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000200000c00080008"], 0x3c}}, 0x0) [ 2703.362858][T14410] mapped_file 0 [ 2703.367035][T14410] dirty 0 [ 2703.370309][T14410] writeback 0 [ 2703.373763][T14410] workingset_refault_anon 55321 [ 2703.379700][T14410] workingset_refault_file 0 [ 2703.384403][T14410] swap 225280 [ 2703.389538][T14410] swapcached 8192 [ 2703.393356][T14410] pgpgin 203365 [ 2703.397773][T14410] pgpgout 203362 [ 2703.401516][T14410] pgfault 462409 [ 2703.405226][T14410] pgmajfault 53092 [ 2703.446242][T14410] inactive_anon 12288 [ 2703.457731][T14410] active_anon 0 [ 2703.463950][T14410] inactive_file 0 [ 2703.471524][T14410] active_file 0 [ 2703.483539][T14410] unevictable 0 [ 2703.493498][T14410] hierarchical_memory_limit 314572800 [ 2703.515168][T14410] hierarchical_memsw_limit 9223372036854771712 [ 2703.524039][T14432] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2703.532745][T14432] IPv6: NLM_F_CREATE should be set when creating new route [ 2703.540696][T14410] total_cache 0 [ 2703.544997][T14410] total_rss 12288 [ 2703.549854][T14410] total_rss_huge 0 [ 2703.553818][T14410] total_shmem 0 [ 2703.558296][T14410] total_mapped_file 0 [ 2703.566341][T14410] total_dirty 0 [ 2703.575744][T14410] total_writeback 0 [ 2703.591276][T14410] total_workingset_refault_anon 55321 20:24:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x9000000}, 0x0) [ 2703.602486][T14410] total_workingset_refault_file 0 [ 2703.610678][T14410] total_swap 225280 [ 2703.615556][T14410] total_swapcached 8192 [ 2703.620650][T14410] total_pgpgin 203365 [ 2703.624838][T14410] total_pgpgout 203362 [ 2703.671822][T14410] total_pgfault 462409 [ 2703.696809][T14410] total_pgmajfault 53092 [ 2703.712727][T14437] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2703.720534][T14437] IPv6: NLM_F_CREATE should be set when creating new route [ 2703.726477][T14410] total_inactive_anon 12288 [ 2703.737598][T14410] total_active_anon 0 [ 2703.741627][T14410] total_inactive_file 0 20:24:52 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000300000c00080008"], 0x3c}}, 0x0) [ 2703.745808][T14410] total_active_file 0 20:24:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a000200400000000000f5480c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2703.799207][T14410] total_unevictable 0 [ 2703.803259][T14410] anon_cost 0 [ 2703.823425][T14410] file_cost 0 [ 2703.846684][T14410] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14410,uid=0 20:24:52 executing program 1: r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000001214030c000000000000000008001500000000000800030000000000080001000000000008004f000000000008004b"], 0x38}}, 0x0) [ 2703.886074][T14410] Memory cgroup out of memory: Killed process 14410 (syz-executor.1) total-vm:54376kB, anon-rss:368kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2703.909649][T14440] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2703.918328][T14440] IPv6: NLM_F_CREATE should be set when creating new route 20:24:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xa000000}, 0x0) 20:24:52 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000400000c00080008"], 0x3c}}, 0x0) 20:24:52 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000500000c00080008"], 0x3c}}, 0x0) [ 2704.067007][T14445] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2704.074758][T14445] IPv6: NLM_F_CREATE should be set when creating new route 20:24:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000065580c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2704.299140][T14452] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2704.307934][T14452] IPv6: NLM_F_CREATE should be set when creating new route 20:24:53 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000600000c00080008"], 0x3c}}, 0x0) 20:24:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xb000000}, 0x0) [ 2704.465222][T14449] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2704.498925][T14456] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2704.506642][T14449] CPU: 1 PID: 14449 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2704.506971][T14456] IPv6: NLM_F_CREATE should be set when creating new route [ 2704.517340][T14449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2704.517364][T14449] Call Trace: [ 2704.517375][T14449] [ 2704.517397][T14449] dump_stack_lvl+0x1e7/0x2e0 [ 2704.517440][T14449] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2704.517470][T14449] ? __pfx__printk+0x10/0x10 [ 2704.517496][T14449] ? ___ratelimit+0x4c4/0x670 [ 2704.560297][T14449] ? __pfx____ratelimit+0x10/0x10 20:24:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000600c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2704.565405][T14449] dump_header+0xda/0x6a0 [ 2704.569794][T14449] oom_kill_process+0x3a7/0x930 [ 2704.574702][T14449] out_of_memory+0xf67/0x1320 [ 2704.579699][T14449] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2704.585380][T14449] ? __pfx___mutex_lock+0x10/0x10 [ 2704.590552][T14449] ? __pfx_out_of_memory+0x10/0x10 [ 2704.595727][T14449] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2704.601341][T14449] ? __pfx_lock_release+0x10/0x10 [ 2704.606423][T14449] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2704.612987][T14449] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2704.618239][T14449] ? mem_cgroup_iter+0x3e9/0x560 [ 2704.623238][T14449] try_charge_memcg+0xda2/0x18a0 [ 2704.628269][T14449] ? __pfx_try_charge_memcg+0x10/0x10 [ 2704.633800][T14449] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2704.639571][T14449] ? __pfx_lock_release+0x10/0x10 [ 2704.644654][T14449] ? memcg_account_kmem+0x1e7/0x210 [ 2704.649916][T14449] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2704.655776][T14449] __memcg_kmem_charge_page+0xe1/0x250 [ 2704.661384][T14449] memcg_charge_kernel_stack+0x210/0x550 [ 2704.667084][T14449] dup_task_struct+0x15d/0x7d0 [ 2704.671907][T14449] copy_process+0x5d5/0x3fc0 [ 2704.676562][T14449] ? __might_fault+0xa9/0x120 [ 2704.680610][T14461] __nla_validate_parse: 31 callbacks suppressed [ 2704.680633][T14461] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2704.681268][T14449] ? __pfx_lock_release+0x10/0x10 [ 2704.681318][T14449] ? __lock_acquire+0x1345/0x1fd0 [ 2704.706871][T14449] ? __pfx_copy_process+0x10/0x10 [ 2704.711959][T14449] ? __might_fault+0xc5/0x120 [ 2704.716700][T14449] ? __asan_memset+0x23/0x50 [ 2704.721366][T14449] kernel_clone+0x21d/0x8d0 [ 2704.725935][T14449] ? __pfx_kernel_clone+0x10/0x10 [ 2704.731028][T14449] ? __pfx_lock_release+0x10/0x10 [ 2704.736123][T14449] __se_sys_clone3+0x2cb/0x350 [ 2704.741049][T14449] ? __might_fault+0xa9/0x120 [ 2704.745883][T14449] ? __pfx___se_sys_clone3+0x10/0x10 [ 2704.751235][T14449] ? rcu_is_watching+0x15/0xb0 [ 2704.756073][T14449] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2704.762135][T14449] ? exc_page_fault+0x587/0x870 [ 2704.767050][T14449] ? do_syscall_64+0xb4/0x240 [ 2704.771805][T14449] do_syscall_64+0xf9/0x240 [ 2704.776394][T14449] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2704.780104][T14463] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2704.782323][T14449] RIP: 0033:0x7f091a8a9b99 [ 2704.782350][T14449] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2704.782370][T14449] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2704.782397][T14449] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2704.832269][T14449] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2704.840283][T14449] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2704.848379][T14449] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2704.856376][T14449] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2704.864405][T14449] [ 2704.873646][T14449] memory: usage 307200kB, limit 307200kB, failcnt 167492 [ 2704.880958][T14449] memory+swap: usage 307388kB, limit 9007199254740988kB, failcnt 0 [ 2704.889240][T14449] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0 [ 2704.897458][T14449] Memory cgroup stats for /syz1: [ 2704.897611][T14449] cache 0 [ 2704.905622][T14449] rss 12288 [ 2704.909099][T14449] rss_huge 0 [ 2704.912421][T14449] shmem 0 [ 2704.915463][T14449] mapped_file 0 [ 2704.919072][T14449] dirty 0 [ 2704.922147][T14449] writeback 0 [ 2704.925545][T14449] workingset_refault_anon 55407 [ 2704.943234][T14449] workingset_refault_file 0 [ 2704.951047][T14449] swap 192512 [ 2704.954530][T14449] swapcached 8192 [ 2704.955831][T14458] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2704.959610][T14449] pgpgin 203461 [ 2704.972242][T14449] pgpgout 203458 [ 2704.976722][T14449] pgfault 462553 [ 2704.976923][T14462] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2704.980498][T14449] pgmajfault 53168 [ 2704.988220][T14462] IPv6: NLM_F_CREATE should be set when creating new route [ 2705.000828][T14464] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2705.009489][T14464] IPv6: NLM_F_CREATE should be set when creating new route 20:24:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000058650c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:53 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000700000c00080008"], 0x3c}}, 0x0) 20:24:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xc000000}, 0x0) [ 2705.027416][T14449] inactive_anon 4096 [ 2705.063274][T14449] active_anon 8192 [ 2705.068567][T14449] inactive_file 0 [ 2705.072249][T14449] active_file 0 [ 2705.075739][T14449] unevictable 0 [ 2705.096121][T14449] hierarchical_memory_limit 314572800 [ 2705.103641][T14449] hierarchical_memsw_limit 9223372036854771712 [ 2705.112422][T14449] total_cache 0 [ 2705.120737][T14467] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2705.123312][T14449] total_rss 12288 [ 2705.147885][T14449] total_rss_huge 0 [ 2705.154733][T14449] total_shmem 0 [ 2705.165177][T14449] total_mapped_file 0 [ 2705.172854][T14449] total_dirty 0 [ 2705.183221][T14449] total_writeback 0 [ 2705.189436][T14449] total_workingset_refault_anon 55407 [ 2705.194964][T14449] total_workingset_refault_file 0 [ 2705.208559][T14449] total_swap 192512 [ 2705.212537][T14449] total_swapcached 8192 [ 2705.219741][T14468] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2705.219847][T14449] total_pgpgin 203461 [ 2705.243136][T14449] total_pgpgout 203458 [ 2705.246397][T14470] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2705.247650][T14449] total_pgfault 462553 [ 2705.262401][T14449] total_pgmajfault 53168 [ 2705.267547][T14449] total_inactive_anon 4096 [ 2705.272271][T14449] total_active_anon 8192 [ 2705.276851][T14449] total_inactive_file 0 [ 2705.281329][T14449] total_active_file 0 [ 2705.285585][T14449] total_unevictable 0 [ 2705.290135][T14449] anon_cost 0 [ 2705.293656][T14449] file_cost 0 [ 2705.297614][T14449] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14449,uid=0 20:24:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000800000c00080008"], 0x3c}}, 0x0) [ 2705.313943][T14449] Memory cgroup out of memory: Killed process 14449 (syz-executor.1) total-vm:54508kB, anon-rss:388kB, file-rss:8960kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:24:54 executing program 1: r0 = socket$rxrpc(0x21, 0x2, 0xa) connect$rxrpc(r0, &(0x7f0000000100)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0x24) [ 2705.426692][T14471] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2705.434424][T14471] IPv6: NLM_F_CREATE should be set when creating new route [ 2705.449881][T14472] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2705.458729][T14472] IPv6: NLM_F_CREATE should be set when creating new route 20:24:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000810c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:54 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xd000000}, 0x0) [ 2705.480794][T14474] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:24:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000900000c00080008"], 0x3c}}, 0x0) 20:24:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000a00000c00080008"], 0x3c}}, 0x0) [ 2705.610126][T14479] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2705.634412][T14480] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2705.729125][T14481] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2705.821217][T14475] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2705.832999][T14475] CPU: 0 PID: 14475 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2705.843455][T14475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2705.846558][T14482] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2705.853522][T14475] Call Trace: [ 2705.853538][T14475] [ 2705.853549][T14475] dump_stack_lvl+0x1e7/0x2e0 [ 2705.853594][T14475] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2705.853627][T14475] ? __pfx__printk+0x10/0x10 [ 2705.861409][T14482] IPv6: NLM_F_CREATE should be set when creating new route [ 2705.864107][T14475] ? ___ratelimit+0x4c4/0x670 [ 2705.875189][T14483] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2705.876921][T14475] ? __pfx____ratelimit+0x10/0x10 [ 2705.876969][T14475] dump_header+0xda/0x6a0 [ 2705.877005][T14475] oom_kill_process+0x3a7/0x930 [ 2705.883241][T14483] IPv6: NLM_F_CREATE should be set when creating new route [ 2705.888859][T14475] out_of_memory+0xf67/0x1320 [ 2705.888907][T14475] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2705.888935][T14475] ? __pfx___mutex_lock+0x10/0x10 [ 2705.888973][T14475] ? __pfx_out_of_memory+0x10/0x10 [ 2705.889013][T14475] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2705.948219][T14475] ? __pfx_lock_release+0x10/0x10 [ 2705.953271][T14475] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2705.959359][T14475] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2705.964570][T14475] ? mem_cgroup_iter+0x3e9/0x560 [ 2705.969532][T14475] try_charge_memcg+0xda2/0x18a0 [ 2705.974480][T14475] ? mark_lock+0x9a/0x350 [ 2705.978842][T14475] ? __pfx_try_charge_memcg+0x10/0x10 [ 2705.984252][T14475] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2705.990441][T14475] charge_memcg+0xa2/0x160 [ 2705.994880][T14475] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2706.000957][T14475] __read_swap_cache_async+0x480/0x8b0 [ 2706.006432][T14475] ? mark_lock+0x9a/0x350 [ 2706.010778][T14475] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2706.016782][T14475] swap_cluster_readahead+0x67c/0x810 [ 2706.022180][T14475] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2706.028096][T14475] ? __pfx_lock_release+0x10/0x10 [ 2706.033135][T14475] ? xas_descend+0x37e/0x470 [ 2706.037751][T14475] swapin_readahead+0x1ea/0x1070 [ 2706.042704][T14475] ? filemap_get_entry+0x127/0x4e0 [ 2706.047864][T14475] ? __pfx_swapin_readahead+0x10/0x10 [ 2706.053259][T14475] ? __filemap_get_folio+0x935/0xbc0 [ 2706.058565][T14475] ? swap_cache_get_folio+0x9f/0x570 [ 2706.063869][T14475] do_swap_page+0x8ab/0x3da0 [ 2706.068475][T14475] ? __pte_offset_map+0x2c4/0x380 [ 2706.073520][T14475] ? do_swap_page+0x154/0x3da0 [ 2706.078303][T14475] ? __pfx_do_swap_page+0x10/0x10 [ 2706.083343][T14475] ? pte_offset_map_nolock+0x137/0x1f0 [ 2706.088906][T14475] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2706.094726][T14475] ? __pfx_validate_chain+0x10/0x10 [ 2706.099939][T14475] __handle_mm_fault+0x15e8/0x72d0 [ 2706.105096][T14475] ? __pfx___handle_mm_fault+0x10/0x10 [ 2706.110573][T14475] ? mt_find+0x226/0x850 [ 2706.114831][T14475] ? __pfx_lock_release+0x10/0x10 [ 2706.119887][T14475] ? mt_find+0x62d/0x850 [ 2706.124145][T14475] ? mt_find+0x226/0x850 [ 2706.128423][T14475] ? find_vma+0x142/0x1c0 [ 2706.132763][T14475] ? __pfx_find_vma+0x10/0x10 [ 2706.137456][T14475] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2706.143460][T14475] handle_mm_fault+0x3c1/0x8a0 [ 2706.148264][T14475] exc_page_fault+0x2ad/0x870 [ 2706.152972][T14475] asm_exc_page_fault+0x26/0x30 [ 2706.157839][T14475] RIP: 0010:__get_user_8+0x11/0x20 [ 2706.162963][T14475] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2706.182595][T14475] RSP: 0018:ffffc90013dbfd78 EFLAGS: 00050202 [ 2706.188681][T14475] RAX: 0000555555e1bda8 RBX: ffff88801e02d0b8 RCX: ffffc90013dbfc03 [ 2706.196661][T14475] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6da0 [ 2706.204642][T14475] RBP: ffffc90013dbfec0 R08: ffffffff8f8567ef R09: 1ffffffff1f0acfd [ 2706.212620][T14475] R10: dffffc0000000000 R11: fffffbfff1f0acfe R12: ffffc90013dbfd80 [ 2706.220596][T14475] R13: ffffc90013dbffd8 R14: dffffc0000000000 R15: ffff88801e02bb80 [ 2706.228614][T14475] __rseq_handle_notify_resume+0x158/0x1490 [ 2706.234628][T14475] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2706.240983][T14475] ? irqentry_exit_to_user_mode+0x52/0x280 [ 2706.246807][T14475] irqentry_exit_to_user_mode+0xbb/0x280 [ 2706.252474][T14475] exc_page_fault+0x587/0x870 [ 2706.257172][T14475] asm_exc_page_fault+0x26/0x30 [ 2706.262044][T14475] RIP: 0033:0x7f091a858d28 [ 2706.266470][T14475] Code: 55 41 54 49 89 f4 55 48 89 fd 53 48 8d 5e 17 48 83 ec 18 48 83 fb 1f 0f 86 b5 03 00 00 48 83 e3 f0 48 85 ff 0f 84 c5 05 00 00 <48> 39 1d e1 1a c8 00 0f 82 6b 01 00 00 41 89 dd 41 c1 ed 04 41 8d [ 2706.290182][T14475] RSP: 002b:00007ffdf4c5c9b0 EFLAGS: 00010206 [ 2706.296268][T14475] RAX: 00007f091a97f660 RBX: 0000000000000120 RCX: 00007f091a87de67 [ 2706.304254][T14475] RDX: 0000000000000001 RSI: 0000000000000110 RDI: 00007f091a97f660 [ 2706.312240][T14475] RBP: 00007f091a97f660 R08: 00000000ffffffff R09: 0000000000000000 [ 2706.320218][T14475] R10: 0000000000021000 R11: 0000000000000206 R12: 0000000000000110 [ 2706.328284][T14475] R13: 00007f091a97f660 R14: 0000000000001000 R15: 0000000000000000 [ 2706.336545][T14475] 20:24:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000047880c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xe000000}, 0x0) [ 2706.386124][T14475] memory: usage 307180kB, limit 307200kB, failcnt 167790 [ 2706.416103][T14475] memory+swap: usage 307400kB, limit 9007199254740988kB, failcnt 0 [ 2706.428732][T14475] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2706.455725][T14475] Memory cgroup stats for /syz1: [ 2706.455871][T14475] cache 0 [ 2706.473312][T14475] rss 12288 [ 2706.482376][T14475] rss_huge 0 [ 2706.490651][T14475] shmem 0 [ 2706.493821][T14475] mapped_file 0 20:24:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000b00000c00080008"], 0x3c}}, 0x0) [ 2706.505323][T14475] dirty 0 [ 2706.510257][T14475] writeback 0 [ 2706.521330][T14475] workingset_refault_anon 55508 [ 2706.537905][T14475] workingset_refault_file 0 [ 2706.546871][T14475] swap 225280 [ 2706.552632][T14475] swapcached 8192 [ 2706.560028][T14475] pgpgin 203571 [ 2706.568839][T14475] pgpgout 203568 [ 2706.577061][T14475] pgfault 462725 [ 2706.586446][T14475] pgmajfault 53264 [ 2706.594477][T14475] inactive_anon 4096 [ 2706.601194][T14475] active_anon 8192 [ 2706.605182][T14475] inactive_file 0 [ 2706.609389][T14490] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2706.609867][T14490] IPv6: NLM_F_CREATE should be set when creating new route [ 2706.621608][T14475] active_file 0 [ 2706.628254][T14475] unevictable 0 [ 2706.631995][T14475] hierarchical_memory_limit 314572800 [ 2706.642758][T14491] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2706.642780][T14475] hierarchical_memsw_limit 9223372036854771712 20:24:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000048880c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2706.651656][T14491] IPv6: NLM_F_CREATE should be set when creating new route [ 2706.657449][T14475] total_cache 0 [ 2706.668421][T14475] total_rss 12288 [ 2706.672362][T14475] total_rss_huge 0 [ 2706.678546][T14475] total_shmem 0 [ 2706.682297][T14475] total_mapped_file 0 [ 2706.688477][T14475] total_dirty 0 [ 2706.692252][T14475] total_writeback 0 [ 2706.697501][T14475] total_workingset_refault_anon 55508 [ 2706.703188][T14475] total_workingset_refault_file 0 20:24:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000c00000c00080008"], 0x3c}}, 0x0) 20:24:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x10000000}, 0x0) [ 2706.748631][T14475] total_swap 225280 [ 2706.766460][T14475] total_swapcached 8192 [ 2706.804098][T14475] total_pgpgin 203571 [ 2706.817455][T14475] total_pgpgout 203568 [ 2706.821594][T14475] total_pgfault 462725 [ 2706.825695][T14475] total_pgmajfault 53264 [ 2706.838512][T14475] total_inactive_anon 4096 [ 2706.843156][T14475] total_active_anon 8192 20:24:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000f00000c00080008"], 0x3c}}, 0x0) 20:24:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000048f50c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2706.847492][T14496] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2706.847945][T14496] IPv6: NLM_F_CREATE should be set when creating new route [ 2706.910013][T14475] total_inactive_file 0 [ 2706.917102][T14475] total_active_file 0 [ 2706.924915][T14475] total_unevictable 0 [ 2706.932598][T14475] anon_cost 0 [ 2706.948581][T14475] file_cost 0 [ 2706.954307][T14475] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14475,uid=0 [ 2706.975749][T14475] Memory cgroup out of memory: Killed process 14475 (syz-executor.1) total-vm:54508kB, anon-rss:360kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2706.980716][T14501] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2707.001898][T14501] IPv6: NLM_F_CREATE should be set when creating new route 20:24:55 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x7, 0xa, 0x201, 0x0, 0x0, {0x5}}, 0x14}}, 0x0) 20:24:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000001000000c00080008"], 0x3c}}, 0x0) 20:24:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x11000000}, 0x0) 20:24:56 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000001400000c00080008"], 0x3c}}, 0x0) [ 2707.135038][T14506] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2707.142908][T14506] IPv6: NLM_F_CREATE should be set when creating new route 20:24:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000600090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2707.302518][T14512] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2707.311247][T14512] IPv6: NLM_F_CREATE should be set when creating new route 20:24:56 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000006000000c00080008"], 0x3c}}, 0x0) 20:24:56 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x12000000}, 0x0) 20:24:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000020c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2707.491719][T14509] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2707.518172][T14509] CPU: 0 PID: 14509 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2707.528651][T14509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2707.538743][T14509] Call Trace: [ 2707.542047][T14509] [ 2707.545008][T14509] dump_stack_lvl+0x1e7/0x2e0 [ 2707.549739][T14509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2707.554988][T14509] ? __pfx__printk+0x10/0x10 [ 2707.560139][T14509] ? ___ratelimit+0x4c4/0x670 [ 2707.564867][T14509] ? __pfx____ratelimit+0x10/0x10 [ 2707.569961][T14509] dump_header+0xda/0x6a0 [ 2707.574337][T14509] oom_kill_process+0x3a7/0x930 [ 2707.579417][T14509] out_of_memory+0xf67/0x1320 [ 2707.584322][T14509] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2707.589991][T14509] ? __pfx___mutex_lock+0x10/0x10 [ 2707.595067][T14509] ? __pfx_out_of_memory+0x10/0x10 [ 2707.600260][T14509] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2707.605845][T14509] ? __pfx_lock_release+0x10/0x10 [ 2707.610911][T14509] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2707.617027][T14509] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2707.622267][T14509] ? mem_cgroup_iter+0x3e9/0x560 [ 2707.627260][T14509] try_charge_memcg+0xda2/0x18a0 [ 2707.632271][T14509] ? __pfx_try_charge_memcg+0x10/0x10 [ 2707.637688][T14509] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2707.643455][T14509] ? __pfx_lock_release+0x10/0x10 [ 2707.648530][T14509] ? memcg_account_kmem+0x1e7/0x210 [ 2707.653780][T14509] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2707.659627][T14509] __memcg_kmem_charge_page+0xe1/0x250 [ 2707.665133][T14509] memcg_charge_kernel_stack+0x210/0x550 [ 2707.670809][T14509] dup_task_struct+0x15d/0x7d0 [ 2707.675621][T14509] copy_process+0x5d5/0x3fc0 [ 2707.680268][T14509] ? __might_fault+0xa9/0x120 [ 2707.684981][T14509] ? __pfx_lock_release+0x10/0x10 [ 2707.690057][T14509] ? __pfx_copy_process+0x10/0x10 [ 2707.695122][T14509] ? __might_fault+0xc5/0x120 [ 2707.699829][T14509] ? __asan_memset+0x23/0x50 [ 2707.704466][T14509] kernel_clone+0x21d/0x8d0 [ 2707.709019][T14509] ? __pfx_kernel_clone+0x10/0x10 [ 2707.714102][T14509] __se_sys_clone3+0x2cb/0x350 [ 2707.718909][T14509] ? __pfx___se_sys_clone3+0x10/0x10 [ 2707.724247][T14509] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2707.730292][T14509] ? exc_page_fault+0x587/0x870 [ 2707.735189][T14509] ? do_syscall_64+0xb4/0x240 [ 2707.739923][T14509] do_syscall_64+0xf9/0x240 [ 2707.743768][T14520] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2707.744482][T14509] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2707.753333][T14520] IPv6: NLM_F_CREATE should be set when creating new route [ 2707.757560][T14509] RIP: 0033:0x7f091a8a9b99 [ 2707.757591][T14509] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2707.757610][T14509] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2707.757636][T14509] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2707.757652][T14509] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2707.809366][T14524] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2707.813244][T14509] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2707.813267][T14509] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 20:24:56 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a0000000000000000fc00000c00080008"], 0x3c}}, 0x0) 20:24:56 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x14000000}, 0x0) [ 2707.813284][T14509] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2707.813319][T14509] [ 2707.821053][T14524] IPv6: NLM_F_CREATE should be set when creating new route 20:24:56 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000003000c00080008"], 0x3c}}, 0x0) [ 2707.889201][T14509] memory: usage 307200kB, limit 307200kB, failcnt 168027 [ 2707.911705][T14509] memory+swap: usage 307456kB, limit 9007199254740988kB, failcnt 0 20:24:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000030c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2707.941057][T14509] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0 [ 2707.965794][T14509] Memory cgroup stats for /syz1: [ 2707.967224][T14509] cache 0 [ 2707.976670][T14509] rss 12288 [ 2707.982381][T14509] rss_huge 0 [ 2707.985780][T14509] shmem 0 [ 2707.990404][T14509] mapped_file 0 [ 2707.994080][T14509] dirty 0 [ 2707.997864][T14509] writeback 0 [ 2708.001341][T14509] workingset_refault_anon 55594 [ 2708.007409][T14509] workingset_refault_file 0 [ 2708.012068][T14509] swap 262144 [ 2708.015504][T14509] swapcached 8192 [ 2708.021471][T14509] pgpgin 203678 [ 2708.025097][T14509] pgpgout 203675 [ 2708.030514][T14509] pgfault 462890 [ 2708.049736][T14509] pgmajfault 53354 [ 2708.057037][T14509] inactive_anon 12288 [ 2708.061472][T14509] active_anon 0 [ 2708.065091][T14509] inactive_file 0 [ 2708.069560][T14509] active_file 0 [ 2708.073180][T14509] unevictable 0 [ 2708.075848][T14530] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2708.077643][T14509] hierarchical_memory_limit 314572800 [ 2708.085514][T14530] IPv6: NLM_F_CREATE should be set when creating new route 20:24:57 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000005000c00080008"], 0x3c}}, 0x0) [ 2708.097225][T14509] hierarchical_memsw_limit 9223372036854771712 [ 2708.103583][T14509] total_cache 0 [ 2708.127986][T14509] total_rss 12288 [ 2708.135140][T14509] total_rss_huge 0 [ 2708.145261][T14509] total_shmem 0 20:24:57 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x15000000}, 0x0) [ 2708.160079][T14509] total_mapped_file 0 [ 2708.174156][T14509] total_dirty 0 [ 2708.182081][T14509] total_writeback 0 [ 2708.190907][T14509] total_workingset_refault_anon 55594 [ 2708.210937][T14509] total_workingset_refault_file 0 [ 2708.219548][T14509] total_swap 262144 [ 2708.232446][T14509] total_swapcached 8192 [ 2708.243931][T14509] total_pgpgin 203678 [ 2708.256620][T14509] total_pgpgout 203675 20:24:57 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000006000c00080008"], 0x3c}}, 0x0) [ 2708.265356][T14509] total_pgfault 462890 [ 2708.278306][T14509] total_pgmajfault 53354 [ 2708.288156][T14509] total_inactive_anon 12288 [ 2708.293685][T14509] total_active_anon 0 [ 2708.308124][T14509] total_inactive_file 0 20:24:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000040c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2708.312420][T14509] total_active_file 0 [ 2708.326258][T14509] total_unevictable 0 [ 2708.330382][T14509] anon_cost 0 [ 2708.337302][T14509] file_cost 0 [ 2708.346972][T14509] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14509,uid=0 [ 2708.374398][T14509] Memory cgroup out of memory: Killed process 14509 (syz-executor.1) total-vm:54508kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2708.422201][T14539] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2708.430909][T14539] IPv6: NLM_F_CREATE should be set when creating new route 20:24:57 executing program 1: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) 20:24:57 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x18000000}, 0x0) 20:24:57 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000007000c00080008"], 0x3c}}, 0x0) 20:24:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000050c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2708.615053][T14544] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2708.622807][T14544] IPv6: NLM_F_CREATE should be set when creating new route 20:24:57 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000009000c00080008"], 0x3c}}, 0x0) [ 2708.961514][T14552] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2708.970306][T14552] IPv6: NLM_F_CREATE should be set when creating new route 20:24:57 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) [ 2709.019810][T14553] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2709.027605][T14553] IPv6: NLM_F_CREATE should be set when creating new route 20:24:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000060c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:57 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a0000000000000000000a000c00080008"], 0x3c}}, 0x0) [ 2709.197219][T14545] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2709.207784][T14545] CPU: 0 PID: 14545 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2709.218260][T14545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2709.228361][T14545] Call Trace: [ 2709.231687][T14545] [ 2709.234648][T14545] dump_stack_lvl+0x1e7/0x2e0 [ 2709.239395][T14545] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2709.244657][T14545] ? __pfx__printk+0x10/0x10 [ 2709.247320][T14559] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2709.249361][T14545] ? ___ratelimit+0x4c4/0x670 [ 2709.249405][T14545] ? __pfx____ratelimit+0x10/0x10 [ 2709.258243][T14559] IPv6: NLM_F_CREATE should be set when creating new route [ 2709.261274][T14545] dump_header+0xda/0x6a0 [ 2709.277885][T14545] oom_kill_process+0x3a7/0x930 [ 2709.282797][T14545] out_of_memory+0xf67/0x1320 [ 2709.287534][T14545] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2709.293227][T14545] ? __pfx___mutex_lock+0x10/0x10 [ 2709.298309][T14545] ? __pfx_out_of_memory+0x10/0x10 [ 2709.303576][T14545] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2709.309170][T14545] ? __pfx_lock_release+0x10/0x10 [ 2709.314332][T14545] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2709.320462][T14545] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2709.325687][T14545] ? mem_cgroup_iter+0x3e9/0x560 [ 2709.330645][T14545] try_charge_memcg+0xda2/0x18a0 [ 2709.335626][T14545] ? __pfx_try_charge_memcg+0x10/0x10 [ 2709.341019][T14545] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2709.346841][T14545] ? __pfx_lock_release+0x10/0x10 [ 2709.351888][T14545] ? memcg_account_kmem+0x1e7/0x210 [ 2709.357114][T14545] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2709.363022][T14545] __memcg_kmem_charge_page+0xe1/0x250 [ 2709.368505][T14545] memcg_charge_kernel_stack+0x37e/0x550 [ 2709.374246][T14545] dup_task_struct+0x40d/0x7d0 [ 2709.379034][T14545] copy_process+0x5d5/0x3fc0 [ 2709.383647][T14545] ? __might_fault+0xa9/0x120 [ 2709.388344][T14545] ? __pfx_lock_release+0x10/0x10 [ 2709.393401][T14545] ? __pfx_copy_process+0x10/0x10 [ 2709.398437][T14545] ? __might_fault+0xc5/0x120 [ 2709.403139][T14545] ? __asan_memset+0x23/0x50 [ 2709.407762][T14545] kernel_clone+0x21d/0x8d0 [ 2709.412309][T14545] ? __pfx_kernel_clone+0x10/0x10 [ 2709.417374][T14545] __se_sys_clone3+0x2cb/0x350 [ 2709.422156][T14545] ? __pfx___se_sys_clone3+0x10/0x10 [ 2709.427533][T14545] ? do_syscall_64+0x108/0x240 [ 2709.432316][T14545] ? do_syscall_64+0xb4/0x240 [ 2709.437032][T14545] do_syscall_64+0xf9/0x240 [ 2709.441562][T14545] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2709.447472][T14545] RIP: 0033:0x7f091a8a9b99 [ 2709.451903][T14545] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2709.471793][T14545] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2709.480224][T14545] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2709.488207][T14545] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2709.496278][T14545] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2709.504263][T14545] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2709.512252][T14545] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2709.520269][T14545] 20:24:58 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a0000000000000000000b000c00080008"], 0x3c}}, 0x0) 20:24:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x21000000}, 0x0) [ 2709.540969][T14545] memory: usage 307200kB, limit 307200kB, failcnt 168430 [ 2709.566529][T14545] memory+swap: usage 307400kB, limit 9007199254740988kB, failcnt 0 [ 2709.580929][T14545] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2709.607337][T14545] Memory cgroup stats for /syz1: [ 2709.607483][T14545] cache 0 [ 2709.630606][T14545] rss 16384 [ 2709.633816][T14545] rss_huge 0 [ 2709.638035][T14545] shmem 0 [ 2709.643413][T14545] mapped_file 0 [ 2709.647756][T14563] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2709.655573][T14563] IPv6: NLM_F_CREATE should be set when creating new route [ 2709.663808][T14545] dirty 0 [ 2709.667083][T14545] writeback 0 [ 2709.670427][T14545] workingset_refault_anon 55728 [ 2709.675578][T14545] workingset_refault_file 0 [ 2709.680593][T14545] swap 188416 [ 2709.683927][T14545] swapcached 12288 [ 2709.687965][T14545] pgpgin 203827 [ 2709.691679][T14545] pgpgout 203823 [ 2709.695621][T14545] pgfault 463109 [ 2709.699799][T14545] pgmajfault 53485 20:24:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000070c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:58 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a0000000000000000000c000c00080008"], 0x3c}}, 0x0) [ 2709.714941][T14545] inactive_anon 0 [ 2709.727172][T14545] active_anon 16384 [ 2709.731154][T14545] inactive_file 0 [ 2709.734829][T14545] active_file 0 [ 2709.756392][T14545] unevictable 0 [ 2709.761356][T14545] hierarchical_memory_limit 314572800 [ 2709.769629][T14545] hierarchical_memsw_limit 9223372036854771712 [ 2709.781568][T14545] total_cache 0 [ 2709.787683][T14545] total_rss 16384 [ 2709.792615][T14545] total_rss_huge 0 [ 2709.802405][T14545] total_shmem 0 [ 2709.806958][T14545] total_mapped_file 0 [ 2709.813373][T14545] total_dirty 0 [ 2709.817109][T14545] total_writeback 0 [ 2709.821049][T14545] total_workingset_refault_anon 55728 [ 2709.826890][T14545] total_workingset_refault_file 0 [ 2709.832053][T14545] total_swap 188416 [ 2709.836364][T14545] total_swapcached 12288 [ 2709.840829][T14545] total_pgpgin 203827 [ 2709.845262][T14545] total_pgpgout 203823 [ 2709.850270][T14545] total_pgfault 463109 [ 2709.854637][T14545] total_pgmajfault 53485 [ 2709.861209][T14545] total_inactive_anon 0 [ 2709.865647][T14568] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2709.873654][T14545] total_active_anon 16384 [ 2709.874481][T14568] IPv6: NLM_F_CREATE should be set when creating new route [ 2709.881455][T14545] total_inactive_file 0 [ 2709.891616][T14570] __nla_validate_parse: 33 callbacks suppressed [ 2709.891635][T14570] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:24:58 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a0000000000000000000f000c00080008"], 0x3c}}, 0x0) 20:24:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x25000000}, 0x0) [ 2709.897200][T14545] total_active_file 0 [ 2709.899328][T14572] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2709.914936][T14545] total_unevictable 0 [ 2709.927192][T14545] anon_cost 0 [ 2709.935072][T14545] file_cost 0 [ 2709.941733][T14545] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14545,uid=0 [ 2709.994749][T14545] Memory cgroup out of memory: Killed process 14545 (syz-executor.1) total-vm:54508kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:24:58 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) sendmmsg$unix(r0, &(0x7f0000000800)=[{{&(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000001c0)=[{&(0x7f00000000c0)="f5", 0x1}, {0x0}], 0x2}}], 0x1, 0x0) [ 2710.072377][T14573] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2710.080217][T14573] IPv6: NLM_F_CREATE should be set when creating new route [ 2710.093826][T14575] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:24:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000014000c00080008"], 0x3c}}, 0x0) [ 2710.124230][T14577] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:24:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000080c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2710.231184][T14578] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2710.240321][T14578] IPv6: NLM_F_CREATE should be set when creating new route 20:24:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000008847000c00080008"], 0x3c}}, 0x0) 20:24:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x3f000000}, 0x0) [ 2710.291091][T14581] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2710.349229][T14583] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:24:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000008848000c00080008"], 0x3c}}, 0x0) [ 2710.452718][T14585] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2710.463622][T14587] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2710.554399][T14579] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2710.572606][T14588] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2710.580423][T14588] IPv6: NLM_F_CREATE should be set when creating new route [ 2710.595308][T14579] CPU: 0 PID: 14579 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2710.605959][T14579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2710.616057][T14579] Call Trace: [ 2710.619366][T14579] [ 2710.622363][T14579] dump_stack_lvl+0x1e7/0x2e0 [ 2710.627105][T14579] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2710.631600][T14591] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2710.632341][T14579] ? __pfx__printk+0x10/0x10 [ 2710.632377][T14579] ? ___ratelimit+0x4c4/0x670 [ 2710.632418][T14579] ? __pfx____ratelimit+0x10/0x10 [ 2710.656015][T14579] dump_header+0xda/0x6a0 [ 2710.660373][T14579] oom_kill_process+0x3a7/0x930 [ 2710.665240][T14579] out_of_memory+0xf67/0x1320 [ 2710.669934][T14579] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2710.675579][T14579] ? __pfx___mutex_lock+0x10/0x10 [ 2710.680628][T14579] ? __pfx_out_of_memory+0x10/0x10 [ 2710.685784][T14579] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2710.691370][T14579] ? __pfx_lock_release+0x10/0x10 [ 2710.696449][T14579] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2710.702552][T14579] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2710.707795][T14579] ? mem_cgroup_iter+0x3e9/0x560 [ 2710.712764][T14579] try_charge_memcg+0xda2/0x18a0 [ 2710.717743][T14579] ? __pfx_try_charge_memcg+0x10/0x10 [ 2710.723133][T14579] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2710.728884][T14579] ? __pfx_lock_release+0x10/0x10 [ 2710.734010][T14579] ? memcg_account_kmem+0x1e7/0x210 [ 2710.739350][T14579] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2710.745203][T14579] __memcg_kmem_charge_page+0xe1/0x250 [ 2710.750976][T14579] memcg_charge_kernel_stack+0x37e/0x550 [ 2710.756687][T14579] dup_task_struct+0x40d/0x7d0 [ 2710.761673][T14579] copy_process+0x5d5/0x3fc0 [ 2710.766498][T14579] ? __might_fault+0xa9/0x120 [ 2710.771310][T14579] ? __pfx_lock_release+0x10/0x10 [ 2710.776417][T14579] ? __lock_acquire+0x1345/0x1fd0 [ 2710.781490][T14579] ? __pfx_copy_process+0x10/0x10 [ 2710.786556][T14579] ? __might_fault+0xc5/0x120 [ 2710.791260][T14579] ? __asan_memset+0x23/0x50 [ 2710.795886][T14579] kernel_clone+0x21d/0x8d0 [ 2710.800425][T14579] ? __pfx_kernel_clone+0x10/0x10 [ 2710.805470][T14579] ? __pfx_lock_release+0x10/0x10 [ 2710.810540][T14579] __se_sys_clone3+0x2cb/0x350 [ 2710.815364][T14579] ? __might_fault+0xa9/0x120 [ 2710.820081][T14579] ? __pfx___se_sys_clone3+0x10/0x10 [ 2710.825396][T14579] ? rcu_is_watching+0x15/0xb0 [ 2710.830205][T14579] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2710.836345][T14579] ? exc_page_fault+0x587/0x870 [ 2710.841253][T14579] ? do_syscall_64+0xb4/0x240 [ 2710.845980][T14579] do_syscall_64+0xf9/0x240 [ 2710.850615][T14579] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2710.856546][T14579] RIP: 0033:0x7f091a8a9b99 [ 2710.861064][T14579] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2710.880891][T14579] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2710.889420][T14579] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2710.897423][T14579] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2710.905581][T14579] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2710.914100][T14579] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2710.922081][T14579] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2710.930078][T14579] [ 2710.964470][T14589] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2710.973215][T14589] IPv6: NLM_F_CREATE should be set when creating new route 20:24:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000008a51000c00080008"], 0x3c}}, 0x0) 20:24:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000090c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:24:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x40000000}, 0x0) [ 2711.034446][T14594] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2711.044909][T14579] memory: usage 307200kB, limit 307200kB, failcnt 168796 [ 2711.059865][T14579] memory+swap: usage 307436kB, limit 9007199254740988kB, failcnt 0 [ 2711.092110][T14579] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2711.100902][T14579] Memory cgroup stats for /syz1: [ 2711.101366][T14579] cache 0 [ 2711.110470][T14579] rss 12288 [ 2711.113916][T14579] rss_huge 0 [ 2711.117962][T14579] shmem 0 [ 2711.122261][T14579] mapped_file 0 [ 2711.127166][T14579] dirty 0 [ 2711.135147][T14579] writeback 0 20:25:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000006558000c00080008"], 0x3c}}, 0x0) [ 2711.139199][T14579] workingset_refault_anon 55858 [ 2711.146373][T14579] workingset_refault_file 0 [ 2711.151230][T14579] swap 229376 [ 2711.154914][T14579] swapcached 8192 [ 2711.160937][T14579] pgpgin 203968 [ 2711.164488][T14579] pgpgout 203965 [ 2711.167898][T14597] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2711.175312][T14579] pgfault 463317 [ 2711.175887][T14597] IPv6: NLM_F_CREATE should be set when creating new route [ 2711.183686][T14579] pgmajfault 53600 [ 2711.203813][T14579] inactive_anon 0 [ 2711.210334][T14579] active_anon 12288 [ 2711.214735][T14579] inactive_file 0 [ 2711.225454][T14579] active_file 0 [ 2711.230081][T14579] unevictable 0 [ 2711.246224][T14579] hierarchical_memory_limit 314572800 20:25:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a000200400000000000000a0c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2711.251678][T14579] hierarchical_memsw_limit 9223372036854771712 [ 2711.271632][T14579] total_cache 0 [ 2711.275663][T14579] total_rss 12288 [ 2711.282150][T14579] total_rss_huge 0 [ 2711.294657][T14579] total_shmem 0 [ 2711.300383][T14579] total_mapped_file 0 [ 2711.304409][T14579] total_dirty 0 [ 2711.314469][T14579] total_writeback 0 [ 2711.323583][T14599] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2711.332365][T14599] IPv6: NLM_F_CREATE should be set when creating new route [ 2711.332438][T14579] total_workingset_refault_anon 55858 20:25:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000060000c00080008"], 0x3c}}, 0x0) [ 2711.355197][T14579] total_workingset_refault_file 0 [ 2711.361865][T14579] total_swap 229376 [ 2711.365735][T14579] total_swapcached 8192 [ 2711.371068][T14579] total_pgpgin 203968 [ 2711.375318][T14579] total_pgpgout 203965 [ 2711.388704][T14579] total_pgfault 463317 [ 2711.393459][T14579] total_pgmajfault 53600 20:25:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x48000000}, 0x0) [ 2711.404565][T14579] total_inactive_anon 0 [ 2711.414720][T14579] total_active_anon 12288 [ 2711.431533][T14579] total_inactive_file 0 [ 2711.435762][T14579] total_active_file 0 [ 2711.440759][T14579] total_unevictable 0 [ 2711.445276][T14579] anon_cost 0 [ 2711.466302][T14579] file_cost 0 [ 2711.469658][T14579] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14579,uid=0 [ 2711.502535][T14579] Memory cgroup out of memory: Killed process 14579 (syz-executor.1) total-vm:54508kB, anon-rss:380kB, file-rss:8848kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2711.519141][T14604] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2711.528146][T14604] IPv6: NLM_F_CREATE should be set when creating new route 20:25:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a000200400000000000000b0c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:00 executing program 1: socketpair(0x1e, 0x4, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$xdp(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)="a5", 0x1}, {0x0}], 0x2}, 0x44840) 20:25:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000005865000c00080008"], 0x3c}}, 0x0) [ 2711.672938][T14609] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2711.681677][T14609] IPv6: NLM_F_CREATE should be set when creating new route 20:25:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x4c000000}, 0x0) 20:25:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000081000c00080008"], 0x3c}}, 0x0) [ 2711.815611][T14612] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2711.823546][T14612] IPv6: NLM_F_CREATE should be set when creating new route 20:25:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a000200400000000000000c0c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2712.082503][T14613] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2712.093227][T14613] CPU: 0 PID: 14613 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2712.103907][T14613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2712.114163][T14613] Call Trace: [ 2712.117623][T14613] [ 2712.120597][T14613] dump_stack_lvl+0x1e7/0x2e0 [ 2712.125478][T14613] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2712.127752][T14620] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2712.130814][T14613] ? __pfx__printk+0x10/0x10 [ 2712.130854][T14613] ? ___ratelimit+0x4c4/0x670 [ 2712.140153][T14620] IPv6: NLM_F_CREATE should be set when creating new route [ 2712.142963][T14613] ? __pfx____ratelimit+0x10/0x10 [ 2712.160463][T14613] dump_header+0xda/0x6a0 [ 2712.164861][T14613] oom_kill_process+0x3a7/0x930 [ 2712.169785][T14613] out_of_memory+0xf67/0x1320 [ 2712.174529][T14613] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2712.180224][T14613] ? __pfx___mutex_lock+0x10/0x10 [ 2712.185483][T14613] ? __pfx_out_of_memory+0x10/0x10 [ 2712.190694][T14613] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2712.196311][T14613] ? __pfx_lock_release+0x10/0x10 [ 2712.201390][T14613] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2712.207518][T14613] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2712.212739][T14613] ? mem_cgroup_iter+0x3e9/0x560 [ 2712.218330][T14613] try_charge_memcg+0xda2/0x18a0 [ 2712.223570][T14613] ? __pfx_try_charge_memcg+0x10/0x10 [ 2712.228995][T14613] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2712.234830][T14613] ? __pfx_lock_release+0x10/0x10 [ 2712.240313][T14613] ? memcg_account_kmem+0x1e7/0x210 [ 2712.246069][T14613] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2712.252072][T14613] __memcg_kmem_charge_page+0xe1/0x250 [ 2712.257653][T14613] memcg_charge_kernel_stack+0x37e/0x550 [ 2712.263315][T14613] dup_task_struct+0x40d/0x7d0 [ 2712.268096][T14613] copy_process+0x5d5/0x3fc0 [ 2712.272711][T14613] ? __might_fault+0xa9/0x120 [ 2712.277407][T14613] ? __pfx_lock_release+0x10/0x10 [ 2712.282460][T14613] ? __pfx_copy_process+0x10/0x10 [ 2712.287586][T14613] ? __might_fault+0xc5/0x120 [ 2712.292280][T14613] ? __asan_memset+0x23/0x50 [ 2712.296996][T14613] kernel_clone+0x21d/0x8d0 [ 2712.301537][T14613] ? __pfx_kernel_clone+0x10/0x10 [ 2712.306686][T14613] __se_sys_clone3+0x2cb/0x350 [ 2712.311645][T14613] ? __might_fault+0xa9/0x120 [ 2712.316348][T14613] ? __pfx___se_sys_clone3+0x10/0x10 [ 2712.321682][T14613] ? do_syscall_64+0x108/0x240 [ 2712.326479][T14613] ? do_syscall_64+0xb4/0x240 [ 2712.331182][T14613] do_syscall_64+0xf9/0x240 [ 2712.335800][T14613] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2712.341714][T14613] RIP: 0033:0x7f091a8a9b99 [ 2712.346168][T14613] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2712.365879][T14613] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2712.374309][T14613] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2712.382290][T14613] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2712.390279][T14613] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2712.398261][T14613] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2712.406240][T14613] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2712.414408][T14613] 20:25:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000004788000c00080008"], 0x3c}}, 0x0) [ 2712.456287][T14613] memory: usage 307200kB, limit 307200kB, failcnt 169158 [ 2712.479580][T14613] memory+swap: usage 307400kB, limit 9007199254740988kB, failcnt 0 [ 2712.493530][T14623] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 20:25:01 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x60000000}, 0x0) [ 2712.501426][T14623] IPv6: NLM_F_CREATE should be set when creating new route [ 2712.505290][T14613] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2712.537869][T14613] Memory cgroup stats for /syz1: [ 2712.538022][T14613] cache 0 20:25:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a000200400000000000000f0c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000004888000c00080008"], 0x3c}}, 0x0) [ 2712.563502][T14613] rss 0 [ 2712.567775][T14613] rss_huge 0 [ 2712.572064][T14613] shmem 0 [ 2712.575050][T14613] mapped_file 0 [ 2712.587763][T14613] dirty 0 [ 2712.591012][T14613] writeback 0 [ 2712.596278][T14613] workingset_refault_anon 55986 [ 2712.601181][T14613] workingset_refault_file 0 [ 2712.605797][T14613] swap 204800 20:25:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a0000000000000000518a000c00080008"], 0x3c}}, 0x0) [ 2712.636419][T14613] swapcached 0 [ 2712.639865][T14613] pgpgin 204106 [ 2712.643358][T14613] pgpgout 204106 [ 2712.655491][T14613] pgfault 463522 [ 2712.664810][T14613] pgmajfault 53713 [ 2712.678136][T14613] inactive_anon 0 [ 2712.686156][T14613] active_anon 0 [ 2712.698487][T14613] inactive_file 0 [ 2712.703421][T14613] active_file 0 [ 2712.711934][T14613] unevictable 0 [ 2712.718257][T14613] hierarchical_memory_limit 314572800 [ 2712.724125][T14613] hierarchical_memsw_limit 9223372036854771712 [ 2712.740584][T14613] total_cache 0 [ 2712.744756][T14613] total_rss 0 [ 2712.751394][T14613] total_rss_huge 0 [ 2712.755270][T14613] total_shmem 0 [ 2712.761558][T14613] total_mapped_file 0 [ 2712.771021][T14613] total_dirty 0 [ 2712.774627][T14613] total_writeback 0 [ 2712.778724][T14613] total_workingset_refault_anon 55986 [ 2712.786866][T14613] total_workingset_refault_file 0 [ 2712.792006][T14613] total_swap 204800 [ 2712.800603][T14613] total_swapcached 0 [ 2712.807118][T14613] total_pgpgin 204106 [ 2712.811236][T14613] total_pgpgout 204106 [ 2712.815412][T14613] total_pgfault 463522 [ 2712.823347][T14613] total_pgmajfault 53713 [ 2712.824009][T14632] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 20:25:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000100c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2712.835425][T14632] IPv6: NLM_F_CREATE should be set when creating new route [ 2712.841618][T14613] total_inactive_anon 0 [ 2712.850489][T14613] total_active_anon 0 [ 2712.850546][T14634] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2712.863529][T14634] IPv6: NLM_F_CREATE should be set when creating new route [ 2712.870261][T14613] total_inactive_file 0 [ 2712.881202][T14613] total_active_file 0 20:25:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000fc000c00080008"], 0x3c}}, 0x0) 20:25:01 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x68000000}, 0x0) [ 2712.893364][T14613] total_unevictable 0 [ 2712.912956][T14613] anon_cost 0 [ 2712.929356][T14613] file_cost 0 20:25:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000ff000c00080008"], 0x3c}}, 0x0) [ 2712.933789][T14613] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14613,uid=0 [ 2712.971178][T14613] Memory cgroup out of memory: Killed process 14613 (syz-executor.1) total-vm:54508kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:01 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0xffffffffffffff40, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 2713.242776][T14643] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2713.250772][T14643] IPv6: NLM_F_CREATE should be set when creating new route [ 2713.269266][T14644] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2713.278058][T14644] IPv6: NLM_F_CREATE should be set when creating new route 20:25:02 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000002000080008"], 0x3c}}, 0x0) [ 2713.320026][T14646] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2713.337563][T14646] CPU: 0 PID: 14646 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2713.348469][T14646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2713.358673][T14646] Call Trace: [ 2713.361962][T14646] [ 2713.364902][T14646] dump_stack_lvl+0x1e7/0x2e0 [ 2713.369621][T14646] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2713.374837][T14646] ? __pfx__printk+0x10/0x10 [ 2713.379439][T14646] ? ___ratelimit+0x4c4/0x670 [ 2713.384132][T14646] ? __pfx____ratelimit+0x10/0x10 [ 2713.389172][T14646] dump_header+0xda/0x6a0 [ 2713.393538][T14646] oom_kill_process+0x3a7/0x930 [ 2713.398411][T14646] out_of_memory+0xf67/0x1320 [ 2713.403111][T14646] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2713.408762][T14646] ? __pfx___mutex_lock+0x10/0x10 [ 2713.413808][T14646] ? __pfx_out_of_memory+0x10/0x10 [ 2713.418941][T14646] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2713.424499][T14646] ? __pfx_lock_release+0x10/0x10 [ 2713.429545][T14646] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2713.435627][T14646] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2713.440837][T14646] ? mem_cgroup_iter+0x3e9/0x560 [ 2713.445801][T14646] try_charge_memcg+0xda2/0x18a0 [ 2713.450845][T14646] ? mark_lock+0x9a/0x350 [ 2713.455213][T14646] ? __pfx_try_charge_memcg+0x10/0x10 [ 2713.460625][T14646] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2713.466802][T14646] charge_memcg+0xa2/0x160 [ 2713.471272][T14646] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2713.477352][T14646] __read_swap_cache_async+0x480/0x8b0 [ 2713.482915][T14646] ? mark_lock+0x9a/0x350 [ 2713.487438][T14646] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2713.493442][T14646] swap_cluster_readahead+0x67c/0x810 [ 2713.498849][T14646] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2713.504764][T14646] ? __pfx_lock_release+0x10/0x10 [ 2713.509807][T14646] ? xas_descend+0x37e/0x470 [ 2713.514424][T14646] swapin_readahead+0x1ea/0x1070 [ 2713.519389][T14646] ? filemap_get_entry+0x127/0x4e0 [ 2713.524533][T14646] ? __pfx_swapin_readahead+0x10/0x10 [ 2713.530017][T14646] ? __filemap_get_folio+0x935/0xbc0 [ 2713.535323][T14646] ? swap_cache_get_folio+0x9f/0x570 [ 2713.540629][T14646] do_swap_page+0x8ab/0x3da0 [ 2713.545236][T14646] ? __pte_offset_map+0x2c4/0x380 [ 2713.550283][T14646] ? __pfx_validate_chain+0x10/0x10 [ 2713.555509][T14646] ? do_swap_page+0x154/0x3da0 [ 2713.560735][T14646] ? __pfx_do_swap_page+0x10/0x10 [ 2713.565812][T14646] ? pte_offset_map_nolock+0x137/0x1f0 [ 2713.571320][T14646] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2713.577538][T14646] __handle_mm_fault+0x15e8/0x72d0 [ 2713.582727][T14646] ? reacquire_held_locks+0x3eb/0x690 [ 2713.588143][T14646] ? __pfx___handle_mm_fault+0x10/0x10 [ 2713.593670][T14646] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2713.599461][T14646] ? mtree_range_walk+0x6fd/0x8e0 [ 2713.604541][T14646] ? lock_vma_under_rcu+0x18a/0x730 [ 2713.609795][T14646] ? __pfx_lock_release+0x10/0x10 [ 2713.614854][T14646] ? lock_vma_under_rcu+0x2f9/0x730 [ 2713.620105][T14646] ? lock_vma_under_rcu+0x18a/0x730 [ 2713.625321][T14646] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2713.630883][T14646] handle_mm_fault+0x3c1/0x8a0 [ 2713.635671][T14646] exc_page_fault+0x456/0x870 [ 2713.640374][T14646] asm_exc_page_fault+0x26/0x30 [ 2713.645245][T14646] RIP: 0033:0x7f091a8371c8 [ 2713.649802][T14646] Code: 49 c1 ea 08 48 c1 ee 10 4c 8d 42 18 0f b6 dd 48 c1 ef 18 48 c1 e8 20 48 0f af 05 cb e4 c9 00 48 03 42 10 41 81 e2 fe 00 00 00 <4c> 89 84 24 08 01 00 00 40 0f b6 f6 40 0f b6 ff 0f 85 9a 0d 00 00 [ 2713.669440][T14646] RSP: 002b:00007ffdf4c5cba0 EFLAGS: 00010246 [ 2713.675524][T14646] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004 [ 2713.683527][T14646] RDX: 00007f091a400048 RSI: 0000000000000000 RDI: 0000000000000000 [ 2713.691509][T14646] RBP: 0000000000000000 R08: 00007f091a400060 R09: 0000000000000000 [ 2713.699515][T14646] R10: 0000000000000000 R11: 000000000007a806 R12: 00007ffdf4c5cd50 [ 2713.707496][T14646] R13: 0000000000000fa2 R14: 00007ffdf4c5cd58 R15: 00007ffdf4c5cca8 [ 2713.715495][T14646] 20:25:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000110c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:02 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x6c000000}, 0x0) 20:25:02 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000002800080008"], 0x3c}}, 0x0) [ 2713.749376][T14646] memory: usage 307180kB, limit 307200kB, failcnt 169431 [ 2713.768155][ T1242] ieee802154 phy0 wpan0: encryption failed: -22 [ 2713.775245][ T1242] ieee802154 phy1 wpan1: encryption failed: -22 [ 2713.779494][T14646] memory+swap: usage 307392kB, limit 9007199254740988kB, failcnt 0 [ 2713.856655][T14646] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2713.864564][T14646] Memory cgroup stats for /syz1: [ 2713.864721][T14646] cache 0 [ 2713.873951][T14646] rss 12288 [ 2713.877461][T14646] rss_huge 0 [ 2713.880902][T14646] shmem 0 [ 2713.884563][T14646] mapped_file 0 [ 2713.889050][T14646] dirty 0 [ 2713.892176][T14646] writeback 0 [ 2713.895719][T14646] workingset_refault_anon 56063 [ 2713.901919][T14646] workingset_refault_file 0 [ 2713.914531][T14646] swap 217088 [ 2713.918232][T14646] swapcached 8192 [ 2713.922056][T14646] pgpgin 204191 [ 2713.925788][T14646] pgpgout 204188 [ 2713.929880][T14646] pgfault 463657 [ 2713.933617][T14646] pgmajfault 53788 [ 2713.937707][T14646] inactive_anon 0 [ 2713.941528][T14646] active_anon 12288 [ 2713.952775][T14646] inactive_file 0 [ 2713.958233][T14646] active_file 0 [ 2713.961873][T14646] unevictable 0 [ 2713.965536][T14646] hierarchical_memory_limit 314572800 [ 2713.971646][T14646] hierarchical_memsw_limit 9223372036854771712 [ 2713.978146][T14646] total_cache 0 [ 2713.981777][T14646] total_rss 12288 [ 2713.985586][T14646] total_rss_huge 0 [ 2713.989824][T14646] total_shmem 0 [ 2713.993436][T14646] total_mapped_file 0 [ 2713.997755][T14646] total_dirty 0 [ 2714.001429][T14646] total_writeback 0 [ 2714.005400][T14646] total_workingset_refault_anon 56063 [ 2714.011032][T14646] total_workingset_refault_file 0 [ 2714.016926][T14646] total_swap 217088 [ 2714.022773][T14646] total_swapcached 8192 [ 2714.027548][T14646] total_pgpgin 204191 [ 2714.031820][T14646] total_pgpgout 204188 [ 2714.037080][T14646] total_pgfault 463657 [ 2714.041432][T14646] total_pgmajfault 53788 [ 2714.046236][T14646] total_inactive_anon 0 [ 2714.050731][T14646] total_active_anon 12288 [ 2714.057818][T14646] total_inactive_file 0 [ 2714.063365][T14646] total_active_file 0 [ 2714.067703][T14646] total_unevictable 0 [ 2714.071958][T14646] anon_cost 0 [ 2714.075591][T14646] file_cost 0 [ 2714.079588][T14646] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14646,uid=0 20:25:03 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x10, &(0x7f0000000800)=@ringbuf={{}, {}, {}, [@jmp={0x5, 0x0, 0x8, 0x0, 0x9}]}, &(0x7f0000000200)='GPL\x00'}, 0x90) [ 2714.096318][T14646] Memory cgroup out of memory: Killed process 14646 (syz-executor.1) total-vm:54376kB, anon-rss:380kB, file-rss:8784kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:03 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000004000080008"], 0x3c}}, 0x0) 20:25:03 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000140c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2714.158133][T14653] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2714.166087][T14653] IPv6: NLM_F_CREATE should be set when creating new route [ 2714.181852][T14656] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2714.190744][T14656] IPv6: NLM_F_CREATE should be set when creating new route 20:25:03 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x74000000}, 0x0) 20:25:03 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000002000c00080008"], 0x3c}}, 0x0) [ 2714.364974][T29516] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2714.427405][T29516] CPU: 0 PID: 29516 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2714.437912][T29516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2714.448009][T29516] Call Trace: [ 2714.451326][T29516] [ 2714.454294][T29516] dump_stack_lvl+0x1e7/0x2e0 [ 2714.459030][T29516] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2714.464305][T29516] ? __pfx__printk+0x10/0x10 [ 2714.468943][T29516] ? ___ratelimit+0x4c4/0x670 [ 2714.473673][T29516] ? __pfx____ratelimit+0x10/0x10 [ 2714.478760][T29516] dump_header+0xda/0x6a0 [ 2714.483149][T29516] oom_kill_process+0x3a7/0x930 [ 2714.488056][T29516] out_of_memory+0xf67/0x1320 [ 2714.492776][T29516] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2714.498429][T29516] ? __pfx___mutex_lock+0x10/0x10 [ 2714.503489][T29516] ? __pfx_out_of_memory+0x10/0x10 [ 2714.508625][T29516] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2714.514182][T29516] ? __pfx_lock_release+0x10/0x10 [ 2714.519225][T29516] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2714.525315][T29516] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2714.530530][T29516] ? mem_cgroup_iter+0x3e9/0x560 [ 2714.535488][T29516] try_charge_memcg+0xda2/0x18a0 [ 2714.540438][T29516] ? mark_lock+0x9a/0x350 [ 2714.544801][T29516] ? __pfx_try_charge_memcg+0x10/0x10 [ 2714.550207][T29516] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2714.556372][T29516] charge_memcg+0xa2/0x160 [ 2714.560898][T29516] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2714.566977][T29516] __read_swap_cache_async+0x480/0x8b0 [ 2714.572625][T29516] ? mark_lock+0x9a/0x350 [ 2714.576981][T29516] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2714.583000][T29516] swap_cluster_readahead+0x67c/0x810 [ 2714.588404][T29516] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2714.594413][T29516] ? __pfx_lock_release+0x10/0x10 [ 2714.599461][T29516] ? xas_descend+0x37e/0x470 [ 2714.604081][T29516] swapin_readahead+0x1ea/0x1070 [ 2714.609036][T29516] ? filemap_get_entry+0x127/0x4e0 [ 2714.614172][T29516] ? __pfx_swapin_readahead+0x10/0x10 [ 2714.619577][T29516] ? __filemap_get_folio+0x935/0xbc0 [ 2714.624881][T29516] ? swap_cache_get_folio+0x9f/0x570 [ 2714.630201][T29516] do_swap_page+0x8ab/0x3da0 [ 2714.634808][T29516] ? __pte_offset_map+0x2c4/0x380 [ 2714.639854][T29516] ? do_swap_page+0x154/0x3da0 [ 2714.644626][T29516] ? __pfx_do_swap_page+0x10/0x10 [ 2714.649689][T29516] ? pte_offset_map_nolock+0x137/0x1f0 [ 2714.655170][T29516] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2714.660998][T29516] ? __pfx_validate_chain+0x10/0x10 [ 2714.666213][T29516] __handle_mm_fault+0x15e8/0x72d0 [ 2714.671366][T29516] ? __pfx___handle_mm_fault+0x10/0x10 [ 2714.676850][T29516] ? mt_find+0x226/0x850 [ 2714.681110][T29516] ? __pfx_lock_release+0x10/0x10 [ 2714.686180][T29516] ? mt_find+0x62d/0x850 [ 2714.690445][T29516] ? mt_find+0x226/0x850 [ 2714.694729][T29516] ? find_vma+0x142/0x1c0 [ 2714.699072][T29516] ? __pfx_find_vma+0x10/0x10 [ 2714.703761][T29516] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2714.709763][T29516] handle_mm_fault+0x3c1/0x8a0 [ 2714.714574][T29516] exc_page_fault+0x2ad/0x870 [ 2714.719325][T29516] asm_exc_page_fault+0x26/0x30 [ 2714.724211][T29516] RIP: 0010:__get_user_8+0x11/0x20 [ 2714.729340][T29516] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2714.748986][T29516] RSP: 0018:ffffc90003767d98 EFLAGS: 00050202 [ 2714.755081][T29516] RAX: 0000555555e1bda8 RBX: ffff88802157b2f8 RCX: ffffc90003767c03 [ 2714.763162][T29516] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6da0 [ 2714.771234][T29516] RBP: ffffc90003767ec8 R08: ffffffff8f8567ef R09: 1ffffffff1f0acfd [ 2714.779222][T29516] R10: dffffc0000000000 R11: fffffbfff1f0acfe R12: ffffc90003767da0 [ 2714.787210][T29516] R13: ffffc90003767fd8 R14: dffffc0000000000 R15: ffff888021579dc0 [ 2714.795212][T29516] __rseq_handle_notify_resume+0x158/0x1490 [ 2714.801175][T29516] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2714.807559][T29516] ? syscall_exit_to_user_mode+0xa2/0x370 [ 2714.813310][T29516] syscall_exit_to_user_mode+0x113/0x370 [ 2714.818966][T29516] do_syscall_64+0x108/0x240 [ 2714.823579][T29516] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2714.829494][T29516] RIP: 0033:0x7f091a8a91b5 [ 2714.833920][T29516] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 2714.853919][T29516] RSP: 002b:00007ffdf4c5cd60 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 2714.862736][T29516] RAX: 0000000000000000 RBX: 00000000000001d4 RCX: 00007f091a8a91b5 [ 2714.870729][T29516] RDX: 00007ffdf4c5cda0 RSI: 0000000000000000 RDI: 0000000000000000 [ 2714.878735][T29516] RBP: 00007ffdf4c5ce2c R08: 0000000000000000 R09: 00007ffdf4c840b0 [ 2714.886745][T29516] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2714.894734][T29516] R13: 0000000000296a7f R14: 0000000000296a7f R15: 0000000000000000 [ 2714.902737][T29516] [ 2714.938430][T14663] __nla_validate_parse: 25 callbacks suppressed [ 2714.938451][T14663] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2714.954358][T29516] memory: usage 307200kB, limit 307200kB, failcnt 169661 [ 2714.962043][T29516] memory+swap: usage 307444kB, limit 9007199254740988kB, failcnt 0 [ 2714.971193][T29516] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0 [ 2714.981212][T29516] Memory cgroup stats for /syz1: [ 2714.981371][T29516] cache 0 [ 2714.996556][T29516] rss 4096 [ 2714.999957][T29516] rss_huge 0 [ 2715.003454][T29516] shmem 0 [ 2715.007450][T29516] mapped_file 0 [ 2715.011231][T29516] dirty 0 [ 2715.014454][T29516] writeback 0 [ 2715.018850][T29516] workingset_refault_anon 56131 [ 2715.024045][T29516] workingset_refault_file 0 [ 2715.029489][T29516] swap 249856 [ 2715.033118][T29516] swapcached 0 [ 2715.037541][T29516] pgpgin 204268 [ 2715.041338][T29516] pgpgout 204267 [ 2715.045188][T29516] pgfault 463787 [ 2715.049783][T29516] pgmajfault 53855 [ 2715.053854][T29516] inactive_anon 4096 [ 2715.058797][T29516] active_anon 0 [ 2715.062682][T29516] inactive_file 0 [ 2715.067498][T29516] active_file 0 [ 2715.077022][T29516] unevictable 0 [ 2715.087512][T29516] hierarchical_memory_limit 314572800 [ 2715.101331][T29516] hierarchical_memsw_limit 9223372036854771712 [ 2715.110689][T14664] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2715.118516][T14664] IPv6: NLM_F_CREATE should be set when creating new route [ 2715.127705][T14666] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:25:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000150c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000003000c00080008"], 0x3c}}, 0x0) [ 2715.138192][T14667] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2715.147084][T14667] IPv6: NLM_F_CREATE should be set when creating new route [ 2715.178809][T29516] total_cache 0 [ 2715.182349][T29516] total_rss 4096 20:25:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x7a000000}, 0x0) [ 2715.204121][T29516] total_rss_huge 0 [ 2715.216110][T29516] total_shmem 0 [ 2715.219641][T29516] total_mapped_file 0 [ 2715.223656][T29516] total_dirty 0 [ 2715.227967][T29516] total_writeback 0 [ 2715.231811][T29516] total_workingset_refault_anon 56131 [ 2715.246220][T29516] total_workingset_refault_file 0 [ 2715.251305][T29516] total_swap 249856 [ 2715.255143][T29516] total_swapcached 0 [ 2715.273018][T29516] total_pgpgin 204268 [ 2715.284531][T29516] total_pgpgout 204267 [ 2715.291771][T14669] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2715.301732][T29516] total_pgfault 463787 [ 2715.305836][T29516] total_pgmajfault 53855 [ 2715.311524][T14671] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2715.326424][T29516] total_inactive_anon 4096 [ 2715.330899][T29516] total_active_anon 0 [ 2715.334927][T29516] total_inactive_file 0 20:25:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000004000c00080008"], 0x3c}}, 0x0) [ 2715.356348][T29516] total_active_file 0 [ 2715.360393][T29516] total_unevictable 0 [ 2715.365267][T29516] anon_cost 0 [ 2715.376024][T29516] file_cost 0 [ 2715.379368][T29516] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14657,uid=0 20:25:04 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xb, 0x0, 0x0, 0x1}, 0x48) [ 2715.409285][T29516] Memory cgroup out of memory: Killed process 14657 (syz-executor.1) total-vm:54508kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2715.411433][T14673] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:25:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000600c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2715.561387][T14674] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2715.569217][T14674] IPv6: NLM_F_CREATE should be set when creating new route [ 2715.581651][T14675] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2715.590433][T14675] IPv6: NLM_F_CREATE should be set when creating new route 20:25:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000005000c00080008"], 0x3c}}, 0x0) [ 2715.613203][T14677] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:25:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x7e120000}, 0x0) [ 2715.733229][T14681] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2715.864738][T14683] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2715.877482][T14684] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:25:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000006000c00080008"], 0x3c}}, 0x0) [ 2715.919504][T14678] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2715.981188][T14678] CPU: 0 PID: 14678 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2715.991674][T14678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2716.001849][T14678] Call Trace: [ 2716.005166][T14678] [ 2716.008137][T14678] dump_stack_lvl+0x1e7/0x2e0 [ 2716.012871][T14678] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2716.018134][T14678] ? __pfx__printk+0x10/0x10 [ 2716.022789][T14678] ? ___ratelimit+0x4c4/0x670 [ 2716.027518][T14678] ? __pfx____ratelimit+0x10/0x10 [ 2716.032597][T14678] dump_header+0xda/0x6a0 [ 2716.036992][T14678] oom_kill_process+0x3a7/0x930 [ 2716.041901][T14678] out_of_memory+0xf67/0x1320 [ 2716.046629][T14678] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2716.052313][T14678] ? __pfx___mutex_lock+0x10/0x10 [ 2716.057411][T14678] ? __pfx_out_of_memory+0x10/0x10 [ 2716.062589][T14678] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2716.068192][T14678] ? __pfx_lock_release+0x10/0x10 [ 2716.073270][T14678] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2716.079399][T14678] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2716.084650][T14678] ? mem_cgroup_iter+0x3e9/0x560 [ 2716.089661][T14678] try_charge_memcg+0xda2/0x18a0 [ 2716.094638][T14678] ? mark_lock+0x9a/0x350 [ 2716.099036][T14678] ? __pfx_try_charge_memcg+0x10/0x10 [ 2716.104485][T14678] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2716.110677][T14678] charge_memcg+0xa2/0x160 [ 2716.115148][T14678] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2716.121282][T14678] __read_swap_cache_async+0x480/0x8b0 [ 2716.126801][T14678] ? mark_lock+0x9a/0x350 [ 2716.131234][T14678] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2716.137280][T14678] swap_cluster_readahead+0x67c/0x810 [ 2716.142730][T14678] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2716.148674][T14678] ? __pfx_lock_release+0x10/0x10 [ 2716.153778][T14678] ? xas_descend+0x37e/0x470 [ 2716.158426][T14678] swapin_readahead+0x1ea/0x1070 [ 2716.163410][T14678] ? filemap_get_entry+0x127/0x4e0 [ 2716.168586][T14678] ? __pfx_swapin_readahead+0x10/0x10 [ 2716.174022][T14678] ? __filemap_get_folio+0x935/0xbc0 [ 2716.179378][T14678] ? swap_cache_get_folio+0x9f/0x570 [ 2716.184718][T14678] do_swap_page+0x8ab/0x3da0 [ 2716.189447][T14678] ? __pte_offset_map+0x2c4/0x380 [ 2716.194527][T14678] ? __pfx_validate_chain+0x10/0x10 [ 2716.199766][T14678] ? do_swap_page+0x154/0x3da0 [ 2716.204587][T14678] ? __pfx_do_swap_page+0x10/0x10 [ 2716.209660][T14678] ? pte_offset_map_nolock+0x137/0x1f0 [ 2716.215175][T14678] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2716.221050][T14678] __handle_mm_fault+0x15e8/0x72d0 [ 2716.226246][T14678] ? reacquire_held_locks+0x3eb/0x690 [ 2716.231670][T14678] ? __pfx___handle_mm_fault+0x10/0x10 [ 2716.237191][T14678] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2716.242972][T14678] ? mtree_range_walk+0x6fd/0x8e0 [ 2716.248036][T14678] ? lock_vma_under_rcu+0x18a/0x730 [ 2716.253285][T14678] ? __pfx_lock_release+0x10/0x10 [ 2716.258726][T14678] ? lock_vma_under_rcu+0x2f9/0x730 [ 2716.264003][T14678] ? lock_vma_under_rcu+0x18a/0x730 [ 2716.269250][T14678] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2716.274851][T14678] handle_mm_fault+0x3c1/0x8a0 [ 2716.279673][T14678] exc_page_fault+0x456/0x870 [ 2716.284412][T14678] asm_exc_page_fault+0x26/0x30 [ 2716.289339][T14678] RIP: 0033:0x7f091a82c551 [ 2716.293806][T14678] Code: 48 8b 54 24 08 48 85 d2 74 17 8b 44 24 18 0f c8 89 c0 48 89 44 24 18 48 83 fa 01 0f 85 b3 01 00 00 48 8b 44 24 10 8b 54 24 18 <89> 10 e9 15 fd ff ff 48 8b 44 24 10 8b 10 48 8b 44 24 08 48 85 c0 [ 2716.313459][T14678] RSP: 002b:00007ffdf4c5cb60 EFLAGS: 00010246 [ 2716.319574][T14678] RAX: 0000000020000380 RBX: 0000000000000004 RCX: 0000000000000000 [ 2716.327583][T14678] RDX: 000000000000000b RSI: 0000000000000000 RDI: 0000555555e1b360 [ 2716.335593][T14678] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 2716.343677][T14678] R10: 00007ffdf4c84080 R11: 000000000007a95e R12: 00007f091a400000 [ 2716.351686][T14678] R13: fffffffffffffffe R14: 00007f091a400000 R15: 00007f091a400008 [ 2716.359720][T14678] [ 2716.388310][T14685] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2716.397007][T14685] IPv6: NLM_F_CREATE should be set when creating new route [ 2716.406475][T14678] memory: usage 307200kB, limit 307200kB, failcnt 170433 [ 2716.410355][T14686] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2716.417774][T14678] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0 [ 2716.421345][T14686] IPv6: NLM_F_CREATE should be set when creating new route 20:25:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x84020000}, 0x0) [ 2716.451285][T14678] kmem: usage 307176kB, limit 9007199254740988kB, failcnt 0 [ 2716.460258][T14678] Memory cgroup stats for /syz1: [ 2716.460411][T14678] cache 0 [ 2716.491034][T14688] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2716.491332][T14678] rss 4096 20:25:05 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000002000090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000007000c00080008"], 0x3c}}, 0x0) [ 2716.533436][T14678] rss_huge 0 [ 2716.540207][T14678] shmem 0 [ 2716.543354][T14678] mapped_file 0 [ 2716.547113][T14678] dirty 0 [ 2716.550240][T14678] writeback 0 [ 2716.553852][T14678] workingset_refault_anon 56321 [ 2716.561021][T14678] workingset_refault_file 0 [ 2716.565694][T14678] swap 233472 [ 2716.570317][T14678] swapcached 4096 [ 2716.574132][T14678] pgpgin 204471 [ 2716.597455][T14678] pgpgout 204470 [ 2716.601205][T14678] pgfault 464094 [ 2716.604900][T14678] pgmajfault 54041 [ 2716.609643][T14678] inactive_anon 4096 [ 2716.613707][T14678] active_anon 0 [ 2716.617797][T14678] inactive_file 0 [ 2716.622787][T14678] active_file 0 [ 2716.626803][T14678] unevictable 0 [ 2716.630432][T14678] hierarchical_memory_limit 314572800 [ 2716.636471][T14678] hierarchical_memsw_limit 9223372036854771712 [ 2716.643965][T14678] total_cache 0 [ 2716.649914][T14678] total_rss 4096 [ 2716.653631][T14678] total_rss_huge 0 [ 2716.657791][T14678] total_shmem 0 [ 2716.661468][T14678] total_mapped_file 0 [ 2716.665652][T14678] total_dirty 0 [ 2716.670290][T14678] total_writeback 0 [ 2716.674264][T14678] total_workingset_refault_anon 56321 [ 2716.680457][T14678] total_workingset_refault_file 0 [ 2716.685637][T14678] total_swap 233472 [ 2716.690583][T14678] total_swapcached 4096 [ 2716.694960][T14678] total_pgpgin 204471 [ 2716.701624][T14678] total_pgpgout 204470 [ 2716.714333][T14678] total_pgfault 464094 [ 2716.722188][T14678] total_pgmajfault 54041 [ 2716.731718][T14678] total_inactive_anon 4096 [ 2716.740852][T14678] total_active_anon 0 [ 2716.745079][T14678] total_inactive_file 0 [ 2716.760290][T14678] total_active_file 0 [ 2716.764662][T14678] total_unevictable 0 [ 2716.772801][T14678] anon_cost 0 [ 2716.777566][T14695] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2716.781818][T14678] file_cost 0 [ 2716.786713][T14695] IPv6: NLM_F_CREATE should be set when creating new route 20:25:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000008000c00080008"], 0x3c}}, 0x0) 20:25:05 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000002800090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x8409d7e2}, 0x0) [ 2716.793312][T14678] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14678,uid=0 [ 2716.818288][T14678] Memory cgroup out of memory: Killed process 14678 (syz-executor.1) total-vm:54376kB, anon-rss:348kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 20:25:05 executing program 1: bpf$BPF_PROG_DETACH(0x9, &(0x7f00000004c0)={@map, 0xffffffffffffffff, 0x31, 0x12, 0x0, @prog_fd}, 0x20) 20:25:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000009000c00080008"], 0x3c}}, 0x0) 20:25:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000004000090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2717.126657][T14705] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2717.135368][T14705] IPv6: NLM_F_CREATE should be set when creating new route 20:25:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a0000000000000000000a000c00080008"], 0x3c}}, 0x0) [ 2717.214118][T14703] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 20:25:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x86020000}, 0x0) [ 2717.266458][T14703] CPU: 1 PID: 14703 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2717.276941][T14703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2717.287032][T14703] Call Trace: [ 2717.290352][T14703] [ 2717.293316][T14703] dump_stack_lvl+0x1e7/0x2e0 [ 2717.298050][T14703] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2717.303293][T14703] ? __pfx__printk+0x10/0x10 [ 2717.307914][T14703] ? ___ratelimit+0x4c4/0x670 [ 2717.312638][T14703] ? __pfx____ratelimit+0x10/0x10 [ 2717.317701][T14703] dump_header+0xda/0x6a0 [ 2717.322082][T14703] oom_kill_process+0x3a7/0x930 [ 2717.326991][T14703] out_of_memory+0xf67/0x1320 [ 2717.331739][T14703] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2717.337412][T14703] ? __pfx___mutex_lock+0x10/0x10 [ 2717.342485][T14703] ? __pfx_out_of_memory+0x10/0x10 [ 2717.347657][T14703] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2717.353243][T14703] ? __pfx_lock_release+0x10/0x10 [ 2717.358318][T14703] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2717.364425][T14703] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2717.369673][T14703] ? mem_cgroup_iter+0x3e9/0x560 [ 2717.374665][T14703] try_charge_memcg+0xda2/0x18a0 [ 2717.379643][T14703] ? mark_lock+0x9a/0x350 [ 2717.384037][T14703] ? __pfx_try_charge_memcg+0x10/0x10 [ 2717.389485][T14703] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2717.395677][T14703] charge_memcg+0xa2/0x160 [ 2717.400154][T14703] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2717.406265][T14703] __read_swap_cache_async+0x480/0x8b0 [ 2717.411772][T14703] ? mark_lock+0x9a/0x350 [ 2717.416152][T14703] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2717.422193][T14703] swap_cluster_readahead+0x67c/0x810 [ 2717.427618][T14703] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2717.433556][T14703] ? __pfx_lock_release+0x10/0x10 [ 2717.438627][T14703] ? xas_descend+0x37e/0x470 [ 2717.443267][T14703] swapin_readahead+0x1ea/0x1070 [ 2717.448255][T14703] ? filemap_get_entry+0x127/0x4e0 [ 2717.453434][T14703] ? __pfx_swapin_readahead+0x10/0x10 [ 2717.458874][T14703] ? __filemap_get_folio+0x935/0xbc0 20:25:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000400090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2717.464241][T14703] ? swap_cache_get_folio+0x9f/0x570 [ 2717.469575][T14703] do_swap_page+0x8ab/0x3da0 [ 2717.474202][T14703] ? __pte_offset_map+0x2c4/0x380 [ 2717.479273][T14703] ? __pfx_validate_chain+0x10/0x10 [ 2717.484509][T14703] ? do_swap_page+0x154/0x3da0 [ 2717.489310][T14703] ? __pfx_do_swap_page+0x10/0x10 [ 2717.494397][T14703] ? pte_offset_map_nolock+0x137/0x1f0 [ 2717.499905][T14703] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2717.505770][T14703] __handle_mm_fault+0x15e8/0x72d0 [ 2717.510957][T14703] ? reacquire_held_locks+0x3eb/0x690 [ 2717.516368][T14703] ? __pfx___handle_mm_fault+0x10/0x10 [ 2717.521900][T14703] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2717.527677][T14703] ? mtree_range_walk+0x6fd/0x8e0 [ 2717.530624][T14713] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2717.532755][T14703] ? lock_vma_under_rcu+0x18a/0x730 [ 2717.532791][T14703] ? __pfx_lock_release+0x10/0x10 [ 2717.541702][T14713] IPv6: NLM_F_CREATE should be set when creating new route [ 2717.545179][T14703] ? lock_vma_under_rcu+0x2f9/0x730 [ 2717.562671][T14703] ? lock_vma_under_rcu+0x18a/0x730 [ 2717.567925][T14703] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2717.573525][T14703] handle_mm_fault+0x3c1/0x8a0 [ 2717.578351][T14703] exc_page_fault+0x456/0x870 [ 2717.583086][T14703] asm_exc_page_fault+0x26/0x30 [ 2717.587990][T14703] RIP: 0033:0x7f091a82c551 [ 2717.592440][T14703] Code: 48 8b 54 24 08 48 85 d2 74 17 8b 44 24 18 0f c8 89 c0 48 89 44 24 18 48 83 fa 01 0f 85 b3 01 00 00 48 8b 44 24 10 8b 54 24 18 <89> 10 e9 15 fd ff ff 48 8b 44 24 10 8b 10 48 8b 44 24 08 48 85 c0 [ 2717.612088][T14703] RSP: 002b:00007ffdf4c5cb60 EFLAGS: 00010246 20:25:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xc1440000}, 0x0) [ 2717.618198][T14703] RAX: 00000000200004c0 RBX: 0000000000000004 RCX: 0000000000000000 [ 2717.626205][T14703] RDX: 00000000ffffffff RSI: 0000000000000000 RDI: 0000555555e1b360 [ 2717.634215][T14703] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 2717.642222][T14703] R10: 00007ffdf4c84080 R11: 000000000007aa26 R12: 00007f091a400000 [ 2717.650232][T14703] R13: fffffffffffffffe R14: 00007f091a400000 R15: 00007f091a400008 [ 2717.658261][T14703] [ 2717.708486][T14703] memory: usage 307188kB, limit 307200kB, failcnt 170805 [ 2717.715751][T14703] memory+swap: usage 307432kB, limit 9007199254740988kB, failcnt 0 [ 2717.732882][T14703] kmem: usage 307176kB, limit 9007199254740988kB, failcnt 0 [ 2717.740462][T14703] Memory cgroup stats for /syz1: [ 2717.740613][T14703] cache 0 20:25:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a0000000000000000000b000c00080008"], 0x3c}}, 0x0) [ 2717.758106][T14703] rss 4096 [ 2717.761962][T14703] rss_huge 0 [ 2717.765280][T14703] shmem 0 [ 2717.774466][T14703] mapped_file 0 [ 2717.780355][T14703] dirty 0 [ 2717.783420][T14703] writeback 0 [ 2717.793495][T14703] workingset_refault_anon 56412 [ 2717.801663][T14703] workingset_refault_file 0 20:25:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000600090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2717.812621][T14703] swap 258048 [ 2717.818957][T14703] swapcached 4096 [ 2717.822726][T14703] pgpgin 204574 [ 2717.832565][T14703] pgpgout 204573 [ 2717.840196][T14703] pgfault 464248 [ 2717.843885][T14703] pgmajfault 54119 [ 2717.850091][T14703] inactive_anon 0 [ 2717.853850][T14703] active_anon 4096 [ 2717.858286][T14703] inactive_file 0 [ 2717.862037][T14703] active_file 0 [ 2717.865603][T14703] unevictable 0 [ 2717.870325][T14703] hierarchical_memory_limit 314572800 [ 2717.877072][T14703] hierarchical_memsw_limit 9223372036854771712 [ 2717.883561][T14703] total_cache 0 [ 2717.887833][T14703] total_rss 4096 [ 2717.891538][T14703] total_rss_huge 0 [ 2717.895399][T14703] total_shmem 0 [ 2717.899407][T14703] total_mapped_file 0 [ 2717.903569][T14703] total_dirty 0 [ 2717.927761][T14703] total_writeback 0 [ 2717.931796][T14703] total_workingset_refault_anon 56412 [ 2717.944738][T14703] total_workingset_refault_file 0 [ 2717.945397][T14722] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2717.957204][T14703] total_swap 258048 [ 2717.957222][T14703] total_swapcached 4096 [ 2717.958785][T14722] IPv6: NLM_F_CREATE should be set when creating new route [ 2717.961423][T14703] total_pgpgin 204574 20:25:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a0000000000000000000c000c00080008"], 0x3c}}, 0x0) 20:25:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xc2440000}, 0x0) [ 2717.978669][T14703] total_pgpgout 204573 [ 2717.983927][T14703] total_pgfault 464248 [ 2718.006341][T14703] total_pgmajfault 54119 [ 2718.016593][T14703] total_inactive_anon 0 [ 2718.036831][T14703] total_active_anon 4096 [ 2718.047750][T14703] total_inactive_file 0 [ 2718.054495][T14703] total_active_file 0 [ 2718.063953][T14703] total_unevictable 0 [ 2718.070775][T14703] anon_cost 0 [ 2718.074517][T14703] file_cost 0 20:25:07 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000480)={'ah\x00'}, &(0x7f0000000000)=0x1e) [ 2718.078541][T14703] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14703,uid=0 [ 2718.094712][T14703] Memory cgroup out of memory: Killed process 14703 (syz-executor.1) total-vm:54376kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 20:25:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a0000000000000000000f000c00080008"], 0x3c}}, 0x0) 20:25:07 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000002800090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000010000c00080008"], 0x3c}}, 0x0) [ 2718.273368][T14732] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2718.282319][T14732] IPv6: NLM_F_CREATE should be set when creating new route 20:25:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xe0ffffff}, 0x0) 20:25:07 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c02090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000014000c00080008"], 0x3c}}, 0x0) [ 2718.492063][T14733] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2718.503683][T14733] CPU: 1 PID: 14733 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2718.514157][T14733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2718.524343][T14733] Call Trace: [ 2718.527663][T14733] [ 2718.530639][T14733] dump_stack_lvl+0x1e7/0x2e0 [ 2718.535383][T14733] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2718.540732][T14733] ? __pfx__printk+0x10/0x10 [ 2718.545376][T14733] ? ___ratelimit+0x4c4/0x670 [ 2718.550124][T14733] ? __pfx____ratelimit+0x10/0x10 [ 2718.555203][T14733] dump_header+0xda/0x6a0 [ 2718.559589][T14733] oom_kill_process+0x3a7/0x930 [ 2718.564580][T14733] out_of_memory+0xf67/0x1320 [ 2718.569321][T14733] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2718.575004][T14733] ? __pfx___mutex_lock+0x10/0x10 [ 2718.580098][T14733] ? __pfx_out_of_memory+0x10/0x10 [ 2718.585279][T14733] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2718.590873][T14733] ? __pfx_lock_release+0x10/0x10 [ 2718.596036][T14733] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2718.602169][T14733] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2718.607443][T14733] ? mem_cgroup_iter+0x3e9/0x560 [ 2718.609055][T14742] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2718.612405][T14733] try_charge_memcg+0xda2/0x18a0 [ 2718.612438][T14733] ? mark_lock+0x9a/0x350 [ 2718.612488][T14733] ? __pfx_try_charge_memcg+0x10/0x10 [ 2718.621418][T14742] IPv6: NLM_F_CREATE should be set when creating new route 20:25:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000060000c00080008"], 0x3c}}, 0x0) [ 2718.624709][T14733] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2718.647815][T14733] charge_memcg+0xa2/0x160 [ 2718.652294][T14733] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2718.658416][T14733] __read_swap_cache_async+0x480/0x8b0 [ 2718.663946][T14733] ? mark_lock+0x9a/0x350 [ 2718.668344][T14733] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2718.674479][T14733] swap_cluster_readahead+0x67c/0x810 [ 2718.680023][T14733] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2718.686166][T14733] ? __pfx_lock_release+0x10/0x10 [ 2718.691435][T14733] ? xas_descend+0x37e/0x470 [ 2718.696115][T14733] swapin_readahead+0x1ea/0x1070 [ 2718.701107][T14733] ? filemap_get_entry+0x127/0x4e0 [ 2718.706389][T14733] ? __pfx_swapin_readahead+0x10/0x10 [ 2718.711831][T14733] ? __filemap_get_folio+0x935/0xbc0 [ 2718.717277][T14733] ? swap_cache_get_folio+0x9f/0x570 [ 2718.722620][T14733] do_swap_page+0x8ab/0x3da0 [ 2718.727260][T14733] ? __pte_offset_map+0x2c4/0x380 [ 2718.732341][T14733] ? do_swap_page+0x154/0x3da0 [ 2718.737153][T14733] ? __pfx_do_swap_page+0x10/0x10 [ 2718.742331][T14733] ? pte_offset_map_nolock+0x137/0x1f0 [ 2718.747931][T14733] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2718.753805][T14733] __handle_mm_fault+0x15e8/0x72d0 [ 2718.759178][T14733] ? reacquire_held_locks+0x3eb/0x690 [ 2718.764618][T14733] ? __pfx___handle_mm_fault+0x10/0x10 [ 2718.770443][T14733] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2718.776276][T14733] ? mtree_range_walk+0x6fd/0x8e0 [ 2718.781476][T14733] ? lock_vma_under_rcu+0x18a/0x730 [ 2718.786742][T14733] ? __pfx_lock_release+0x10/0x10 [ 2718.791922][T14733] ? lock_vma_under_rcu+0x2f9/0x730 [ 2718.797217][T14733] ? lock_vma_under_rcu+0x18a/0x730 [ 2718.802478][T14733] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2718.808359][T14733] handle_mm_fault+0x3c1/0x8a0 [ 2718.813267][T14733] exc_page_fault+0x456/0x870 [ 2718.818187][T14733] asm_exc_page_fault+0x26/0x30 [ 2718.823261][T14733] RIP: 0033:0x7f091a8373be 20:25:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xe2d70984}, 0x0) [ 2718.827934][T14733] Code: 8d 4c 24 0c 31 c0 b9 40 42 0f 00 4c 89 ce ba 81 00 00 00 bf ca 00 00 00 41 c7 44 24 0c 01 00 00 00 4c 89 0c 24 e8 d2 69 04 00 <80> 3d ed e2 c9 00 00 4c 8b 0c 24 0f 84 71 ff ff ff 4c 8d ac 24 60 [ 2718.847779][T14733] RSP: 002b:00007ffdf4c5cba0 EFLAGS: 00010217 [ 2718.853931][T14733] RAX: 0000000000000000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a87dda9 [ 2718.861951][T14733] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f091a9abf8c [ 2718.870250][T14733] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2718.878271][T14733] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007f091a9abf80 [ 2718.886299][T14733] R13: 0000000000000fa9 R14: 00007f091a9abf80 R15: 00007ffdf4c5cca8 [ 2718.894348][T14733] [ 2719.101448][T14733] memory: usage 307180kB, limit 307200kB, failcnt 170986 [ 2719.111800][T14733] memory+swap: usage 307448kB, limit 9007199254740988kB, failcnt 0 [ 2719.133639][T14733] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2719.141603][T14733] Memory cgroup stats for /syz1: [ 2719.141748][T14733] cache 0 20:25:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000fc000c00080008"], 0x3c}}, 0x0) [ 2719.151146][T14733] rss 12288 [ 2719.154393][T14733] rss_huge 0 20:25:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c03090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2719.197265][T14733] shmem 0 [ 2719.200271][T14733] mapped_file 0 [ 2719.203755][T14733] dirty 0 [ 2719.237696][T14733] writeback 0 [ 2719.241056][T14733] workingset_refault_anon 56494 [ 2719.261003][T14733] workingset_refault_file 0 [ 2719.265566][T14733] swap 274432 [ 2719.280081][T14733] swapcached 8192 [ 2719.285313][T14733] pgpgin 204664 [ 2719.289606][T14733] pgpgout 204661 [ 2719.293541][T14733] pgfault 464387 [ 2719.297937][T14733] pgmajfault 54196 [ 2719.301958][T14733] inactive_anon 8192 [ 2719.307551][T14733] active_anon 4096 [ 2719.311590][T14733] inactive_file 0 [ 2719.323569][T14733] active_file 0 [ 2719.327664][T14733] unevictable 0 [ 2719.331158][T14733] hierarchical_memory_limit 314572800 20:25:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000030c00080008"], 0x3c}}, 0x0) 20:25:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xf0ffffff}, 0x0) [ 2719.345898][T14733] hierarchical_memsw_limit 9223372036854771712 [ 2719.353104][T14733] total_cache 0 [ 2719.357543][T14733] total_rss 12288 [ 2719.361613][T14733] total_rss_huge 0 [ 2719.374299][T14733] total_shmem 0 [ 2719.378024][T14733] total_mapped_file 0 [ 2719.382630][T14733] total_dirty 0 [ 2719.396219][T14733] total_writeback 0 [ 2719.400739][T14733] total_workingset_refault_anon 56494 [ 2719.413838][T14733] total_workingset_refault_file 0 [ 2719.419850][T14733] total_swap 274432 [ 2719.424937][T14733] total_swapcached 8192 [ 2719.443699][T14733] total_pgpgin 204664 [ 2719.448518][T14733] total_pgpgout 204661 [ 2719.454638][T14733] total_pgfault 464387 [ 2719.471382][T14733] total_pgmajfault 54196 [ 2719.477784][T14733] total_inactive_anon 8192 [ 2719.482329][T14733] total_active_anon 4096 20:25:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000050c00080008"], 0x3c}}, 0x0) 20:25:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c04090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2719.498563][T14733] total_inactive_file 0 [ 2719.503233][T14733] total_active_file 0 [ 2719.515345][T14733] total_unevictable 0 [ 2719.520068][T14733] anon_cost 0 [ 2719.524624][T14733] file_cost 0 [ 2719.535674][T14733] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14733,uid=0 [ 2719.552438][T14733] Memory cgroup out of memory: Killed process 14733 (syz-executor.1) total-vm:54376kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:08 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000480)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @dev}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=[@flowinfo={{0x14, 0x29, 0xb, 0x2}}], 0x18}}], 0x1, 0x24000814) 20:25:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000060c00080008"], 0x3c}}, 0x0) [ 2719.628017][T14763] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2719.636973][T14763] IPv6: NLM_F_CREATE should be set when creating new route 20:25:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xfc000000}, 0x0) 20:25:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c05090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000070c00080008"], 0x3c}}, 0x0) [ 2719.923057][T14768] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2719.928114][T14773] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2719.934884][T14768] CPU: 1 PID: 14768 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2719.943275][T14773] IPv6: NLM_F_CREATE should be set when creating new route [ 2719.952037][T14768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2719.952056][T14768] Call Trace: [ 2719.952068][T14768] [ 2719.952079][T14768] dump_stack_lvl+0x1e7/0x2e0 [ 2719.952120][T14768] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2719.952151][T14768] ? __pfx__printk+0x10/0x10 [ 2719.973564][T14776] __nla_validate_parse: 38 callbacks suppressed [ 2719.973585][T14776] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2719.975644][T14768] ? ___ratelimit+0x4c4/0x670 [ 2719.975690][T14768] ? __pfx____ratelimit+0x10/0x10 [ 2719.975726][T14768] dump_header+0xda/0x6a0 [ 2720.019780][T14768] oom_kill_process+0x3a7/0x930 [ 2720.024702][T14768] out_of_memory+0xf67/0x1320 [ 2720.029448][T14768] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2720.035127][T14768] ? __pfx___mutex_lock+0x10/0x10 [ 2720.040208][T14768] ? __pfx_out_of_memory+0x10/0x10 [ 2720.045390][T14768] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2720.050986][T14768] ? __pfx_lock_release+0x10/0x10 [ 2720.056050][T14768] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2720.062154][T14768] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2720.067374][T14768] ? mem_cgroup_iter+0x3e9/0x560 [ 2720.072330][T14768] try_charge_memcg+0xda2/0x18a0 [ 2720.077281][T14768] ? mark_lock+0x9a/0x350 [ 2720.081641][T14768] ? __pfx_try_charge_memcg+0x10/0x10 [ 2720.087076][T14768] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2720.093243][T14768] charge_memcg+0xa2/0x160 [ 2720.097691][T14768] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2720.103774][T14768] __read_swap_cache_async+0x480/0x8b0 [ 2720.109261][T14768] ? mark_lock+0x9a/0x350 [ 2720.113615][T14768] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2720.119625][T14768] swap_cluster_readahead+0x67c/0x810 [ 2720.125029][T14768] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2720.130945][T14768] ? __pfx_lock_release+0x10/0x10 [ 2720.135996][T14768] ? xas_descend+0x37e/0x470 [ 2720.140625][T14768] swapin_readahead+0x1ea/0x1070 [ 2720.145581][T14768] ? filemap_get_entry+0x127/0x4e0 [ 2720.150727][T14768] ? __pfx_swapin_readahead+0x10/0x10 [ 2720.156129][T14768] ? __filemap_get_folio+0x935/0xbc0 [ 2720.161435][T14768] ? swap_cache_get_folio+0x9f/0x570 [ 2720.166738][T14768] do_swap_page+0x8ab/0x3da0 [ 2720.171348][T14768] ? __pte_offset_map+0x2c4/0x380 [ 2720.176381][T14768] ? page_ext_get+0x20/0x2a0 [ 2720.180989][T14768] ? do_swap_page+0x154/0x3da0 [ 2720.185765][T14768] ? __pfx_do_swap_page+0x10/0x10 [ 2720.190803][T14768] ? pte_offset_map_nolock+0x137/0x1f0 [ 2720.196293][T14768] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2720.202131][T14768] ? __pfx_validate_chain+0x10/0x10 [ 2720.207360][T14768] __handle_mm_fault+0x15e8/0x72d0 [ 2720.212521][T14768] ? __pfx___handle_mm_fault+0x10/0x10 [ 2720.218009][T14768] ? mt_find+0x226/0x850 [ 2720.222271][T14768] ? __pfx_lock_release+0x10/0x10 [ 2720.227342][T14768] ? mt_find+0x62d/0x850 [ 2720.231603][T14768] ? mt_find+0x226/0x850 [ 2720.235884][T14768] ? find_vma+0x142/0x1c0 [ 2720.240228][T14768] ? __pfx_find_vma+0x10/0x10 [ 2720.244913][T14768] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2720.250917][T14768] handle_mm_fault+0x3c1/0x8a0 [ 2720.255699][T14768] exc_page_fault+0x2ad/0x870 [ 2720.260398][T14768] asm_exc_page_fault+0x26/0x30 [ 2720.265265][T14768] RIP: 0010:__get_user_8+0x11/0x20 [ 2720.270389][T14768] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2720.290011][T14768] RSP: 0018:ffffc90014f1fd78 EFLAGS: 00050202 [ 2720.296092][T14768] RAX: 0000555555e1bda8 RBX: ffff88808ba91538 RCX: ffffc90014f1fc03 [ 2720.304071][T14768] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6da0 [ 2720.312053][T14768] RBP: ffffc90014f1fec0 R08: ffffffff8f8567ef R09: 1ffffffff1f0acfd [ 2720.320066][T14768] R10: dffffc0000000000 R11: fffffbfff1f0acfe R12: ffffc90014f1fd80 [ 2720.328046][T14768] R13: ffffc90014f1ffd8 R14: dffffc0000000000 R15: ffff88808ba90000 [ 2720.336044][T14768] __rseq_handle_notify_resume+0x158/0x1490 [ 2720.341974][T14768] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2720.348342][T14768] ? irqentry_exit_to_user_mode+0x52/0x280 [ 2720.354175][T14768] irqentry_exit_to_user_mode+0xbb/0x280 [ 2720.359835][T14768] exc_page_fault+0x587/0x870 [ 2720.364622][T14768] asm_exc_page_fault+0x26/0x30 [ 2720.369490][T14768] RIP: 0033:0x7f091a836fcf [ 2720.373920][T14768] Code: 48 89 84 24 90 00 00 00 48 89 9c 24 98 00 00 00 4c 8b 35 c4 69 17 00 4d 8d ae 00 00 40 00 4d 39 ec 0f 83 91 06 00 00 4c 89 eb <4d> 8b 2c 24 4d 8d 7c 24 08 4c 89 bc 24 08 01 00 00 49 83 fd ff 0f [ 2720.393543][T14768] RSP: 002b:00007ffdf4c5cba0 EFLAGS: 00010287 [ 2720.399624][T14768] RAX: 00007ffdf4c5cca8 RBX: 00007f091a800000 RCX: 0000000000297d18 [ 2720.407618][T14768] RDX: 000000000000033c RSI: 00007ffdf4c5cb80 RDI: 7fffffffffffffff [ 2720.415602][T14768] RBP: 0000000000000001 R08: 0000000000000010 R09: 0000000000000000 20:25:09 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xfcffffff}, 0x0) [ 2720.423584][T14768] R10: 00007ffdf4c84080 R11: 000000000007ac3a R12: 00007f091a400000 [ 2720.431566][T14768] R13: 00007f091a800000 R14: 00007f091a400000 R15: 0000000000000001 [ 2720.439566][T14768] [ 2720.475320][T14768] memory: usage 307200kB, limit 307200kB, failcnt 171155 [ 2720.484112][T14768] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0 [ 2720.494690][T14768] kmem: usage 307176kB, limit 9007199254740988kB, failcnt 0 [ 2720.502643][T14768] Memory cgroup stats for /syz1: [ 2720.502777][T14768] cache 0 [ 2720.530063][T14777] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2720.548595][T14780] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2720.559443][T14768] rss 12288 [ 2720.562788][T14768] rss_huge 0 [ 2720.574516][T14768] shmem 0 20:25:09 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000090c00080008"], 0x3c}}, 0x0) [ 2720.577805][T14768] mapped_file 0 [ 2720.581384][T14768] dirty 0 [ 2720.584442][T14768] writeback 0 [ 2720.593623][T14768] workingset_refault_anon 56551 [ 2720.603231][T14768] workingset_refault_file 0 [ 2720.627764][T14768] swap 212992 [ 2720.631112][T14768] swapcached 12288 [ 2720.634855][T14768] pgpgin 204729 [ 2720.643929][T14768] pgpgout 204726 [ 2720.648821][T14768] pgfault 464498 [ 2720.652503][T14768] pgmajfault 54245 [ 2720.657478][T14768] inactive_anon 12288 [ 2720.661578][T14768] active_anon 0 [ 2720.665146][T14768] inactive_file 0 [ 2720.670305][T14768] active_file 0 [ 2720.673875][T14768] unevictable 0 20:25:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c06090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2720.675153][T14778] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2720.678182][T14768] hierarchical_memory_limit 314572800 [ 2720.694885][T14768] hierarchical_memsw_limit 9223372036854771712 [ 2720.718335][T14768] total_cache 0 [ 2720.721993][T14768] total_rss 12288 [ 2720.727576][T14768] total_rss_huge 0 20:25:09 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xfe80ffff}, 0x0) [ 2720.731576][T14768] total_shmem 0 [ 2720.735226][T14768] total_mapped_file 0 [ 2720.740812][T14768] total_dirty 0 [ 2720.744450][T14768] total_writeback 0 [ 2720.751931][T14768] total_workingset_refault_anon 56551 [ 2720.759622][T14768] total_workingset_refault_file 0 [ 2720.764861][T14768] total_swap 212992 [ 2720.770090][T14768] total_swapcached 12288 [ 2720.774514][T14768] total_pgpgin 204729 20:25:09 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000000a0c00080008"], 0x3c}}, 0x0) [ 2720.788293][T14768] total_pgpgout 204726 [ 2720.792563][T14768] total_pgfault 464498 [ 2720.817283][T14768] total_pgmajfault 54245 [ 2720.828996][T14787] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2720.836740][T14768] total_inactive_anon 12288 [ 2720.846342][T14768] total_active_anon 0 [ 2720.850467][T14768] total_inactive_file 0 [ 2720.859634][T14768] total_active_file 0 [ 2720.863774][T14768] total_unevictable 0 [ 2720.873751][T14768] anon_cost 0 [ 2720.880742][T14768] file_cost 0 [ 2720.884218][T14768] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14768,uid=0 [ 2720.912806][T14768] Memory cgroup out of memory: Killed process 14768 (syz-executor.1) total-vm:54376kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:09 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000037c0)={0x18, 0x3, &(0x7f0000002680)=@framed, &(0x7f00000026c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000002700)=""/4096}, 0x90) [ 2720.913209][T14788] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:25:09 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000000b0c00080008"], 0x3c}}, 0x0) [ 2721.014864][T14790] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2721.027078][T14791] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. 20:25:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c07090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2721.069371][T14792] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2721.078135][T14792] IPv6: NLM_F_CREATE should be set when creating new route 20:25:09 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xfec0ffff}, 0x0) [ 2721.118499][T14795] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:25:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000000c0c00080008"], 0x3c}}, 0x0) [ 2721.183063][T14797] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:25:10 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c08090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2721.410016][T14802] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2721.418981][T14802] IPv6: NLM_F_CREATE should be set when creating new route 20:25:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000000f0c00080008"], 0x3c}}, 0x0) 20:25:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xff000000}, 0x0) 20:25:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000140c00080008"], 0x3c}}, 0x0) 20:25:10 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c09090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2721.881774][T14811] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2721.890583][T14811] IPv6: NLM_F_CREATE should be set when creating new route [ 2721.915592][T14793] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2721.948214][T14793] CPU: 1 PID: 14793 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2721.958721][T14793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2721.968819][T14793] Call Trace: [ 2721.972136][T14793] [ 2721.975101][T14793] dump_stack_lvl+0x1e7/0x2e0 [ 2721.979832][T14793] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2721.985081][T14793] ? __pfx__printk+0x10/0x10 [ 2721.989713][T14793] ? ___ratelimit+0x4c4/0x670 [ 2721.994443][T14793] ? __pfx____ratelimit+0x10/0x10 [ 2721.999516][T14793] dump_header+0xda/0x6a0 [ 2722.003897][T14793] oom_kill_process+0x3a7/0x930 [ 2722.008798][T14793] out_of_memory+0xf67/0x1320 [ 2722.013575][T14793] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2722.019253][T14793] ? __pfx___mutex_lock+0x10/0x10 [ 2722.024335][T14793] ? __pfx_out_of_memory+0x10/0x10 [ 2722.029496][T14793] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2722.035090][T14793] ? __pfx_lock_release+0x10/0x10 [ 2722.040156][T14793] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2722.046263][T14793] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2722.051502][T14793] ? mem_cgroup_iter+0x3e9/0x560 [ 2722.056490][T14793] try_charge_memcg+0xda2/0x18a0 [ 2722.061595][T14793] ? __pfx_try_charge_memcg+0x10/0x10 [ 2722.066978][T14793] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2722.072711][T14793] ? __pfx_lock_release+0x10/0x10 [ 2722.077760][T14793] ? memcg_account_kmem+0x1e7/0x210 [ 2722.082983][T14793] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2722.088803][T14793] __memcg_kmem_charge_page+0xe1/0x250 [ 2722.094281][T14793] memcg_charge_kernel_stack+0x28a/0x550 [ 2722.099935][T14793] dup_task_struct+0x40d/0x7d0 [ 2722.104712][T14793] copy_process+0x5d5/0x3fc0 [ 2722.109330][T14793] ? __might_fault+0xa9/0x120 [ 2722.114023][T14793] ? __pfx_lock_release+0x10/0x10 [ 2722.119075][T14793] ? __pfx_copy_process+0x10/0x10 [ 2722.124108][T14793] ? __might_fault+0xc5/0x120 [ 2722.128812][T14793] ? __asan_memset+0x23/0x50 [ 2722.133419][T14793] kernel_clone+0x21d/0x8d0 [ 2722.137947][T14793] ? __pfx_kernel_clone+0x10/0x10 [ 2722.143007][T14793] __se_sys_clone3+0x2cb/0x350 [ 2722.147795][T14793] ? __pfx___se_sys_clone3+0x10/0x10 [ 2722.153134][T14793] ? do_syscall_64+0x108/0x240 [ 2722.157919][T14793] ? do_syscall_64+0xb4/0x240 [ 2722.162614][T14793] do_syscall_64+0xf9/0x240 [ 2722.167143][T14793] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2722.173055][T14793] RIP: 0033:0x7f091a8a9b99 [ 2722.177481][T14793] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 20:25:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xffff0000}, 0x0) 20:25:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000088470c00080008"], 0x3c}}, 0x0) [ 2722.197132][T14793] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2722.205559][T14793] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2722.213536][T14793] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2722.221526][T14793] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2722.229508][T14793] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2722.237485][T14793] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2722.245486][T14793] 20:25:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c0a090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2722.303097][T14793] memory: usage 307200kB, limit 307200kB, failcnt 171827 [ 2722.328298][T14793] memory+swap: usage 307432kB, limit 9007199254740988kB, failcnt 0 [ 2722.344266][T14793] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2722.371058][T14793] Memory cgroup stats for /syz1: [ 2722.371220][T14793] cache 0 [ 2722.385154][T14793] rss 24576 [ 2722.391879][T14793] rss_huge 0 [ 2722.395230][T14793] shmem 0 [ 2722.399180][T14793] mapped_file 0 [ 2722.402795][T14793] dirty 0 [ 2722.405863][T14793] writeback 0 [ 2722.414316][T14793] workingset_refault_anon 56760 20:25:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000088480c00080008"], 0x3c}}, 0x0) 20:25:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xffff80fe}, 0x0) [ 2722.436408][T14793] workingset_refault_file 0 [ 2722.440973][T14793] swap 212992 [ 2722.444787][T14793] swapcached 16384 [ 2722.453556][T14793] pgpgin 204953 [ 2722.466633][T14793] pgpgout 204947 [ 2722.470230][T14793] pgfault 464838 [ 2722.473801][T14793] pgmajfault 54447 [ 2722.488592][T14793] inactive_anon 0 [ 2722.492267][T14793] active_anon 24576 [ 2722.497073][T14793] inactive_file 0 [ 2722.500740][T14793] active_file 0 [ 2722.516327][T14793] unevictable 0 [ 2722.519825][T14793] hierarchical_memory_limit 314572800 [ 2722.525237][T14793] hierarchical_memsw_limit 9223372036854771712 [ 2722.537254][T14793] total_cache 0 [ 2722.540764][T14793] total_rss 24576 [ 2722.544425][T14793] total_rss_huge 0 [ 2722.549372][T14793] total_shmem 0 [ 2722.553157][T14793] total_mapped_file 0 [ 2722.560616][T14793] total_dirty 0 [ 2722.564274][T14793] total_writeback 0 [ 2722.568663][T14793] total_workingset_refault_anon 56760 [ 2722.574161][T14793] total_workingset_refault_file 0 [ 2722.587244][T14793] total_swap 212992 [ 2722.593493][T14793] total_swapcached 16384 [ 2722.606096][T14793] total_pgpgin 204953 [ 2722.610201][T14793] total_pgpgout 204947 [ 2722.614378][T14793] total_pgfault 464838 [ 2722.619723][T14793] total_pgmajfault 54447 [ 2722.624084][T14793] total_inactive_anon 0 [ 2722.631229][T14793] total_active_anon 24576 [ 2722.635663][T14793] total_inactive_file 0 [ 2722.644661][T14793] total_active_file 0 [ 2722.652349][T14793] total_unevictable 0 [ 2722.658907][T14793] anon_cost 0 [ 2722.668896][T14793] file_cost 0 [ 2722.680612][T14829] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 20:25:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c0b090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2722.689347][T14829] IPv6: NLM_F_CREATE should be set when creating new route [ 2722.693038][T14793] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14793,uid=0 20:25:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a0000000000000000008a510c00080008"], 0x3c}}, 0x0) [ 2722.743355][T14793] Memory cgroup out of memory: Killed process 14793 (syz-executor.1) total-vm:54508kB, anon-rss:492kB, file-rss:8960kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 20:25:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xffffc0fe}, 0x0) 20:25:11 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c80)={0x11, 0x5, &(0x7f0000000340)=@framed={{}, [@btf_id]}, &(0x7f0000000a80)='GPL\x00', 0x4, 0xcf, &(0x7f0000000ac0)=""/207}, 0x90) 20:25:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000065580c00080008"], 0x3c}}, 0x0) 20:25:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c0c090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2722.993230][T14838] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2723.002008][T14838] IPv6: NLM_F_CREATE should be set when creating new route 20:25:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000600c00080008"], 0x3c}}, 0x0) 20:25:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xffffff7f}, 0x0) [ 2723.226214][T14837] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2723.236797][T14837] CPU: 1 PID: 14837 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2723.247258][T14837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2723.257366][T14837] Call Trace: [ 2723.260684][T14837] [ 2723.263643][T14837] dump_stack_lvl+0x1e7/0x2e0 [ 2723.268375][T14837] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2723.273615][T14837] ? __pfx__printk+0x10/0x10 [ 2723.278241][T14837] ? ___ratelimit+0x4c4/0x670 [ 2723.282964][T14837] ? __pfx____ratelimit+0x10/0x10 [ 2723.288038][T14837] dump_header+0xda/0x6a0 [ 2723.292421][T14837] oom_kill_process+0x3a7/0x930 [ 2723.297302][T14837] out_of_memory+0xf67/0x1320 [ 2723.302000][T14837] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2723.307648][T14837] ? __pfx___mutex_lock+0x10/0x10 [ 2723.312696][T14837] ? __pfx_out_of_memory+0x10/0x10 [ 2723.317840][T14837] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2723.323402][T14837] ? __pfx_lock_release+0x10/0x10 [ 2723.328447][T14837] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2723.334529][T14837] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2723.339739][T14837] ? mem_cgroup_iter+0x3e9/0x560 [ 2723.344693][T14837] try_charge_memcg+0xda2/0x18a0 [ 2723.349666][T14837] ? __pfx_try_charge_memcg+0x10/0x10 [ 2723.355051][T14837] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2723.360790][T14837] ? __pfx_lock_release+0x10/0x10 [ 2723.365837][T14837] ? memcg_account_kmem+0x1e7/0x210 [ 2723.371061][T14837] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2723.376891][T14837] __memcg_kmem_charge_page+0xe1/0x250 [ 2723.382385][T14837] memcg_charge_kernel_stack+0x28a/0x550 [ 2723.388037][T14837] dup_task_struct+0x15d/0x7d0 [ 2723.392818][T14837] copy_process+0x5d5/0x3fc0 [ 2723.397439][T14837] ? __might_fault+0xa9/0x120 [ 2723.402131][T14837] ? __pfx_lock_release+0x10/0x10 [ 2723.407182][T14837] ? __pfx_copy_process+0x10/0x10 [ 2723.412223][T14837] ? __might_fault+0xc5/0x120 [ 2723.416913][T14837] ? __asan_memset+0x23/0x50 [ 2723.421523][T14837] kernel_clone+0x21d/0x8d0 [ 2723.426050][T14837] ? __pfx_kernel_clone+0x10/0x10 [ 2723.431113][T14837] __se_sys_clone3+0x2cb/0x350 [ 2723.435890][T14837] ? __pfx___se_sys_clone3+0x10/0x10 [ 2723.441218][T14837] ? do_syscall_64+0x108/0x240 [ 2723.446012][T14837] ? do_syscall_64+0xb4/0x240 [ 2723.450725][T14837] do_syscall_64+0xf9/0x240 [ 2723.455246][T14837] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2723.461158][T14837] RIP: 0033:0x7f091a8a9b99 [ 2723.465580][T14837] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2723.485200][T14837] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2723.493635][T14837] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2723.501631][T14837] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2723.509633][T14837] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2723.517617][T14837] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 20:25:12 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000058650c00080008"], 0x3c}}, 0x0) [ 2723.525592][T14837] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2723.533598][T14837] [ 2723.540116][T14837] memory: usage 307200kB, limit 307200kB, failcnt 172114 [ 2723.547806][T14837] memory+swap: usage 307448kB, limit 9007199254740988kB, failcnt 0 [ 2723.555731][T14837] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2723.570682][T14837] Memory cgroup stats for /syz1: [ 2723.570829][T14837] cache 0 [ 2723.579826][T14837] rss 0 [ 2723.583965][T14837] rss_huge 0 [ 2723.587967][T14837] shmem 0 [ 2723.590939][T14837] mapped_file 0 [ 2723.594427][T14837] dirty 0 [ 2723.598252][T14837] writeback 0 [ 2723.601686][T14837] workingset_refault_anon 56868 [ 2723.633273][T14837] workingset_refault_file 0 [ 2723.641770][T14837] swap 253952 [ 2723.645196][T14837] swapcached 0 [ 2723.650770][T14837] pgpgin 205072 [ 2723.654362][T14837] pgpgout 205072 [ 2723.659045][T14837] pgfault 465026 [ 2723.662801][T14837] pgmajfault 54551 [ 2723.667562][T14837] inactive_anon 0 [ 2723.668210][T14848] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2723.671293][T14837] active_anon 0 20:25:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c0f090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2723.680046][T14848] IPv6: NLM_F_CREATE should be set when creating new route [ 2723.684511][T14837] inactive_file 0 [ 2723.694704][T14837] active_file 0 [ 2723.716713][T14837] unevictable 0 [ 2723.720337][T14837] hierarchical_memory_limit 314572800 20:25:12 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000810c00080008"], 0x3c}}, 0x0) 20:25:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xffffffe0}, 0x0) [ 2723.744593][T14837] hierarchical_memsw_limit 9223372036854771712 [ 2723.751588][T14837] total_cache 0 [ 2723.769336][T14837] total_rss 0 [ 2723.772772][T14837] total_rss_huge 0 [ 2723.857523][T14837] total_shmem 0 [ 2723.861042][T14837] total_mapped_file 0 [ 2723.865048][T14837] total_dirty 0 [ 2723.882347][T14837] total_writeback 0 [ 2723.889550][T14837] total_workingset_refault_anon 56868 [ 2723.894975][T14837] total_workingset_refault_file 0 [ 2723.902050][T14837] total_swap 253952 [ 2723.906956][T14837] total_swapcached 0 [ 2723.911740][T14837] total_pgpgin 205072 [ 2723.917126][T14837] total_pgpgout 205072 [ 2723.922575][T14837] total_pgfault 465026 [ 2723.928248][T14837] total_pgmajfault 54551 [ 2723.933011][T14837] total_inactive_anon 0 [ 2723.937968][T14837] total_active_anon 0 [ 2723.942094][T14837] total_inactive_file 0 [ 2723.958109][T14837] total_active_file 0 [ 2723.963216][T14837] total_unevictable 0 [ 2723.967985][T14837] anon_cost 0 [ 2723.971445][T14837] file_cost 0 [ 2723.974880][T14837] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14837,uid=0 20:25:12 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000047880c00080008"], 0x3c}}, 0x0) [ 2724.002400][T14837] Memory cgroup out of memory: Killed process 14837 (syz-executor.1) total-vm:54508kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 20:25:12 executing program 1: bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0xf, &(0x7f0000000000)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, 0x1}}}, &(0x7f0000000100)='GPL\x00', 0x2, 0xfe, &(0x7f0000000140)=""/254}, 0x90) 20:25:13 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000048880c00080008"], 0x3c}}, 0x0) [ 2724.113659][T14858] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2724.122539][T14858] IPv6: NLM_F_CREATE should be set when creating new route 20:25:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c10090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:13 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xfffffff0}, 0x0) 20:25:13 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000518a0c00080008"], 0x3c}}, 0x0) [ 2724.460871][T14870] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2724.469615][T14870] IPv6: NLM_F_CREATE should be set when creating new route 20:25:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c11090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:13 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000fc0c00080008"], 0x3c}}, 0x0) 20:25:13 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0xfffffffc}, 0x0) 20:25:13 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000ff0c00080008"], 0x3c}}, 0x0) [ 2724.879459][T14878] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2724.888543][T14878] IPv6: NLM_F_CREATE should be set when creating new route 20:25:13 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x2) 20:25:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c14090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:13 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000600080008"], 0x3c}}, 0x0) [ 2725.045360][T14883] __nla_validate_parse: 41 callbacks suppressed [ 2725.045380][T14883] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2725.114828][T29516] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2725.156034][T29516] CPU: 0 PID: 29516 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2725.166514][T29516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2725.169045][T14885] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2725.176574][T29516] Call Trace: [ 2725.176588][T29516] [ 2725.176599][T29516] dump_stack_lvl+0x1e7/0x2e0 [ 2725.176646][T29516] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2725.176678][T29516] ? __pfx__printk+0x10/0x10 [ 2725.176704][T29516] ? ___ratelimit+0x4c4/0x670 [ 2725.211327][T29516] ? __pfx____ratelimit+0x10/0x10 [ 2725.216413][T29516] dump_header+0xda/0x6a0 [ 2725.220793][T29516] oom_kill_process+0x3a7/0x930 [ 2725.225670][T29516] out_of_memory+0xf67/0x1320 [ 2725.230367][T29516] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2725.236014][T29516] ? __pfx___mutex_lock+0x10/0x10 [ 2725.241058][T29516] ? __pfx_out_of_memory+0x10/0x10 [ 2725.246191][T29516] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2725.251746][T29516] ? __pfx_lock_release+0x10/0x10 [ 2725.256788][T29516] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2725.262871][T29516] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2725.268085][T29516] ? mem_cgroup_iter+0x3e9/0x560 [ 2725.273039][T29516] try_charge_memcg+0xda2/0x18a0 [ 2725.277981][T29516] ? mark_lock+0x9a/0x350 [ 2725.282340][T29516] ? __pfx_try_charge_memcg+0x10/0x10 [ 2725.287762][T29516] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2725.293942][T29516] charge_memcg+0xa2/0x160 [ 2725.298391][T29516] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2725.304482][T29516] __read_swap_cache_async+0x480/0x8b0 [ 2725.309966][T29516] ? mark_lock+0x9a/0x350 [ 2725.314320][T29516] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2725.320329][T29516] swap_cluster_readahead+0x67c/0x810 [ 2725.325731][T29516] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2725.331665][T29516] ? __pfx_lock_release+0x10/0x10 [ 2725.336710][T29516] ? xas_descend+0x37e/0x470 [ 2725.341324][T29516] swapin_readahead+0x1ea/0x1070 [ 2725.346275][T29516] ? filemap_get_entry+0x127/0x4e0 [ 2725.351412][T29516] ? __pfx_swapin_readahead+0x10/0x10 [ 2725.356806][T29516] ? __filemap_get_folio+0x935/0xbc0 [ 2725.362131][T29516] ? swap_cache_get_folio+0x9f/0x570 [ 2725.367440][T29516] do_swap_page+0x8ab/0x3da0 [ 2725.372049][T29516] ? __pte_offset_map+0x2c4/0x380 [ 2725.377112][T29516] ? do_swap_page+0x154/0x3da0 [ 2725.381884][T29516] ? __pfx_do_swap_page+0x10/0x10 [ 2725.386918][T29516] ? pte_offset_map_nolock+0x137/0x1f0 [ 2725.392387][T29516] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2725.398201][T29516] ? __pfx_validate_chain+0x10/0x10 [ 2725.403414][T29516] __handle_mm_fault+0x15e8/0x72d0 [ 2725.408563][T29516] ? __pfx___handle_mm_fault+0x10/0x10 [ 2725.414042][T29516] ? mt_find+0x226/0x850 [ 2725.418305][T29516] ? __pfx_lock_release+0x10/0x10 [ 2725.423364][T29516] ? mt_find+0x62d/0x850 [ 2725.427627][T29516] ? mt_find+0x226/0x850 [ 2725.431910][T29516] ? find_vma+0x142/0x1c0 [ 2725.436275][T29516] ? __pfx_find_vma+0x10/0x10 [ 2725.440966][T29516] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2725.446967][T29516] handle_mm_fault+0x3c1/0x8a0 [ 2725.451751][T29516] exc_page_fault+0x2ad/0x870 [ 2725.456448][T29516] asm_exc_page_fault+0x26/0x30 [ 2725.461317][T29516] RIP: 0010:__get_user_8+0x11/0x20 [ 2725.466439][T29516] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2725.486054][T29516] RSP: 0018:ffffc90003767d98 EFLAGS: 00050202 [ 2725.492131][T29516] RAX: 0000555555e1bda8 RBX: ffff88802157b2f8 RCX: ffffc90003767c03 [ 2725.500113][T29516] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6da0 [ 2725.508094][T29516] RBP: ffffc90003767ec8 R08: ffffffff8f8567ef R09: 1ffffffff1f0acfd [ 2725.516082][T29516] R10: dffffc0000000000 R11: fffffbfff1f0acfe R12: ffffc90003767da0 [ 2725.524067][T29516] R13: ffffc90003767fd8 R14: dffffc0000000000 R15: ffff888021579dc0 [ 2725.532067][T29516] __rseq_handle_notify_resume+0x158/0x1490 [ 2725.538001][T29516] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2725.544369][T29516] ? syscall_exit_to_user_mode+0xa2/0x370 [ 2725.550111][T29516] syscall_exit_to_user_mode+0x113/0x370 [ 2725.555767][T29516] do_syscall_64+0x108/0x240 [ 2725.560374][T29516] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2725.566286][T29516] RIP: 0033:0x7f091a8a91b5 [ 2725.570714][T29516] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 2725.590325][T29516] RSP: 002b:00007ffdf4c5cd60 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 2725.598752][T29516] RAX: 0000000000000000 RBX: 00000000000001db RCX: 00007f091a8a91b5 [ 2725.606728][T29516] RDX: 00007ffdf4c5cda0 RSI: 0000000000000000 RDI: 0000000000000000 [ 2725.614703][T29516] RBP: 00007ffdf4c5ce2c R08: 0000000000000000 R09: 00007ffdf4c840b0 [ 2725.622684][T29516] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2725.630670][T29516] R13: 0000000000299169 R14: 0000000000299169 R15: 0000000000000000 [ 2725.638688][T29516] [ 2725.669326][T14888] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2725.678253][T14888] IPv6: NLM_F_CREATE should be set when creating new route [ 2725.686761][T29516] memory: usage 307200kB, limit 307200kB, failcnt 172895 [ 2725.699846][T29516] memory+swap: usage 307444kB, limit 9007199254740988kB, failcnt 0 20:25:14 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x3) [ 2725.716793][T14889] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2725.726571][T29516] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2725.738391][T29516] Memory cgroup stats for /syz1: [ 2725.738546][T29516] cache 0 [ 2725.750903][T29516] rss 0 [ 2725.753718][T29516] rss_huge 0 [ 2725.757467][T29516] shmem 0 [ 2725.760440][T29516] mapped_file 0 [ 2725.764004][T29516] dirty 0 20:25:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000020c00080008"], 0x3c}}, 0x0) [ 2725.767275][T29516] writeback 0 [ 2725.770586][T29516] workingset_refault_anon 57077 [ 2725.775457][T29516] workingset_refault_file 0 [ 2725.780523][T29516] swap 249856 [ 2725.784427][T29516] swapcached 0 [ 2725.805715][T29516] pgpgin 205294 [ 2725.815471][T29516] pgpgout 205294 20:25:14 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c15090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2725.819530][T29516] pgfault 465359 [ 2725.824111][T29516] pgmajfault 54754 [ 2725.836051][T29516] inactive_anon 0 [ 2725.842245][T29516] active_anon 0 [ 2725.850799][T29516] inactive_file 0 [ 2725.854486][T29516] active_file 0 [ 2725.872576][T29516] unevictable 0 [ 2725.876845][T29516] hierarchical_memory_limit 314572800 [ 2725.882261][T29516] hierarchical_memsw_limit 9223372036854771712 [ 2725.892881][T14894] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2725.901326][T29516] total_cache 0 [ 2725.905691][T29516] total_rss 0 20:25:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000030c00080008"], 0x3c}}, 0x0) [ 2725.915682][T14891] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2725.928658][T29516] total_rss_huge 0 [ 2725.959743][T29516] total_shmem 0 [ 2725.972291][T29516] total_mapped_file 0 [ 2725.987442][T29516] total_dirty 0 [ 2725.994197][T29516] total_writeback 0 [ 2725.997958][T14895] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2726.003458][T29516] total_workingset_refault_anon 57077 [ 2726.017773][T29516] total_workingset_refault_file 0 20:25:14 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x4) [ 2726.023088][T29516] total_swap 249856 [ 2726.046243][T29516] total_swapcached 0 [ 2726.053876][T29516] total_pgpgin 205294 [ 2726.061048][T29516] total_pgpgout 205294 [ 2726.069420][T29516] total_pgfault 465359 [ 2726.077481][T29516] total_pgmajfault 54754 [ 2726.084259][T29516] total_inactive_anon 0 [ 2726.089955][T29516] total_active_anon 0 [ 2726.094170][T29516] total_inactive_file 0 [ 2726.099010][T29516] total_active_file 0 [ 2726.103276][T29516] total_unevictable 0 [ 2726.108974][T29516] anon_cost 0 [ 2726.112492][T29516] file_cost 0 [ 2726.116361][T29516] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14861,uid=0 20:25:15 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c80)={0x11, 0xd, &(0x7f00000009c0)=@raw=[@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}], &(0x7f0000000a80)='GPL\x00', 0x4, 0xcf, &(0x7f0000000ac0)=""/207, 0x41000, 0x8}, 0x90) [ 2726.132704][T29516] Memory cgroup out of memory: Killed process 14861 (syz-executor.1) total-vm:54508kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 20:25:15 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000040c00080008"], 0x3c}}, 0x0) [ 2726.192237][T14897] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2726.222709][T14899] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2726.233178][T14901] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:25:15 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c60090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:15 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x5) [ 2726.384672][T14903] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2726.393489][T14903] IPv6: NLM_F_CREATE should be set when creating new route [ 2726.418855][T14907] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:25:15 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000050c00080008"], 0x3c}}, 0x0) 20:25:15 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c001e0008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:15 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000060c00080008"], 0x3c}}, 0x0) 20:25:15 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000070c00080008"], 0x3c}}, 0x0) [ 2726.742911][T14904] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2726.780500][T14904] CPU: 0 PID: 14904 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2726.790987][T14904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2726.801075][T14904] Call Trace: [ 2726.804380][T14904] [ 2726.807376][T14904] dump_stack_lvl+0x1e7/0x2e0 [ 2726.812116][T14904] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2726.817377][T14904] ? __pfx__printk+0x10/0x10 [ 2726.822027][T14904] ? ___ratelimit+0x4c4/0x670 [ 2726.826896][T14904] ? __pfx____ratelimit+0x10/0x10 [ 2726.831984][T14904] dump_header+0xda/0x6a0 [ 2726.836371][T14904] oom_kill_process+0x3a7/0x930 [ 2726.841278][T14904] out_of_memory+0xf67/0x1320 [ 2726.846265][T14904] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2726.851937][T14904] ? __pfx___mutex_lock+0x10/0x10 [ 2726.852044][T14919] netlink: 'syz-executor.0': attribute type 30 has an invalid length. [ 2726.857003][T14904] ? __pfx_out_of_memory+0x10/0x10 [ 2726.857050][T14904] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2726.857079][T14904] ? __pfx_lock_release+0x10/0x10 [ 2726.857113][T14904] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2726.887073][T14904] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2726.892300][T14904] ? mem_cgroup_iter+0x3e9/0x560 [ 2726.897264][T14904] try_charge_memcg+0xda2/0x18a0 [ 2726.902245][T14904] ? __pfx_try_charge_memcg+0x10/0x10 [ 2726.907628][T14904] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2726.913355][T14904] ? __pfx_lock_release+0x10/0x10 [ 2726.918398][T14904] ? memcg_account_kmem+0x1e7/0x210 [ 2726.923635][T14904] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2726.929479][T14904] __memcg_kmem_charge_page+0xe1/0x250 [ 2726.934997][T14904] memcg_charge_kernel_stack+0x28a/0x550 [ 2726.940685][T14904] dup_task_struct+0x15d/0x7d0 [ 2726.945502][T14904] copy_process+0x5d5/0x3fc0 [ 2726.950148][T14904] ? __might_fault+0xa9/0x120 [ 2726.954853][T14904] ? __pfx_lock_release+0x10/0x10 [ 2726.959911][T14904] ? __pfx_copy_process+0x10/0x10 [ 2726.964954][T14904] ? __might_fault+0xc5/0x120 [ 2726.969657][T14904] ? __asan_memset+0x23/0x50 [ 2726.974271][T14904] kernel_clone+0x21d/0x8d0 [ 2726.978795][T14904] ? __pfx_kernel_clone+0x10/0x10 [ 2726.983847][T14904] __se_sys_clone3+0x2cb/0x350 [ 2726.988627][T14904] ? __pfx___se_sys_clone3+0x10/0x10 [ 2726.993950][T14904] ? do_syscall_64+0x108/0x240 [ 2726.998730][T14904] ? do_syscall_64+0xb4/0x240 [ 2727.003421][T14904] do_syscall_64+0xf9/0x240 [ 2727.007946][T14904] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2727.013859][T14904] RIP: 0033:0x7f091a8a9b99 [ 2727.018282][T14904] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2727.037909][T14904] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2727.046340][T14904] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2727.054320][T14904] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2727.062299][T14904] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2727.070283][T14904] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2727.078270][T14904] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2727.086264][T14904] [ 2727.133867][T14904] memory: usage 307200kB, limit 307200kB, failcnt 173237 [ 2727.150413][T14904] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 20:25:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x6) 20:25:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000080c00080008"], 0x3c}}, 0x0) 20:25:16 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c001e0008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2727.177480][T14904] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2727.184838][T14904] Memory cgroup stats for /syz1: [ 2727.184996][T14904] cache 0 [ 2727.204495][T14904] rss 4096 [ 2727.208263][T14904] rss_huge 0 [ 2727.211502][T14904] shmem 0 [ 2727.214458][T14904] mapped_file 0 20:25:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000090c00080008"], 0x3c}}, 0x0) [ 2727.226260][T14904] dirty 0 [ 2727.229316][T14904] writeback 0 [ 2727.232630][T14904] workingset_refault_anon 57207 [ 2727.246682][T14904] workingset_refault_file 0 [ 2727.256316][T14904] swap 212992 [ 2727.259939][T14904] swapcached 4096 [ 2727.263608][T14904] pgpgin 205435 [ 2727.285617][T14904] pgpgout 205434 [ 2727.290148][T14904] pgfault 465575 [ 2727.293752][T14904] pgmajfault 54867 [ 2727.309014][T14904] inactive_anon 0 [ 2727.312704][T14904] active_anon 4096 [ 2727.316984][T14904] inactive_file 0 [ 2727.321082][T14904] active_file 0 [ 2727.324679][T14904] unevictable 0 20:25:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000000a0c00080008"], 0x3c}}, 0x0) [ 2727.333469][T14904] hierarchical_memory_limit 314572800 [ 2727.342096][T14904] hierarchical_memsw_limit 9223372036854771712 [ 2727.352269][T14904] total_cache 0 [ 2727.355764][T14904] total_rss 4096 [ 2727.362078][T14930] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2727.364333][T14904] total_rss_huge 0 [ 2727.370987][T14930] IPv6: NLM_F_CREATE should be set when creating new route [ 2727.374627][T14904] total_shmem 0 20:25:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x7) [ 2727.406333][T14904] total_mapped_file 0 [ 2727.410374][T14904] total_dirty 0 [ 2727.413863][T14904] total_writeback 0 [ 2727.428673][T14904] total_workingset_refault_anon 57207 [ 2727.434100][T14904] total_workingset_refault_file 0 [ 2727.451491][T14904] total_swap 212992 [ 2727.455489][T14904] total_swapcached 4096 [ 2727.468103][T14904] total_pgpgin 205435 [ 2727.473859][T14904] total_pgpgout 205434 [ 2727.481958][T14904] total_pgfault 465575 [ 2727.491171][T14904] total_pgmajfault 54867 [ 2727.500107][T14904] total_inactive_anon 0 20:25:16 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090007000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2727.508421][T14931] netlink: 'syz-executor.0': attribute type 30 has an invalid length. [ 2727.512893][T14904] total_active_anon 4096 [ 2727.543658][T14904] total_inactive_file 0 20:25:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000000b0c00080008"], 0x3c}}, 0x0) [ 2727.558011][T14904] total_active_file 0 [ 2727.562055][T14904] total_unevictable 0 [ 2727.573002][T14904] anon_cost 0 [ 2727.577894][T14904] file_cost 0 [ 2727.581221][T14904] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14904,uid=0 [ 2727.612460][T14904] Memory cgroup out of memory: Killed process 14904 (syz-executor.1) total-vm:54508kB, anon-rss:388kB, file-rss:8928kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 2727.631532][T24983] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) 20:25:16 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x10000000}, 0x0) 20:25:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x8) 20:25:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000000c0c00080008"], 0x3c}}, 0x0) 20:25:16 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090208000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2727.922001][T14946] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2727.930802][T14946] IPv6: NLM_F_CREATE should be set when creating new route 20:25:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a000000000000000000000f0c00080008"], 0x3c}}, 0x0) 20:25:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x9) [ 2728.022555][T14942] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2728.034899][T14942] CPU: 1 PID: 14942 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2728.045360][T14942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2728.055456][T14942] Call Trace: [ 2728.058767][T14942] [ 2728.061826][T14942] dump_stack_lvl+0x1e7/0x2e0 [ 2728.066647][T14942] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2728.072341][T14942] ? __pfx__printk+0x10/0x10 [ 2728.076972][T14942] ? ___ratelimit+0x4c4/0x670 [ 2728.081697][T14942] ? __pfx____ratelimit+0x10/0x10 [ 2728.086763][T14942] dump_header+0xda/0x6a0 [ 2728.091132][T14942] oom_kill_process+0x3a7/0x930 [ 2728.096023][T14942] out_of_memory+0xf67/0x1320 [ 2728.100752][T14942] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2728.106433][T14942] ? __pfx___mutex_lock+0x10/0x10 [ 2728.111508][T14942] ? __pfx_out_of_memory+0x10/0x10 [ 2728.116685][T14942] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2728.122272][T14942] ? __pfx_lock_release+0x10/0x10 [ 2728.127338][T14942] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2728.133450][T14942] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2728.138681][T14942] ? mem_cgroup_iter+0x3e9/0x560 [ 2728.143668][T14942] try_charge_memcg+0xda2/0x18a0 [ 2728.148637][T14942] ? mark_lock+0x9a/0x350 [ 2728.153118][T14942] ? __pfx_try_charge_memcg+0x10/0x10 [ 2728.158567][T14942] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2728.164755][T14942] charge_memcg+0xa2/0x160 [ 2728.169230][T14942] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2728.175356][T14942] __read_swap_cache_async+0x480/0x8b0 [ 2728.180861][T14942] ? mark_lock+0x9a/0x350 [ 2728.185259][T14942] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2728.191294][T14942] swap_cluster_readahead+0x67c/0x810 [ 2728.196727][T14942] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2728.202667][T14942] ? __pfx_lock_release+0x10/0x10 [ 2728.207740][T14942] ? xas_descend+0x37e/0x470 [ 2728.212389][T14942] swapin_readahead+0x1ea/0x1070 [ 2728.217371][T14942] ? filemap_get_entry+0x127/0x4e0 [ 2728.222546][T14942] ? __pfx_swapin_readahead+0x10/0x10 [ 2728.227981][T14942] ? __filemap_get_folio+0x935/0xbc0 [ 2728.233320][T14942] ? swap_cache_get_folio+0x9f/0x570 [ 2728.238653][T14942] do_swap_page+0x8ab/0x3da0 [ 2728.243289][T14942] ? __pte_offset_map+0x2c4/0x380 [ 2728.248372][T14942] ? do_swap_page+0x154/0x3da0 [ 2728.253174][T14942] ? __pfx_do_swap_page+0x10/0x10 [ 2728.258240][T14942] ? pte_offset_map_nolock+0x137/0x1f0 [ 2728.263737][T14942] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2728.269579][T14942] ? __pfx_validate_chain+0x10/0x10 [ 2728.274825][T14942] __handle_mm_fault+0x15e8/0x72d0 [ 2728.280030][T14942] ? __pfx___handle_mm_fault+0x10/0x10 [ 2728.285539][T14942] ? mt_find+0x226/0x850 [ 2728.289827][T14942] ? __pfx_lock_release+0x10/0x10 [ 2728.295000][T14942] ? mt_find+0x62d/0x850 [ 2728.299296][T14942] ? mt_find+0x226/0x850 [ 2728.303599][T14942] ? find_vma+0x142/0x1c0 [ 2728.307963][T14942] ? __pfx_find_vma+0x10/0x10 [ 2728.312676][T14942] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2728.318714][T14942] handle_mm_fault+0x3c1/0x8a0 [ 2728.323537][T14942] exc_page_fault+0x2ad/0x870 [ 2728.328269][T14942] asm_exc_page_fault+0x26/0x30 [ 2728.333164][T14942] RIP: 0010:__get_user_8+0x11/0x20 [ 2728.338309][T14942] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2728.357954][T14942] RSP: 0018:ffffc9000369fd78 EFLAGS: 00050202 [ 2728.364064][T14942] RAX: 0000555555e1bda8 RBX: ffff88803d6eb2f8 RCX: ffffc9000369fc03 [ 2728.372093][T14942] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6da0 [ 2728.380100][T14942] RBP: ffffc9000369fec0 R08: ffffffff8f8567ef R09: 1ffffffff1f0acfd [ 2728.388102][T14942] R10: dffffc0000000000 R11: fffffbfff1f0acfe R12: ffffc9000369fd80 [ 2728.396109][T14942] R13: ffffc9000369ffd8 R14: dffffc0000000000 R15: ffff88803d6e9dc0 [ 2728.404153][T14942] __rseq_handle_notify_resume+0x158/0x1490 [ 2728.410122][T14942] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2728.416562][T14942] ? irqentry_exit_to_user_mode+0x52/0x280 20:25:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090308000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2728.422422][T14942] irqentry_exit_to_user_mode+0xbb/0x280 [ 2728.428116][T14942] exc_page_fault+0x587/0x870 [ 2728.432852][T14942] asm_exc_page_fault+0x26/0x30 [ 2728.437756][T14942] RIP: 0033:0x7f091a8373be [ 2728.442223][T14942] Code: 8d 4c 24 0c 31 c0 b9 40 42 0f 00 4c 89 ce ba 81 00 00 00 bf ca 00 00 00 41 c7 44 24 0c 01 00 00 00 4c 89 0c 24 e8 d2 69 04 00 <80> 3d ed e2 c9 00 00 4c 8b 0c 24 0f 84 71 ff ff ff 4c 8d ac 24 60 [ 2728.461873][T14942] RSP: 002b:00007ffdf4c5cba0 EFLAGS: 00010217 [ 2728.467996][T14942] RAX: 0000000000000000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a87dda9 [ 2728.476007][T14942] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f091a9abf8c [ 2728.484018][T14942] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2728.492030][T14942] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007f091a9abf80 [ 2728.500053][T14942] R13: 0000000000000fbb R14: 00007f091a9abf80 R15: 00007ffdf4c5cca8 [ 2728.508099][T14942] [ 2728.516720][T14942] memory: usage 307200kB, limit 307200kB, failcnt 173468 20:25:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000100c00080008"], 0x3c}}, 0x0) 20:25:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xa) [ 2728.546722][T14942] memory+swap: usage 307360kB, limit 9007199254740988kB, failcnt 0 [ 2728.554679][T14942] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2728.562557][T14942] Memory cgroup stats for /syz1: [ 2728.562726][T14942] cache 0 [ 2728.605504][T14942] rss 12288 [ 2728.620429][T14942] rss_huge 0 [ 2728.623689][T14942] shmem 0 [ 2728.638059][T14942] mapped_file 0 [ 2728.641568][T14942] dirty 0 [ 2728.644528][T14942] writeback 0 20:25:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000140c00080008"], 0x3c}}, 0x0) 20:25:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090408000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2728.665997][T14942] workingset_refault_anon 57259 [ 2728.670909][T14942] workingset_refault_file 0 [ 2728.675438][T14942] swap 184320 [ 2728.692454][T14942] swapcached 8192 [ 2728.696967][T14942] pgpgin 205519 [ 2728.700772][T14942] pgpgout 205516 [ 2728.705637][T14942] pgfault 465716 [ 2728.710173][T14942] pgmajfault 54941 [ 2728.713938][T14942] inactive_anon 4096 [ 2728.719062][T14942] active_anon 8192 [ 2728.722939][T14942] inactive_file 0 [ 2728.767261][T14942] active_file 0 [ 2728.770793][T14942] unevictable 0 [ 2728.774279][T14942] hierarchical_memory_limit 314572800 [ 2728.791169][T14942] hierarchical_memsw_limit 9223372036854771712 [ 2728.798187][T14942] total_cache 0 [ 2728.801870][T14942] total_rss 12288 [ 2728.807535][T14942] total_rss_huge 0 [ 2728.811500][T14942] total_shmem 0 [ 2728.815191][T14942] total_mapped_file 0 [ 2728.819491][T14942] total_dirty 0 [ 2728.823148][T14942] total_writeback 0 [ 2728.828207][T14942] total_workingset_refault_anon 57259 [ 2728.833816][T14942] total_workingset_refault_file 0 [ 2728.839285][T14942] total_swap 184320 [ 2728.844494][T14942] total_swapcached 8192 [ 2728.849765][T14942] total_pgpgin 205519 [ 2728.853959][T14942] total_pgpgout 205516 [ 2728.858701][T14942] total_pgfault 465716 [ 2728.862974][T14942] total_pgmajfault 54941 [ 2728.873423][T14967] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2728.873464][T14942] total_inactive_anon 4096 [ 2728.882333][T14967] IPv6: NLM_F_CREATE should be set when creating new route [ 2728.885599][T14942] total_active_anon 8192 [ 2728.899365][T14942] total_inactive_file 0 [ 2728.903924][T14942] total_active_file 0 20:25:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xb) 20:25:17 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x10000000}, 0x0) [ 2728.980911][T14942] total_unevictable 0 [ 2728.985420][T14942] anon_cost 0 [ 2728.989760][T14942] file_cost 0 [ 2728.993105][T14942] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14942,uid=0 [ 2729.013752][T14942] Memory cgroup out of memory: Killed process 14942 (syz-executor.1) total-vm:56424kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000600c00080008"], 0x3c}}, 0x0) 20:25:18 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090508000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000fc0c00080008"], 0x3c}}, 0x0) 20:25:18 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xc) [ 2729.368797][T14971] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2729.394771][T14971] CPU: 0 PID: 14971 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2729.405263][T14971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2729.415366][T14971] Call Trace: [ 2729.418682][T14971] [ 2729.421652][T14971] dump_stack_lvl+0x1e7/0x2e0 [ 2729.426410][T14971] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2729.431670][T14971] ? __pfx__printk+0x10/0x10 [ 2729.436320][T14971] ? ___ratelimit+0x4c4/0x670 [ 2729.441061][T14971] ? __pfx____ratelimit+0x10/0x10 [ 2729.446146][T14971] dump_header+0xda/0x6a0 [ 2729.450539][T14971] oom_kill_process+0x3a7/0x930 [ 2729.455459][T14971] out_of_memory+0xf67/0x1320 [ 2729.460195][T14971] ? mem_cgroup_out_of_memory+0xf7/0x3b0 20:25:18 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090608000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000002000080008"], 0x3c}}, 0x0) [ 2729.465910][T14971] ? __pfx___mutex_lock+0x10/0x10 [ 2729.470995][T14971] ? __pfx_out_of_memory+0x10/0x10 [ 2729.476168][T14971] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2729.481774][T14971] ? __pfx_lock_release+0x10/0x10 [ 2729.486850][T14971] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2729.492971][T14971] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2729.498235][T14971] ? mem_cgroup_iter+0x3e9/0x560 [ 2729.503330][T14971] try_charge_memcg+0xda2/0x18a0 [ 2729.508319][T14971] ? mark_lock+0x9a/0x350 [ 2729.512721][T14971] ? __pfx_try_charge_memcg+0x10/0x10 20:25:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000002800080008"], 0x3c}}, 0x0) [ 2729.518176][T14971] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2729.524382][T14971] charge_memcg+0xa2/0x160 [ 2729.528864][T14971] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2729.535098][T14971] __read_swap_cache_async+0x480/0x8b0 [ 2729.540605][T14971] ? mark_lock+0x9a/0x350 [ 2729.544998][T14971] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2729.551049][T14971] swap_cluster_readahead+0x67c/0x810 [ 2729.556497][T14971] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2729.562459][T14971] ? __pfx_lock_release+0x10/0x10 20:25:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000004000080008"], 0x3c}}, 0x0) [ 2729.567541][T14971] ? xas_descend+0x37e/0x470 [ 2729.572192][T14971] swapin_readahead+0x1ea/0x1070 [ 2729.577190][T14971] ? filemap_get_entry+0x127/0x4e0 [ 2729.582374][T14971] ? __pfx_swapin_readahead+0x10/0x10 [ 2729.587818][T14971] ? __filemap_get_folio+0x935/0xbc0 [ 2729.593169][T14971] ? swap_cache_get_folio+0x9f/0x570 [ 2729.598519][T14971] do_swap_page+0x8ab/0x3da0 [ 2729.603171][T14971] ? __pte_offset_map+0x2c4/0x380 [ 2729.608263][T14971] ? do_swap_page+0x154/0x3da0 [ 2729.613086][T14971] ? __pfx_do_swap_page+0x10/0x10 20:25:18 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xd) [ 2729.618164][T14971] ? pte_offset_map_nolock+0x137/0x1f0 [ 2729.623694][T14971] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2729.629574][T14971] __handle_mm_fault+0x15e8/0x72d0 [ 2729.634779][T14971] ? reacquire_held_locks+0x3eb/0x690 [ 2729.640214][T14971] ? __pfx___handle_mm_fault+0x10/0x10 [ 2729.645746][T14971] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2729.651543][T14971] ? mtree_range_walk+0x6fd/0x8e0 [ 2729.656625][T14971] ? lock_vma_under_rcu+0x18a/0x730 [ 2729.661882][T14971] ? __pfx_lock_release+0x10/0x10 [ 2729.666966][T14971] ? lock_vma_under_rcu+0x2f9/0x730 [ 2729.672251][T14971] ? lock_vma_under_rcu+0x18a/0x730 [ 2729.677511][T14971] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2729.683114][T14971] handle_mm_fault+0x3c1/0x8a0 [ 2729.687962][T14971] exc_page_fault+0x456/0x870 [ 2729.692709][T14971] asm_exc_page_fault+0x26/0x30 [ 2729.697626][T14971] RIP: 0033:0x7f091a85283e [ 2729.702085][T14971] Code: 31 ff 4d 01 f2 41 0f 92 c7 72 a6 48 8b 44 24 08 48 8d 84 06 00 08 00 00 4c 01 f0 48 21 d8 49 39 c2 72 8e 31 c0 be 01 00 00 00 0f b1 35 9a 8a c8 00 0f 85 26 0a 00 00 c1 e1 02 48 8b 05 aa 8a [ 2729.721730][T14971] RSP: 002b:00007ffdf4c5ca60 EFLAGS: 00010246 [ 2729.727838][T14971] RAX: 0000000000000000 RBX: fffffffffffff000 RCX: 0000000000000006 [ 2729.735856][T14971] RDX: 000000000000003f RSI: 0000000000000001 RDI: 00007ffdf4c5ccb8 [ 2729.743866][T14971] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2729.751887][T14971] R10: 0000000000021000 R11: 0000000000020000 R12: 00007ffdf4c5cd00 [ 2729.759999][T14971] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 2729.768029][T14971] 20:25:18 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xe) [ 2729.806398][T14971] memory: usage 307180kB, limit 307200kB, failcnt 173685 [ 2729.836884][T14971] memory+swap: usage 307388kB, limit 9007199254740988kB, failcnt 0 20:25:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000400080008"], 0x3c}}, 0x0) [ 2729.854036][T14971] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2729.862987][T14971] Memory cgroup stats for /syz1: [ 2729.863143][T14971] cache 0 [ 2729.896308][T14971] rss 12288 [ 2729.899612][T14971] rss_huge 0 [ 2729.902944][T14971] shmem 0 20:25:18 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090708000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2729.910439][T14971] mapped_file 0 [ 2729.914074][T14971] dirty 0 [ 2729.918824][T14971] writeback 0 [ 2729.923410][T14971] workingset_refault_anon 57333 [ 2729.929088][T14971] workingset_refault_file 0 [ 2729.935140][T14971] swap 212992 [ 2729.941088][T14971] swapcached 8192 [ 2729.944887][T14971] pgpgin 205610 [ 2729.955013][T14971] pgpgout 205607 [ 2729.959137][T14971] pgfault 465864 [ 2729.962874][T14971] pgmajfault 55017 [ 2729.967406][T14971] inactive_anon 4096 [ 2729.971946][T14971] active_anon 8192 [ 2729.975843][T14971] inactive_file 0 [ 2729.980826][T14971] active_file 0 [ 2729.984516][T14971] unevictable 0 [ 2729.988849][T14971] hierarchical_memory_limit 314572800 [ 2729.994461][T14971] hierarchical_memsw_limit 9223372036854771712 [ 2730.001345][T14971] total_cache 0 [ 2730.009050][T14971] total_rss 12288 [ 2730.014176][T14971] total_rss_huge 0 [ 2730.022129][T14971] total_shmem 0 [ 2730.028790][T14971] total_mapped_file 0 [ 2730.035167][T14971] total_dirty 0 [ 2730.050572][T14971] total_writeback 0 [ 2730.052981][T15000] __nla_validate_parse: 33 callbacks suppressed 20:25:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000600080008"], 0x3c}}, 0x0) [ 2730.053002][T15000] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2730.054721][T14971] total_workingset_refault_anon 57333 [ 2730.079055][T14971] total_workingset_refault_file 0 [ 2730.079493][T15001] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2730.093141][T15001] IPv6: NLM_F_CREATE should be set when creating new route [ 2730.101621][T14971] total_swap 212992 [ 2730.118346][T14971] total_swapcached 8192 [ 2730.122716][T15003] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2730.135697][T14971] total_pgpgin 205610 [ 2730.140719][T14971] total_pgpgout 205607 [ 2730.144998][T14971] total_pgfault 465864 [ 2730.152085][T14971] total_pgmajfault 55017 [ 2730.164423][T14971] total_inactive_anon 4096 20:25:19 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x10) [ 2730.179862][T14971] total_active_anon 8192 [ 2730.184469][T14971] total_inactive_file 0 [ 2730.201145][T14971] total_active_file 0 [ 2730.205382][T14971] total_unevictable 0 [ 2730.214434][T14971] anon_cost 0 [ 2730.232636][T14971] file_cost 0 [ 2730.242536][T14971] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=14971,uid=0 20:25:19 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x10000000}, 0x0) 20:25:19 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090808000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:19 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000002800080008"], 0x3c}}, 0x0) [ 2730.267780][T14971] Memory cgroup out of memory: Killed process 14971 (syz-executor.1) total-vm:56424kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2730.274127][T15008] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2730.438368][T15009] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2730.447264][T15009] IPv6: NLM_F_CREATE should be set when creating new route [ 2730.468886][T15013] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:25:19 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x11) 20:25:19 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00030008"], 0x3c}}, 0x0) 20:25:19 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090908000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2730.600922][T15011] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2730.634585][T15017] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:25:19 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x12) [ 2730.758045][T15021] netlink: 'syz-executor.4': attribute type 3 has an invalid length. [ 2730.797793][T15021] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:25:19 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00050008"], 0x3c}}, 0x0) [ 2730.833859][T15022] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2730.883422][T15014] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2730.905534][T15014] CPU: 1 PID: 15014 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2730.916033][T15014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2730.926128][T15014] Call Trace: [ 2730.929461][T15014] [ 2730.932416][T15014] dump_stack_lvl+0x1e7/0x2e0 [ 2730.937155][T15014] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2730.942424][T15014] ? __pfx__printk+0x10/0x10 [ 2730.947112][T15014] ? ___ratelimit+0x4c4/0x670 [ 2730.951853][T15014] ? __pfx____ratelimit+0x10/0x10 [ 2730.956942][T15014] dump_header+0xda/0x6a0 [ 2730.961328][T15014] oom_kill_process+0x3a7/0x930 [ 2730.966225][T15014] out_of_memory+0xf67/0x1320 [ 2730.970987][T15014] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2730.976664][T15014] ? __pfx___mutex_lock+0x10/0x10 [ 2730.981736][T15014] ? __pfx_out_of_memory+0x10/0x10 [ 2730.986999][T15014] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2730.992594][T15014] ? __pfx_lock_release+0x10/0x10 [ 2730.997686][T15014] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2731.003804][T15014] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2731.009049][T15014] ? mem_cgroup_iter+0x3e9/0x560 [ 2731.014034][T15014] try_charge_memcg+0xda2/0x18a0 [ 2731.019011][T15014] ? mark_lock+0x9a/0x350 [ 2731.023404][T15014] ? __pfx_try_charge_memcg+0x10/0x10 [ 2731.028849][T15014] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2731.035045][T15014] charge_memcg+0xa2/0x160 [ 2731.039510][T15014] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2731.045623][T15014] __read_swap_cache_async+0x480/0x8b0 [ 2731.051129][T15014] ? mark_lock+0x9a/0x350 [ 2731.055535][T15014] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2731.061583][T15014] swap_cluster_readahead+0x67c/0x810 [ 2731.067015][T15014] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2731.072965][T15014] ? __pfx_lock_release+0x10/0x10 [ 2731.078045][T15014] ? xas_descend+0x37e/0x470 [ 2731.082704][T15014] swapin_readahead+0x1ea/0x1070 [ 2731.087712][T15014] ? filemap_get_entry+0x127/0x4e0 [ 2731.092896][T15014] ? __pfx_swapin_readahead+0x10/0x10 [ 2731.098328][T15014] ? __filemap_get_folio+0x935/0xbc0 [ 2731.103675][T15014] ? swap_cache_get_folio+0x9f/0x570 [ 2731.109016][T15014] do_swap_page+0x8ab/0x3da0 [ 2731.113660][T15014] ? __pte_offset_map+0x2c4/0x380 [ 2731.118745][T15014] ? do_swap_page+0x154/0x3da0 [ 2731.123554][T15014] ? __pfx_do_swap_page+0x10/0x10 [ 2731.128621][T15014] ? pte_offset_map_nolock+0x137/0x1f0 [ 2731.134127][T15014] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2731.140004][T15014] ? __pfx_validate_chain+0x10/0x10 [ 2731.142883][T15025] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2731.145230][T15014] __handle_mm_fault+0x15e8/0x72d0 [ 2731.145301][T15014] ? __pfx___handle_mm_fault+0x10/0x10 [ 2731.165102][T15014] ? mt_find+0x226/0x850 [ 2731.169404][T15014] ? __pfx_lock_release+0x10/0x10 [ 2731.174587][T15014] ? mt_find+0x62d/0x850 [ 2731.178878][T15014] ? mt_find+0x226/0x850 [ 2731.183197][T15014] ? find_vma+0x142/0x1c0 [ 2731.187568][T15014] ? __pfx_find_vma+0x10/0x10 [ 2731.192284][T15014] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2731.198320][T15014] handle_mm_fault+0x3c1/0x8a0 [ 2731.203143][T15014] exc_page_fault+0x2ad/0x870 [ 2731.207881][T15014] asm_exc_page_fault+0x26/0x30 [ 2731.212773][T15014] RIP: 0010:__get_user_8+0x11/0x20 [ 2731.217951][T15014] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2731.237595][T15014] RSP: 0018:ffffc900044bfd78 EFLAGS: 00050202 [ 2731.243738][T15014] RAX: 0000555555e1bda8 RBX: ffff88802041b2f8 RCX: ffffc900044bfc03 [ 2731.251753][T15014] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6da0 [ 2731.259763][T15014] RBP: ffffc900044bfec0 R08: ffffffff8f8567ef R09: 1ffffffff1f0acfd [ 2731.267768][T15014] R10: dffffc0000000000 R11: fffffbfff1f0acfe R12: ffffc900044bfd80 [ 2731.275783][T15014] R13: ffffc900044bffd8 R14: dffffc0000000000 R15: ffff888020419dc0 [ 2731.283820][T15014] __rseq_handle_notify_resume+0x158/0x1490 [ 2731.289793][T15014] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2731.296194][T15014] ? irqentry_exit_to_user_mode+0x52/0x280 [ 2731.302054][T15014] irqentry_exit_to_user_mode+0xbb/0x280 [ 2731.307756][T15014] exc_page_fault+0x587/0x870 [ 2731.312491][T15014] asm_exc_page_fault+0x26/0x30 [ 2731.317391][T15014] RIP: 0033:0x7f091a85b212 [ 2731.321842][T15014] Code: 85 93 00 00 00 4d 85 ed 0f 84 8a 00 00 00 31 d2 41 87 55 00 83 fa 01 0f 8f 5b 01 00 00 48 8b 50 f8 48 8d 48 f0 f6 c2 02 75 6e <8b> 35 f4 f5 c7 00 48 83 e2 f8 85 f6 75 11 49 39 d4 48 89 d6 49 0f [ 2731.341490][T15014] RSP: 002b:00007ffdf4c5ca00 EFLAGS: 00010246 [ 2731.347606][T15014] RAX: 0000555555e1c900 RBX: 0000000000000110 RCX: 0000555555e1c8f0 [ 2731.355617][T15014] RDX: 0000000000000121 RSI: 00007f091a97f660 RDI: 0000555555e1c900 [ 2731.363633][T15014] RBP: 0000555555e1c8f0 R08: 00000000ffffffff R09: 0000000000000000 [ 2731.371645][T15014] R10: 0000000000021000 R11: 0000000000000010 R12: 0000000000020710 20:25:19 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090a08000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00060008"], 0x3c}}, 0x0) [ 2731.379652][T15014] R13: 00007f091a97f660 R14: 0000000000001000 R15: 0000000000000000 [ 2731.380094][T15030] netlink: 'syz-executor.4': attribute type 6 has an invalid length. [ 2731.387655][T15014] [ 2731.409913][T15014] memory: usage 307180kB, limit 307200kB, failcnt 174049 [ 2731.417188][T15014] memory+swap: usage 307392kB, limit 9007199254740988kB, failcnt 0 [ 2731.425115][T15014] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 20:25:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c02080008"], 0x3c}}, 0x0) [ 2731.432771][T15014] Memory cgroup stats for /syz1: [ 2731.432917][T15014] cache 0 [ 2731.436427][T15030] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2731.438074][T15014] rss 12288 [ 2731.470670][T15014] rss_huge 0 [ 2731.486071][T15014] shmem 0 [ 2731.489080][T15014] mapped_file 0 [ 2731.492575][T15014] dirty 0 [ 2731.495545][T15014] writeback 0 [ 2731.516989][T15014] workingset_refault_anon 57465 [ 2731.522179][T15014] workingset_refault_file 0 [ 2731.530053][T15014] swap 217088 [ 2731.533664][T15014] swapcached 8192 [ 2731.538422][T15014] pgpgin 205752 [ 2731.542150][T15014] pgpgout 205749 [ 2731.546795][T15014] pgfault 466074 [ 2731.550637][T15014] pgmajfault 55137 [ 2731.554637][T15014] inactive_anon 0 [ 2731.559156][T15014] active_anon 12288 [ 2731.563251][T15014] inactive_file 0 [ 2731.568043][T15014] active_file 0 [ 2731.572919][T15014] unevictable 0 [ 2731.577315][T15014] hierarchical_memory_limit 314572800 20:25:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c03080008"], 0x3c}}, 0x0) 20:25:20 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090b08000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2731.577324][T15025] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2731.579075][T15025] IPv6: NLM_F_CREATE should be set when creating new route [ 2731.585244][T15014] hierarchical_memsw_limit 9223372036854771712 20:25:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x14) [ 2731.627805][T15014] total_cache 0 [ 2731.631387][T15014] total_rss 12288 [ 2731.635055][T15014] total_rss_huge 0 [ 2731.645210][T15014] total_shmem 0 [ 2731.651234][T15014] total_mapped_file 0 [ 2731.655344][T15014] total_dirty 0 [ 2731.665019][T15014] total_writeback 0 [ 2731.674580][T15014] total_workingset_refault_anon 57465 [ 2731.694091][T15014] total_workingset_refault_file 0 [ 2731.709087][T15014] total_swap 217088 [ 2731.722264][T15014] total_swapcached 8192 20:25:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c04080008"], 0x3c}}, 0x0) [ 2731.727290][T15014] total_pgpgin 205752 [ 2731.731339][T15014] total_pgpgout 205749 [ 2731.735435][T15014] total_pgfault 466074 [ 2731.762126][T15014] total_pgmajfault 55137 [ 2731.770577][T15014] total_inactive_anon 0 [ 2731.783623][T15014] total_active_anon 12288 [ 2731.791018][T15014] total_inactive_file 0 [ 2731.795219][T15014] total_active_file 0 [ 2731.805324][T15014] total_unevictable 0 [ 2731.812362][T15014] anon_cost 0 [ 2731.815766][T15014] file_cost 0 20:25:20 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0xffffff7f00000000}, 0x0) [ 2731.825484][T15014] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15014,uid=0 [ 2731.848539][T15014] Memory cgroup out of memory: Killed process 15014 (syz-executor.1) total-vm:56556kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:20 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090c08000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c05080008"], 0x3c}}, 0x0) [ 2731.912933][T15042] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2731.921752][T15042] IPv6: NLM_F_CREATE should be set when creating new route 20:25:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x15) 20:25:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c06080008"], 0x3c}}, 0x0) 20:25:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x18) 20:25:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090f08000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c07080008"], 0x3c}}, 0x0) [ 2732.460053][T15045] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2732.470710][T15045] CPU: 1 PID: 15045 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2732.481253][T15045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2732.491340][T15045] Call Trace: [ 2732.494648][T15045] [ 2732.497611][T15045] dump_stack_lvl+0x1e7/0x2e0 [ 2732.502342][T15045] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2732.507600][T15045] ? __pfx__printk+0x10/0x10 [ 2732.512229][T15045] ? ___ratelimit+0x4c4/0x670 [ 2732.516952][T15045] ? __pfx____ratelimit+0x10/0x10 [ 2732.522029][T15045] dump_header+0xda/0x6a0 [ 2732.526408][T15045] oom_kill_process+0x3a7/0x930 [ 2732.531296][T15045] out_of_memory+0xf67/0x1320 [ 2732.536003][T15045] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2732.541655][T15045] ? __pfx___mutex_lock+0x10/0x10 [ 2732.546699][T15045] ? __pfx_out_of_memory+0x10/0x10 [ 2732.551828][T15045] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2732.557388][T15045] ? __pfx_lock_release+0x10/0x10 [ 2732.562438][T15045] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2732.568532][T15045] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2732.573746][T15045] ? mem_cgroup_iter+0x3e9/0x560 [ 2732.578699][T15045] try_charge_memcg+0xda2/0x18a0 [ 2732.583694][T15045] ? __pfx_try_charge_memcg+0x10/0x10 [ 2732.589168][T15045] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2732.594897][T15045] ? __pfx_lock_release+0x10/0x10 [ 2732.599938][T15045] ? memcg_account_kmem+0x1e7/0x210 [ 2732.605160][T15045] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2732.610978][T15045] __memcg_kmem_charge_page+0xe1/0x250 [ 2732.616458][T15045] memcg_charge_kernel_stack+0x210/0x550 [ 2732.622111][T15045] dup_task_struct+0x40d/0x7d0 [ 2732.626895][T15045] copy_process+0x5d5/0x3fc0 [ 2732.631504][T15045] ? __might_fault+0xa9/0x120 [ 2732.636193][T15045] ? __pfx_lock_release+0x10/0x10 [ 2732.641236][T15045] ? __pfx_copy_process+0x10/0x10 [ 2732.646275][T15045] ? __might_fault+0xc5/0x120 [ 2732.650966][T15045] ? __asan_memset+0x23/0x50 [ 2732.655571][T15045] kernel_clone+0x21d/0x8d0 [ 2732.660091][T15045] ? __pfx_kernel_clone+0x10/0x10 [ 2732.665147][T15045] __se_sys_clone3+0x2cb/0x350 [ 2732.669928][T15045] ? __might_fault+0xa9/0x120 [ 2732.674621][T15045] ? __pfx___se_sys_clone3+0x10/0x10 [ 2732.679943][T15045] ? do_syscall_64+0x108/0x240 [ 2732.684726][T15045] ? do_syscall_64+0xb4/0x240 [ 2732.689420][T15045] do_syscall_64+0xf9/0x240 [ 2732.693942][T15045] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2732.699869][T15045] RIP: 0033:0x7f091a8a9b99 [ 2732.704308][T15045] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2732.723941][T15045] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2732.732373][T15045] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2732.740356][T15045] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2732.748339][T15045] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2732.756317][T15045] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2732.764295][T15045] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2732.772291][T15045] [ 2732.782092][T29814] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) 20:25:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c08080008"], 0x3c}}, 0x0) [ 2732.812169][T15045] memory: usage 307200kB, limit 307200kB, failcnt 174406 [ 2732.858285][T15045] memory+swap: usage 307448kB, limit 9007199254740988kB, failcnt 0 [ 2732.875886][T15062] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2732.884708][T15062] IPv6: NLM_F_CREATE should be set when creating new route [ 2732.889691][T15045] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0 20:25:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c09080008"], 0x3c}}, 0x0) [ 2732.909918][T15045] Memory cgroup stats for /syz1: [ 2732.910079][T15045] cache 0 [ 2732.924265][T15045] rss 12288 [ 2732.932996][T15045] rss_huge 0 [ 2732.941212][T15045] shmem 0 [ 2732.944287][T15045] mapped_file 0 [ 2732.948872][T15045] dirty 0 [ 2732.951981][T15045] writeback 0 [ 2732.955648][T15045] workingset_refault_anon 57593 20:25:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00091008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x21) [ 2732.965504][T15045] workingset_refault_file 0 [ 2732.971404][T15045] swap 253952 [ 2732.975772][T15045] swapcached 8192 20:25:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c0a080008"], 0x3c}}, 0x0) [ 2733.005734][T15045] pgpgin 205891 [ 2733.015068][T15045] pgpgout 205888 [ 2733.040414][T15045] pgfault 466291 [ 2733.060207][T15045] pgmajfault 55256 [ 2733.064827][T15045] inactive_anon 0 [ 2733.078196][T15045] active_anon 12288 [ 2733.082428][T15045] inactive_file 0 [ 2733.092575][T15045] active_file 0 [ 2733.099043][T15045] unevictable 0 [ 2733.103034][T15045] hierarchical_memory_limit 314572800 [ 2733.112956][T15045] hierarchical_memsw_limit 9223372036854771712 [ 2733.119430][T15045] total_cache 0 [ 2733.123006][T15045] total_rss 12288 [ 2733.127687][T15045] total_rss_huge 0 [ 2733.131509][T15045] total_shmem 0 [ 2733.135054][T15045] total_mapped_file 0 [ 2733.140515][T15045] total_dirty 0 [ 2733.144127][T15045] total_writeback 0 [ 2733.148475][T15045] total_workingset_refault_anon 57593 [ 2733.154071][T15045] total_workingset_refault_file 0 [ 2733.159634][T15045] total_swap 253952 [ 2733.163612][T15045] total_swapcached 8192 [ 2733.168269][T15045] total_pgpgin 205891 [ 2733.172584][T15045] total_pgpgout 205888 [ 2733.177067][T15045] total_pgfault 466291 [ 2733.181396][T15045] total_pgmajfault 55256 [ 2733.185915][T15045] total_inactive_anon 0 [ 2733.190899][T15045] total_active_anon 12288 [ 2733.195497][T15045] total_inactive_file 0 [ 2733.200081][T15045] total_active_file 0 [ 2733.204331][T15045] total_unevictable 0 [ 2733.209247][T15045] anon_cost 0 [ 2733.212853][T15045] file_cost 0 [ 2733.218330][T15045] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15045,uid=0 [ 2733.234373][T15045] Memory cgroup out of memory: Killed process 15045 (syz-executor.1) total-vm:56556kB, anon-rss:364kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c0b080008"], 0x3c}}, 0x0) 20:25:22 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00091108000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x25) 20:25:22 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0xffffff7f00000000}, 0x0) 20:25:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c0c080008"], 0x3c}}, 0x0) 20:25:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x48) 20:25:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c0f080008"], 0x3c}}, 0x0) 20:25:22 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00091408000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2733.847418][T15089] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2733.856401][T15089] IPv6: NLM_F_CREATE should be set when creating new route 20:25:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c10080008"], 0x3c}}, 0x0) 20:25:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x4c) [ 2733.941092][T15082] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2734.017259][T15082] CPU: 1 PID: 15082 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2734.027750][T15082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2734.037845][T15082] Call Trace: [ 2734.041157][T15082] [ 2734.044121][T15082] dump_stack_lvl+0x1e7/0x2e0 [ 2734.048857][T15082] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2734.054103][T15082] ? __pfx__printk+0x10/0x10 [ 2734.058732][T15082] ? ___ratelimit+0x4c4/0x670 [ 2734.063549][T15082] ? __pfx____ratelimit+0x10/0x10 [ 2734.068626][T15082] dump_header+0xda/0x6a0 [ 2734.073011][T15082] oom_kill_process+0x3a7/0x930 [ 2734.078004][T15082] out_of_memory+0xf67/0x1320 [ 2734.082730][T15082] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2734.088405][T15082] ? __pfx___mutex_lock+0x10/0x10 [ 2734.093485][T15082] ? __pfx_out_of_memory+0x10/0x10 [ 2734.098652][T15082] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2734.104246][T15082] ? __pfx_lock_release+0x10/0x10 [ 2734.109320][T15082] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2734.115433][T15082] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2734.120667][T15082] ? mem_cgroup_iter+0x3e9/0x560 [ 2734.125644][T15082] try_charge_memcg+0xda2/0x18a0 [ 2734.130612][T15082] ? mark_lock+0x9a/0x350 [ 2734.135002][T15082] ? __pfx_try_charge_memcg+0x10/0x10 [ 2734.140448][T15082] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2734.146640][T15082] charge_memcg+0xa2/0x160 [ 2734.151103][T15082] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2734.157215][T15082] __read_swap_cache_async+0x480/0x8b0 [ 2734.162723][T15082] ? mark_lock+0x9a/0x350 [ 2734.167102][T15082] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2734.173315][T15082] swap_cluster_readahead+0x67c/0x810 [ 2734.178780][T15082] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2734.184720][T15082] ? __pfx_lock_release+0x10/0x10 [ 2734.189785][T15082] ? xas_descend+0x37e/0x470 [ 2734.194483][T15082] swapin_readahead+0x1ea/0x1070 [ 2734.199525][T15082] ? filemap_get_entry+0x127/0x4e0 [ 2734.204703][T15082] ? __pfx_swapin_readahead+0x10/0x10 [ 2734.210139][T15082] ? __filemap_get_folio+0x935/0xbc0 [ 2734.215526][T15082] ? swap_cache_get_folio+0x9f/0x570 [ 2734.220857][T15082] do_swap_page+0x8ab/0x3da0 [ 2734.225497][T15082] ? __pte_offset_map+0x2c4/0x380 [ 2734.230579][T15082] ? __pfx_validate_chain+0x10/0x10 [ 2734.235815][T15082] ? do_swap_page+0x154/0x3da0 [ 2734.240612][T15082] ? __pfx_do_swap_page+0x10/0x10 [ 2734.245671][T15082] ? pte_offset_map_nolock+0x137/0x1f0 [ 2734.251172][T15082] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2734.257034][T15082] __handle_mm_fault+0x15e8/0x72d0 [ 2734.262221][T15082] ? reacquire_held_locks+0x3eb/0x690 [ 2734.267632][T15082] ? __pfx___handle_mm_fault+0x10/0x10 [ 2734.273148][T15082] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2734.278921][T15082] ? mtree_range_walk+0x6fd/0x8e0 [ 2734.283988][T15082] ? lock_vma_under_rcu+0x18a/0x730 [ 2734.289226][T15082] ? __pfx_lock_release+0x10/0x10 [ 2734.294291][T15082] ? lock_vma_under_rcu+0x2f9/0x730 [ 2734.299571][T15082] ? lock_vma_under_rcu+0x18a/0x730 [ 2734.304812][T15082] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2734.310399][T15082] handle_mm_fault+0x3c1/0x8a0 [ 2734.315234][T15082] exc_page_fault+0x456/0x870 [ 2734.319962][T15082] asm_exc_page_fault+0x26/0x30 [ 2734.324859][T15082] RIP: 0033:0x7f091a852860 [ 2734.329309][T15082] Code: 8e 31 c0 be 01 00 00 00 f0 0f b1 35 9a 8a c8 00 0f 85 26 0a 00 00 c1 e1 02 48 8b 05 aa 8a c8 00 48 8d 35 a3 8a c8 00 83 e1 04 <89> 4c 24 30 83 c9 03 89 4c 24 44 48 39 f0 0f 84 4c 07 00 00 31 db [ 2734.348957][T15082] RSP: 002b:00007ffdf4c5ca60 EFLAGS: 00010246 [ 2734.355071][T15082] RAX: 00007f0919a00980 RBX: fffffffffffff000 RCX: 0000000000000000 [ 2734.363090][T15082] RDX: 000000000000003f RSI: 00007f091b4db300 RDI: 00007ffdf4c5ccb8 [ 2734.371106][T15082] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2734.379152][T15082] R10: 0000000000021000 R11: 0000000000020000 R12: 00007ffdf4c5cd00 [ 2734.387173][T15082] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 2734.395226][T15082] 20:25:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00091508000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2734.434494][T15082] memory: usage 307180kB, limit 307200kB, failcnt 174813 [ 2734.450395][T15082] memory+swap: usage 307372kB, limit 9007199254740988kB, failcnt 0 [ 2734.484149][T15082] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2734.500315][T15082] Memory cgroup stats for /syz1: [ 2734.504044][T15082] cache 0 20:25:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c14080008"], 0x3c}}, 0x0) [ 2734.553336][T15082] rss 12288 [ 2734.566640][T15100] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2734.575336][T15100] IPv6: NLM_F_CREATE should be set when creating new route [ 2734.580189][T15082] rss_huge 0 [ 2734.586764][T15082] shmem 0 [ 2734.589749][T15082] mapped_file 0 [ 2734.597719][T15082] dirty 0 [ 2734.604187][T15082] writeback 0 [ 2734.607713][T15082] workingset_refault_anon 57711 [ 2734.612692][T15082] workingset_refault_file 0 [ 2734.617574][T15082] swap 196608 [ 2734.620979][T15082] swapcached 12288 [ 2734.624813][T15082] pgpgin 206021 [ 2734.632680][T15082] pgpgout 206018 [ 2734.636745][T15082] pgfault 466494 [ 2734.641794][T15082] pgmajfault 55367 [ 2734.645554][T15082] inactive_anon 4096 [ 2734.649655][T15082] active_anon 8192 [ 2734.653403][T15082] inactive_file 0 [ 2734.657356][T15082] active_file 0 [ 2734.660856][T15082] unevictable 0 [ 2734.664350][T15082] hierarchical_memory_limit 314572800 [ 2734.686273][T15082] hierarchical_memsw_limit 9223372036854771712 [ 2734.692496][T15082] total_cache 0 [ 2734.696188][T15082] total_rss 12288 [ 2734.699850][T15082] total_rss_huge 0 20:25:23 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x60) [ 2734.703592][T15082] total_shmem 0 [ 2734.737338][T15082] total_mapped_file 0 [ 2734.741537][T15082] total_dirty 0 [ 2734.755357][T15082] total_writeback 0 [ 2734.765434][T15082] total_workingset_refault_anon 57711 [ 2734.775033][T15082] total_workingset_refault_file 0 [ 2734.783176][T15082] total_swap 196608 [ 2734.788012][T15082] total_swapcached 12288 [ 2734.792532][T15082] total_pgpgin 206021 [ 2734.797621][T15082] total_pgpgout 206018 [ 2734.806943][T15082] total_pgfault 466494 [ 2734.811965][T15082] total_pgmajfault 55367 [ 2734.817339][T15082] total_inactive_anon 4096 [ 2734.827873][T15082] total_active_anon 8192 20:25:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00096008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2734.838423][T15082] total_inactive_file 0 [ 2734.850212][T15082] total_active_file 0 [ 2734.855009][T15082] total_unevictable 0 [ 2734.872467][T15082] anon_cost 0 [ 2734.879375][T15082] file_cost 0 [ 2734.886648][T15082] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15082,uid=0 [ 2734.916335][T15108] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2734.925087][T15108] IPv6: NLM_F_CREATE should be set when creating new route 20:25:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c60080008"], 0x3c}}, 0x0) 20:25:23 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0xffffff7f00000000}, 0x0) [ 2734.927633][T15082] Memory cgroup out of memory: Killed process 15082 (syz-executor.1) total-vm:56424kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:23 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x68) 20:25:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000cfc080008"], 0x3c}}, 0x0) 20:25:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090007000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2735.133595][T15117] __nla_validate_parse: 31 callbacks suppressed [ 2735.133616][T15117] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:25:24 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00090008"], 0x3c}}, 0x0) [ 2735.216998][T15119] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2735.228808][T15120] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2735.332465][T15121] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2735.341367][T15121] IPv6: NLM_F_CREATE should be set when creating new route [ 2735.382140][T15114] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2735.393130][T15114] CPU: 1 PID: 15114 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2735.401593][T15124] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2735.403574][T15114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2735.403597][T15114] Call Trace: [ 2735.403609][T15114] [ 2735.403619][T15114] dump_stack_lvl+0x1e7/0x2e0 [ 2735.434037][T15114] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2735.439283][T15114] ? __pfx__printk+0x10/0x10 [ 2735.443899][T15114] ? ___ratelimit+0x4c4/0x670 [ 2735.448612][T15114] ? __pfx____ratelimit+0x10/0x10 [ 2735.453684][T15114] dump_header+0xda/0x6a0 [ 2735.458068][T15114] oom_kill_process+0x3a7/0x930 [ 2735.462966][T15114] out_of_memory+0xf67/0x1320 [ 2735.467685][T15114] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2735.473358][T15114] ? __pfx___mutex_lock+0x10/0x10 [ 2735.478415][T15114] ? __pfx_out_of_memory+0x10/0x10 [ 2735.483566][T15114] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2735.489136][T15114] ? __pfx_lock_release+0x10/0x10 [ 2735.494190][T15114] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2735.500280][T15114] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2735.505494][T15114] ? mem_cgroup_iter+0x3e9/0x560 [ 2735.510452][T15114] try_charge_memcg+0xda2/0x18a0 [ 2735.515421][T15114] ? __pfx_try_charge_memcg+0x10/0x10 [ 2735.520808][T15114] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2735.526542][T15114] ? __pfx_lock_release+0x10/0x10 [ 2735.531588][T15114] ? memcg_account_kmem+0x1e7/0x210 [ 2735.536812][T15114] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2735.542634][T15114] __memcg_kmem_charge_page+0xe1/0x250 [ 2735.548114][T15114] memcg_charge_kernel_stack+0x37e/0x550 [ 2735.553766][T15114] dup_task_struct+0x40d/0x7d0 [ 2735.558546][T15114] copy_process+0x5d5/0x3fc0 [ 2735.563160][T15114] ? __might_fault+0xa9/0x120 [ 2735.567863][T15114] ? __pfx_lock_release+0x10/0x10 [ 2735.572907][T15114] ? __pfx_copy_process+0x10/0x10 [ 2735.577945][T15114] ? __might_fault+0xc5/0x120 [ 2735.582634][T15114] ? __asan_memset+0x23/0x50 [ 2735.587244][T15114] kernel_clone+0x21d/0x8d0 [ 2735.591763][T15114] ? __pfx_kernel_clone+0x10/0x10 [ 2735.596818][T15114] __se_sys_clone3+0x2cb/0x350 [ 2735.601601][T15114] ? __pfx___se_sys_clone3+0x10/0x10 [ 2735.606920][T15114] ? do_syscall_64+0x108/0x240 [ 2735.611703][T15114] ? do_syscall_64+0xb4/0x240 [ 2735.616402][T15114] do_syscall_64+0xf9/0x240 [ 2735.620923][T15114] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2735.626834][T15114] RIP: 0033:0x7f091a8a9b99 [ 2735.631265][T15114] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2735.650879][T15114] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2735.659309][T15114] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2735.667294][T15114] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2735.675276][T15114] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2735.683257][T15114] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2735.691236][T15114] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2735.699580][T15114] 20:25:24 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c000a0008"], 0x3c}}, 0x0) 20:25:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x6c) 20:25:24 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008020000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2735.832765][T15127] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2735.841739][T15114] memory: usage 307200kB, limit 307200kB, failcnt 175075 [ 2735.851293][T15114] memory+swap: usage 307436kB, limit 9007199254740988kB, failcnt 0 [ 2735.860137][T15114] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2735.868268][T15114] Memory cgroup stats for /syz1: [ 2735.868421][T15114] cache 0 20:25:24 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c000b0008"], 0x3c}}, 0x0) [ 2735.882512][T15114] rss 8192 [ 2735.885703][T15114] rss_huge 0 [ 2735.889774][T15129] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2735.915284][T15114] shmem 0 [ 2735.922129][T15114] mapped_file 0 [ 2735.930264][T15114] dirty 0 [ 2735.955122][T15114] writeback 0 [ 2735.960861][T15114] workingset_refault_anon 57795 [ 2735.965746][T15114] workingset_refault_file 0 [ 2735.980920][T15114] swap 233472 [ 2735.986527][T15114] swapcached 4096 [ 2735.990206][T15114] pgpgin 206117 [ 2735.993687][T15114] pgpgout 206115 [ 2736.022923][T15114] pgfault 466633 [ 2736.031171][T15131] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2736.041349][T15114] pgmajfault 55444 [ 2736.056168][T15114] inactive_anon 8192 [ 2736.060116][T15114] active_anon 0 [ 2736.063694][T15114] inactive_file 0 20:25:24 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008030000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2736.089950][T15114] active_file 0 [ 2736.101490][T15114] unevictable 0 [ 2736.119291][T15114] hierarchical_memory_limit 314572800 [ 2736.132263][T15114] hierarchical_memsw_limit 9223372036854771712 [ 2736.144659][T15114] total_cache 0 [ 2736.160157][T15114] total_rss 8192 [ 2736.163753][T15114] total_rss_huge 0 [ 2736.179109][T15114] total_shmem 0 [ 2736.182707][T15114] total_mapped_file 0 [ 2736.197314][T15133] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2736.206253][T15133] IPv6: NLM_F_CREATE should be set when creating new route [ 2736.213836][T15114] total_dirty 0 [ 2736.218394][T15114] total_writeback 0 [ 2736.222700][T15114] total_workingset_refault_anon 57795 [ 2736.229333][T15114] total_workingset_refault_file 0 [ 2736.237911][T15114] total_swap 233472 20:25:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x74) [ 2736.247959][T15135] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2736.248706][T15114] total_swapcached 4096 [ 2736.263752][T15137] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2736.274244][T15114] total_pgpgin 206117 [ 2736.282606][T15114] total_pgpgout 206115 [ 2736.293579][T15114] total_pgfault 466633 20:25:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00110008"], 0x3c}}, 0x0) [ 2736.304048][T15114] total_pgmajfault 55444 [ 2736.326118][T15114] total_inactive_anon 8192 [ 2736.330595][T15114] total_active_anon 0 [ 2736.342452][T15114] total_inactive_file 0 [ 2736.367218][T15114] total_active_file 0 [ 2736.376456][T15114] total_unevictable 0 [ 2736.383377][T15114] anon_cost 0 [ 2736.394400][T15114] file_cost 0 [ 2736.407040][T15114] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15114,uid=0 [ 2736.440632][T15114] Memory cgroup out of memory: Killed process 15114 (syz-executor.1) total-vm:56556kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:25 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000007000000000c00080008"], 0x3c}}, 0x0) [ 2736.486996][T15140] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:25:25 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008040000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2736.606379][T21836] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 2736.617245][T21836] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 2736.627165][T21836] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 2736.646673][T21836] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 2736.659202][T21836] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 2736.672106][T21836] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 20:25:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00140008"], 0x3c}}, 0x0) [ 2736.701079][T15143] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2736.709977][T15143] IPv6: NLM_F_CREATE should be set when creating new route 20:25:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x7a) 20:25:25 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008050000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2736.967811][T15153] netlink: 'syz-executor.4': attribute type 20 has an invalid length. 20:25:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00150008"], 0x3c}}, 0x0) [ 2737.107999][T15156] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2737.116924][T15156] IPv6: NLM_F_CREATE should be set when creating new route [ 2737.150867][T29516] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2737.173766][T29516] CPU: 0 PID: 29516 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2737.184257][T29516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2737.194354][T29516] Call Trace: [ 2737.197669][T29516] [ 2737.200636][T29516] dump_stack_lvl+0x1e7/0x2e0 [ 2737.205371][T29516] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2737.210619][T29516] ? __pfx__printk+0x10/0x10 [ 2737.215253][T29516] ? ___ratelimit+0x4c4/0x670 [ 2737.220071][T29516] ? __pfx____ratelimit+0x10/0x10 [ 2737.225139][T29516] dump_header+0xda/0x6a0 [ 2737.229599][T29516] oom_kill_process+0x3a7/0x930 [ 2737.234496][T29516] out_of_memory+0xf67/0x1320 [ 2737.239222][T29516] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2737.244906][T29516] ? __pfx___mutex_lock+0x10/0x10 [ 2737.249990][T29516] ? __pfx_out_of_memory+0x10/0x10 [ 2737.255159][T29516] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2737.258473][T15160] netlink: 'syz-executor.4': attribute type 21 has an invalid length. [ 2737.260724][T29516] ? __pfx_lock_release+0x10/0x10 [ 2737.273969][T29516] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2737.280100][T29516] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2737.285356][T29516] ? mem_cgroup_iter+0x3e9/0x560 [ 2737.290349][T29516] try_charge_memcg+0xda2/0x18a0 [ 2737.295331][T29516] ? mark_lock+0x9a/0x350 [ 2737.299822][T29516] ? __pfx_try_charge_memcg+0x10/0x10 [ 2737.305350][T29516] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2737.311560][T29516] charge_memcg+0xa2/0x160 [ 2737.316021][T29516] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2737.322140][T29516] __read_swap_cache_async+0x480/0x8b0 [ 2737.327653][T29516] ? mark_lock+0x9a/0x350 [ 2737.332043][T29516] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2737.338084][T29516] swap_cluster_readahead+0x67c/0x810 [ 2737.343518][T29516] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2737.349471][T29516] ? __pfx_lock_release+0x10/0x10 [ 2737.354546][T29516] ? xas_descend+0x37e/0x470 [ 2737.359204][T29516] swapin_readahead+0x1ea/0x1070 [ 2737.364187][T29516] ? filemap_get_entry+0x127/0x4e0 [ 2737.369353][T29516] ? __pfx_swapin_readahead+0x10/0x10 [ 2737.374783][T29516] ? __filemap_get_folio+0x935/0xbc0 [ 2737.380129][T29516] ? swap_cache_get_folio+0x9f/0x570 [ 2737.385470][T29516] do_swap_page+0x8ab/0x3da0 [ 2737.390102][T29516] ? __pte_offset_map+0x2c4/0x380 [ 2737.395178][T29516] ? do_swap_page+0x154/0x3da0 20:25:26 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008060000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2737.399995][T29516] ? __pfx_do_swap_page+0x10/0x10 [ 2737.405054][T29516] ? pte_offset_map_nolock+0x137/0x1f0 [ 2737.410556][T29516] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2737.416397][T29516] ? __pfx_validate_chain+0x10/0x10 [ 2737.421679][T29516] __handle_mm_fault+0x15e8/0x72d0 [ 2737.426865][T29516] ? __pfx___handle_mm_fault+0x10/0x10 [ 2737.432397][T29516] ? mt_find+0x226/0x850 [ 2737.436680][T29516] ? __pfx_lock_release+0x10/0x10 [ 2737.441761][T29516] ? mt_find+0x62d/0x850 [ 2737.446046][T29516] ? mt_find+0x226/0x850 [ 2737.450381][T29516] ? find_vma+0x142/0x1c0 [ 2737.454751][T29516] ? __pfx_find_vma+0x10/0x10 [ 2737.459464][T29516] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2737.465501][T29516] handle_mm_fault+0x3c1/0x8a0 [ 2737.470315][T29516] exc_page_fault+0x2ad/0x870 [ 2737.475052][T29516] asm_exc_page_fault+0x26/0x30 [ 2737.479944][T29516] RIP: 0010:__get_user_8+0x11/0x20 20:25:26 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008070000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2737.485091][T29516] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2737.504742][T29516] RSP: 0018:ffffc90003767d98 EFLAGS: 00050202 [ 2737.510853][T29516] RAX: 0000555555e1bda8 RBX: ffff88802157b2f8 RCX: ffffc90003767c03 [ 2737.518862][T29516] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6da0 [ 2737.526883][T29516] RBP: ffffc90003767ec8 R08: ffffffff8f8567ef R09: 1ffffffff1f0acfd [ 2737.534897][T29516] R10: dffffc0000000000 R11: fffffbfff1f0acfe R12: ffffc90003767da0 [ 2737.542929][T29516] R13: ffffc90003767fd8 R14: dffffc0000000000 R15: ffff888021579dc0 [ 2737.550958][T29516] __rseq_handle_notify_resume+0x158/0x1490 [ 2737.556926][T29516] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2737.563312][T29516] ? syscall_exit_to_user_mode+0xa2/0x370 [ 2737.569093][T29516] syscall_exit_to_user_mode+0x113/0x370 [ 2737.574780][T29516] do_syscall_64+0x108/0x240 [ 2737.579420][T29516] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2737.585356][T29516] RIP: 0033:0x7f091a8a91b5 [ 2737.589804][T29516] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 2737.609450][T29516] RSP: 002b:00007ffdf4c5cd60 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 2737.617992][T29516] RAX: 0000000000000000 RBX: 00000000000001e4 RCX: 00007f091a8a91b5 [ 2737.625999][T29516] RDX: 00007ffdf4c5cda0 RSI: 0000000000000000 RDI: 0000000000000000 [ 2737.634004][T29516] RBP: 00007ffdf4c5ce2c R08: 0000000000000000 R09: 00007ffdf4c840b0 [ 2737.642011][T29516] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 20:25:26 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c001e0008"], 0x3c}}, 0x0) [ 2737.650006][T29516] R13: 000000000029c22f R14: 000000000029c22f R15: 0000000000000000 [ 2737.658031][T29516] [ 2737.700012][T29516] memory: usage 307200kB, limit 307200kB, failcnt 175526 [ 2737.713836][T29516] memory+swap: usage 307472kB, limit 9007199254740988kB, failcnt 0 [ 2737.723038][T29516] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2737.730826][T29516] Memory cgroup stats for /syz1: [ 2737.730996][T29516] cache 0 [ 2737.739320][T29516] rss 8192 [ 2737.742461][T29516] rss_huge 0 [ 2737.745804][T29516] shmem 0 [ 2737.749187][T29516] mapped_file 0 [ 2737.752763][T29516] dirty 0 [ 2737.755801][T29516] writeback 0 [ 2737.759474][T29516] workingset_refault_anon 57956 [ 2737.765616][T29516] workingset_refault_file 0 [ 2737.770459][T29516] swap 270336 [ 2737.773869][T29516] swapcached 4096 [ 2737.777716][T29516] pgpgin 206290 [ 2737.781324][T29516] pgpgout 206288 [ 2737.784989][T29516] pgfault 466896 20:25:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xfc) [ 2737.798578][T29516] pgmajfault 55599 [ 2737.802474][T29516] inactive_anon 0 [ 2737.806708][T29516] active_anon 8192 [ 2737.810555][T29516] inactive_file 0 [ 2737.816336][T29516] active_file 0 [ 2737.820044][T29516] unevictable 0 [ 2737.823673][T29516] hierarchical_memory_limit 314572800 [ 2737.829690][T29516] hierarchical_memsw_limit 9223372036854771712 [ 2737.839528][T29516] total_cache 0 [ 2737.846123][T29516] total_rss 8192 [ 2737.851770][T29516] total_rss_huge 0 [ 2737.858427][T29516] total_shmem 0 [ 2737.862002][T29516] total_mapped_file 0 [ 2737.867712][T29516] total_dirty 0 [ 2737.871409][T29516] total_writeback 0 [ 2737.875325][T29516] total_workingset_refault_anon 57956 [ 2737.881078][T29516] total_workingset_refault_file 0 [ 2737.886577][T29516] total_swap 270336 [ 2737.890504][T29516] total_swapcached 4096 [ 2737.894803][T29516] total_pgpgin 206290 [ 2737.899156][T29516] total_pgpgout 206288 [ 2737.903354][T29516] total_pgfault 466896 [ 2737.911453][T29516] total_pgmajfault 55599 [ 2737.916733][T29516] total_inactive_anon 0 [ 2737.921745][T29516] total_active_anon 8192 [ 2737.926844][T29516] total_inactive_file 0 [ 2737.931255][T29516] total_active_file 0 [ 2737.935445][T29516] total_unevictable 0 [ 2737.939849][T29516] anon_cost 0 [ 2737.943384][T29516] file_cost 0 [ 2737.947625][T29516] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15149,uid=0 [ 2737.963864][T29516] Memory cgroup out of memory: Killed process 15149 (syz-executor.1) total-vm:56556kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:26 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000007000000000c00080008"], 0x3c}}, 0x0) [ 2737.999873][T15170] netlink: 'syz-executor.4': attribute type 30 has an invalid length. 20:25:26 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00030008"], 0x3c}}, 0x0) 20:25:26 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008080000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2738.164900][T15174] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2738.173773][T15174] IPv6: NLM_F_CREATE should be set when creating new route 20:25:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x284) 20:25:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00040008"], 0x3c}}, 0x0) [ 2738.207496][T15178] netlink: 'syz-executor.4': attribute type 3 has an invalid length. 20:25:27 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008090000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2738.352462][T15184] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 2738.377844][T15184] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2738.385186][T15184] IPv6: NLM_F_CREATE should be set when creating new route 20:25:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00050008"], 0x3c}}, 0x0) [ 2738.542113][T15186] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2738.550990][T15186] IPv6: NLM_F_CREATE should be set when creating new route [ 2738.584068][T15175] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2738.594662][T15175] CPU: 1 PID: 15175 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2738.605125][T15175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2738.615226][T15175] Call Trace: [ 2738.618540][T15175] [ 2738.621505][T15175] dump_stack_lvl+0x1e7/0x2e0 [ 2738.626243][T15175] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2738.631492][T15175] ? __pfx__printk+0x10/0x10 [ 2738.636127][T15175] ? ___ratelimit+0x4c4/0x670 [ 2738.640862][T15175] ? __pfx____ratelimit+0x10/0x10 [ 2738.645936][T15175] dump_header+0xda/0x6a0 [ 2738.650317][T15175] oom_kill_process+0x3a7/0x930 [ 2738.655220][T15175] out_of_memory+0xf67/0x1320 [ 2738.659950][T15175] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2738.665626][T15175] ? __pfx___mutex_lock+0x10/0x10 [ 2738.670699][T15175] ? __pfx_out_of_memory+0x10/0x10 [ 2738.675855][T15175] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2738.681445][T15175] ? __pfx_lock_release+0x10/0x10 [ 2738.686518][T15175] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2738.692638][T15175] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2738.697881][T15175] ? mem_cgroup_iter+0x3e9/0x560 [ 2738.702865][T15175] try_charge_memcg+0xda2/0x18a0 [ 2738.707863][T15175] ? __pfx_try_charge_memcg+0x10/0x10 [ 2738.713272][T15175] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2738.719034][T15175] ? __pfx_lock_release+0x10/0x10 [ 2738.724110][T15175] ? memcg_account_kmem+0x1e7/0x210 [ 2738.729368][T15175] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2738.735218][T15175] __memcg_kmem_charge_page+0xe1/0x250 [ 2738.740734][T15175] memcg_charge_kernel_stack+0x304/0x550 [ 2738.746412][T15175] dup_task_struct+0x15d/0x7d0 [ 2738.751227][T15175] copy_process+0x5d5/0x3fc0 [ 2738.755879][T15175] ? __might_fault+0xa9/0x120 [ 2738.760596][T15175] ? __pfx_lock_release+0x10/0x10 [ 2738.765677][T15175] ? __pfx_copy_process+0x10/0x10 [ 2738.770738][T15175] ? __might_fault+0xc5/0x120 [ 2738.775477][T15175] ? __asan_memset+0x23/0x50 [ 2738.780124][T15175] kernel_clone+0x21d/0x8d0 [ 2738.784684][T15175] ? __pfx_kernel_clone+0x10/0x10 [ 2738.789778][T15175] __se_sys_clone3+0x2cb/0x350 [ 2738.794589][T15175] ? __pfx___se_sys_clone3+0x10/0x10 [ 2738.799936][T15175] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2738.805982][T15175] ? exc_page_fault+0x587/0x870 [ 2738.810882][T15175] ? do_syscall_64+0xb4/0x240 [ 2738.815612][T15175] do_syscall_64+0xf9/0x240 [ 2738.820178][T15175] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2738.826120][T15175] RIP: 0033:0x7f091a8a9b99 [ 2738.830582][T15175] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2738.850226][T15175] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2738.858684][T15175] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2738.866696][T15175] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2738.874702][T15175] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 20:25:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x286) [ 2738.882714][T15175] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2738.890722][T15175] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2738.898752][T15175] [ 2738.927410][T15144] chnl_net:caif_netlink_parms(): no params data found [ 2738.936402][T13741] Bluetooth: hci6: command 0x0409 tx timeout [ 2738.941710][T15175] memory: usage 307200kB, limit 307200kB, failcnt 175929 20:25:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00060008"], 0x3c}}, 0x0) 20:25:27 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c000900080a0000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2739.026895][T15175] memory+swap: usage 307396kB, limit 9007199254740988kB, failcnt 0 [ 2739.079363][T15175] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0 [ 2739.096230][T15175] Memory cgroup stats for /syz1: [ 2739.096380][T15175] cache 0 [ 2739.104314][T15175] rss 0 [ 2739.129680][T15175] rss_huge 0 [ 2739.132943][T15175] shmem 0 [ 2739.135906][T15175] mapped_file 0 [ 2739.208870][T15175] dirty 0 [ 2739.211859][T15175] writeback 0 [ 2739.215170][T15175] workingset_refault_anon 58087 [ 2739.242634][T15175] workingset_refault_file 0 [ 2739.260531][T15175] swap 204800 [ 2739.266831][T15175] swapcached 0 [ 2739.270426][T15175] pgpgin 206456 [ 2739.274086][T15175] pgpgout 206456 [ 2739.278885][T15175] pgfault 467153 [ 2739.282642][T15175] pgmajfault 55747 [ 2739.304532][T15175] inactive_anon 0 [ 2739.312011][T15175] active_anon 0 [ 2739.321029][T15196] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2739.329841][T15196] IPv6: NLM_F_CREATE should be set when creating new route [ 2739.341210][T15198] netlink: 'syz-executor.4': attribute type 6 has an invalid length. [ 2739.350121][T15175] inactive_file 0 20:25:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00090008"], 0x3c}}, 0x0) 20:25:28 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x300) [ 2739.371924][T15175] active_file 0 [ 2739.375448][T15175] unevictable 0 [ 2739.388528][T15175] hierarchical_memory_limit 314572800 [ 2739.396913][T15175] hierarchical_memsw_limit 9223372036854771712 [ 2739.403397][T15175] total_cache 0 [ 2739.431426][T15175] total_rss 0 [ 2739.440335][T15175] total_rss_huge 0 [ 2739.457644][T15175] total_shmem 0 [ 2739.478828][T15175] total_mapped_file 0 [ 2739.492915][T15175] total_dirty 0 [ 2739.501966][T15175] total_writeback 0 20:25:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c000900080b0000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2739.551260][T15175] total_workingset_refault_anon 58087 [ 2739.579511][T15175] total_workingset_refault_file 0 [ 2739.596916][T15175] total_swap 204800 [ 2739.605483][T15175] total_swapcached 0 [ 2739.610679][T15175] total_pgpgin 206456 [ 2739.614815][T15175] total_pgpgout 206456 [ 2739.619344][T15175] total_pgfault 467153 [ 2739.623535][T15175] total_pgmajfault 55747 [ 2739.628842][T15175] total_inactive_anon 0 [ 2739.633113][T15175] total_active_anon 0 [ 2739.637707][T15175] total_inactive_file 0 [ 2739.642241][T15175] total_active_file 0 [ 2739.646441][T15175] total_unevictable 0 [ 2739.650788][T15175] anon_cost 0 20:25:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c000a0008"], 0x3c}}, 0x0) [ 2739.654185][T15175] file_cost 0 [ 2739.660301][T15175] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15175,uid=0 [ 2739.676194][T15175] Memory cgroup out of memory: Killed process 15175 (syz-executor.1) total-vm:56556kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:28 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000007000000000c00080008"], 0x3c}}, 0x0) [ 2739.741320][T15205] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2739.750184][T15205] IPv6: NLM_F_CREATE should be set when creating new route 20:25:28 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x500) 20:25:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c000900080c0000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c000b0008"], 0x3c}}, 0x0) [ 2740.126845][T15213] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2740.137574][T15213] CPU: 1 PID: 15213 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2740.148022][T15213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2740.158094][T15213] Call Trace: [ 2740.161383][T15213] [ 2740.164325][T15213] dump_stack_lvl+0x1e7/0x2e0 [ 2740.169029][T15213] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2740.174247][T15213] ? __pfx__printk+0x10/0x10 [ 2740.178863][T15213] ? ___ratelimit+0x4c4/0x670 [ 2740.183562][T15213] ? __pfx____ratelimit+0x10/0x10 [ 2740.188617][T15213] dump_header+0xda/0x6a0 [ 2740.192974][T15213] oom_kill_process+0x3a7/0x930 [ 2740.197845][T15213] out_of_memory+0xf67/0x1320 [ 2740.202541][T15213] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2740.208187][T15213] ? __pfx___mutex_lock+0x10/0x10 [ 2740.213234][T15213] ? __pfx_out_of_memory+0x10/0x10 [ 2740.218371][T15213] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2740.223932][T15213] ? __pfx_lock_release+0x10/0x10 [ 2740.228973][T15213] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2740.235057][T15213] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2740.240269][T15213] ? mem_cgroup_iter+0x3e9/0x560 [ 2740.245833][T15213] try_charge_memcg+0xda2/0x18a0 [ 2740.250810][T15213] ? __pfx_try_charge_memcg+0x10/0x10 [ 2740.256207][T15213] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2740.261937][T15213] ? __pfx_lock_release+0x10/0x10 [ 2740.267014][T15213] ? memcg_account_kmem+0x1e7/0x210 [ 2740.272241][T15213] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2740.278074][T15213] __memcg_kmem_charge_page+0xe1/0x250 [ 2740.283558][T15213] memcg_charge_kernel_stack+0x210/0x550 [ 2740.289209][T15213] dup_task_struct+0x40d/0x7d0 [ 2740.293989][T15213] copy_process+0x5d5/0x3fc0 [ 2740.298607][T15213] ? __might_fault+0xa9/0x120 [ 2740.303294][T15213] ? __pfx_lock_release+0x10/0x10 [ 2740.308337][T15213] ? __lock_acquire+0x1345/0x1fd0 [ 2740.313377][T15213] ? __pfx_copy_process+0x10/0x10 [ 2740.318407][T15213] ? __might_fault+0xc5/0x120 [ 2740.323128][T15213] ? __asan_memset+0x23/0x50 [ 2740.327826][T15213] kernel_clone+0x21d/0x8d0 [ 2740.332347][T15213] ? __pfx_kernel_clone+0x10/0x10 [ 2740.337394][T15213] ? __pfx_lock_release+0x10/0x10 [ 2740.342441][T15213] __se_sys_clone3+0x2cb/0x350 [ 2740.347232][T15213] ? __might_fault+0xa9/0x120 [ 2740.351955][T15213] ? __pfx___se_sys_clone3+0x10/0x10 [ 2740.357340][T15213] ? rcu_is_watching+0x15/0xb0 [ 2740.362226][T15213] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2740.368239][T15213] ? exc_page_fault+0x587/0x870 [ 2740.373149][T15213] ? do_syscall_64+0xb4/0x240 [ 2740.377941][T15213] do_syscall_64+0xf9/0x240 [ 2740.382483][T15213] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2740.388498][T15213] RIP: 0033:0x7f091a8a9b99 [ 2740.392930][T15213] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2740.412639][T15213] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2740.421250][T15213] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2740.429242][T15213] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2740.437228][T15213] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2740.445210][T15213] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2740.453366][T15213] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2740.461454][T15213] [ 2740.469266][T15213] memory: usage 307200kB, limit 307200kB, failcnt 176599 [ 2740.496513][T15216] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2740.505278][T15213] memory+swap: usage 307424kB, limit 9007199254740988kB, failcnt 0 [ 2740.505311][T15216] IPv6: NLM_F_CREATE should be set when creating new route [ 2740.527207][T15213] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0 [ 2740.531844][T15144] bridge0: port 1(bridge_slave_0) entered blocking state 20:25:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x600) [ 2740.535822][T15213] Memory cgroup stats for /syz1: [ 2740.543209][T15213] cache 0 [ 2740.553529][T15213] rss 12288 [ 2740.557724][T15213] rss_huge 0 [ 2740.561223][T15213] shmem 0 [ 2740.564430][T15213] mapped_file 0 [ 2740.571784][T15213] dirty 0 [ 2740.571905][T15144] bridge0: port 1(bridge_slave_0) entered disabled state [ 2740.575009][T15213] writeback 0 [ 2740.592558][T15213] workingset_refault_anon 58232 [ 2740.598252][T15213] workingset_refault_file 0 [ 2740.603109][T15213] swap 229376 [ 2740.607730][T15213] swapcached 8192 [ 2740.611637][T15213] pgpgin 206622 [ 2740.615359][T15213] pgpgout 206619 [ 2740.617703][T15144] bridge_slave_0: entered allmulticast mode [ 2740.620164][T15213] pgfault 467398 [ 2740.629559][T15213] pgmajfault 55886 [ 2740.633619][T15213] inactive_anon 0 [ 2740.638394][T15213] active_anon 12288 [ 2740.642515][T15213] inactive_file 0 [ 2740.649938][T15213] active_file 0 [ 2740.651811][T15144] bridge_slave_0: entered promiscuous mode [ 2740.658574][T15213] unevictable 0 [ 2740.668926][T15213] hierarchical_memory_limit 314572800 [ 2740.675471][T15213] hierarchical_memsw_limit 9223372036854771712 [ 2740.679676][T15144] bridge0: port 2(bridge_slave_1) entered blocking state [ 2740.683634][T15213] total_cache 0 [ 2740.693176][T15213] total_rss 12288 [ 2740.700055][T15213] total_rss_huge 0 [ 2740.708026][T15213] total_shmem 0 [ 2740.711888][T15213] total_mapped_file 0 [ 2740.712895][T15144] bridge0: port 2(bridge_slave_1) entered disabled state [ 2740.716966][T15213] total_dirty 0 [ 2740.726767][T15144] bridge_slave_1: entered allmulticast mode [ 2740.728565][T15213] total_writeback 0 [ 2740.737813][T15213] total_workingset_refault_anon 58232 [ 2740.743533][T15213] total_workingset_refault_file 0 [ 2740.749569][T15213] total_swap 229376 [ 2740.752693][T15144] bridge_slave_1: entered promiscuous mode [ 2740.753721][T15213] total_swapcached 8192 [ 2740.766854][T15213] total_pgpgin 206622 [ 2740.771199][T15213] total_pgpgout 206619 [ 2740.772215][T15218] __nla_validate_parse: 22 callbacks suppressed [ 2740.772233][T15218] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2740.775672][T15213] total_pgfault 467398 [ 2740.798656][T15213] total_pgmajfault 55886 [ 2740.803388][T15213] total_inactive_anon 0 [ 2740.810006][T15213] total_active_anon 12288 [ 2740.814908][T15213] total_inactive_file 0 [ 2740.820550][T15213] total_active_file 0 [ 2740.824976][T15213] total_unevictable 0 [ 2740.830555][T15213] anon_cost 0 [ 2740.834281][T15213] file_cost 0 [ 2740.838371][T15213] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15213,uid=0 [ 2740.855469][T15213] Memory cgroup out of memory: Killed process 15213 (syz-executor.1) total-vm:56556kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c000900080f0000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2740.902540][T15220] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2740.933663][T15223] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:25:29 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00100008"], 0x3c}}, 0x0) 20:25:29 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x2000000000000000}, 0x0) [ 2740.996219][T13741] Bluetooth: hci6: command 0x041b tx timeout [ 2741.210583][T15224] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2741.220479][T15224] IPv6: NLM_F_CREATE should be set when creating new route [ 2741.243429][T15227] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:25:30 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x700) [ 2741.372629][T15229] netlink: 'syz-executor.4': attribute type 16 has an invalid length. [ 2741.402158][T15229] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2741.405407][T15228] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2741.424369][T15228] CPU: 1 PID: 15228 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2741.434847][T15228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2741.445026][T15228] Call Trace: [ 2741.448335][T15228] [ 2741.451294][T15228] dump_stack_lvl+0x1e7/0x2e0 [ 2741.456021][T15228] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2741.461356][T15228] ? __pfx__printk+0x10/0x10 [ 2741.466019][T15228] ? ___ratelimit+0x4c4/0x670 [ 2741.470762][T15228] ? __pfx____ratelimit+0x10/0x10 [ 2741.475843][T15228] dump_header+0xda/0x6a0 [ 2741.480218][T15228] oom_kill_process+0x3a7/0x930 [ 2741.485122][T15228] out_of_memory+0xf67/0x1320 [ 2741.489862][T15228] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2741.495542][T15228] ? __pfx___mutex_lock+0x10/0x10 [ 2741.498498][T15144] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2741.500595][T15228] ? __pfx_out_of_memory+0x10/0x10 [ 2741.514785][T15228] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2741.520470][T15228] ? __pfx_lock_release+0x10/0x10 [ 2741.520692][T15232] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2741.525607][T15228] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2741.541389][T15228] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2741.546616][T15228] ? mem_cgroup_iter+0x3e9/0x560 [ 2741.551967][T15228] try_charge_memcg+0xda2/0x18a0 [ 2741.557006][T15228] ? mark_lock+0x9a/0x350 [ 2741.561389][T15228] ? __pfx_try_charge_memcg+0x10/0x10 [ 2741.566893][T15228] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2741.573153][T15228] charge_memcg+0xa2/0x160 [ 2741.577679][T15228] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2741.584216][T15228] __read_swap_cache_async+0x480/0x8b0 [ 2741.590131][T15228] ? mark_lock+0x9a/0x350 [ 2741.594683][T15228] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2741.600729][T15228] ? blk_start_plug+0x6f/0x1b0 [ 2741.605516][T15228] swap_cluster_readahead+0x398/0x810 [ 2741.610929][T15228] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2741.617106][T15228] ? __pfx_lock_release+0x10/0x10 [ 2741.622154][T15228] ? xas_descend+0x37e/0x470 [ 2741.626805][T15228] swapin_readahead+0x1ea/0x1070 [ 2741.631774][T15228] ? filemap_get_entry+0x127/0x4e0 [ 2741.637007][T15228] ? __pfx_swapin_readahead+0x10/0x10 [ 2741.642542][T15228] ? __filemap_get_folio+0x935/0xbc0 [ 2741.647965][T15228] ? swap_cache_get_folio+0x9f/0x570 [ 2741.653292][T15228] do_swap_page+0x8ab/0x3da0 [ 2741.657957][T15228] ? __pte_offset_map+0x2c4/0x380 [ 2741.663080][T15228] ? do_swap_page+0x154/0x3da0 [ 2741.668162][T15228] ? __pfx_do_swap_page+0x10/0x10 [ 2741.673217][T15228] ? pte_offset_map_nolock+0x137/0x1f0 [ 2741.678894][T15228] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2741.685082][T15228] __handle_mm_fault+0x15e8/0x72d0 [ 2741.690586][T15228] ? reacquire_held_locks+0x3eb/0x690 [ 2741.696100][T15228] ? __pfx___handle_mm_fault+0x10/0x10 [ 2741.701965][T15228] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2741.707743][T15228] ? mtree_range_walk+0x6fd/0x8e0 [ 2741.712893][T15228] ? lock_vma_under_rcu+0x18a/0x730 [ 2741.718129][T15228] ? __pfx_lock_release+0x10/0x10 [ 2741.723194][T15228] ? lock_vma_under_rcu+0x2f9/0x730 [ 2741.728441][T15228] ? lock_vma_under_rcu+0x18a/0x730 [ 2741.733763][T15228] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2741.740117][T15228] handle_mm_fault+0x3c1/0x8a0 [ 2741.744911][T15228] exc_page_fault+0x456/0x870 [ 2741.749729][T15228] asm_exc_page_fault+0x26/0x30 [ 2741.754755][T15228] RIP: 0033:0x7f091a86257b [ 2741.759625][T15228] Code: 42 60 48 83 ea 80 48 39 fa 72 e4 0f 1f 40 00 c5 fe 7f 07 c5 fe 7f 47 20 c5 fe 7f 47 40 c5 fe 7f 47 60 0f 01 d6 75 04 c5 f8 77 c5 fc 77 c3 40 0f b6 c6 48 89 d1 48 89 fa f3 aa 48 89 d0 eb e2 [ 2741.779242][T15228] RSP: 002b:00007ffdf4c5ca38 EFLAGS: 00010242 [ 2741.785414][T15228] RAX: 0000555555e1c900 RBX: 00007f091b5596c0 RCX: 0000555555e1c8f0 [ 2741.793502][T15228] RDX: 0000555555e1ca00 RSI: 0000000000000000 RDI: 0000555555e1c998 [ 2741.802098][T15228] RBP: 000000000000000f R08: 00000000ffffffff R09: 0000000000000000 [ 2741.810089][T15228] R10: 0000000000021000 R11: 0000000000000010 R12: 00007ffdf4c5cd00 [ 2741.818180][T15228] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 2741.826270][T15228] [ 2741.833670][T15228] memory: usage 307200kB, limit 307200kB, failcnt 176983 [ 2741.841613][T15228] memory+swap: usage 307424kB, limit 9007199254740988kB, failcnt 0 [ 2741.868136][T15228] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2741.892549][T15228] Memory cgroup stats for /syz1: [ 2741.892702][T15228] cache 0 [ 2741.902356][T15228] rss 12288 [ 2741.905637][T15228] rss_huge 0 [ 2741.911849][T15228] shmem 0 20:25:30 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00110008"], 0x3c}}, 0x0) 20:25:30 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008100000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2741.918075][T15228] mapped_file 0 [ 2741.929604][T15228] dirty 0 [ 2741.947073][T15228] writeback 0 [ 2741.955310][T15228] workingset_refault_anon 58345 [ 2741.966431][T15228] workingset_refault_file 0 [ 2741.976538][T15228] swap 229376 [ 2741.983605][T15228] swapcached 8192 [ 2741.992620][T15228] pgpgin 206751 [ 2741.996875][T15228] pgpgout 206748 [ 2742.005545][T15228] pgfault 467587 [ 2742.009177][T15233] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2742.010946][T15233] IPv6: NLM_F_CREATE should be set when creating new route [ 2742.034052][T15228] pgmajfault 55988 [ 2742.038370][T15228] inactive_anon 0 [ 2742.043261][T15228] active_anon 12288 [ 2742.047649][T15228] inactive_file 0 [ 2742.051754][T15228] active_file 0 [ 2742.055484][T15228] unevictable 0 [ 2742.059474][T15228] hierarchical_memory_limit 314572800 20:25:30 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x900) [ 2742.065130][T15228] hierarchical_memsw_limit 9223372036854771712 [ 2742.071815][T15228] total_cache 0 [ 2742.075610][T15228] total_rss 12288 [ 2742.079749][T15228] total_rss_huge 0 [ 2742.083752][T15228] total_shmem 0 [ 2742.087988][T15228] total_mapped_file 0 [ 2742.092341][T15228] total_dirty 0 [ 2742.097064][T15228] total_writeback 0 [ 2742.101218][T15228] total_workingset_refault_anon 58345 [ 2742.127047][T15144] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2742.136913][T15228] total_workingset_refault_file 0 [ 2742.142302][T15228] total_swap 229376 [ 2742.149950][T15228] total_swapcached 8192 [ 2742.158813][T15228] total_pgpgin 206751 [ 2742.167437][T15228] total_pgpgout 206748 [ 2742.176484][T15228] total_pgfault 467587 [ 2742.185225][T15228] total_pgmajfault 55988 [ 2742.194678][T15228] total_inactive_anon 0 [ 2742.203542][T15228] total_active_anon 12288 [ 2742.211415][T15228] total_inactive_file 0 [ 2742.213606][T15236] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2742.215838][T15228] total_active_file 0 [ 2742.234063][T15228] total_unevictable 0 [ 2742.240084][T15228] anon_cost 0 [ 2742.243649][T15228] file_cost 0 [ 2742.247958][T15228] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15228,uid=0 20:25:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x2000000000000000}, 0x0) [ 2742.264602][T15228] Memory cgroup out of memory: Killed process 15228 (syz-executor.1) total-vm:56556kB, anon-rss:376kB, file-rss:8768kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:31 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00140008"], 0x3c}}, 0x0) [ 2742.365312][T15237] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2742.379752][T15240] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:25:31 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008110000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2742.692392][T15144] team0: Port device team_slave_0 added [ 2742.695577][T15242] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2742.710977][T15241] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2742.711487][T15242] CPU: 0 PID: 15242 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2742.719956][T15241] IPv6: NLM_F_CREATE should be set when creating new route [ 2742.729103][T15242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2742.729122][T15242] Call Trace: [ 2742.729134][T15242] [ 2742.729144][T15242] dump_stack_lvl+0x1e7/0x2e0 [ 2742.729186][T15242] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2742.751890][T15244] netlink: 'syz-executor.4': attribute type 20 has an invalid length. [ 2742.752847][T15242] ? __pfx__printk+0x10/0x10 [ 2742.752890][T15242] ? ___ratelimit+0x4c4/0x670 [ 2742.752927][T15242] ? __pfx____ratelimit+0x10/0x10 20:25:31 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00150008"], 0x3c}}, 0x0) [ 2742.757911][T15244] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2742.762800][T15242] dump_header+0xda/0x6a0 [ 2742.762845][T15242] oom_kill_process+0x3a7/0x930 [ 2742.762887][T15242] out_of_memory+0xf67/0x1320 [ 2742.809515][T15242] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2742.815299][T15242] ? __pfx___mutex_lock+0x10/0x10 [ 2742.820392][T15242] ? __pfx_out_of_memory+0x10/0x10 [ 2742.825559][T15242] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2742.831590][T15242] ? __pfx_lock_release+0x10/0x10 [ 2742.836689][T15242] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 20:25:31 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xa00) [ 2742.842821][T15242] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2742.848079][T15242] ? mem_cgroup_iter+0x3e9/0x560 [ 2742.853075][T15242] try_charge_memcg+0xda2/0x18a0 [ 2742.858078][T15242] ? mark_lock+0x9a/0x350 [ 2742.862506][T15242] ? __pfx_try_charge_memcg+0x10/0x10 [ 2742.867967][T15242] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2742.874186][T15242] charge_memcg+0xa2/0x160 [ 2742.878685][T15242] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2742.884823][T15242] __read_swap_cache_async+0x480/0x8b0 [ 2742.890343][T15242] ? mark_lock+0x9a/0x350 [ 2742.894737][T15242] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2742.900936][T15242] swap_cluster_readahead+0x67c/0x810 [ 2742.906402][T15242] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2742.912371][T15242] ? __pfx_lock_release+0x10/0x10 [ 2742.917461][T15242] ? xas_descend+0x37e/0x470 [ 2742.922129][T15242] swapin_readahead+0x1ea/0x1070 [ 2742.927210][T15242] ? filemap_get_entry+0x127/0x4e0 [ 2742.932912][T15242] ? __pfx_swapin_readahead+0x10/0x10 [ 2742.938480][T15242] ? __filemap_get_folio+0x935/0xbc0 [ 2742.943824][T15242] ? swap_cache_get_folio+0x9f/0x570 [ 2742.949176][T15242] do_swap_page+0x8ab/0x3da0 [ 2742.953826][T15242] ? __pte_offset_map+0x2c4/0x380 [ 2742.959017][T15242] ? do_swap_page+0x154/0x3da0 [ 2742.963837][T15242] ? __pfx_do_swap_page+0x10/0x10 [ 2742.968939][T15242] ? pte_offset_map_nolock+0x137/0x1f0 [ 2742.974469][T15242] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2742.980340][T15242] __handle_mm_fault+0x15e8/0x72d0 [ 2742.985544][T15242] ? reacquire_held_locks+0x3eb/0x690 [ 2742.990958][T15242] ? __pfx___handle_mm_fault+0x10/0x10 [ 2742.996520][T15242] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2743.002312][T15242] ? mtree_range_walk+0x6fd/0x8e0 [ 2743.007451][T15242] ? lock_vma_under_rcu+0x18a/0x730 [ 2743.011181][T15250] netlink: 'syz-executor.4': attribute type 21 has an invalid length. [ 2743.012678][T15242] ? __pfx_lock_release+0x10/0x10 [ 2743.012716][T15242] ? lock_vma_under_rcu+0x2f9/0x730 [ 2743.012771][T15242] ? lock_vma_under_rcu+0x18a/0x730 [ 2743.036576][T15242] ? __pfx_lock_vma_under_rcu+0x10/0x10 20:25:31 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c001e0008"], 0x3c}}, 0x0) [ 2743.042190][T15242] handle_mm_fault+0x3c1/0x8a0 [ 2743.047144][T15242] exc_page_fault+0x456/0x870 [ 2743.051884][T15242] asm_exc_page_fault+0x26/0x30 [ 2743.056789][T15242] RIP: 0033:0x7f091a852860 [ 2743.061247][T15242] Code: 8e 31 c0 be 01 00 00 00 f0 0f b1 35 9a 8a c8 00 0f 85 26 0a 00 00 c1 e1 02 48 8b 05 aa 8a c8 00 48 8d 35 a3 8a c8 00 83 e1 04 <89> 4c 24 30 83 c9 03 89 4c 24 44 48 39 f0 0f 84 4c 07 00 00 31 db [ 2743.067015][T13741] Bluetooth: hci6: command 0x040f tx timeout [ 2743.080888][T15242] RSP: 002b:00007ffdf4c5ca60 EFLAGS: 00010246 [ 2743.080919][T15242] RAX: 00007f0919a00980 RBX: fffffffffffff000 RCX: 0000000000000000 [ 2743.080942][T15242] RDX: 000000000000003f RSI: 00007f091b4db300 RDI: 00007ffdf4c5ccb8 [ 2743.080956][T15242] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2743.080972][T15242] R10: 0000000000021000 R11: 0000000000020000 R12: 00007ffdf4c5cd00 [ 2743.080987][T15242] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 2743.134213][T15242] [ 2743.167718][T15242] memory: usage 307180kB, limit 307200kB, failcnt 177314 [ 2743.174950][T15242] memory+swap: usage 307380kB, limit 9007199254740988kB, failcnt 0 [ 2743.188784][T15242] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2743.196420][T15242] Memory cgroup stats for /syz1: [ 2743.196572][T15242] cache 0 [ 2743.205712][T15242] rss 12288 [ 2743.209551][T15242] rss_huge 0 [ 2743.212888][T15242] shmem 0 [ 2743.216933][T15242] mapped_file 0 [ 2743.220508][T15242] dirty 0 [ 2743.223562][T15242] writeback 0 [ 2743.228163][T15242] workingset_refault_anon 58469 [ 2743.233156][T15242] workingset_refault_file 0 [ 2743.239835][T15242] swap 204800 [ 2743.244411][T15242] swapcached 12288 [ 2743.249261][T15242] pgpgin 206884 [ 2743.252857][T15242] pgpgout 206881 [ 2743.257249][T15242] pgfault 467786 [ 2743.261093][T15242] pgmajfault 56095 [ 2743.264925][T15242] inactive_anon 8192 [ 2743.269725][T15242] active_anon 0 [ 2743.273306][T15242] inactive_file 0 [ 2743.277862][T15242] active_file 0 [ 2743.281495][T15242] unevictable 0 [ 2743.285148][T15242] hierarchical_memory_limit 314572800 [ 2743.291490][T15242] hierarchical_memsw_limit 9223372036854771712 [ 2743.298584][T15242] total_cache 0 [ 2743.304409][T15242] total_rss 12288 [ 2743.311232][T15242] total_rss_huge 0 [ 2743.315117][T15242] total_shmem 0 [ 2743.319366][T15242] total_mapped_file 0 [ 2743.323502][T15242] total_dirty 0 [ 2743.327696][T15242] total_writeback 0 [ 2743.331765][T15242] total_workingset_refault_anon 58469 [ 2743.338257][T15242] total_workingset_refault_file 0 [ 2743.343470][T15242] total_swap 204800 [ 2743.349379][T15242] total_swapcached 12288 [ 2743.353783][T15242] total_pgpgin 206884 [ 2743.359292][T15242] total_pgpgout 206881 [ 2743.365819][T15242] total_pgfault 467786 [ 2743.372833][T15242] total_pgmajfault 56095 [ 2743.381348][T15242] total_inactive_anon 8192 [ 2743.392560][T15242] total_active_anon 0 [ 2743.401187][T15242] total_inactive_file 0 [ 2743.415320][T15242] total_active_file 0 20:25:32 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008140000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2743.420019][T15242] total_unevictable 0 [ 2743.424260][T15242] anon_cost 0 [ 2743.428410][T15242] file_cost 0 [ 2743.432136][T15242] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15242,uid=0 [ 2743.464662][T15144] team0: Port device team_slave_1 added 20:25:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x2000000000000000}, 0x0) [ 2743.473620][T15253] netlink: 'syz-executor.4': attribute type 30 has an invalid length. [ 2743.481091][T15242] Memory cgroup out of memory: Killed process 15242 (syz-executor.1) total-vm:56424kB, anon-rss:420kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2743.487215][T15254] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2743.507877][T15254] IPv6: NLM_F_CREATE should be set when creating new route 20:25:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080003"], 0x3c}}, 0x0) 20:25:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xb00) 20:25:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080005"], 0x3c}}, 0x0) 20:25:32 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008150000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2743.950661][T15260] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2743.963972][T15263] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2743.972847][T15263] IPv6: NLM_F_CREATE should be set when creating new route [ 2743.977524][T15260] CPU: 0 PID: 15260 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2743.990542][T15260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2744.000650][T15260] Call Trace: [ 2744.003964][T15260] [ 2744.006933][T15260] dump_stack_lvl+0x1e7/0x2e0 [ 2744.011757][T15260] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2744.017007][T15260] ? __pfx__printk+0x10/0x10 [ 2744.021645][T15260] ? ___ratelimit+0x4c4/0x670 [ 2744.024643][T15144] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2744.026354][T15260] ? __pfx____ratelimit+0x10/0x10 [ 2744.026393][T15260] dump_header+0xda/0x6a0 [ 2744.026429][T15260] oom_kill_process+0x3a7/0x930 [ 2744.026463][T15260] out_of_memory+0xf67/0x1320 [ 2744.026496][T15260] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2744.026523][T15260] ? __pfx___mutex_lock+0x10/0x10 [ 2744.026563][T15260] ? __pfx_out_of_memory+0x10/0x10 [ 2744.026604][T15260] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2744.026632][T15260] ? __pfx_lock_release+0x10/0x10 [ 2744.026666][T15260] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2744.026700][T15260] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2744.026731][T15260] ? mem_cgroup_iter+0x3e9/0x560 [ 2744.026763][T15260] try_charge_memcg+0xda2/0x18a0 [ 2744.026787][T15260] ? mark_lock+0x9a/0x350 [ 2744.026838][T15260] ? __pfx_try_charge_memcg+0x10/0x10 [ 2744.026904][T15260] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2744.026930][T15260] charge_memcg+0xa2/0x160 [ 2744.026964][T15260] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2744.026990][T15260] __read_swap_cache_async+0x480/0x8b0 [ 2744.027037][T15260] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2744.027073][T15260] ? mlock_drain_local+0x79/0x490 [ 2744.027104][T15260] ? mlock_drain_local+0x79/0x490 [ 2744.027134][T15260] ? mlock_drain_local+0x28c/0x490 [ 2744.027167][T15260] swap_cluster_readahead+0x67c/0x810 [ 2744.027214][T15260] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2744.027252][T15260] ? __pfx_lock_release+0x10/0x10 [ 2744.027288][T15260] ? xas_descend+0x37e/0x470 [ 2744.027330][T15260] swapin_readahead+0x1ea/0x1070 [ 2744.027362][T15260] ? filemap_get_entry+0x127/0x4e0 [ 2744.027412][T15260] ? __pfx_swapin_readahead+0x10/0x10 [ 2744.027457][T15260] ? __filemap_get_folio+0x935/0xbc0 [ 2744.027497][T15260] ? swap_cache_get_folio+0x9f/0x570 [ 2744.027535][T15260] do_swap_page+0x8ab/0x3da0 [ 2744.027566][T15260] ? __pte_offset_map+0x2c4/0x380 [ 2744.027605][T15260] ? do_swap_page+0x154/0x3da0 [ 2744.027630][T15260] ? __pfx_do_swap_page+0x10/0x10 [ 2744.027655][T15260] ? pte_offset_map_nolock+0x137/0x1f0 [ 2744.027685][T15260] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2744.027716][T15260] ? __pfx_validate_chain+0x10/0x10 [ 2744.027747][T15260] __handle_mm_fault+0x15e8/0x72d0 [ 2744.027811][T15260] ? reacquire_held_locks+0x3eb/0x690 [ 2744.027836][T15260] ? __pfx___handle_mm_fault+0x10/0x10 [ 2744.027882][T15260] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2744.258170][T15260] ? mtree_range_walk+0x6fd/0x8e0 [ 2744.263219][T15260] ? lock_vma_under_rcu+0x18a/0x730 [ 2744.268436][T15260] ? __pfx_lock_release+0x10/0x10 [ 2744.273481][T15260] ? lock_vma_under_rcu+0x2f9/0x730 [ 2744.278733][T15260] ? lock_vma_under_rcu+0x18a/0x730 [ 2744.283977][T15260] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2744.289581][T15260] handle_mm_fault+0x3c1/0x8a0 [ 2744.294401][T15260] exc_page_fault+0x456/0x870 [ 2744.299173][T15260] asm_exc_page_fault+0x26/0x30 [ 2744.304067][T15260] RIP: 0033:0x7f091a8373be [ 2744.308545][T15260] Code: 8d 4c 24 0c 31 c0 b9 40 42 0f 00 4c 89 ce ba 81 00 00 00 bf ca 00 00 00 41 c7 44 24 0c 01 00 00 00 4c 89 0c 24 e8 d2 69 04 00 <80> 3d ed e2 c9 00 00 4c 8b 0c 24 0f 84 71 ff ff ff 4c 8d ac 24 60 [ 2744.328188][T15260] RSP: 002b:00007ffdf4c5cba0 EFLAGS: 00010217 [ 2744.334273][T15260] RAX: 0000000000000000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a87dda9 [ 2744.342253][T15260] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f091a9abf8c [ 2744.350231][T15260] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2744.358212][T15260] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007f091a9abf80 [ 2744.366192][T15260] R13: 0000000000000fbb R14: 00007f091a9abf80 R15: 00007ffdf4c5cca8 [ 2744.374189][T15260] 20:25:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xc00) [ 2744.414583][T15144] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2744.447019][T15260] memory: usage 307200kB, limit 307200kB, failcnt 177576 [ 2744.454228][T15144] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active 20:25:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080006"], 0x3c}}, 0x0) [ 2744.469196][T15260] memory+swap: usage 307404kB, limit 9007199254740988kB, failcnt 0 [ 2744.508209][T15260] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2744.515560][T15260] Memory cgroup stats for /syz1: [ 2744.515708][T15260] cache 0 [ 2744.540692][T15260] rss 12288 [ 2744.543872][T15260] rss_huge 0 [ 2744.554151][T15260] shmem 0 [ 2744.562462][T15260] mapped_file 0 [ 2744.571108][T15260] dirty 0 [ 2744.581479][T15260] writeback 0 [ 2744.584882][T15260] workingset_refault_anon 58563 [ 2744.590237][T15260] workingset_refault_file 0 [ 2744.594863][T15260] swap 229376 [ 2744.599019][T15260] swapcached 8192 [ 2744.602818][T15260] pgpgin 206986 [ 2744.606648][T15260] pgpgout 206983 [ 2744.610359][T15260] pgfault 467946 [ 2744.614057][T15260] pgmajfault 56176 [ 2744.618023][T15260] inactive_anon 8192 [ 2744.622082][T15260] active_anon 4096 [ 2744.631282][T15260] inactive_file 0 20:25:33 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008600000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2744.641355][T15260] active_file 0 [ 2744.644867][T15260] unevictable 0 [ 2744.657416][T15260] hierarchical_memory_limit 314572800 [ 2744.663872][T15260] hierarchical_memsw_limit 9223372036854771712 [ 2744.664222][T15144] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2744.673736][T15260] total_cache 0 [ 2744.688516][T15260] total_rss 12288 [ 2744.688785][T15144] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2744.698046][T15260] total_rss_huge 0 [ 2744.720513][T15144] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2744.733136][T15260] total_shmem 0 [ 2744.733161][T15260] total_mapped_file 0 [ 2744.733170][T15260] total_dirty 0 [ 2744.733179][T15260] total_writeback 0 [ 2744.733187][T15260] total_workingset_refault_anon 58563 [ 2744.733203][T15260] total_workingset_refault_file 0 [ 2744.733213][T15260] total_swap 229376 [ 2744.733221][T15260] total_swapcached 8192 [ 2744.733231][T15260] total_pgpgin 206986 [ 2744.733240][T15260] total_pgpgout 206983 [ 2744.733249][T15260] total_pgfault 467946 [ 2744.733259][T15260] total_pgmajfault 56176 [ 2744.733269][T15260] total_inactive_anon 8192 [ 2744.733279][T15260] total_active_anon 4096 [ 2744.733289][T15260] total_inactive_file 0 [ 2744.733299][T15260] total_active_file 0 [ 2744.827842][T15260] total_unevictable 0 [ 2744.832054][T15260] anon_cost 0 [ 2744.835773][T15260] file_cost 0 [ 2744.849594][T15260] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15260,uid=0 [ 2744.874793][T15260] Memory cgroup out of memory: Killed process 15260 (syz-executor.1) total-vm:56424kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:33 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x700) 20:25:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080208"], 0x3c}}, 0x0) [ 2744.916754][T15273] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2744.925600][T15273] IPv6: NLM_F_CREATE should be set when creating new route 20:25:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xd00) 20:25:34 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000300", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2745.146795][T13741] Bluetooth: hci6: command 0x0419 tx timeout 20:25:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080308"], 0x3c}}, 0x0) [ 2745.313549][T15282] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2745.315272][T15279] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2745.322496][T15282] IPv6: NLM_F_CREATE should be set when creating new route [ 2745.342964][T15279] CPU: 1 PID: 15279 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2745.353434][T15279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 20:25:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xe00) [ 2745.363544][T15279] Call Trace: [ 2745.366872][T15279] [ 2745.369851][T15279] dump_stack_lvl+0x1e7/0x2e0 [ 2745.374587][T15279] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2745.379853][T15279] ? __pfx__printk+0x10/0x10 [ 2745.384489][T15279] ? ___ratelimit+0x4c4/0x670 [ 2745.389224][T15279] ? __pfx____ratelimit+0x10/0x10 [ 2745.394408][T15279] dump_header+0xda/0x6a0 [ 2745.398791][T15279] oom_kill_process+0x3a7/0x930 [ 2745.403703][T15279] out_of_memory+0xf67/0x1320 [ 2745.408437][T15279] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2745.414121][T15279] ? __pfx___mutex_lock+0x10/0x10 [ 2745.419191][T15279] ? __pfx_out_of_memory+0x10/0x10 [ 2745.424332][T15279] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2745.429893][T15279] ? __pfx_lock_release+0x10/0x10 [ 2745.434937][T15279] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2745.441024][T15279] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2745.446239][T15279] ? mem_cgroup_iter+0x3e9/0x560 [ 2745.451195][T15279] try_charge_memcg+0xda2/0x18a0 [ 2745.456149][T15279] ? mark_lock+0x9a/0x350 [ 2745.460522][T15279] ? __pfx_try_charge_memcg+0x10/0x10 [ 2745.465942][T15279] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2745.472147][T15279] charge_memcg+0xa2/0x160 [ 2745.476613][T15279] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2745.482715][T15279] __read_swap_cache_async+0x480/0x8b0 [ 2745.488204][T15279] ? mark_lock+0x9a/0x350 [ 2745.492564][T15279] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2745.498581][T15279] swap_cluster_readahead+0x67c/0x810 [ 2745.503985][T15279] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2745.509902][T15279] ? __pfx_lock_release+0x10/0x10 [ 2745.514947][T15279] ? xas_descend+0x37e/0x470 [ 2745.519560][T15279] swapin_readahead+0x1ea/0x1070 [ 2745.524515][T15279] ? filemap_get_entry+0x127/0x4e0 [ 2745.529658][T15279] ? __pfx_swapin_readahead+0x10/0x10 [ 2745.535079][T15279] ? __filemap_get_folio+0x935/0xbc0 [ 2745.540415][T15279] ? swap_cache_get_folio+0x9f/0x570 [ 2745.545741][T15279] do_swap_page+0x8ab/0x3da0 [ 2745.550371][T15279] ? __pte_offset_map+0x2c4/0x380 [ 2745.555429][T15279] ? do_swap_page+0x154/0x3da0 [ 2745.560224][T15279] ? __pfx_do_swap_page+0x10/0x10 [ 2745.565274][T15279] ? pte_offset_map_nolock+0x137/0x1f0 [ 2745.570753][T15279] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2745.576592][T15279] __handle_mm_fault+0x15e8/0x72d0 [ 2745.581765][T15279] ? reacquire_held_locks+0x3eb/0x690 [ 2745.587153][T15279] ? __pfx___handle_mm_fault+0x10/0x10 [ 2745.592645][T15279] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2745.598396][T15279] ? mtree_range_walk+0x6fd/0x8e0 [ 2745.603436][T15279] ? lock_vma_under_rcu+0x18a/0x730 [ 2745.608650][T15279] ? __pfx_lock_release+0x10/0x10 [ 2745.613685][T15279] ? lock_vma_under_rcu+0x2f9/0x730 [ 2745.618915][T15279] ? lock_vma_under_rcu+0x18a/0x730 [ 2745.624125][T15279] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2745.629695][T15279] handle_mm_fault+0x3c1/0x8a0 [ 2745.634485][T15279] exc_page_fault+0x456/0x870 [ 2745.639185][T15279] asm_exc_page_fault+0x26/0x30 [ 2745.644054][T15279] RIP: 0033:0x7f091a8527a0 [ 2745.648479][T15279] Code: 48 89 4c 24 08 21 dd 0f 85 d6 0c 00 00 4d 8b 5c 24 20 4d 85 db 0f 84 27 05 00 00 41 f6 44 24 08 08 0f 85 6b 0a 00 00 49 f7 dd <8b> 0d 22 d8 12 00 4d 21 eb 0f 84 8b 0c 00 00 49 8b 44 24 10 f7 db [ 2745.668093][T15279] RSP: 002b:00007ffdf4c5ca60 EFLAGS: 00010287 [ 2745.674169][T15279] RAX: 0000000000000037 RBX: 0000000000001000 RCX: 0000000000000dc0 [ 2745.682148][T15279] RDX: 000000000000003f RSI: 0000000000000fff RDI: 00007ffdf4c5ccb8 [ 2745.690133][T15279] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2745.698118][T15279] R10: 00007f091a400060 R11: 0000000000020000 R12: 00007ffdf4c5cd00 [ 2745.706104][T15279] R13: ffffffffffffffc0 R14: 00007f091a9abf80 R15: 00007f091a834bb0 [ 2745.714112][T15279] [ 2745.742676][T15279] memory: usage 307192kB, limit 307200kB, failcnt 177836 [ 2745.755319][T15144] hsr_slave_0: entered promiscuous mode [ 2745.766782][T15279] memory+swap: usage 307440kB, limit 9007199254740988kB, failcnt 0 [ 2745.777906][T15279] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2745.789577][T15144] hsr_slave_1: entered promiscuous mode [ 2745.800456][T15144] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2745.810029][T15279] Memory cgroup stats for /syz1: [ 2745.810184][T15279] cache 0 [ 2745.814814][T15144] Cannot create hsr debugfs directory [ 2745.815323][T15279] rss 12288 [ 2745.822492][T15285] __nla_validate_parse: 13 callbacks suppressed [ 2745.822510][T15285] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2745.825383][T15279] rss_huge 0 [ 2745.852225][T15279] shmem 0 [ 2745.855396][T15279] mapped_file 0 [ 2745.859784][T15279] dirty 0 [ 2745.862937][T15279] writeback 0 [ 2745.867695][T15279] workingset_refault_anon 58667 [ 2745.872768][T15279] workingset_refault_file 0 [ 2745.878084][T15279] swap 253952 [ 2745.881641][T15279] swapcached 8192 [ 2745.885470][T15279] pgpgin 207098 [ 2745.890001][T15279] pgpgout 207095 [ 2745.893761][T15279] pgfault 468123 [ 2745.897967][T15279] pgmajfault 56274 [ 2745.901868][T15279] inactive_anon 0 [ 2745.908692][T15279] active_anon 12288 [ 2745.912757][T15279] inactive_file 0 [ 2745.917135][T15279] active_file 0 [ 2745.920806][T15279] unevictable 0 [ 2745.924432][T15279] hierarchical_memory_limit 314572800 [ 2745.930930][T15279] hierarchical_memsw_limit 9223372036854771712 [ 2745.937845][T15279] total_cache 0 [ 2745.941609][T15279] total_rss 12288 [ 2745.945557][T15279] total_rss_huge 0 [ 2745.950846][T15279] total_shmem 0 [ 2745.954620][T15286] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2745.954751][T15279] total_mapped_file 0 [ 2745.976082][T15279] total_dirty 0 [ 2745.979592][T15279] total_writeback 0 [ 2745.983427][T15279] total_workingset_refault_anon 58667 20:25:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080408"], 0x3c}}, 0x0) [ 2745.996478][T15287] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2746.004192][T15287] IPv6: NLM_F_CREATE should be set when creating new route [ 2746.021623][T15279] total_workingset_refault_file 0 [ 2746.036236][T15279] total_swap 253952 [ 2746.040172][T15279] total_swapcached 8192 20:25:34 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000500", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2746.044361][T15279] total_pgpgin 207098 [ 2746.050026][T15289] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2746.059861][T15279] total_pgpgout 207095 [ 2746.063966][T15279] total_pgfault 468123 [ 2746.076127][T15279] total_pgmajfault 56274 [ 2746.080479][T15279] total_inactive_anon 0 [ 2746.084668][T15279] total_active_anon 12288 [ 2746.101081][T15279] total_inactive_file 0 [ 2746.111029][T15279] total_active_file 0 [ 2746.120943][T15279] total_unevictable 0 [ 2746.130101][T15279] anon_cost 0 [ 2746.138010][T15279] file_cost 0 [ 2746.147475][T15279] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15279,uid=0 [ 2746.170771][T15279] Memory cgroup out of memory: Killed process 15279 (syz-executor.1) total-vm:56424kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2746.184395][T15290] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 20:25:35 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x700) [ 2746.196888][T15290] IPv6: NLM_F_CREATE should be set when creating new route 20:25:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x1100) 20:25:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080508"], 0x3c}}, 0x0) [ 2746.238152][T15292] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2746.276496][T15294] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2746.404626][T15295] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2746.412414][T15295] IPv6: NLM_F_CREATE should be set when creating new route 20:25:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080608"], 0x3c}}, 0x0) 20:25:35 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000600", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2746.448417][T15298] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2746.466458][T15300] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2746.569228][T15296] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2746.581150][T15296] CPU: 0 PID: 15296 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2746.591615][T15296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2746.601709][T15296] Call Trace: [ 2746.605028][T15296] [ 2746.608094][T15296] dump_stack_lvl+0x1e7/0x2e0 [ 2746.612828][T15296] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2746.618044][T15296] ? __pfx__printk+0x10/0x10 [ 2746.622675][T15296] ? ___ratelimit+0x4c4/0x670 [ 2746.627394][T15296] ? __pfx____ratelimit+0x10/0x10 [ 2746.632456][T15296] dump_header+0xda/0x6a0 [ 2746.636835][T15296] oom_kill_process+0x3a7/0x930 [ 2746.641753][T15296] out_of_memory+0xf67/0x1320 [ 2746.646493][T15296] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2746.652174][T15296] ? __pfx___mutex_lock+0x10/0x10 [ 2746.657234][T15296] ? __pfx_out_of_memory+0x10/0x10 [ 2746.662391][T15296] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2746.667979][T15296] ? __pfx_lock_release+0x10/0x10 [ 2746.673029][T15296] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2746.679113][T15296] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2746.684325][T15296] ? mem_cgroup_iter+0x3e9/0x560 [ 2746.689300][T15296] try_charge_memcg+0xda2/0x18a0 [ 2746.694293][T15296] ? mark_lock+0x9a/0x350 [ 2746.698686][T15296] ? __pfx_try_charge_memcg+0x10/0x10 [ 2746.704099][T15296] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2746.710355][T15296] charge_memcg+0xa2/0x160 [ 2746.714813][T15296] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2746.720908][T15296] __read_swap_cache_async+0x480/0x8b0 [ 2746.726390][T15296] ? mark_lock+0x9a/0x350 [ 2746.730762][T15296] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2746.736791][T15296] swap_cluster_readahead+0x67c/0x810 [ 2746.742196][T15296] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2746.748119][T15296] ? __pfx_lock_release+0x10/0x10 [ 2746.753170][T15296] ? xas_descend+0x37e/0x470 [ 2746.758140][T15296] swapin_readahead+0x1ea/0x1070 [ 2746.763099][T15296] ? filemap_get_entry+0x127/0x4e0 [ 2746.768240][T15296] ? __pfx_swapin_readahead+0x10/0x10 [ 2746.773638][T15296] ? __filemap_get_folio+0x935/0xbc0 [ 2746.778945][T15296] ? swap_cache_get_folio+0x9f/0x570 [ 2746.784249][T15296] do_swap_page+0x8ab/0x3da0 [ 2746.788857][T15296] ? __pte_offset_map+0x2c4/0x380 [ 2746.793907][T15296] ? do_swap_page+0x154/0x3da0 [ 2746.798681][T15296] ? __pfx_do_swap_page+0x10/0x10 [ 2746.803713][T15296] ? pte_offset_map_nolock+0x137/0x1f0 [ 2746.809185][T15296] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2746.815013][T15296] __handle_mm_fault+0x15e8/0x72d0 [ 2746.820164][T15296] ? reacquire_held_locks+0x3eb/0x690 [ 2746.825547][T15296] ? __pfx___handle_mm_fault+0x10/0x10 [ 2746.831061][T15296] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2746.836829][T15296] ? mtree_range_walk+0x6fd/0x8e0 [ 2746.841885][T15296] ? lock_vma_under_rcu+0x18a/0x730 [ 2746.847104][T15296] ? __pfx_lock_release+0x10/0x10 [ 2746.852137][T15296] ? lock_vma_under_rcu+0x2f9/0x730 [ 2746.857365][T15296] ? lock_vma_under_rcu+0x18a/0x730 [ 2746.862576][T15296] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2746.868131][T15296] handle_mm_fault+0x3c1/0x8a0 [ 2746.872913][T15296] exc_page_fault+0x456/0x870 [ 2746.877609][T15296] asm_exc_page_fault+0x26/0x30 [ 2746.882474][T15296] RIP: 0033:0x7f091a8527a0 [ 2746.886896][T15296] Code: 48 89 4c 24 08 21 dd 0f 85 d6 0c 00 00 4d 8b 5c 24 20 4d 85 db 0f 84 27 05 00 00 41 f6 44 24 08 08 0f 85 6b 0a 00 00 49 f7 dd <8b> 0d 22 d8 12 00 4d 21 eb 0f 84 8b 0c 00 00 49 8b 44 24 10 f7 db [ 2746.906519][T15296] RSP: 002b:00007ffdf4c5ca60 EFLAGS: 00010287 [ 2746.912614][T15296] RAX: 0000000000000037 RBX: 0000000000001000 RCX: 0000000000000dc0 [ 2746.920609][T15296] RDX: 000000000000003f RSI: 0000000000000fff RDI: 00007ffdf4c5ccb8 [ 2746.928600][T15296] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2746.936594][T15296] R10: 00007f091a400060 R11: 0000000000020000 R12: 00007ffdf4c5cd00 [ 2746.944577][T15296] R13: ffffffffffffffc0 R14: 00007f091a9abf80 R15: 00007f091a834bb0 [ 2746.952575][T15296] [ 2746.968622][T15301] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2746.977486][T15301] IPv6: NLM_F_CREATE should be set when creating new route [ 2746.993249][T15296] memory: usage 307180kB, limit 307200kB, failcnt 178056 20:25:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x1200) [ 2747.043922][T15296] memory+swap: usage 307364kB, limit 9007199254740988kB, failcnt 0 [ 2747.072175][T15296] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2747.088559][T15296] Memory cgroup stats for /syz1: [ 2747.088698][T15296] cache 0 [ 2747.101775][T15304] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2747.108249][T15296] rss 12288 [ 2747.114393][T15296] rss_huge 0 [ 2747.118320][T15296] shmem 0 [ 2747.121507][T15296] mapped_file 0 [ 2747.125197][T15296] dirty 0 [ 2747.128705][T15296] writeback 0 [ 2747.132226][T15296] workingset_refault_anon 58750 [ 2747.138817][T15296] workingset_refault_file 0 [ 2747.143578][T15296] swap 188416 [ 2747.147674][T15296] swapcached 8192 [ 2747.151558][T15296] pgpgin 207189 [ 2747.155249][T15296] pgpgout 207186 [ 2747.160715][T15296] pgfault 468261 [ 2747.164475][T15296] pgmajfault 56350 [ 2747.168684][T15296] inactive_anon 4096 [ 2747.172876][T15296] active_anon 8192 [ 2747.177970][T15296] inactive_file 0 [ 2747.181858][T15296] active_file 0 [ 2747.185512][T15296] unevictable 0 [ 2747.191730][T15296] hierarchical_memory_limit 314572800 [ 2747.197854][T15296] hierarchical_memsw_limit 9223372036854771712 [ 2747.204260][T15296] total_cache 0 [ 2747.208840][T15296] total_rss 12288 [ 2747.212780][T15296] total_rss_huge 0 [ 2747.217370][T15296] total_shmem 0 [ 2747.221105][T15296] total_mapped_file 0 [ 2747.225350][T15296] total_dirty 0 [ 2747.230835][T15296] total_writeback 0 [ 2747.234901][T15296] total_workingset_refault_anon 58750 [ 2747.244078][T15296] total_workingset_refault_file 0 [ 2747.252303][T15305] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2747.254067][T15296] total_swap 188416 [ 2747.275508][T15296] total_swapcached 8192 [ 2747.279934][T15296] total_pgpgin 207189 [ 2747.284126][T15296] total_pgpgout 207186 [ 2747.289231][T15296] total_pgfault 468261 20:25:36 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000700", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:36 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080708"], 0x3c}}, 0x0) [ 2747.299802][T15296] total_pgmajfault 56350 [ 2747.308761][T15296] total_inactive_anon 4096 [ 2747.319947][T15296] total_active_anon 8192 [ 2747.324403][T15296] total_inactive_file 0 [ 2747.334681][T15296] total_active_file 0 [ 2747.344174][T15296] total_unevictable 0 [ 2747.353665][T15296] anon_cost 0 [ 2747.357471][T15296] file_cost 0 [ 2747.360937][T15296] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15296,uid=0 [ 2747.377232][T15296] Memory cgroup out of memory: Killed process 15296 (syz-executor.1) total-vm:56424kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x700) [ 2747.404499][T15308] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:25:36 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080808"], 0x3c}}, 0x0) [ 2747.497234][T15309] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2747.506032][T15309] IPv6: NLM_F_CREATE should be set when creating new route 20:25:36 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x127e) 20:25:36 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000900", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:36 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080908"], 0x3c}}, 0x0) [ 2747.799887][T15314] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2747.819590][T15314] CPU: 1 PID: 15314 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2747.830068][T15314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2747.840165][T15314] Call Trace: [ 2747.843589][T15314] [ 2747.846559][T15314] dump_stack_lvl+0x1e7/0x2e0 [ 2747.851383][T15314] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2747.856624][T15314] ? __pfx__printk+0x10/0x10 [ 2747.861255][T15314] ? ___ratelimit+0x4c4/0x670 [ 2747.865986][T15314] ? __pfx____ratelimit+0x10/0x10 [ 2747.871071][T15314] dump_header+0xda/0x6a0 [ 2747.875466][T15314] oom_kill_process+0x3a7/0x930 [ 2747.880383][T15314] out_of_memory+0xf67/0x1320 [ 2747.885135][T15314] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2747.890806][T15314] ? __pfx___mutex_lock+0x10/0x10 [ 2747.895889][T15314] ? __pfx_out_of_memory+0x10/0x10 [ 2747.901049][T15314] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2747.906616][T15314] ? __pfx_lock_release+0x10/0x10 [ 2747.911667][T15314] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2747.917846][T15314] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2747.923061][T15314] ? mem_cgroup_iter+0x3e9/0x560 [ 2747.928036][T15314] try_charge_memcg+0xda2/0x18a0 [ 2747.933011][T15314] ? mark_lock+0x9a/0x350 [ 2747.937389][T15314] ? __pfx_try_charge_memcg+0x10/0x10 [ 2747.942810][T15314] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2747.949055][T15314] charge_memcg+0xa2/0x160 [ 2747.953516][T15314] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2747.959632][T15314] __read_swap_cache_async+0x480/0x8b0 [ 2747.965120][T15314] ? mark_lock+0x9a/0x350 [ 2747.969475][T15314] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2747.975488][T15314] swap_cluster_readahead+0x67c/0x810 [ 2747.980894][T15314] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2747.986811][T15314] ? __pfx_lock_release+0x10/0x10 [ 2747.991875][T15314] ? xas_descend+0x37e/0x470 [ 2747.996520][T15314] swapin_readahead+0x1ea/0x1070 [ 2748.001485][T15314] ? filemap_get_entry+0x127/0x4e0 [ 2748.006629][T15314] ? __pfx_swapin_readahead+0x10/0x10 [ 2748.012031][T15314] ? __filemap_get_folio+0x935/0xbc0 [ 2748.017344][T15314] ? swap_cache_get_folio+0x9f/0x570 [ 2748.022658][T15314] do_swap_page+0x8ab/0x3da0 [ 2748.027266][T15314] ? __pte_offset_map+0x2c4/0x380 [ 2748.032314][T15314] ? do_swap_page+0x154/0x3da0 [ 2748.037097][T15314] ? __pfx_do_swap_page+0x10/0x10 [ 2748.042137][T15314] ? pte_offset_map_nolock+0x137/0x1f0 [ 2748.047614][T15314] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2748.053448][T15314] __handle_mm_fault+0x15e8/0x72d0 [ 2748.058603][T15314] ? reacquire_held_locks+0x3eb/0x690 [ 2748.063991][T15314] ? __pfx___handle_mm_fault+0x10/0x10 [ 2748.069483][T15314] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2748.075230][T15314] ? mtree_range_walk+0x6fd/0x8e0 [ 2748.080271][T15314] ? lock_vma_under_rcu+0x18a/0x730 [ 2748.085480][T15314] ? __pfx_lock_release+0x10/0x10 [ 2748.090517][T15314] ? lock_vma_under_rcu+0x2f9/0x730 [ 2748.095748][T15314] ? lock_vma_under_rcu+0x18a/0x730 [ 2748.100961][T15314] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2748.106535][T15314] handle_mm_fault+0x3c1/0x8a0 [ 2748.111341][T15314] exc_page_fault+0x456/0x870 [ 2748.116053][T15314] asm_exc_page_fault+0x26/0x30 [ 2748.120924][T15314] RIP: 0033:0x7f091a8526fd [ 2748.125347][T15314] Code: 56 41 55 41 54 55 53 48 81 ec 08 01 00 00 48 89 7c 24 10 48 89 34 24 48 89 54 24 18 48 89 4c 24 20 64 48 8b 04 25 28 00 00 00 <48> 89 84 24 f8 00 00 00 31 c0 80 3d ea d7 12 00 00 0f 85 3c 05 00 [ 2748.144964][T15314] RSP: 002b:00007ffdf4c5ca60 EFLAGS: 00010206 [ 2748.151043][T15314] RAX: 1b75afda7c9b9000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a9abf80 [ 2748.159026][T15314] RDX: 00007f091a834bb0 RSI: 00007ffdf4c5cd00 RDI: 00007ffdf4c5ccb8 [ 2748.167010][T15314] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2748.174990][T15314] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007f091a9abf80 [ 2748.182971][T15314] R13: 0000000000000064 R14: 00007f091a9abf80 R15: 00007f091a834bb0 [ 2748.190966][T15314] [ 2748.267141][T15314] memory: usage 307200kB, limit 307200kB, failcnt 178231 [ 2748.283644][T15314] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0 [ 2748.294103][T15314] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2748.301721][T15314] Memory cgroup stats for /syz1: [ 2748.301860][T15314] cache 0 [ 2748.310461][T15314] rss 12288 [ 2748.313674][T15314] rss_huge 0 [ 2748.318368][T15314] shmem 0 [ 2748.321429][T15314] mapped_file 0 [ 2748.325022][T15314] dirty 0 [ 2748.328108][T15314] writeback 0 [ 2748.331509][T15314] workingset_refault_anon 58808 [ 2748.336865][T15314] workingset_refault_file 0 [ 2748.341493][T15314] swap 212992 [ 2748.344875][T15314] swapcached 8192 [ 2748.348694][T15314] pgpgin 207255 [ 2748.352246][T15314] pgpgout 207252 [ 2748.355884][T15314] pgfault 468370 [ 2748.359552][T15322] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 20:25:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000a00", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2748.361413][T15322] IPv6: NLM_F_CREATE should be set when creating new route [ 2748.367825][T15314] pgmajfault 56408 [ 2748.378083][T15314] inactive_anon 0 [ 2748.381843][T15314] active_anon 12288 [ 2748.385766][T15314] inactive_file 0 [ 2748.389615][T15314] active_file 0 [ 2748.393209][T15314] unevictable 0 [ 2748.397151][T15314] hierarchical_memory_limit 314572800 [ 2748.402640][T15314] hierarchical_memsw_limit 9223372036854771712 [ 2748.409023][T15314] total_cache 0 [ 2748.412603][T15314] total_rss 12288 20:25:37 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080a08"], 0x3c}}, 0x0) [ 2748.425065][T15314] total_rss_huge 0 20:25:37 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x1400) [ 2748.476133][T15314] total_shmem 0 [ 2748.479792][T15314] total_mapped_file 0 [ 2748.496257][T15314] total_dirty 0 [ 2748.507023][T15314] total_writeback 0 [ 2748.516381][T15314] total_workingset_refault_anon 58808 [ 2748.523583][T15314] total_workingset_refault_file 0 [ 2748.536146][T15314] total_swap 212992 [ 2748.550420][T15314] total_swapcached 8192 [ 2748.564960][T15314] total_pgpgin 207255 [ 2748.570955][T15314] total_pgpgout 207252 [ 2748.575195][T15314] total_pgfault 468370 [ 2748.580385][T15314] total_pgmajfault 56408 [ 2748.584799][T15314] total_inactive_anon 0 [ 2748.589685][T15314] total_active_anon 12288 [ 2748.594181][T15314] total_inactive_file 0 [ 2748.601493][T15314] total_active_file 0 [ 2748.605672][T15314] total_unevictable 0 [ 2748.610354][T15314] anon_cost 0 [ 2748.613825][T15314] file_cost 0 20:25:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x2) [ 2748.617623][T15314] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15314,uid=0 [ 2748.635220][T15314] Memory cgroup out of memory: Killed process 15314 (syz-executor.1) total-vm:56424kB, anon-rss:380kB, file-rss:8816kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:37 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080b08"], 0x3c}}, 0x0) [ 2748.891601][T15332] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2748.899406][T15332] IPv6: NLM_F_CREATE should be set when creating new route [ 2748.924873][T15333] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2748.933738][T15333] IPv6: NLM_F_CREATE should be set when creating new route 20:25:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000b00", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:37 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x1500) 20:25:37 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080c08"], 0x3c}}, 0x0) 20:25:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080f08"], 0x3c}}, 0x0) [ 2749.278757][T15334] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2749.291921][T15334] CPU: 1 PID: 15334 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2749.302405][T15334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2749.312502][T15334] Call Trace: [ 2749.315818][T15334] [ 2749.318784][T15334] dump_stack_lvl+0x1e7/0x2e0 [ 2749.323529][T15334] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2749.328790][T15334] ? __pfx__printk+0x10/0x10 [ 2749.333435][T15334] ? ___ratelimit+0x4c4/0x670 [ 2749.338175][T15334] ? __pfx____ratelimit+0x10/0x10 [ 2749.343238][T15334] dump_header+0xda/0x6a0 [ 2749.347610][T15334] oom_kill_process+0x3a7/0x930 [ 2749.352517][T15334] out_of_memory+0xf67/0x1320 [ 2749.357217][T15334] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2749.368767][T15334] ? __pfx___mutex_lock+0x10/0x10 [ 2749.373823][T15334] ? __pfx_out_of_memory+0x10/0x10 [ 2749.378960][T15334] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2749.384519][T15334] ? __pfx_lock_release+0x10/0x10 [ 2749.389566][T15334] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2749.395652][T15334] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2749.400879][T15334] ? mem_cgroup_iter+0x3e9/0x560 [ 2749.405876][T15334] try_charge_memcg+0xda2/0x18a0 [ 2749.410846][T15334] ? mark_lock+0x9a/0x350 [ 2749.415241][T15334] ? __pfx_try_charge_memcg+0x10/0x10 [ 2749.420691][T15334] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2749.426881][T15334] charge_memcg+0xa2/0x160 [ 2749.431355][T15334] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2749.437549][T15334] __read_swap_cache_async+0x480/0x8b0 [ 2749.443073][T15334] ? mark_lock+0x9a/0x350 [ 2749.447442][T15334] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2749.453450][T15334] swap_cluster_readahead+0x67c/0x810 [ 2749.458854][T15334] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2749.464766][T15334] ? __pfx_lock_release+0x10/0x10 [ 2749.469816][T15334] ? xas_descend+0x37e/0x470 [ 2749.474436][T15334] swapin_readahead+0x1ea/0x1070 [ 2749.479391][T15334] ? filemap_get_entry+0x127/0x4e0 [ 2749.484543][T15334] ? __pfx_swapin_readahead+0x10/0x10 [ 2749.489936][T15334] ? __filemap_get_folio+0x935/0xbc0 [ 2749.495243][T15334] ? swap_cache_get_folio+0x9f/0x570 [ 2749.500565][T15334] do_swap_page+0x8ab/0x3da0 [ 2749.505172][T15334] ? __pte_offset_map+0x2c4/0x380 [ 2749.510214][T15334] ? __pfx_lock_acquire+0x10/0x10 [ 2749.515268][T15334] ? do_swap_page+0x154/0x3da0 [ 2749.520042][T15334] ? __pfx_do_swap_page+0x10/0x10 [ 2749.525084][T15334] ? pte_offset_map_nolock+0x137/0x1f0 [ 2749.530559][T15334] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2749.536398][T15334] __handle_mm_fault+0x15e8/0x72d0 [ 2749.541550][T15334] ? reacquire_held_locks+0x3eb/0x690 [ 2749.546934][T15334] ? __pfx___handle_mm_fault+0x10/0x10 [ 2749.552420][T15334] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2749.558165][T15334] ? mtree_range_walk+0x6fd/0x8e0 [ 2749.563211][T15334] ? lock_vma_under_rcu+0x18a/0x730 [ 2749.568430][T15334] ? __pfx_lock_release+0x10/0x10 [ 2749.573488][T15334] ? lock_vma_under_rcu+0x2f9/0x730 [ 2749.578724][T15334] ? lock_vma_under_rcu+0x18a/0x730 [ 2749.583936][T15334] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2749.589525][T15334] handle_mm_fault+0x3c1/0x8a0 [ 2749.594321][T15334] exc_page_fault+0x456/0x870 [ 2749.599026][T15334] asm_exc_page_fault+0x26/0x30 [ 2749.603893][T15334] RIP: 0033:0x7f091a854110 [ 2749.608323][T15334] Code: b2 09 00 ba c2 01 00 00 48 8d 35 cd b1 09 00 48 8d 3d db b1 09 00 e8 df 86 fe ff e8 6a bd 02 00 66 2e 0f 1f 84 00 00 00 00 00 <8b> 47 10 89 c2 81 e2 7f 01 00 00 83 e0 7c 0f 85 ac 00 00 00 53 48 [ 2749.627942][T15334] RSP: 002b:00007ffdf4c5c9f8 EFLAGS: 00010206 [ 2749.634022][T15334] RAX: 0000555555e1c910 RBX: 0000555555e1c910 RCX: 0000555555e1c8f0 [ 2749.642015][T15334] RDX: 0000555555e1ca00 RSI: 0000000000000001 RDI: 00007f091a97ff20 [ 2749.649995][T15334] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 [ 2749.657974][T15334] R10: 0000000000021000 R11: 0000000000000010 R12: 00007ffdf4c5cd00 [ 2749.665960][T15334] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 2749.673955][T15334] [ 2749.705110][T15343] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2749.712839][T15343] IPv6: NLM_F_CREATE should be set when creating new route [ 2749.725587][T15344] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2749.727922][T15334] memory: usage 307200kB, limit 307200kB, failcnt 178758 [ 2749.734575][T15344] IPv6: NLM_F_CREATE should be set when creating new route [ 2749.740260][T15334] memory+swap: usage 307440kB, limit 9007199254740988kB, failcnt 0 20:25:38 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000c00", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00081008"], 0x3c}}, 0x0) [ 2749.775257][T15334] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2749.786313][T15334] Memory cgroup stats for /syz1: [ 2749.786465][T15334] cache 0 [ 2749.794489][T15334] rss 12288 [ 2749.800329][T15334] rss_huge 0 [ 2749.803662][T15334] shmem 0 [ 2749.807294][T15334] mapped_file 0 [ 2749.810887][T15334] dirty 0 [ 2749.813935][T15334] writeback 0 [ 2749.820815][T15334] workingset_refault_anon 58976 20:25:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x1800) [ 2749.827484][T15334] workingset_refault_file 0 [ 2749.832102][T15334] swap 245760 [ 2749.835566][T15334] swapcached 8192 [ 2749.862439][T15334] pgpgin 207451 [ 2749.867766][T15334] pgpgout 207448 [ 2749.871555][T15334] pgfault 468654 [ 2749.875206][T15334] pgmajfault 56575 [ 2749.880373][T15334] inactive_anon 0 [ 2749.884197][T15334] active_anon 12288 [ 2749.888397][T15334] inactive_file 0 [ 2749.892221][T15334] active_file 0 [ 2749.896428][T15334] unevictable 0 [ 2749.902454][T15334] hierarchical_memory_limit 314572800 [ 2749.914057][T15334] hierarchical_memsw_limit 9223372036854771712 [ 2749.921894][T15334] total_cache 0 [ 2749.925569][T15334] total_rss 12288 [ 2749.929684][T15334] total_rss_huge 0 [ 2749.933573][T15334] total_shmem 0 [ 2749.937408][T15334] total_mapped_file 0 [ 2749.941563][T15334] total_dirty 0 [ 2749.945470][T15334] total_writeback 0 [ 2749.949815][T15334] total_workingset_refault_anon 58976 [ 2749.955362][T15334] total_workingset_refault_file 0 [ 2749.960641][T15334] total_swap 245760 [ 2749.964591][T15334] total_swapcached 8192 [ 2749.969477][T15334] total_pgpgin 207451 [ 2749.973687][T15334] total_pgpgout 207448 [ 2749.978071][T15334] total_pgfault 468654 [ 2749.982351][T15334] total_pgmajfault 56575 [ 2749.987021][T15334] total_inactive_anon 0 [ 2749.991397][T15334] total_active_anon 12288 [ 2749.999341][T15334] total_inactive_file 0 [ 2750.011425][T15334] total_active_file 0 [ 2750.015736][T15334] total_unevictable 0 [ 2750.023093][T15334] anon_cost 0 [ 2750.047968][T15334] file_cost 0 [ 2750.051533][T15334] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15334,uid=0 [ 2750.077185][T15334] Memory cgroup out of memory: Killed process 15334 (syz-executor.1) total-vm:56556kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00081408"], 0x3c}}, 0x0) 20:25:39 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x2) [ 2750.092316][T15353] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2750.102321][T15353] IPv6: NLM_F_CREATE should be set when creating new route [ 2750.115619][T15354] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2750.124409][T15354] IPv6: NLM_F_CREATE should be set when creating new route 20:25:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x2000) 20:25:39 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000f00", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00086008"], 0x3c}}, 0x0) 20:25:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c0008fc08"], 0x3c}}, 0x0) [ 2750.523026][T15364] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2750.531972][T15364] IPv6: NLM_F_CREATE should be set when creating new route 20:25:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x2100) [ 2750.574806][T15365] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2750.582579][T15365] IPv6: NLM_F_CREATE should be set when creating new route 20:25:39 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008001100", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080009"], 0x3c}}, 0x0) [ 2750.741934][T15358] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2750.753557][T15358] CPU: 0 PID: 15358 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2750.764027][T15358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2750.774121][T15358] Call Trace: [ 2750.777424][T15358] [ 2750.780468][T15358] dump_stack_lvl+0x1e7/0x2e0 [ 2750.785297][T15358] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2750.790543][T15358] ? __pfx__printk+0x10/0x10 [ 2750.795171][T15358] ? ___ratelimit+0x4c4/0x670 [ 2750.799902][T15358] ? __pfx____ratelimit+0x10/0x10 [ 2750.805057][T15358] dump_header+0xda/0x6a0 [ 2750.809428][T15358] oom_kill_process+0x3a7/0x930 [ 2750.814328][T15358] out_of_memory+0xf67/0x1320 [ 2750.819053][T15358] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2750.824762][T15358] ? __pfx___mutex_lock+0x10/0x10 [ 2750.829844][T15358] ? __pfx_out_of_memory+0x10/0x10 [ 2750.835004][T15358] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2750.840589][T15358] ? __pfx_lock_release+0x10/0x10 [ 2750.846020][T15358] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2750.852222][T15358] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2750.857471][T15358] ? mem_cgroup_iter+0x3e9/0x560 [ 2750.862452][T15358] try_charge_memcg+0xda2/0x18a0 [ 2750.867434][T15358] ? __pfx_try_charge_memcg+0x10/0x10 [ 2750.872833][T15358] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2750.878576][T15358] ? __pfx_lock_release+0x10/0x10 [ 2750.883641][T15358] ? memcg_account_kmem+0x1e7/0x210 [ 2750.888877][T15358] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2750.894722][T15358] __memcg_kmem_charge_page+0xe1/0x250 [ 2750.900210][T15358] memcg_charge_kernel_stack+0x210/0x550 [ 2750.905867][T15358] dup_task_struct+0x15d/0x7d0 [ 2750.910654][T15358] copy_process+0x5d5/0x3fc0 [ 2750.915348][T15358] ? __might_fault+0xa9/0x120 [ 2750.920043][T15358] ? __pfx_lock_release+0x10/0x10 [ 2750.925099][T15358] ? __pfx_copy_process+0x10/0x10 [ 2750.930144][T15358] ? __might_fault+0xc5/0x120 [ 2750.934853][T15358] ? __asan_memset+0x23/0x50 [ 2750.939489][T15358] kernel_clone+0x21d/0x8d0 [ 2750.944021][T15358] ? __pfx_kernel_clone+0x10/0x10 [ 2750.949098][T15358] __se_sys_clone3+0x2cb/0x350 [ 2750.953887][T15358] ? __pfx___se_sys_clone3+0x10/0x10 [ 2750.959207][T15358] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2750.965221][T15358] ? exc_page_fault+0x587/0x870 [ 2750.970092][T15358] ? do_syscall_64+0xb4/0x240 [ 2750.974789][T15358] do_syscall_64+0xf9/0x240 [ 2750.979317][T15358] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2750.985226][T15358] RIP: 0033:0x7f091a8a9b99 [ 2750.989656][T15358] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2751.009286][T15358] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2751.017714][T15358] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2751.025699][T15358] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2751.033685][T15358] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 20:25:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c0008000a"], 0x3c}}, 0x0) [ 2751.041673][T15358] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2751.049653][T15358] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2751.057650][T15358] [ 2751.063859][T15358] memory: usage 307200kB, limit 307200kB, failcnt 179183 [ 2751.072859][T15358] memory+swap: usage 307440kB, limit 9007199254740988kB, failcnt 0 [ 2751.081074][T15358] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0 [ 2751.098090][T15358] Memory cgroup stats for /syz1: [ 2751.098493][T15358] cache 0 [ 2751.107380][T15358] rss 12288 [ 2751.110800][T15358] rss_huge 0 [ 2751.114436][T15358] shmem 0 [ 2751.118623][T15358] mapped_file 0 [ 2751.122384][T15358] dirty 0 [ 2751.125552][T15358] writeback 0 [ 2751.131522][T15358] workingset_refault_anon 59135 [ 2751.137130][T15358] workingset_refault_file 0 [ 2751.141857][T15358] swap 245760 [ 2751.145326][T15358] swapcached 8192 [ 2751.150657][T15358] pgpgin 207621 [ 2751.154328][T15358] pgpgout 207618 [ 2751.167072][T15358] pgfault 468904 [ 2751.170893][T15358] pgmajfault 56723 [ 2751.174853][T15358] inactive_anon 0 [ 2751.179826][T15358] active_anon 12288 [ 2751.183944][T15358] inactive_file 0 [ 2751.188409][T15358] active_file 0 [ 2751.194463][T15374] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2751.201896][T15358] unevictable 0 [ 2751.202308][T15374] IPv6: NLM_F_CREATE should be set when creating new route [ 2751.205540][T15358] hierarchical_memory_limit 314572800 [ 2751.220038][T15376] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2751.228804][T15376] IPv6: NLM_F_CREATE should be set when creating new route [ 2751.229011][T15358] hierarchical_memsw_limit 9223372036854771712 20:25:40 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008001400", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2751.254140][T15358] total_cache 0 [ 2751.260782][T15358] total_rss 12288 [ 2751.264545][T15358] total_rss_huge 0 [ 2751.275042][T15378] __nla_validate_parse: 24 callbacks suppressed [ 2751.275061][T15378] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2751.285351][T15358] total_shmem 0 20:25:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x2500) [ 2751.316179][T15358] total_mapped_file 0 [ 2751.320617][T15358] total_dirty 0 [ 2751.331295][T15358] total_writeback 0 [ 2751.342977][T15358] total_workingset_refault_anon 59135 [ 2751.352103][T15358] total_workingset_refault_file 0 20:25:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c0008000b"], 0x3c}}, 0x0) [ 2751.363510][T15358] total_swap 245760 [ 2751.371692][T15358] total_swapcached 8192 [ 2751.392922][T15380] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2751.396228][T15358] total_pgpgin 207621 [ 2751.426472][T15358] total_pgpgout 207618 [ 2751.430677][T15358] total_pgfault 468904 [ 2751.441388][T15358] total_pgmajfault 56723 [ 2751.445680][T15358] total_inactive_anon 0 [ 2751.455506][T15358] total_active_anon 12288 [ 2751.464345][T15358] total_inactive_file 0 [ 2751.474392][T15358] total_active_file 0 [ 2751.478939][T15358] total_unevictable 0 [ 2751.482955][T15358] anon_cost 0 [ 2751.496103][T15358] file_cost 0 [ 2751.499441][T15358] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15358,uid=0 20:25:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080011"], 0x3c}}, 0x0) [ 2751.522251][T15383] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2751.526040][T15358] Memory cgroup out of memory: Killed process 15358 (syz-executor.1) total-vm:56556kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2751.550093][T15384] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:25:40 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x2) 20:25:40 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008001500", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2751.678121][T15385] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2751.685836][T15385] IPv6: NLM_F_CREATE should be set when creating new route [ 2751.706972][T15386] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2751.715726][T15386] IPv6: NLM_F_CREATE should be set when creating new route 20:25:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080014"], 0x3c}}, 0x0) [ 2751.736527][T15388] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:25:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x3f00) [ 2751.809901][T15391] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2751.917926][T15394] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2751.925678][T15394] IPv6: NLM_F_CREATE should be set when creating new route [ 2751.937762][T15393] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:25:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080015"], 0x3c}}, 0x0) 20:25:40 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008884700", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2751.968122][T15396] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2752.098991][T15397] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2752.107950][T15397] IPv6: NLM_F_CREATE should be set when creating new route [ 2752.130541][T15400] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2752.146571][T15401] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2752.163457][T15389] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2752.177238][T15389] CPU: 1 PID: 15389 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2752.187710][T15389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2752.197800][T15389] Call Trace: [ 2752.201120][T15389] [ 2752.204088][T15389] dump_stack_lvl+0x1e7/0x2e0 [ 2752.208816][T15389] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2752.214068][T15389] ? __pfx__printk+0x10/0x10 [ 2752.218699][T15389] ? ___ratelimit+0x4c4/0x670 [ 2752.223443][T15389] ? __pfx____ratelimit+0x10/0x10 [ 2752.228540][T15389] dump_header+0xda/0x6a0 [ 2752.232932][T15389] oom_kill_process+0x3a7/0x930 [ 2752.237848][T15389] out_of_memory+0xf67/0x1320 [ 2752.242581][T15389] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2752.248263][T15389] ? __pfx___mutex_lock+0x10/0x10 [ 2752.253350][T15389] ? __pfx_out_of_memory+0x10/0x10 [ 2752.258524][T15389] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2752.264125][T15389] ? __pfx_lock_release+0x10/0x10 [ 2752.269215][T15389] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2752.275338][T15389] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2752.280591][T15389] ? mem_cgroup_iter+0x3e9/0x560 [ 2752.285575][T15389] try_charge_memcg+0xda2/0x18a0 [ 2752.290543][T15389] ? mark_lock+0x9a/0x350 [ 2752.294934][T15389] ? __pfx_try_charge_memcg+0x10/0x10 [ 2752.300382][T15389] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2752.306574][T15389] charge_memcg+0xa2/0x160 [ 2752.311040][T15389] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2752.317163][T15389] __read_swap_cache_async+0x480/0x8b0 [ 2752.322671][T15389] ? mark_lock+0x9a/0x350 [ 2752.327092][T15389] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2752.333140][T15389] ? blk_start_plug+0x6f/0x1b0 [ 2752.337984][T15389] swap_cluster_readahead+0x398/0x810 [ 2752.343429][T15389] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2752.349464][T15389] ? __pfx_lock_release+0x10/0x10 [ 2752.354540][T15389] ? xas_descend+0x37e/0x470 [ 2752.359190][T15389] swapin_readahead+0x1ea/0x1070 [ 2752.364173][T15389] ? filemap_get_entry+0x127/0x4e0 [ 2752.369339][T15389] ? __pfx_swapin_readahead+0x10/0x10 [ 2752.374775][T15389] ? __filemap_get_folio+0x935/0xbc0 [ 2752.380116][T15389] ? swap_cache_get_folio+0x9f/0x570 [ 2752.385437][T15389] do_swap_page+0x8ab/0x3da0 [ 2752.390045][T15389] ? __pte_offset_map+0x2c4/0x380 [ 2752.395092][T15389] ? do_swap_page+0x154/0x3da0 [ 2752.399865][T15389] ? __pfx_do_swap_page+0x10/0x10 [ 2752.404903][T15389] ? pte_offset_map_nolock+0x137/0x1f0 [ 2752.410384][T15389] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2752.416239][T15389] __handle_mm_fault+0x15e8/0x72d0 [ 2752.421404][T15389] ? reacquire_held_locks+0x3eb/0x690 [ 2752.426791][T15389] ? __pfx___handle_mm_fault+0x10/0x10 [ 2752.432275][T15389] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2752.438026][T15389] ? mtree_range_walk+0x6fd/0x8e0 [ 2752.443070][T15389] ? lock_vma_under_rcu+0x18a/0x730 [ 2752.448284][T15389] ? __pfx_lock_release+0x10/0x10 [ 2752.453322][T15389] ? lock_vma_under_rcu+0x2f9/0x730 [ 2752.458570][T15389] ? lock_vma_under_rcu+0x18a/0x730 [ 2752.463779][T15389] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2752.469349][T15389] handle_mm_fault+0x3c1/0x8a0 [ 2752.474139][T15389] exc_page_fault+0x456/0x870 [ 2752.478851][T15389] asm_exc_page_fault+0x26/0x30 [ 2752.483722][T15389] RIP: 0033:0x7f091a852707 [ 2752.488155][T15389] Code: 08 01 00 00 48 89 7c 24 10 48 89 34 24 48 89 54 24 18 48 89 4c 24 20 64 48 8b 04 25 28 00 00 00 48 89 84 24 f8 00 00 00 31 c0 <80> 3d ea d7 12 00 00 0f 85 3c 05 00 00 48 8b 04 24 48 83 e8 01 48 [ 2752.507773][T15389] RSP: 002b:00007ffdf4c5ca60 EFLAGS: 00010246 [ 2752.513873][T15389] RAX: 0000000000000000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a9abf80 [ 2752.521854][T15389] RDX: 00007f091a834bb0 RSI: 00007ffdf4c5cd00 RDI: 00007ffdf4c5ccb8 [ 2752.529832][T15389] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2752.537811][T15389] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007f091a9abf80 20:25:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c0008001e"], 0x3c}}, 0x0) 20:25:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x4000) [ 2752.545808][T15389] R13: 0000000000000064 R14: 00007f091a9abf80 R15: 00007f091a834bb0 [ 2752.553801][T15389] 20:25:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008884800", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080003"], 0x3c}}, 0x0) [ 2752.633373][T15389] memory: usage 307180kB, limit 307200kB, failcnt 179515 [ 2752.658605][T15389] memory+swap: usage 307372kB, limit 9007199254740988kB, failcnt 0 [ 2752.679589][T15389] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2752.691628][T15389] Memory cgroup stats for /syz1: [ 2752.691866][T15389] cache 0 [ 2752.709881][T15389] rss 12288 [ 2752.713219][T15389] rss_huge 0 [ 2752.718659][T15389] shmem 0 [ 2752.720419][T15407] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2752.724195][T15389] mapped_file 0 20:25:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080004"], 0x3c}}, 0x0) 20:25:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x44c1) [ 2752.730545][T15407] IPv6: NLM_F_CREATE should be set when creating new route [ 2752.732743][T15389] dirty 0 [ 2752.743602][T15389] writeback 0 [ 2752.747711][T15389] workingset_refault_anon 59228 [ 2752.752802][T15389] workingset_refault_file 0 [ 2752.757689][T15389] swap 196608 [ 2752.761151][T15389] swapcached 8192 [ 2752.768934][T15389] pgpgin 207722 [ 2752.814730][T15389] pgpgout 207719 [ 2752.821393][T15389] pgfault 469054 [ 2752.824988][T15389] pgmajfault 56810 [ 2752.842319][T15389] inactive_anon 0 [ 2752.851146][T15389] active_anon 12288 [ 2752.859648][T15389] inactive_file 0 [ 2752.872712][T15389] active_file 0 [ 2752.886372][T15389] unevictable 0 [ 2752.893918][T15389] hierarchical_memory_limit 314572800 [ 2752.902201][T15389] hierarchical_memsw_limit 9223372036854771712 [ 2752.916985][T15389] total_cache 0 20:25:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008f54800", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080005"], 0x3c}}, 0x0) [ 2752.929861][T15389] total_rss 12288 [ 2752.934735][T15389] total_rss_huge 0 [ 2752.953115][T15389] total_shmem 0 [ 2752.967936][T15389] total_mapped_file 0 [ 2752.996077][T15389] total_dirty 0 [ 2752.999601][T15389] total_writeback 0 [ 2753.003423][T15389] total_workingset_refault_anon 59228 [ 2753.031457][T15389] total_workingset_refault_file 0 20:25:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x44c2) [ 2753.047008][T15389] total_swap 196608 [ 2753.057803][T15389] total_swapcached 8192 [ 2753.070045][T15389] total_pgpgin 207722 [ 2753.087279][T15389] total_pgpgout 207719 [ 2753.099217][T15389] total_pgfault 469054 [ 2753.111475][T15389] total_pgmajfault 56810 [ 2753.123894][T15389] total_inactive_anon 0 [ 2753.133511][T15389] total_active_anon 12288 [ 2753.139428][T15389] total_inactive_file 0 [ 2753.144072][T15389] total_active_file 0 20:25:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080006"], 0x3c}}, 0x0) [ 2753.149911][T15389] total_unevictable 0 [ 2753.154170][T15389] anon_cost 0 [ 2753.158577][T15389] file_cost 0 [ 2753.162232][T15389] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15389,uid=0 20:25:42 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008655800", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2753.200826][T15389] Memory cgroup out of memory: Killed process 15389 (syz-executor.1) total-vm:56424kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:42 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008884700", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2753.319160][T15425] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2753.328040][T15425] IPv6: NLM_F_CREATE should be set when creating new route 20:25:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x4800) 20:25:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080009"], 0x3c}}, 0x0) 20:25:42 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008006000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x4c00) [ 2753.791288][T15439] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2753.799100][T15439] IPv6: NLM_F_CREATE should be set when creating new route 20:25:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c0008000a"], 0x3c}}, 0x0) 20:25:42 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008586500", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2753.835267][T15431] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2753.901586][T15431] CPU: 1 PID: 15431 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2753.912075][T15431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2753.922164][T15431] Call Trace: [ 2753.925485][T15431] [ 2753.928458][T15431] dump_stack_lvl+0x1e7/0x2e0 [ 2753.933204][T15431] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2753.937748][T15442] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2753.938434][T15431] ? __pfx__printk+0x10/0x10 [ 2753.947472][T15442] IPv6: NLM_F_CREATE should be set when creating new route [ 2753.950202][T15431] ? ___ratelimit+0x4c4/0x670 [ 2753.962131][T15431] ? __pfx____ratelimit+0x10/0x10 [ 2753.967196][T15431] dump_header+0xda/0x6a0 [ 2753.971572][T15431] oom_kill_process+0x3a7/0x930 [ 2753.976470][T15431] out_of_memory+0xf67/0x1320 [ 2753.981201][T15431] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2753.986884][T15431] ? __pfx___mutex_lock+0x10/0x10 [ 2753.991970][T15431] ? __pfx_out_of_memory+0x10/0x10 20:25:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x6000) [ 2753.997165][T15431] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2754.002763][T15431] ? __pfx_lock_release+0x10/0x10 [ 2754.007871][T15431] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2754.013997][T15431] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2754.019245][T15431] ? mem_cgroup_iter+0x3e9/0x560 [ 2754.024227][T15431] try_charge_memcg+0xda2/0x18a0 [ 2754.029239][T15431] ? __pfx_try_charge_memcg+0x10/0x10 [ 2754.034656][T15431] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2754.040416][T15431] ? __pfx_lock_release+0x10/0x10 [ 2754.045588][T15431] ? memcg_account_kmem+0x1e7/0x210 [ 2754.050856][T15431] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2754.056705][T15431] __memcg_kmem_charge_page+0xe1/0x250 [ 2754.062212][T15431] memcg_charge_kernel_stack+0x37e/0x550 [ 2754.067886][T15431] dup_task_struct+0x15d/0x7d0 [ 2754.072696][T15431] copy_process+0x5d5/0x3fc0 [ 2754.077330][T15431] ? __might_fault+0xa9/0x120 [ 2754.082046][T15431] ? __pfx_lock_release+0x10/0x10 [ 2754.087120][T15431] ? __lock_acquire+0x1345/0x1fd0 [ 2754.092185][T15431] ? __pfx_copy_process+0x10/0x10 [ 2754.097246][T15431] ? __might_fault+0xc5/0x120 20:25:42 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008008100", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2754.101971][T15431] ? __asan_memset+0x23/0x50 [ 2754.106612][T15431] kernel_clone+0x21d/0x8d0 [ 2754.111166][T15431] ? __pfx_kernel_clone+0x10/0x10 [ 2754.116239][T15431] ? __pfx_lock_release+0x10/0x10 [ 2754.121326][T15431] __se_sys_clone3+0x2cb/0x350 [ 2754.126152][T15431] ? __might_fault+0xa9/0x120 [ 2754.130869][T15431] ? __pfx___se_sys_clone3+0x10/0x10 [ 2754.136193][T15431] ? rcu_is_watching+0x15/0xb0 [ 2754.141021][T15431] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2754.147066][T15431] ? exc_page_fault+0x587/0x870 [ 2754.151967][T15431] ? do_syscall_64+0xb4/0x240 [ 2754.156690][T15431] do_syscall_64+0xf9/0x240 [ 2754.161244][T15431] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2754.167187][T15431] RIP: 0033:0x7f091a8a9b99 [ 2754.171642][T15431] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2754.191291][T15431] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2754.199930][T15431] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2754.207948][T15431] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2754.215959][T15431] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2754.222935][T15449] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2754.223946][T15431] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2754.223969][T15431] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2754.224006][T15431] [ 2754.232867][T15449] IPv6: NLM_F_CREATE should be set when creating new route [ 2754.284579][T15431] memory: usage 307200kB, limit 307200kB, failcnt 179911 [ 2754.302850][T15431] memory+swap: usage 307436kB, limit 9007199254740988kB, failcnt 0 [ 2754.326166][T15431] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 20:25:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x6800) [ 2754.338677][T15431] Memory cgroup stats for /syz1: [ 2754.338825][T15431] cache 0 [ 2754.355413][T15431] rss 0 [ 2754.363894][T15431] rss_huge 0 [ 2754.367679][T15431] shmem 0 [ 2754.371855][T15431] mapped_file 0 [ 2754.375665][T15431] dirty 0 [ 2754.379448][T15431] writeback 0 [ 2754.382855][T15431] workingset_refault_anon 59363 [ 2754.387959][T15431] workingset_refault_file 0 [ 2754.392578][T15431] swap 241664 [ 2754.396023][T15431] swapcached 0 [ 2754.399488][T15431] pgpgin 207868 [ 2754.403057][T15431] pgpgout 207868 [ 2754.420637][T15431] pgfault 469284 [ 2754.424319][T15452] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2754.425110][T15431] pgmajfault 56942 20:25:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c0008000b"], 0x3c}}, 0x0) [ 2754.432133][T15452] IPv6: NLM_F_CREATE should be set when creating new route [ 2754.435398][T15431] inactive_anon 0 [ 2754.454203][T15431] active_anon 0 [ 2754.473417][T15431] inactive_file 0 [ 2754.482359][T15431] active_file 0 [ 2754.486493][T15431] unevictable 0 [ 2754.490138][T15431] hierarchical_memory_limit 314572800 [ 2754.495691][T15431] hierarchical_memsw_limit 9223372036854771712 [ 2754.503766][T15431] total_cache 0 20:25:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008478800", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2754.600372][T15431] total_rss 0 [ 2754.605878][T15431] total_rss_huge 0 [ 2754.622208][T15431] total_shmem 0 [ 2754.629817][T15431] total_mapped_file 0 [ 2754.634338][T15431] total_dirty 0 [ 2754.639033][T15431] total_writeback 0 [ 2754.642933][T15431] total_workingset_refault_anon 59363 [ 2754.650287][T15431] total_workingset_refault_file 0 [ 2754.653910][T15457] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2754.655470][T15431] total_swap 241664 [ 2754.664119][T15457] IPv6: NLM_F_CREATE should be set when creating new route [ 2754.668093][T15431] total_swapcached 0 [ 2754.680295][T15431] total_pgpgin 207868 [ 2754.684589][T15431] total_pgpgout 207868 [ 2754.689442][T15431] total_pgfault 469284 [ 2754.693991][T15431] total_pgmajfault 56942 [ 2754.699553][T15431] total_inactive_anon 0 [ 2754.703878][T15431] total_active_anon 0 [ 2754.708982][T15431] total_inactive_file 0 [ 2754.714546][T15431] total_active_file 0 [ 2754.720625][T15431] total_unevictable 0 [ 2754.724830][T15431] anon_cost 0 [ 2754.730465][T15431] file_cost 0 [ 2754.733965][T15431] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15431,uid=0 20:25:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x6c00) [ 2754.752366][T15431] Memory cgroup out of memory: Killed process 15431 (syz-executor.1) total-vm:56556kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:43 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008884700", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080010"], 0x3c}}, 0x0) 20:25:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008488800", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2755.063655][T15465] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2755.072609][T15465] IPv6: NLM_F_CREATE should be set when creating new route 20:25:44 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c0009000848f500", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080011"], 0x3c}}, 0x0) 20:25:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x7400) 20:25:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080014"], 0x3c}}, 0x0) [ 2755.390229][T15467] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2755.400773][T15467] CPU: 1 PID: 15467 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2755.411229][T15467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2755.421316][T15467] Call Trace: [ 2755.424633][T15467] [ 2755.427594][T15467] dump_stack_lvl+0x1e7/0x2e0 [ 2755.432309][T15467] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2755.437539][T15467] ? __pfx__printk+0x10/0x10 [ 2755.442140][T15467] ? ___ratelimit+0x4c4/0x670 [ 2755.446833][T15467] ? __pfx____ratelimit+0x10/0x10 [ 2755.451871][T15467] dump_header+0xda/0x6a0 [ 2755.456217][T15467] oom_kill_process+0x3a7/0x930 [ 2755.461094][T15467] out_of_memory+0xf67/0x1320 [ 2755.465782][T15467] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2755.471431][T15467] ? __pfx___mutex_lock+0x10/0x10 [ 2755.476483][T15467] ? __pfx_out_of_memory+0x10/0x10 [ 2755.481622][T15467] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2755.487181][T15467] ? __pfx_lock_release+0x10/0x10 [ 2755.492220][T15467] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2755.498300][T15467] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2755.503510][T15467] ? mem_cgroup_iter+0x3e9/0x560 [ 2755.508462][T15467] try_charge_memcg+0xda2/0x18a0 [ 2755.513440][T15467] ? __pfx_try_charge_memcg+0x10/0x10 [ 2755.518910][T15467] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2755.524640][T15467] ? __pfx_lock_release+0x10/0x10 [ 2755.529679][T15467] ? memcg_account_kmem+0x1e7/0x210 [ 2755.534902][T15467] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2755.540726][T15467] __memcg_kmem_charge_page+0xe1/0x250 [ 2755.546206][T15467] memcg_charge_kernel_stack+0x210/0x550 [ 2755.551944][T15467] dup_task_struct+0x40d/0x7d0 [ 2755.556725][T15467] copy_process+0x5d5/0x3fc0 [ 2755.561336][T15467] ? __might_fault+0xa9/0x120 [ 2755.566035][T15467] ? __pfx_lock_release+0x10/0x10 [ 2755.571095][T15467] ? __pfx_copy_process+0x10/0x10 [ 2755.576128][T15467] ? __might_fault+0xc5/0x120 [ 2755.580821][T15467] ? __asan_memset+0x23/0x50 [ 2755.585431][T15467] kernel_clone+0x21d/0x8d0 [ 2755.589955][T15467] ? __pfx_kernel_clone+0x10/0x10 [ 2755.595009][T15467] __se_sys_clone3+0x2cb/0x350 [ 2755.599787][T15467] ? __pfx___se_sys_clone3+0x10/0x10 [ 2755.605112][T15467] ? do_syscall_64+0x108/0x240 [ 2755.609895][T15467] ? do_syscall_64+0xb4/0x240 [ 2755.614602][T15467] do_syscall_64+0xf9/0x240 [ 2755.619134][T15467] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2755.625041][T15467] RIP: 0033:0x7f091a8a9b99 [ 2755.629471][T15467] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2755.649092][T15467] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2755.657518][T15467] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2755.665497][T15467] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2755.673474][T15467] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2755.681451][T15467] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2755.689432][T15467] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2755.697427][T15467] 20:25:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080015"], 0x3c}}, 0x0) 20:25:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x7a00) [ 2755.736801][T15467] memory: usage 307200kB, limit 307200kB, failcnt 180277 [ 2755.743208][T15481] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2755.752659][T15481] IPv6: NLM_F_CREATE should be set when creating new route [ 2755.773399][T15467] memory+swap: usage 307424kB, limit 9007199254740988kB, failcnt 0 20:25:44 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008004003", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2755.819243][T15467] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0 20:25:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c0008001e"], 0x3c}}, 0x0) [ 2755.886769][T15467] Memory cgroup stats for /syz1: [ 2755.886935][T15467] cache 0 [ 2755.894879][T15467] rss 12288 [ 2755.899496][T15467] rss_huge 0 [ 2755.908714][T15467] shmem 0 [ 2755.914053][T15467] mapped_file 0 [ 2755.925481][T15467] dirty 0 [ 2755.937736][T15467] writeback 0 [ 2755.949661][T15467] workingset_refault_anon 59491 [ 2755.962476][T15467] workingset_refault_file 0 [ 2755.970090][T15467] swap 229376 [ 2755.973518][T15467] swapcached 8192 [ 2755.978803][T15467] pgpgin 208008 [ 2755.985733][T15467] pgpgout 208005 [ 2755.998569][T15467] pgfault 469485 [ 2756.003760][T15467] pgmajfault 57052 [ 2756.008821][T15467] inactive_anon 12288 [ 2756.013073][T15467] active_anon 0 [ 2756.017824][T15467] inactive_file 0 [ 2756.021725][T15467] active_file 0 [ 2756.025437][T15467] unevictable 0 [ 2756.031035][T15467] hierarchical_memory_limit 314572800 [ 2756.037101][T15467] hierarchical_memsw_limit 9223372036854771712 [ 2756.044095][T15467] total_cache 0 [ 2756.048075][T15467] total_rss 12288 [ 2756.052028][T15467] total_rss_huge 0 [ 2756.056284][T15467] total_shmem 0 [ 2756.060072][T15467] total_mapped_file 0 [ 2756.064300][T15467] total_dirty 0 [ 2756.068443][T15467] total_writeback 0 [ 2756.072536][T15467] total_workingset_refault_anon 59491 [ 2756.078378][T15467] total_workingset_refault_file 0 [ 2756.083707][T15467] total_swap 229376 [ 2756.088150][T15467] total_swapcached 8192 [ 2756.092756][T15467] total_pgpgin 208008 [ 2756.097607][T15467] total_pgpgout 208005 [ 2756.101956][T15467] total_pgfault 469485 [ 2756.106608][T15467] total_pgmajfault 57052 [ 2756.111170][T15467] total_inactive_anon 12288 [ 2756.116163][T15467] total_active_anon 0 [ 2756.120465][T15467] total_inactive_file 0 [ 2756.124799][T15467] total_active_file 0 [ 2756.124972][T15489] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 20:25:45 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x7e12) [ 2756.130440][T15467] total_unevictable 0 [ 2756.137839][T15489] IPv6: NLM_F_CREATE should be set when creating new route [ 2756.150682][T15467] anon_cost 0 [ 2756.157591][T15467] file_cost 0 [ 2756.158608][T15492] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2756.165445][T15467] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) [ 2756.168714][T15492] IPv6: NLM_F_CREATE should be set when creating new route 20:25:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000340", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x10}}, 0x0) [ 2756.250462][T15467] ,cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15467,uid=0 [ 2756.267674][T15467] Memory cgroup out of memory: Killed process 15467 (syz-executor.1) total-vm:56556kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2756.296972][T15494] __nla_validate_parse: 33 callbacks suppressed [ 2756.296995][T15494] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:25:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x1c}}, 0x0) 20:25:45 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008884700", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2756.430171][T15497] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:25:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x140}}, 0x0) 20:25:45 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x8402) [ 2756.608383][T15500] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2756.617315][T15500] IPv6: NLM_F_CREATE should be set when creating new route [ 2756.637735][T15501] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2756.645508][T15501] IPv6: NLM_F_CREATE should be set when creating new route 20:25:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2756.694364][T15503] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2756.709169][T15506] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2756.739649][T15508] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2756.746693][T15503] CPU: 1 PID: 15503 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2756.759360][T15503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2756.769445][T15503] Call Trace: [ 2756.772756][T15503] [ 2756.775720][T15503] dump_stack_lvl+0x1e7/0x2e0 [ 2756.780450][T15503] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2756.785783][T15503] ? __pfx__printk+0x10/0x10 [ 2756.790406][T15503] ? ___ratelimit+0x4c4/0x670 [ 2756.795132][T15503] ? __pfx____ratelimit+0x10/0x10 [ 2756.800210][T15503] dump_header+0xda/0x6a0 [ 2756.804597][T15503] oom_kill_process+0x3a7/0x930 [ 2756.809510][T15503] out_of_memory+0xf67/0x1320 [ 2756.814244][T15503] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2756.819929][T15503] ? __pfx___mutex_lock+0x10/0x10 [ 2756.825001][T15503] ? __pfx_out_of_memory+0x10/0x10 [ 2756.830164][T15503] mem_cgroup_out_of_memory+0x263/0x3b0 20:25:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0xec0}}, 0x0) [ 2756.835756][T15503] ? __pfx_lock_release+0x10/0x10 [ 2756.840830][T15503] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2756.846936][T15503] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2756.852257][T15503] ? mem_cgroup_iter+0x3e9/0x560 [ 2756.857250][T15503] try_charge_memcg+0xda2/0x18a0 [ 2756.862228][T15503] ? mark_lock+0x9a/0x350 [ 2756.866621][T15503] ? __pfx_try_charge_memcg+0x10/0x10 [ 2756.872063][T15503] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2756.878248][T15503] charge_memcg+0xa2/0x160 [ 2756.882717][T15503] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2756.888833][T15503] __read_swap_cache_async+0x480/0x8b0 [ 2756.894339][T15503] ? mark_lock+0x9a/0x350 [ 2756.898717][T15503] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2756.904755][T15503] swap_cluster_readahead+0x67c/0x810 [ 2756.910191][T15503] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2756.916142][T15503] ? __pfx_lock_release+0x10/0x10 [ 2756.918230][T15509] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2756.921194][T15503] ? xas_descend+0x37e/0x470 [ 2756.921245][T15503] swapin_readahead+0x1ea/0x1070 [ 2756.930265][T15509] IPv6: NLM_F_CREATE should be set when creating new route [ 2756.933085][T15503] ? filemap_get_entry+0x127/0x4e0 [ 2756.950412][T15503] ? __pfx_swapin_readahead+0x10/0x10 [ 2756.955894][T15503] ? __filemap_get_folio+0x935/0xbc0 [ 2756.961241][T15503] ? swap_cache_get_folio+0x9f/0x570 [ 2756.966586][T15503] do_swap_page+0x8ab/0x3da0 [ 2756.971236][T15503] ? __pte_offset_map+0x2c4/0x380 [ 2756.976327][T15503] ? do_swap_page+0x154/0x3da0 [ 2756.981135][T15503] ? __pfx_do_swap_page+0x10/0x10 20:25:45 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x8602) [ 2756.986201][T15503] ? pte_offset_map_nolock+0x137/0x1f0 [ 2756.991716][T15503] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2756.997575][T15503] ? __pfx_validate_chain+0x10/0x10 [ 2757.002842][T15503] __handle_mm_fault+0x15e8/0x72d0 [ 2757.008040][T15503] ? __pfx___handle_mm_fault+0x10/0x10 [ 2757.013561][T15503] ? mt_find+0x226/0x850 [ 2757.017853][T15503] ? __pfx_lock_release+0x10/0x10 [ 2757.023032][T15503] ? mt_find+0x62d/0x850 [ 2757.027329][T15503] ? mt_find+0x226/0x850 [ 2757.031645][T15503] ? find_vma+0x142/0x1c0 [ 2757.036024][T15503] ? __pfx_find_vma+0x10/0x10 [ 2757.040745][T15503] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2757.046786][T15503] handle_mm_fault+0x3c1/0x8a0 [ 2757.051618][T15503] exc_page_fault+0x2ad/0x870 [ 2757.056358][T15503] asm_exc_page_fault+0x26/0x30 [ 2757.061272][T15503] RIP: 0010:__get_user_8+0x11/0x20 [ 2757.066446][T15503] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2757.086100][T15503] RSP: 0018:ffffc900138afd78 EFLAGS: 00050202 [ 2757.092215][T15503] RAX: 0000555555e1bda8 RBX: ffff888072779538 RCX: ffffc900138afc03 [ 2757.100237][T15503] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6da0 [ 2757.108253][T15503] RBP: ffffc900138afec0 R08: ffffffff8f8567ef R09: 1ffffffff1f0acfd [ 2757.116282][T15503] R10: dffffc0000000000 R11: fffffbfff1f0acfe R12: ffffc900138afd80 [ 2757.120541][T15515] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2757.124275][T15503] R13: ffffc900138affd8 R14: dffffc0000000000 R15: ffff888072778000 [ 2757.124323][T15503] __rseq_handle_notify_resume+0x158/0x1490 [ 2757.147461][T15503] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2757.153869][T15503] ? irqentry_exit_to_user_mode+0x52/0x280 [ 2757.159733][T15503] irqentry_exit_to_user_mode+0xbb/0x280 [ 2757.165420][T15503] exc_page_fault+0x587/0x870 [ 2757.170160][T15503] asm_exc_page_fault+0x26/0x30 [ 2757.175059][T15503] RIP: 0033:0x7f091a8870b3 [ 2757.179532][T15503] Code: 74 45 48 89 fb 48 8b 3d b3 e6 c4 00 be 10 00 00 00 48 8d 6f 0e 48 83 c7 10 e8 79 3f fd ff 48 85 c0 74 2e 48 89 28 48 83 c0 10 <48> 89 43 08 48 83 c4 08 48 89 df be 01 00 00 00 5b 5d e9 b6 fc ff [ 2757.199182][T15503] RSP: 002b:00007ffdf4c5ca40 EFLAGS: 00010202 [ 2757.205299][T15503] RAX: 0000555555e1c910 RBX: 00007f091b5596c0 RCX: 0000555555e1c8f0 [ 2757.213312][T15503] RDX: 0000555555e1ca00 RSI: 0000000000000000 RDI: 0000555555e1c998 [ 2757.221417][T15503] RBP: 000000000000000f R08: 00000000ffffffff R09: 0000000000000000 [ 2757.229428][T15503] R10: 0000000000021000 R11: 0000000000000010 R12: 00007ffdf4c5cd00 [ 2757.237435][T15503] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 2757.245461][T15503] 20:25:46 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x33fe0}}, 0x0) [ 2757.299919][T15516] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2757.305710][T15503] memory: usage 307180kB, limit 307200kB, failcnt 180579 [ 2757.307668][T15516] IPv6: NLM_F_CREATE should be set when creating new route [ 2757.322824][T15503] memory+swap: usage 307432kB, limit 9007199254740988kB, failcnt 0 [ 2757.331027][T15503] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2757.335562][T15517] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:25:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2757.361029][T15503] Memory cgroup stats for /syz1: [ 2757.361158][T15503] cache 0 [ 2757.369979][T15503] rss 12288 [ 2757.374511][T15503] rss_huge 0 [ 2757.378646][T15503] shmem 0 [ 2757.381758][T15503] mapped_file 0 [ 2757.385374][T15503] dirty 0 [ 2757.389562][T15503] writeback 0 [ 2757.393109][T15503] workingset_refault_anon 59571 [ 2757.417351][T15503] workingset_refault_file 0 [ 2757.422099][T15503] swap 258048 [ 2757.425604][T15503] swapcached 12288 [ 2757.433910][T15503] pgpgin 208124 [ 2757.444136][T15503] pgpgout 208121 [ 2757.451613][T15503] pgfault 469669 [ 2757.462172][T15518] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2757.462587][T15503] pgmajfault 57151 [ 2757.471069][T15518] IPv6: NLM_F_CREATE should be set when creating new route [ 2757.474547][T15503] inactive_anon 8192 [ 2757.487643][T15503] active_anon 4096 [ 2757.491604][T15503] inactive_file 0 [ 2757.495436][T15503] active_file 0 [ 2757.499842][T15503] unevictable 0 [ 2757.503515][T15503] hierarchical_memory_limit 314572800 [ 2757.509923][T15503] hierarchical_memsw_limit 9223372036854771712 [ 2757.516887][T15503] total_cache 0 [ 2757.520569][T15503] total_rss 12288 [ 2757.524401][T15503] total_rss_huge 0 [ 2757.529339][T15503] total_shmem 0 [ 2757.533006][T15503] total_mapped_file 0 [ 2757.535246][T15520] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2757.537853][T15503] total_dirty 0 [ 2757.555173][T15522] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:25:46 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0xfffffdef}}, 0x0) 20:25:46 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xc144) [ 2757.570405][T15503] total_writeback 0 [ 2757.580031][T15503] total_workingset_refault_anon 59571 [ 2757.596324][T15503] total_workingset_refault_file 0 [ 2757.607991][T15503] total_swap 258048 [ 2757.615400][T15503] total_swapcached 12288 [ 2757.627397][T15503] total_pgpgin 208124 [ 2757.636755][T15503] total_pgpgout 208121 [ 2757.647887][T15503] total_pgfault 469669 [ 2757.659100][T15503] total_pgmajfault 57151 [ 2757.671583][T15503] total_inactive_anon 8192 20:25:46 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x2}, 0x0) [ 2757.679873][T15503] total_active_anon 4096 [ 2757.697020][T15503] total_inactive_file 0 [ 2757.703855][T15503] total_active_file 0 [ 2757.721339][T15503] total_unevictable 0 [ 2757.727042][T15503] anon_cost 0 [ 2757.730462][T15503] file_cost 0 [ 2757.733864][T15503] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15503,uid=0 [ 2757.747415][T15523] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2757.750566][T15503] Memory cgroup out of memory: Killed process 15503 (syz-executor.1) total-vm:56556kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:46 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x4800) [ 2757.757157][T15523] IPv6: NLM_F_CREATE should be set when creating new route [ 2757.794815][T15527] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:25:46 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x4}, 0x0) [ 2757.920741][T15529] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2757.930993][T15530] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2757.939868][T15530] IPv6: NLM_F_CREATE should be set when creating new route 20:25:46 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xc244) [ 2758.073528][T15534] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2758.081358][T15534] IPv6: NLM_F_CREATE should be set when creating new route 20:25:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x5}, 0x0) 20:25:47 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x8}, 0x0) [ 2758.251603][T15541] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2758.260504][T15541] IPv6: NLM_F_CREATE should be set when creating new route [ 2758.264268][T15533] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2758.298352][T15533] CPU: 0 PID: 15533 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2758.308838][T15533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2758.318938][T15533] Call Trace: [ 2758.322264][T15533] [ 2758.325230][T15533] dump_stack_lvl+0x1e7/0x2e0 [ 2758.329988][T15533] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2758.335241][T15533] ? __pfx__printk+0x10/0x10 [ 2758.339888][T15533] ? ___ratelimit+0x4c4/0x670 [ 2758.344609][T15533] ? __pfx____ratelimit+0x10/0x10 [ 2758.349704][T15533] dump_header+0xda/0x6a0 [ 2758.354088][T15533] oom_kill_process+0x3a7/0x930 [ 2758.358992][T15533] out_of_memory+0xf67/0x1320 [ 2758.363733][T15533] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2758.369405][T15533] ? __pfx___mutex_lock+0x10/0x10 [ 2758.374486][T15533] ? __pfx_out_of_memory+0x10/0x10 [ 2758.379658][T15533] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2758.385244][T15533] ? __pfx_lock_release+0x10/0x10 [ 2758.390311][T15533] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2758.396427][T15533] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2758.401671][T15533] ? mem_cgroup_iter+0x3e9/0x560 [ 2758.406657][T15533] try_charge_memcg+0xda2/0x18a0 [ 2758.411617][T15544] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2758.411700][T15533] ? mark_lock+0x9a/0x350 [ 2758.419542][T15544] IPv6: NLM_F_CREATE should be set when creating new route [ 2758.423255][T15533] ? __pfx_try_charge_memcg+0x10/0x10 [ 2758.435872][T15533] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2758.442072][T15533] charge_memcg+0xa2/0x160 [ 2758.446539][T15533] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2758.452644][T15533] __read_swap_cache_async+0x480/0x8b0 [ 2758.458167][T15533] ? mark_lock+0x9a/0x350 [ 2758.462536][T15533] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2758.468576][T15533] swap_cluster_readahead+0x67c/0x810 [ 2758.474016][T15533] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2758.479963][T15533] ? __pfx_lock_release+0x10/0x10 [ 2758.485047][T15533] ? xas_descend+0x37e/0x470 [ 2758.489694][T15533] swapin_readahead+0x1ea/0x1070 [ 2758.494685][T15533] ? filemap_get_entry+0x127/0x4e0 20:25:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0xffffff1f}, 0x0) 20:25:47 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2758.499862][T15533] ? __pfx_swapin_readahead+0x10/0x10 [ 2758.505308][T15533] ? __filemap_get_folio+0x935/0xbc0 [ 2758.510653][T15533] ? swap_cache_get_folio+0x9f/0x570 [ 2758.515992][T15533] do_swap_page+0x8ab/0x3da0 [ 2758.520630][T15533] ? __pte_offset_map+0x2c4/0x380 [ 2758.525709][T15533] ? do_swap_page+0x154/0x3da0 [ 2758.530510][T15533] ? __pfx_do_swap_page+0x10/0x10 [ 2758.535578][T15533] ? pte_offset_map_nolock+0x137/0x1f0 [ 2758.541089][T15533] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2758.546963][T15533] __handle_mm_fault+0x15e8/0x72d0 20:25:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x2}, 0x0) [ 2758.552159][T15533] ? reacquire_held_locks+0x3eb/0x690 [ 2758.557576][T15533] ? __pfx___handle_mm_fault+0x10/0x10 [ 2758.563097][T15533] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2758.568873][T15533] ? mtree_range_walk+0x6fd/0x8e0 [ 2758.573937][T15533] ? lock_vma_under_rcu+0x18a/0x730 [ 2758.579214][T15533] ? __pfx_lock_release+0x10/0x10 [ 2758.584305][T15533] ? lock_vma_under_rcu+0x2f9/0x730 [ 2758.589578][T15533] ? lock_vma_under_rcu+0x18a/0x730 [ 2758.594826][T15533] ? __pfx_lock_vma_under_rcu+0x10/0x10 20:25:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x3}, 0x0) [ 2758.600430][T15533] handle_mm_fault+0x3c1/0x8a0 [ 2758.605261][T15533] exc_page_fault+0x456/0x870 [ 2758.609996][T15533] asm_exc_page_fault+0x26/0x30 [ 2758.614894][T15533] RIP: 0033:0x7f091a85274e [ 2758.619345][T15533] Code: 64 24 60 4c 89 e7 e8 11 0e 00 00 89 c5 85 c0 0f 85 a2 00 00 00 c6 44 24 43 01 eb 09 c6 44 24 43 00 4c 8b 24 24 e8 a2 b4 02 00 <4c> 8b 2d c3 2f c8 00 48 8b 0d cc 2f c8 00 31 d2 8d 68 ff 89 c3 4c [ 2758.638997][T15533] RSP: 002b:00007ffdf4c5ca60 EFLAGS: 00010206 [ 2758.645112][T15533] RAX: 0000000000001000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a9abf80 [ 2758.653122][T15533] RDX: 00007f091a834bb0 RSI: 00007ffdf4c5cd00 RDI: 00007ffdf4c5ccb8 [ 2758.661145][T15533] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2758.669161][T15533] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007ffdf4c5cd00 [ 2758.677182][T15533] R13: 0000000000000064 R14: 00007f091a9abf80 R15: 00007f091a834bb0 [ 2758.685225][T15533] 20:25:47 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xfc00) 20:25:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x4}, 0x0) [ 2758.742224][T15553] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2758.750155][T15553] IPv6: NLM_F_CREATE should be set when creating new route 20:25:47 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2758.799626][T15533] memory: usage 307180kB, limit 307200kB, failcnt 180786 [ 2758.821431][T15533] memory+swap: usage 307360kB, limit 9007199254740988kB, failcnt 0 [ 2758.848784][T15533] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2758.862576][T15533] Memory cgroup stats for /syz1: [ 2758.862742][T15533] cache 0 [ 2758.899337][T15533] rss 12288 [ 2758.902711][T15533] rss_huge 0 [ 2758.907747][T15533] shmem 0 [ 2758.912185][T15533] mapped_file 0 [ 2758.915867][T15533] dirty 0 [ 2758.919898][T15533] writeback 0 [ 2758.924881][T15533] workingset_refault_anon 59637 [ 2758.930862][T15533] workingset_refault_file 0 [ 2758.935658][T15533] swap 184320 [ 2758.940364][T15533] swapcached 8192 [ 2758.944261][T15533] pgpgin 208205 [ 2758.948748][T15533] pgpgout 208202 [ 2758.954287][T15533] pgfault 469810 [ 2758.958770][T15533] pgmajfault 57213 [ 2758.962746][T15533] inactive_anon 0 [ 2758.967500][T15533] active_anon 8192 [ 2758.971520][T15533] inactive_file 0 [ 2758.975472][T15533] active_file 0 [ 2758.980065][T15533] unevictable 0 [ 2758.983929][T15533] hierarchical_memory_limit 314572800 [ 2758.992260][T15533] hierarchical_memsw_limit 9223372036854771712 20:25:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x5}, 0x0) [ 2758.999464][T15533] total_cache 0 [ 2759.003302][T15533] total_rss 12288 [ 2759.007907][T15533] total_rss_huge 0 [ 2759.022071][T15533] total_shmem 0 [ 2759.025706][T15533] total_mapped_file 0 [ 2759.035449][T15533] total_dirty 0 [ 2759.045217][T15533] total_writeback 0 [ 2759.053885][T15533] total_workingset_refault_anon 59637 [ 2759.065049][T15533] total_workingset_refault_file 0 [ 2759.074447][T15533] total_swap 184320 [ 2759.084485][T15533] total_swapcached 8192 [ 2759.092098][T15533] total_pgpgin 208205 [ 2759.102068][T15533] total_pgpgout 208202 [ 2759.109931][T15533] total_pgfault 469810 [ 2759.125705][T15533] total_pgmajfault 57213 [ 2759.135498][T15533] total_inactive_anon 0 [ 2759.141018][T15533] total_active_anon 8192 [ 2759.142102][T15562] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2759.147096][T15533] total_inactive_file 0 [ 2759.154301][T15562] IPv6: NLM_F_CREATE should be set when creating new route [ 2759.160885][T15533] total_active_file 0 [ 2759.168745][T15533] total_unevictable 0 [ 2759.173204][T15533] anon_cost 0 [ 2759.177736][T15533] file_cost 0 [ 2759.181346][T15533] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15533,uid=0 [ 2759.189156][T15563] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 20:25:48 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x4800) 20:25:48 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xff00) [ 2759.200962][T15533] Memory cgroup out of memory: Killed process 15533 (syz-executor.1) total-vm:56424kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2759.204637][T15563] IPv6: NLM_F_CREATE should be set when creating new route 20:25:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x6}, 0x0) 20:25:48 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x7}, 0x0) 20:25:48 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x1000000) [ 2759.442073][T15572] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2759.450874][T15572] IPv6: NLM_F_CREATE should be set when creating new route [ 2759.583321][T15574] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2759.591147][T15574] IPv6: NLM_F_CREATE should be set when creating new route 20:25:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x8}, 0x0) 20:25:48 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2759.811438][T24983] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2759.906683][T15579] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2759.915535][T15579] IPv6: NLM_F_CREATE should be set when creating new route [ 2759.945062][T15569] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2759.990568][T15569] CPU: 0 PID: 15569 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2760.001055][T15569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2760.011153][T15569] Call Trace: [ 2760.014491][T15569] [ 2760.017457][T15569] dump_stack_lvl+0x1e7/0x2e0 [ 2760.022256][T15569] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2760.027529][T15569] ? __pfx__printk+0x10/0x10 [ 2760.032161][T15569] ? ___ratelimit+0x4c4/0x670 [ 2760.036885][T15569] ? __pfx____ratelimit+0x10/0x10 [ 2760.041958][T15569] dump_header+0xda/0x6a0 [ 2760.046339][T15569] oom_kill_process+0x3a7/0x930 [ 2760.051264][T15569] out_of_memory+0xf67/0x1320 [ 2760.056002][T15569] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2760.061669][T15569] ? __pfx___mutex_lock+0x10/0x10 [ 2760.066739][T15569] ? __pfx_out_of_memory+0x10/0x10 [ 2760.069869][T15584] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2760.071897][T15569] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2760.071933][T15569] ? __pfx_lock_release+0x10/0x10 20:25:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x9}, 0x0) 20:25:48 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x2000000) [ 2760.079678][T15584] IPv6: NLM_F_CREATE should be set when creating new route [ 2760.084655][T15569] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2760.103003][T15569] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2760.108257][T15569] ? mem_cgroup_iter+0x3e9/0x560 [ 2760.113252][T15569] try_charge_memcg+0xda2/0x18a0 [ 2760.118373][T15569] ? __pfx_try_charge_memcg+0x10/0x10 [ 2760.123785][T15569] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2760.129542][T15569] ? __pfx_lock_release+0x10/0x10 [ 2760.134631][T15569] ? memcg_account_kmem+0x1e7/0x210 20:25:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2760.139886][T15569] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2760.145734][T15569] __memcg_kmem_charge_page+0xe1/0x250 [ 2760.151247][T15569] memcg_charge_kernel_stack+0x37e/0x550 [ 2760.156934][T15569] dup_task_struct+0x15d/0x7d0 [ 2760.161745][T15569] copy_process+0x5d5/0x3fc0 [ 2760.166391][T15569] ? __might_fault+0xa9/0x120 [ 2760.171122][T15569] ? __pfx_lock_release+0x10/0x10 [ 2760.176202][T15569] ? __pfx_copy_process+0x10/0x10 [ 2760.181278][T15569] ? __might_fault+0xc5/0x120 [ 2760.186002][T15569] ? __asan_memset+0x23/0x50 [ 2760.190664][T15569] kernel_clone+0x21d/0x8d0 [ 2760.195217][T15569] ? __pfx_kernel_clone+0x10/0x10 [ 2760.200306][T15569] __se_sys_clone3+0x2cb/0x350 [ 2760.205116][T15569] ? __pfx___se_sys_clone3+0x10/0x10 [ 2760.210462][T15569] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2760.216497][T15569] ? exc_page_fault+0x587/0x870 [ 2760.221391][T15569] ? do_syscall_64+0xb4/0x240 [ 2760.226120][T15569] do_syscall_64+0xf9/0x240 [ 2760.230674][T15569] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2760.236620][T15569] RIP: 0033:0x7f091a8a9b99 [ 2760.241078][T15569] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2760.260722][T15569] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2760.269153][T15569] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2760.277131][T15569] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2760.285124][T15569] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2760.293102][T15569] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2760.301091][T15569] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2760.309097][T15569] [ 2760.318773][T15569] memory: usage 307200kB, limit 307200kB, failcnt 181089 [ 2760.326515][T15569] memory+swap: usage 307424kB, limit 9007199254740988kB, failcnt 0 [ 2760.334743][T15569] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2760.382455][T15588] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2760.384493][T15569] Memory cgroup stats for [ 2760.391243][T15588] IPv6: NLM_F_CREATE should be set when creating new route [ 2760.396130][T15569] /syz1: [ 2760.415406][T15569] cache 0 [ 2760.424962][T15569] rss 20480 20:25:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xa}, 0x0) 20:25:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x3000000) [ 2760.431986][T15569] rss_huge 0 [ 2760.438884][T15569] shmem 0 [ 2760.445715][T15569] mapped_file 0 [ 2760.451159][T15569] dirty 0 [ 2760.462051][T15569] writeback 0 [ 2760.469805][T15569] workingset_refault_anon 59746 [ 2760.487213][T15569] workingset_refault_file 0 [ 2760.491869][T15569] swap 204800 [ 2760.497539][T15569] swapcached 12288 [ 2760.504784][T15569] pgpgin 208327 [ 2760.514896][T15569] pgpgout 208321 [ 2760.527376][T15569] pgfault 469992 [ 2760.531177][T15569] pgmajfault 57314 [ 2760.535064][T15569] inactive_anon 0 [ 2760.539323][T15569] active_anon 24576 [ 2760.543324][T15569] inactive_file 0 [ 2760.548097][T15569] active_file 0 [ 2760.551792][T15569] unevictable 0 [ 2760.555442][T15569] hierarchical_memory_limit 314572800 [ 2760.561838][T15569] hierarchical_memsw_limit 9223372036854771712 [ 2760.568286][T15569] total_cache 0 [ 2760.571970][T15569] total_rss 20480 [ 2760.575798][T15569] total_rss_huge 0 [ 2760.582658][T15569] total_shmem 0 20:25:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xb}, 0x0) [ 2760.582783][T15592] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2760.593868][T15592] IPv6: NLM_F_CREATE should be set when creating new route [ 2760.604633][T15569] total_mapped_file 0 [ 2760.616157][T15569] total_dirty 0 [ 2760.619758][T15569] total_writeback 0 20:25:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2760.653993][T15569] total_workingset_refault_anon 59746 [ 2760.660188][T15569] total_workingset_refault_file 0 [ 2760.665241][T15569] total_swap 204800 [ 2760.679747][T15569] total_swapcached 12288 [ 2760.684154][T15569] total_pgpgin 208327 [ 2760.690769][T15569] total_pgpgout 208321 [ 2760.694971][T15569] total_pgfault 469992 [ 2760.699434][T15569] total_pgmajfault 57314 [ 2760.703739][T15569] total_inactive_anon 0 [ 2760.708288][T15569] total_active_anon 24576 [ 2760.712746][T15569] total_inactive_file 0 [ 2760.717443][T15569] total_active_file 0 [ 2760.721542][T15569] total_unevictable 0 [ 2760.725752][T15569] anon_cost 0 [ 2760.739520][T15569] file_cost 0 20:25:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xc}, 0x0) [ 2760.745993][T15569] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15569,uid=0 [ 2760.767809][T15597] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2760.776759][T15597] IPv6: NLM_F_CREATE should be set when creating new route [ 2760.783014][T15569] Memory cgroup out of memory: Killed process 15569 (syz-executor.1) total-vm:56556kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:49 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x4800) 20:25:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x4000000) [ 2760.894758][T15602] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2760.902609][T15602] IPv6: NLM_F_CREATE should be set when creating new route 20:25:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xf}, 0x0) 20:25:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x10}, 0x0) [ 2761.231943][T15612] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2761.240872][T15612] IPv6: NLM_F_CREATE should be set when creating new route [ 2761.260565][T15605] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2761.269674][T15613] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2761.279702][T15613] IPv6: NLM_F_CREATE should be set when creating new route [ 2761.289235][T15605] CPU: 1 PID: 15605 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2761.299701][T15605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2761.309789][T15605] Call Trace: [ 2761.313108][T15605] [ 2761.316066][T15605] dump_stack_lvl+0x1e7/0x2e0 [ 2761.320807][T15605] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2761.326057][T15605] ? __pfx__printk+0x10/0x10 [ 2761.330688][T15605] ? ___ratelimit+0x4c4/0x670 [ 2761.335413][T15605] ? __pfx____ratelimit+0x10/0x10 [ 2761.340546][T15605] dump_header+0xda/0x6a0 [ 2761.344928][T15605] oom_kill_process+0x3a7/0x930 [ 2761.349838][T15605] out_of_memory+0xf67/0x1320 [ 2761.354571][T15605] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2761.360240][T15605] ? __pfx___mutex_lock+0x10/0x10 [ 2761.365331][T15605] ? __pfx_out_of_memory+0x10/0x10 [ 2761.370469][T15605] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2761.376041][T15605] ? __pfx_lock_release+0x10/0x10 [ 2761.381095][T15605] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2761.387182][T15605] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2761.392395][T15605] ? mem_cgroup_iter+0x3e9/0x560 [ 2761.397351][T15605] try_charge_memcg+0xda2/0x18a0 [ 2761.402298][T15605] ? mark_lock+0x9a/0x350 [ 2761.406657][T15605] ? __pfx_try_charge_memcg+0x10/0x10 [ 2761.412065][T15605] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2761.418232][T15605] charge_memcg+0xa2/0x160 [ 2761.422666][T15605] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2761.428744][T15605] __read_swap_cache_async+0x480/0x8b0 [ 2761.434217][T15605] ? mark_lock+0x9a/0x350 [ 2761.438566][T15605] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2761.444569][T15605] swap_cluster_readahead+0x67c/0x810 [ 2761.449966][T15605] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2761.455890][T15605] ? __pfx_lock_release+0x10/0x10 [ 2761.460944][T15605] ? xas_descend+0x37e/0x470 [ 2761.465568][T15605] swapin_readahead+0x1ea/0x1070 [ 2761.470541][T15605] ? filemap_get_entry+0x127/0x4e0 [ 2761.475684][T15605] ? __pfx_swapin_readahead+0x10/0x10 [ 2761.481085][T15605] ? __filemap_get_folio+0x935/0xbc0 [ 2761.486394][T15605] ? swap_cache_get_folio+0x9f/0x570 [ 2761.491695][T15605] do_swap_page+0x8ab/0x3da0 [ 2761.496303][T15605] ? __pte_offset_map+0x2c4/0x380 [ 2761.501352][T15605] ? do_swap_page+0x154/0x3da0 [ 2761.506123][T15605] ? __pfx_do_swap_page+0x10/0x10 [ 2761.511164][T15605] ? pte_offset_map_nolock+0x137/0x1f0 [ 2761.516638][T15605] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2761.522458][T15605] ? __pfx_validate_chain+0x10/0x10 [ 2761.527676][T15605] __handle_mm_fault+0x15e8/0x72d0 [ 2761.532828][T15605] ? __pfx___handle_mm_fault+0x10/0x10 [ 2761.538306][T15605] ? mt_find+0x226/0x850 [ 2761.542563][T15605] ? __pfx_lock_release+0x10/0x10 [ 2761.547623][T15605] ? mt_find+0x62d/0x850 [ 2761.551894][T15605] ? mt_find+0x226/0x850 [ 2761.556175][T15605] ? find_vma+0x142/0x1c0 [ 2761.560524][T15605] ? __pfx_find_vma+0x10/0x10 [ 2761.565206][T15605] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2761.571208][T15605] handle_mm_fault+0x3c1/0x8a0 [ 2761.576013][T15605] exc_page_fault+0x2ad/0x870 [ 2761.580727][T15605] asm_exc_page_fault+0x26/0x30 [ 2761.585596][T15605] RIP: 0010:__get_user_8+0x11/0x20 [ 2761.590717][T15605] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2761.610336][T15605] RSP: 0018:ffffc90014b7fd78 EFLAGS: 00050202 [ 2761.616417][T15605] RAX: 0000555555e1bda8 RBX: ffff88807f67b2f8 RCX: ffffc90014b7fc03 [ 2761.624404][T15605] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6da0 [ 2761.632384][T15605] RBP: ffffc90014b7fec0 R08: ffffffff8f8567ef R09: 1ffffffff1f0acfd [ 2761.640369][T15605] R10: dffffc0000000000 R11: fffffbfff1f0acfe R12: ffffc90014b7fd80 [ 2761.648350][T15605] R13: ffffc90014b7ffd8 R14: dffffc0000000000 R15: ffff88807f679dc0 [ 2761.656347][T15605] __rseq_handle_notify_resume+0x158/0x1490 [ 2761.662273][T15605] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2761.668646][T15605] ? irqentry_exit_to_user_mode+0x52/0x280 [ 2761.674511][T15605] irqentry_exit_to_user_mode+0xbb/0x280 [ 2761.680178][T15605] exc_page_fault+0x587/0x870 [ 2761.684884][T15605] asm_exc_page_fault+0x26/0x30 [ 2761.689774][T15605] RIP: 0033:0x7f091a8373be [ 2761.694218][T15605] Code: 8d 4c 24 0c 31 c0 b9 40 42 0f 00 4c 89 ce ba 81 00 00 00 bf ca 00 00 00 41 c7 44 24 0c 01 00 00 00 4c 89 0c 24 e8 d2 69 04 00 <80> 3d ed e2 c9 00 00 4c 8b 0c 24 0f 84 71 ff ff ff 4c 8d ac 24 60 [ 2761.713847][T15605] RSP: 002b:00007ffdf4c5cba0 EFLAGS: 00010217 [ 2761.719932][T15605] RAX: 0000000000000000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a87dda9 20:25:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x14}, 0x0) 20:25:50 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x5000000) [ 2761.727913][T15605] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f091a9abf8c [ 2761.735887][T15605] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2761.743870][T15605] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007f091a9abf80 [ 2761.751851][T15605] R13: 0000000000000fbb R14: 00007f091a9abf80 R15: 00007ffdf4c5cca8 [ 2761.759870][T15605] 20:25:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x60}, 0x0) [ 2761.810916][T15619] __nla_validate_parse: 32 callbacks suppressed [ 2761.810937][T15619] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2761.835332][T15617] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2761.843664][T15605] memory: usage 307180kB, limit 307200kB, failcnt 181309 [ 2761.853593][T15605] memory+swap: usage 307420kB, limit 9007199254740988kB, failcnt 0 [ 2761.861962][T15605] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2761.871330][T15605] Memory cgroup stats for /syz1: [ 2761.871482][T15605] cache 0 [ 2761.881735][T15605] rss 12288 [ 2761.885009][T15605] rss_huge 0 [ 2761.888566][T15605] shmem 0 [ 2761.891632][T15605] mapped_file 0 [ 2761.895229][T15605] dirty 0 [ 2761.898429][T15605] writeback 0 [ 2761.901836][T15605] workingset_refault_anon 59813 20:25:50 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2761.912484][T15605] workingset_refault_file 0 [ 2761.917269][T15605] swap 245760 [ 2761.921684][T15605] swapcached 8192 [ 2761.925456][T15605] pgpgin 208409 [ 2761.929234][T15605] pgpgout 208406 [ 2761.932901][T15605] pgfault 470131 [ 2761.936974][T15605] pgmajfault 57383 [ 2761.942468][T15605] inactive_anon 4096 [ 2761.947400][T15605] active_anon 8192 [ 2761.951255][T15605] inactive_file 0 [ 2761.955008][T15605] active_file 0 [ 2761.958691][T15605] unevictable 0 [ 2761.962268][T15605] hierarchical_memory_limit 314572800 [ 2761.968280][T15605] hierarchical_memsw_limit 9223372036854771712 [ 2761.974614][T15605] total_cache 0 [ 2761.984640][T15605] total_rss 12288 [ 2761.987199][T15621] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2761.988494][T15605] total_rss_huge 0 [ 2761.997186][T15621] IPv6: NLM_F_CREATE should be set when creating new route [ 2761.999855][T15605] total_shmem 0 [ 2762.025142][T15605] total_mapped_file 0 [ 2762.030702][T15605] total_dirty 0 [ 2762.034403][T15605] total_writeback 0 [ 2762.045282][T15622] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2762.052883][T15605] total_workingset_refault_anon 59813 20:25:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xfc}, 0x0) [ 2762.073927][T15605] total_workingset_refault_file 0 [ 2762.081936][T15605] total_swap 245760 [ 2762.092566][T15605] total_swapcached 8192 [ 2762.097245][T15605] total_pgpgin 208409 [ 2762.101465][T15605] total_pgpgout 208406 [ 2762.105698][T15605] total_pgfault 470131 [ 2762.111883][T15605] total_pgmajfault 57383 [ 2762.116973][T15605] total_inactive_anon 4096 [ 2762.121638][T15605] total_active_anon 8192 20:25:51 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x6000000) [ 2762.127230][T15624] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2762.166168][T15605] total_inactive_file 0 [ 2762.170455][T15605] total_active_file 0 [ 2762.174462][T15605] total_unevictable 0 [ 2762.180812][T15605] anon_cost 0 [ 2762.188461][T15605] file_cost 0 [ 2762.198754][T15605] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15605,uid=0 20:25:51 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x40000000}, 0x0) [ 2762.219891][T15605] Memory cgroup out of memory: Killed process 15605 (syz-executor.1) total-vm:56424kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2762.263729][T15626] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:25:51 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x300}, 0x0) [ 2762.283975][T15627] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2762.291838][T15627] IPv6: NLM_F_CREATE should be set when creating new route 20:25:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2762.331628][T15629] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2762.432113][T15630] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2762.440972][T15630] IPv6: NLM_F_CREATE should be set when creating new route [ 2762.460625][T15632] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:25:51 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x500}, 0x0) [ 2762.475317][T15635] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:25:51 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x7000000) [ 2762.650246][T15636] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2762.658112][T15636] IPv6: NLM_F_CREATE should be set when creating new route [ 2762.681223][T15638] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:25:51 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x600}, 0x0) 20:25:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2762.706770][T15640] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:25:51 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x700}, 0x0) [ 2762.882386][T15641] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2762.891238][T15641] IPv6: NLM_F_CREATE should be set when creating new route 20:25:51 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x8000000) [ 2762.952963][T29516] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2763.029939][T15646] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2763.034945][T29516] CPU: 0 PID: 29516 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2763.037871][T15646] IPv6: NLM_F_CREATE should be set when creating new route [ 2763.047612][T29516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2763.047633][T29516] Call Trace: [ 2763.047645][T29516] [ 2763.047655][T29516] dump_stack_lvl+0x1e7/0x2e0 [ 2763.047697][T29516] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2763.081145][T29516] ? __pfx__printk+0x10/0x10 [ 2763.085782][T29516] ? ___ratelimit+0x4c4/0x670 [ 2763.090506][T29516] ? __pfx____ratelimit+0x10/0x10 [ 2763.095683][T29516] dump_header+0xda/0x6a0 [ 2763.100071][T29516] oom_kill_process+0x3a7/0x930 [ 2763.104977][T29516] out_of_memory+0xf67/0x1320 [ 2763.109711][T29516] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2763.115396][T29516] ? __pfx___mutex_lock+0x10/0x10 [ 2763.120507][T29516] ? __pfx_out_of_memory+0x10/0x10 [ 2763.125685][T29516] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2763.131275][T29516] ? __pfx_lock_release+0x10/0x10 [ 2763.136351][T29516] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2763.142476][T29516] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2763.147719][T29516] ? mem_cgroup_iter+0x3e9/0x560 [ 2763.152698][T29516] try_charge_memcg+0xda2/0x18a0 [ 2763.157666][T29516] ? mark_lock+0x9a/0x350 [ 2763.162037][T29516] ? __pfx_try_charge_memcg+0x10/0x10 [ 2763.167489][T29516] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2763.173688][T29516] charge_memcg+0xa2/0x160 [ 2763.178152][T29516] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2763.184254][T29516] __read_swap_cache_async+0x480/0x8b0 [ 2763.189744][T29516] ? mark_lock+0x9a/0x350 [ 2763.194097][T29516] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2763.200106][T29516] swap_cluster_readahead+0x67c/0x810 [ 2763.205592][T29516] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2763.211513][T29516] ? __pfx_lock_release+0x10/0x10 [ 2763.216564][T29516] ? xas_descend+0x37e/0x470 [ 2763.221180][T29516] swapin_readahead+0x1ea/0x1070 [ 2763.226136][T29516] ? filemap_get_entry+0x127/0x4e0 [ 2763.231275][T29516] ? __pfx_swapin_readahead+0x10/0x10 [ 2763.236674][T29516] ? __filemap_get_folio+0x935/0xbc0 [ 2763.241980][T29516] ? swap_cache_get_folio+0x9f/0x570 [ 2763.247287][T29516] do_swap_page+0x8ab/0x3da0 [ 2763.251892][T29516] ? __pte_offset_map+0x2c4/0x380 [ 2763.256936][T29516] ? do_swap_page+0x154/0x3da0 [ 2763.261705][T29516] ? __pfx_do_swap_page+0x10/0x10 [ 2763.266739][T29516] ? pte_offset_map_nolock+0x137/0x1f0 [ 2763.272211][T29516] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2763.278029][T29516] ? __pfx_validate_chain+0x10/0x10 [ 2763.283241][T29516] __handle_mm_fault+0x15e8/0x72d0 [ 2763.288399][T29516] ? __pfx___handle_mm_fault+0x10/0x10 [ 2763.293881][T29516] ? mt_find+0x226/0x850 [ 2763.298141][T29516] ? __pfx_lock_release+0x10/0x10 [ 2763.303197][T29516] ? mt_find+0x62d/0x850 [ 2763.307455][T29516] ? mt_find+0x226/0x850 [ 2763.311733][T29516] ? find_vma+0x142/0x1c0 [ 2763.316088][T29516] ? __pfx_find_vma+0x10/0x10 [ 2763.320784][T29516] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2763.326783][T29516] handle_mm_fault+0x3c1/0x8a0 [ 2763.331569][T29516] exc_page_fault+0x2ad/0x870 [ 2763.336282][T29516] asm_exc_page_fault+0x26/0x30 [ 2763.341171][T29516] RIP: 0010:__get_user_8+0x11/0x20 [ 2763.346294][T29516] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2763.365911][T29516] RSP: 0018:ffffc90003767d98 EFLAGS: 00050202 [ 2763.372010][T29516] RAX: 0000555555e1bda8 RBX: ffff88802157b2f8 RCX: ffffc90003767c03 [ 2763.379990][T29516] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6da0 [ 2763.387976][T29516] RBP: ffffc90003767ec8 R08: ffffffff8f8567ef R09: 1ffffffff1f0acfd [ 2763.395957][T29516] R10: dffffc0000000000 R11: fffffbfff1f0acfe R12: ffffc90003767da0 [ 2763.403934][T29516] R13: ffffc90003767fd8 R14: dffffc0000000000 R15: ffff888021579dc0 [ 2763.411934][T29516] __rseq_handle_notify_resume+0x158/0x1490 [ 2763.417873][T29516] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2763.424227][T29516] ? syscall_exit_to_user_mode+0xa2/0x370 [ 2763.429966][T29516] syscall_exit_to_user_mode+0x113/0x370 [ 2763.435616][T29516] do_syscall_64+0x108/0x240 [ 2763.440228][T29516] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2763.446145][T29516] RIP: 0033:0x7f091a8a91b5 [ 2763.450566][T29516] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 b9 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f ba ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 2763.470181][T29516] RSP: 002b:00007ffdf4c5cd60 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 2763.478609][T29516] RAX: 0000000000000000 RBX: 00000000000001f6 RCX: 00007f091a8a91b5 [ 2763.486597][T29516] RDX: 00007ffdf4c5cda0 RSI: 0000000000000000 RDI: 0000000000000000 [ 2763.494589][T29516] RBP: 00007ffdf4c5ce2c R08: 0000000000000000 R09: 00007ffdf4c840b0 [ 2763.502571][T29516] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 2763.510550][T29516] R13: 00000000002a267c R14: 00000000002a267c R15: 0000000000000000 [ 2763.518549][T29516] [ 2763.545074][T29516] memory: usage 307200kB, limit 307200kB, failcnt 181700 [ 2763.553618][T29516] memory+swap: usage 307400kB, limit 9007199254740988kB, failcnt 0 [ 2763.577055][T29516] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 20:25:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:52 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x900}, 0x0) 20:25:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x9000000) [ 2763.596834][T29516] Memory cgroup stats for /syz1: [ 2763.597002][T29516] cache 0 [ 2763.612577][T29516] rss 12288 [ 2763.618121][T29516] rss_huge 0 [ 2763.628420][T29516] shmem 0 [ 2763.634882][T15657] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2763.643638][T15657] IPv6: NLM_F_CREATE should be set when creating new route [ 2763.658233][T29516] mapped_file 0 [ 2763.661741][T29516] dirty 0 [ 2763.664710][T29516] writeback 0 [ 2763.668489][T29516] workingset_refault_anon 59930 [ 2763.673473][T29516] workingset_refault_file 0 [ 2763.693143][T29516] swap 192512 20:25:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xa000000) 20:25:52 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xa00}, 0x0) [ 2763.697372][T29516] swapcached 8192 [ 2763.701124][T29516] pgpgin 208553 [ 2763.704676][T29516] pgpgout 208550 [ 2763.742937][T29516] pgfault 470344 [ 2763.757664][T29516] pgmajfault 57504 [ 2763.761457][T29516] inactive_anon 0 [ 2763.766340][T29516] active_anon 8192 [ 2763.776905][T29516] inactive_file 0 [ 2763.780587][T29516] active_file 0 [ 2763.784076][T29516] unevictable 0 [ 2763.789570][T15660] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2763.797401][T15660] IPv6: NLM_F_CREATE should be set when creating new route [ 2763.806622][T29516] hierarchical_memory_limit 314572800 [ 2763.812035][T29516] hierarchical_memsw_limit 9223372036854771712 [ 2763.824990][T29516] total_cache 0 [ 2763.828668][T29516] total_rss 12288 [ 2763.832364][T29516] total_rss_huge 0 [ 2763.836429][T29516] total_shmem 0 20:25:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2763.839918][T29516] total_mapped_file 0 [ 2763.843924][T29516] total_dirty 0 [ 2763.847944][T29516] total_writeback 0 [ 2763.851783][T29516] total_workingset_refault_anon 59930 [ 2763.865709][T29516] total_workingset_refault_file 0 [ 2763.871071][T29516] total_swap 192512 [ 2763.877241][T29516] total_swapcached 8192 [ 2763.881755][T29516] total_pgpgin 208553 [ 2763.885858][T29516] total_pgpgout 208550 [ 2763.923152][T29516] total_pgfault 470344 [ 2763.929070][T29814] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2763.929192][T29516] total_pgmajfault 57504 [ 2763.944315][T29516] total_inactive_anon 0 [ 2763.949022][T29516] total_active_anon 8192 [ 2763.953557][T29516] total_inactive_file 0 [ 2763.958325][T29516] total_active_file 0 [ 2763.962585][T29516] total_unevictable 0 [ 2763.967118][T29516] anon_cost 0 [ 2763.970670][T29516] file_cost 0 [ 2763.976420][T15665] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2763.976712][T29516] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15633,uid=0 [ 2763.985297][T15665] IPv6: NLM_F_CREATE should be set when creating new route 20:25:52 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xb00}, 0x0) [ 2764.009508][T29516] Memory cgroup out of memory: Killed process 15633 (syz-executor.1) total-vm:56556kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xb000000) 20:25:53 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x40000000}, 0x0) 20:25:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:53 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xc00}, 0x0) [ 2764.305446][T15673] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2764.314371][T15673] IPv6: NLM_F_CREATE should be set when creating new route 20:25:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xc000000) 20:25:53 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xf00}, 0x0) [ 2764.460865][T15679] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2764.468700][T15679] IPv6: NLM_F_CREATE should be set when creating new route [ 2764.497472][T15674] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2764.508296][T15674] CPU: 1 PID: 15674 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2764.518773][T15674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2764.528873][T15674] Call Trace: [ 2764.532176][T15674] [ 2764.535128][T15674] dump_stack_lvl+0x1e7/0x2e0 [ 2764.539861][T15674] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2764.545108][T15674] ? __pfx__printk+0x10/0x10 [ 2764.549740][T15674] ? ___ratelimit+0x4c4/0x670 [ 2764.554467][T15674] ? __pfx____ratelimit+0x10/0x10 [ 2764.559541][T15674] dump_header+0xda/0x6a0 [ 2764.563926][T15674] oom_kill_process+0x3a7/0x930 [ 2764.568829][T15674] out_of_memory+0xf67/0x1320 [ 2764.573555][T15674] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2764.579234][T15674] ? __pfx___mutex_lock+0x10/0x10 [ 2764.584327][T15674] ? __pfx_out_of_memory+0x10/0x10 [ 2764.589502][T15674] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2764.595081][T15674] ? __pfx_lock_release+0x10/0x10 [ 2764.600227][T15674] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2764.606335][T15674] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2764.611550][T15674] ? mem_cgroup_iter+0x3e9/0x560 [ 2764.616507][T15674] try_charge_memcg+0xda2/0x18a0 [ 2764.621480][T15674] ? __pfx_try_charge_memcg+0x10/0x10 [ 2764.626874][T15674] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2764.632616][T15674] ? __pfx_lock_release+0x10/0x10 [ 2764.637661][T15674] ? memcg_account_kmem+0x1e7/0x210 [ 2764.642878][T15674] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2764.648698][T15674] __memcg_kmem_charge_page+0xe1/0x250 [ 2764.654194][T15674] memcg_charge_kernel_stack+0x210/0x550 [ 2764.659846][T15674] dup_task_struct+0x40d/0x7d0 [ 2764.664621][T15674] copy_process+0x5d5/0x3fc0 [ 2764.669236][T15674] ? __might_fault+0xa9/0x120 [ 2764.673926][T15674] ? __pfx_lock_release+0x10/0x10 [ 2764.678972][T15674] ? __pfx_copy_process+0x10/0x10 [ 2764.684007][T15674] ? __might_fault+0xc5/0x120 [ 2764.688696][T15674] ? __asan_memset+0x23/0x50 [ 2764.693408][T15674] kernel_clone+0x21d/0x8d0 [ 2764.697956][T15674] ? __pfx_kernel_clone+0x10/0x10 [ 2764.703029][T15674] __se_sys_clone3+0x2cb/0x350 [ 2764.707825][T15674] ? __pfx___se_sys_clone3+0x10/0x10 [ 2764.713159][T15674] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2764.719194][T15674] ? exc_page_fault+0x587/0x870 [ 2764.724073][T15674] ? do_syscall_64+0xb4/0x240 [ 2764.728790][T15674] do_syscall_64+0xf9/0x240 [ 2764.733330][T15674] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2764.739255][T15674] RIP: 0033:0x7f091a8a9b99 [ 2764.743688][T15674] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2764.763337][T15674] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2764.771802][T15674] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2764.779814][T15674] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2764.787822][T15674] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2764.795842][T15674] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2764.803853][T15674] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2764.811884][T15674] 20:25:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2764.930598][T15674] memory: usage 307200kB, limit 307200kB, failcnt 181940 [ 2764.947692][T15674] memory+swap: usage 307424kB, limit 9007199254740988kB, failcnt 0 [ 2764.950299][T15682] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2764.964514][T15682] IPv6: NLM_F_CREATE should be set when creating new route [ 2764.968803][T15674] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0 20:25:53 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x1400}, 0x0) 20:25:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xd000000) [ 2765.060410][T15674] Memory cgroup stats for /syz1: [ 2765.060568][T15674] cache 0 [ 2765.087186][T15674] rss 12288 [ 2765.096390][T15674] rss_huge 0 [ 2765.104254][T15674] shmem 0 20:25:53 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x4788}, 0x0) [ 2765.111727][T15674] mapped_file 0 [ 2765.144576][T15674] dirty 0 [ 2765.154761][T15674] writeback 0 [ 2765.166707][T15674] workingset_refault_anon 59994 [ 2765.181262][T15674] workingset_refault_file 0 [ 2765.189127][T15674] swap 229376 [ 2765.194367][T15674] swapcached 12288 [ 2765.198910][T15674] pgpgin 208635 [ 2765.202606][T15674] pgpgout 208632 [ 2765.207082][T15674] pgfault 470476 [ 2765.210850][T15674] pgmajfault 57573 [ 2765.214783][T15674] inactive_anon 12288 [ 2765.219839][T15674] active_anon 0 [ 2765.223514][T15674] inactive_file 0 [ 2765.228654][T15674] active_file 0 [ 2765.232332][T15674] unevictable 0 [ 2765.236839][T15674] hierarchical_memory_limit 314572800 [ 2765.242733][T15674] hierarchical_memsw_limit 9223372036854771712 [ 2765.249957][T15674] total_cache 0 [ 2765.253762][T15674] total_rss 12288 [ 2765.261032][T15674] total_rss_huge 0 [ 2765.265069][T15674] total_shmem 0 [ 2765.269567][T15674] total_mapped_file 0 [ 2765.273888][T15674] total_dirty 0 [ 2765.278303][T15674] total_writeback 0 [ 2765.282416][T15674] total_workingset_refault_anon 59994 [ 2765.288611][T15674] total_workingset_refault_file 0 [ 2765.293982][T15674] total_swap 229376 [ 2765.302323][T15674] total_swapcached 12288 [ 2765.309926][T15674] total_pgpgin 208635 [ 2765.320851][T15674] total_pgpgout 208632 [ 2765.330853][T15674] total_pgfault 470476 [ 2765.339225][T15674] total_pgmajfault 57573 [ 2765.343766][T15674] total_inactive_anon 12288 [ 2765.354805][T15674] total_active_anon 0 [ 2765.368858][T15674] total_inactive_file 0 [ 2765.380974][T15693] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2765.388777][T15693] IPv6: NLM_F_CREATE should be set when creating new route 20:25:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x4888}, 0x0) [ 2765.420579][T15674] total_active_file 0 [ 2765.424920][T15674] total_unevictable 0 [ 2765.446642][T15674] anon_cost 0 [ 2765.450008][T15674] file_cost 0 [ 2765.453327][T15674] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15674,uid=0 20:25:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000058", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2765.493866][T15674] Memory cgroup out of memory: Killed process 15674 (syz-executor.1) total-vm:56556kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2765.596872][T15694] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2765.605739][T15694] IPv6: NLM_F_CREATE should be set when creating new route 20:25:54 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xe000000) 20:25:54 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x40000000}, 0x0) 20:25:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x518a}, 0x0) [ 2765.855895][T15699] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2765.863713][T15699] IPv6: NLM_F_CREATE should be set when creating new route 20:25:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008d31c07", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x5865}, 0x0) [ 2766.104304][T15705] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2766.113189][T15705] IPv6: NLM_F_CREATE should be set when creating new route 20:25:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x10000000) 20:25:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x6000}, 0x0) 20:25:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2766.331813][T15702] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2766.378564][T15702] CPU: 1 PID: 15702 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2766.389052][T15702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2766.399133][T15702] Call Trace: [ 2766.402438][T15702] [ 2766.405376][T15702] dump_stack_lvl+0x1e7/0x2e0 [ 2766.410081][T15702] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2766.415308][T15702] ? __pfx__printk+0x10/0x10 [ 2766.419912][T15702] ? ___ratelimit+0x4c4/0x670 [ 2766.424632][T15702] ? __pfx____ratelimit+0x10/0x10 [ 2766.429698][T15702] dump_header+0xda/0x6a0 [ 2766.434149][T15702] oom_kill_process+0x3a7/0x930 [ 2766.439029][T15702] out_of_memory+0xf67/0x1320 [ 2766.443730][T15702] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2766.449381][T15702] ? __pfx___mutex_lock+0x10/0x10 [ 2766.454428][T15702] ? __pfx_out_of_memory+0x10/0x10 [ 2766.459563][T15702] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2766.465124][T15702] ? __pfx_lock_release+0x10/0x10 [ 2766.470173][T15702] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2766.476267][T15702] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2766.481481][T15702] ? mem_cgroup_iter+0x3e9/0x560 [ 2766.486439][T15702] try_charge_memcg+0xda2/0x18a0 [ 2766.491412][T15702] ? __pfx_try_charge_memcg+0x10/0x10 [ 2766.496799][T15702] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2766.502530][T15702] ? __pfx_lock_release+0x10/0x10 [ 2766.507575][T15702] ? memcg_account_kmem+0x1e7/0x210 [ 2766.512811][T15702] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2766.518634][T15702] __memcg_kmem_charge_page+0xe1/0x250 [ 2766.524113][T15702] memcg_charge_kernel_stack+0x37e/0x550 [ 2766.529775][T15702] dup_task_struct+0x15d/0x7d0 [ 2766.534556][T15702] copy_process+0x5d5/0x3fc0 [ 2766.539180][T15702] ? __might_fault+0xa9/0x120 [ 2766.543874][T15702] ? __pfx_lock_release+0x10/0x10 [ 2766.548929][T15702] ? __pfx_copy_process+0x10/0x10 [ 2766.553962][T15702] ? __might_fault+0xc5/0x120 [ 2766.558656][T15702] ? __asan_memset+0x23/0x50 [ 2766.563264][T15702] kernel_clone+0x21d/0x8d0 [ 2766.567787][T15702] ? __pfx_kernel_clone+0x10/0x10 [ 2766.572848][T15702] __se_sys_clone3+0x2cb/0x350 [ 2766.577629][T15702] ? __pfx___se_sys_clone3+0x10/0x10 [ 2766.582952][T15702] ? do_syscall_64+0x108/0x240 [ 2766.587734][T15702] ? do_syscall_64+0xb4/0x240 [ 2766.592432][T15702] do_syscall_64+0xf9/0x240 [ 2766.596961][T15702] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2766.602871][T15702] RIP: 0033:0x7f091a8a9b99 [ 2766.607297][T15702] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2766.626911][T15702] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2766.635335][T15702] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2766.643314][T15702] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2766.651292][T15702] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2766.659283][T15702] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2766.667271][T15702] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2766.675282][T15702] [ 2766.692657][T15702] memory: usage 307200kB, limit 307200kB, failcnt 182321 [ 2766.699890][T15702] memory+swap: usage 307440kB, limit 9007199254740988kB, failcnt 0 [ 2766.707907][T15702] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2766.711695][T15714] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2766.715195][T15702] Memory cgroup stats for /syz1: [ 2766.715333][T15702] cache 0 [ 2766.724161][T15714] IPv6: NLM_F_CREATE should be set when creating new route [ 2766.729231][T15702] rss 0 20:25:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x11000000) [ 2766.767796][T15702] rss_huge 0 [ 2766.771068][T15702] shmem 0 [ 2766.774023][T15702] mapped_file 0 [ 2766.778215][T15702] dirty 0 [ 2766.781184][T15702] writeback 0 [ 2766.786749][T15702] workingset_refault_anon 60110 [ 2766.791749][T15702] workingset_refault_file 0 [ 2766.798348][T15702] swap 245760 [ 2766.801706][T15702] swapcached 0 [ 2766.805174][T15702] pgpgin 208761 [ 2766.809260][T15702] pgpgout 208761 [ 2766.812850][T15702] pgfault 470667 [ 2766.816656][T15702] pgmajfault 57679 [ 2766.820415][T15702] inactive_anon 0 [ 2766.824078][T15702] active_anon 0 [ 2766.828484][T15702] inactive_file 0 [ 2766.832175][T15702] active_file 0 [ 2766.835758][T15702] unevictable 0 [ 2766.839489][T15702] hierarchical_memory_limit 314572800 [ 2766.844890][T15702] hierarchical_memsw_limit 9223372036854771712 [ 2766.851533][T15702] total_cache 0 [ 2766.855030][T15702] total_rss 0 [ 2766.858445][T15702] total_rss_huge 0 [ 2766.862280][T15702] total_shmem 0 [ 2766.865766][T15702] total_mapped_file 0 [ 2766.870180][T15702] total_dirty 0 [ 2766.873716][T15702] total_writeback 0 [ 2766.877896][T15702] total_workingset_refault_anon 60110 [ 2766.883321][T15702] total_workingset_refault_file 0 [ 2766.888626][T15702] total_swap 245760 [ 2766.892579][T15702] total_swapcached 0 [ 2766.897698][T15702] total_pgpgin 208761 [ 2766.901730][T15702] total_pgpgout 208761 [ 2766.905824][T15702] total_pgfault 470667 [ 2766.911115][T15702] total_pgmajfault 57679 [ 2766.915533][T15702] total_inactive_anon 0 [ 2766.919952][T15702] total_active_anon 0 [ 2766.924157][T15702] total_inactive_file 0 [ 2766.928663][T15702] total_active_file 0 [ 2766.932792][T15702] total_unevictable 0 [ 2766.937554][T15702] anon_cost 0 [ 2766.941062][T15717] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2766.948865][T15717] IPv6: NLM_F_CREATE should be set when creating new route [ 2766.957025][T15702] file_cost 0 [ 2766.960370][T15702] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15702,uid=0 [ 2766.984461][T15702] Memory cgroup out of memory: Killed process 15702 (syz-executor.1) total-vm:56556kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000047", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2767.016368][T15718] __nla_validate_parse: 28 callbacks suppressed [ 2767.016390][T15718] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2767.056885][T15720] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:25:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x6558}, 0x0) 20:25:55 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x2000}, 0x0) [ 2767.194658][T15721] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2767.203570][T15721] IPv6: NLM_F_CREATE should be set when creating new route [ 2767.227289][T15725] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:25:56 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x8100}, 0x0) 20:25:56 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x12000000) [ 2767.247829][T15724] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2767.403413][T15727] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2767.420143][T15727] CPU: 0 PID: 15727 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2767.426648][T15726] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2767.430593][T15727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2767.430619][T15727] Call Trace: [ 2767.430629][T15727] [ 2767.430639][T15727] dump_stack_lvl+0x1e7/0x2e0 [ 2767.438403][T15726] IPv6: NLM_F_CREATE should be set when creating new route [ 2767.447881][T15727] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2767.447921][T15727] ? __pfx__printk+0x10/0x10 [ 2767.447947][T15727] ? ___ratelimit+0x4c4/0x670 [ 2767.480670][T15727] ? __pfx____ratelimit+0x10/0x10 [ 2767.485716][T15727] dump_header+0xda/0x6a0 [ 2767.490081][T15727] oom_kill_process+0x3a7/0x930 [ 2767.494961][T15727] out_of_memory+0xf67/0x1320 [ 2767.499673][T15727] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2767.505334][T15727] ? __pfx___mutex_lock+0x10/0x10 [ 2767.510404][T15727] ? __pfx_out_of_memory+0x10/0x10 [ 2767.515541][T15727] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2767.521107][T15727] ? __pfx_lock_release+0x10/0x10 [ 2767.526172][T15727] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2767.532278][T15727] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2767.537496][T15727] ? mem_cgroup_iter+0x3e9/0x560 [ 2767.542455][T15727] try_charge_memcg+0xda2/0x18a0 [ 2767.547427][T15727] ? mark_lock+0x9a/0x350 [ 2767.551791][T15727] ? __pfx_try_charge_memcg+0x10/0x10 [ 2767.557319][T15727] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2767.563485][T15727] charge_memcg+0xa2/0x160 [ 2767.567924][T15727] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2767.574005][T15727] __read_swap_cache_async+0x480/0x8b0 [ 2767.579520][T15727] ? mark_lock+0x9a/0x350 [ 2767.583978][T15727] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2767.590010][T15727] swap_cluster_readahead+0x67c/0x810 [ 2767.595419][T15727] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2767.601500][T15727] ? __pfx_lock_release+0x10/0x10 [ 2767.606609][T15727] ? xas_descend+0x37e/0x470 [ 2767.611270][T15727] swapin_readahead+0x1ea/0x1070 [ 2767.616272][T15727] ? filemap_get_entry+0x127/0x4e0 [ 2767.621442][T15727] ? __pfx_swapin_readahead+0x10/0x10 [ 2767.626862][T15727] ? __filemap_get_folio+0x935/0xbc0 [ 2767.632275][T15727] ? swap_cache_get_folio+0x9f/0x570 [ 2767.637588][T15727] do_swap_page+0x8ab/0x3da0 [ 2767.642265][T15727] ? __pte_offset_map+0x2c4/0x380 [ 2767.647414][T15727] ? page_ext_get+0x20/0x2a0 [ 2767.652043][T15727] ? do_swap_page+0x154/0x3da0 [ 2767.656825][T15727] ? __pfx_do_swap_page+0x10/0x10 [ 2767.661930][T15727] ? pte_offset_map_nolock+0x137/0x1f0 [ 2767.667438][T15727] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2767.673284][T15727] ? __pfx_validate_chain+0x10/0x10 [ 2767.678512][T15727] __handle_mm_fault+0x15e8/0x72d0 [ 2767.683686][T15727] ? __pfx___handle_mm_fault+0x10/0x10 [ 2767.689185][T15727] ? mt_find+0x226/0x850 [ 2767.693479][T15727] ? __pfx_lock_release+0x10/0x10 [ 2767.698558][T15727] ? mt_find+0x62d/0x850 [ 2767.702830][T15727] ? mt_find+0x226/0x850 [ 2767.707129][T15727] ? find_vma+0x142/0x1c0 [ 2767.711482][T15727] ? __pfx_find_vma+0x10/0x10 [ 2767.716186][T15727] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2767.722234][T15727] handle_mm_fault+0x3c1/0x8a0 [ 2767.727057][T15727] exc_page_fault+0x2ad/0x870 [ 2767.731764][T15727] asm_exc_page_fault+0x26/0x30 [ 2767.736672][T15727] RIP: 0010:__get_user_8+0x11/0x20 [ 2767.741808][T15727] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2767.761463][T15727] RSP: 0018:ffffc90015f9fd78 EFLAGS: 00050202 [ 2767.767555][T15727] RAX: 0000555555e1bda8 RBX: ffff888034879538 RCX: ffffc90015f9fc03 [ 2767.775542][T15727] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6da0 [ 2767.783535][T15727] RBP: ffffc90015f9fec0 R08: ffffffff8f8567ef R09: 1ffffffff1f0acfd [ 2767.791557][T15727] R10: dffffc0000000000 R11: fffffbfff1f0acfe R12: ffffc90015f9fd80 [ 2767.799547][T15727] R13: ffffc90015f9ffd8 R14: dffffc0000000000 R15: ffff888034878000 [ 2767.807549][T15727] __rseq_handle_notify_resume+0x158/0x1490 [ 2767.813481][T15727] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2767.819862][T15727] ? irqentry_exit_to_user_mode+0x52/0x280 [ 2767.825735][T15727] irqentry_exit_to_user_mode+0xbb/0x280 [ 2767.831412][T15727] exc_page_fault+0x587/0x870 [ 2767.836146][T15727] asm_exc_page_fault+0x26/0x30 [ 2767.841023][T15727] RIP: 0033:0x7f091a836fcf [ 2767.845450][T15727] Code: 48 89 84 24 90 00 00 00 48 89 9c 24 98 00 00 00 4c 8b 35 c4 69 17 00 4d 8d ae 00 00 40 00 4d 39 ec 0f 83 91 06 00 00 4c 89 eb <4d> 8b 2c 24 4d 8d 7c 24 08 4c 89 bc 24 08 01 00 00 49 83 fd ff 0f [ 2767.865068][T15727] RSP: 002b:00007ffdf4c5cba0 EFLAGS: 00010287 [ 2767.871152][T15727] RAX: 00007ffdf4c5cca8 RBX: 00007f091a800000 RCX: 00000000002a3898 [ 2767.879142][T15727] RDX: 0000000000000152 RSI: 00007ffdf4c5cb80 RDI: 7fffffffffffffff [ 2767.887162][T15727] RBP: 0000000000000001 R08: 0000000000000010 R09: 0000000000000000 [ 2767.895170][T15727] R10: 00007ffdf4c84080 R11: 000000000007cc72 R12: 00007f091a400000 20:25:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000048", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2767.903259][T15727] R13: 00007f091a800000 R14: 00007f091a400000 R15: 0000000000000001 [ 2767.911322][T15727] [ 2767.923286][T15729] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2767.924987][T15727] memory: usage 307200kB, limit 307200kB, failcnt 182548 [ 2767.940391][T15727] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0 [ 2767.950285][T15727] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2767.957744][T15727] Memory cgroup stats for /syz1: [ 2767.957894][T15727] cache 0 [ 2767.965833][T15727] rss 12288 [ 2767.969429][T15727] rss_huge 0 [ 2767.972659][T15727] shmem 0 [ 2767.975647][T15727] mapped_file 0 [ 2767.979353][T15727] dirty 0 [ 2767.982327][T15727] writeback 0 [ 2767.985680][T15727] workingset_refault_anon 60181 20:25:56 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x8847}, 0x0) [ 2768.016059][T15731] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2768.017999][T15727] workingset_refault_file 0 [ 2768.037755][T15727] swap 212992 [ 2768.043751][T15727] swapcached 8192 [ 2768.066572][T15727] pgpgin 208841 [ 2768.070361][T15727] pgpgout 208838 [ 2768.082085][T15727] pgfault 470796 [ 2768.094278][T15727] pgmajfault 57745 [ 2768.097901][T15734] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2768.110887][T15727] inactive_anon 0 20:25:57 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x14000000) [ 2768.117336][T15727] active_anon 12288 [ 2768.121409][T15727] inactive_file 0 [ 2768.128537][T15727] active_file 0 [ 2768.132314][T15727] unevictable 0 [ 2768.148804][T15727] hierarchical_memory_limit 314572800 [ 2768.177800][T15727] hierarchical_memsw_limit 9223372036854771712 [ 2768.191451][T15727] total_cache 0 [ 2768.202573][T15727] total_rss 12288 [ 2768.206626][T15735] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2768.207207][T15735] IPv6: NLM_F_CREATE should be set when creating new route [ 2768.222167][T15727] total_rss_huge 0 [ 2768.236219][T15727] total_shmem 0 [ 2768.239788][T15727] total_mapped_file 0 [ 2768.243807][T15727] total_dirty 0 [ 2768.251601][T15727] total_writeback 0 [ 2768.259527][T15737] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2768.269200][T15727] total_workingset_refault_anon 60181 [ 2768.275366][T15727] total_workingset_refault_file 0 20:25:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008ffffa8", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:57 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x8848}, 0x0) [ 2768.281490][T15739] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2768.286441][T15727] total_swap 212992 [ 2768.296365][T15727] total_swapcached 8192 [ 2768.302851][T15727] total_pgpgin 208841 [ 2768.313770][T15727] total_pgpgout 208838 [ 2768.320580][T15727] total_pgfault 470796 [ 2768.325866][T15727] total_pgmajfault 57745 [ 2768.333270][T15727] total_inactive_anon 0 [ 2768.338954][T15727] total_active_anon 12288 [ 2768.343436][T15727] total_inactive_file 0 [ 2768.348549][T15727] total_active_file 0 [ 2768.352722][T15727] total_unevictable 0 [ 2768.358088][T15727] anon_cost 0 [ 2768.361508][T15727] file_cost 0 [ 2768.364911][T15727] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15727,uid=0 [ 2768.388324][T15727] Memory cgroup out of memory: Killed process 15727 (syz-executor.1) total-vm:56424kB, anon-rss:368kB, file-rss:8784kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:57 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x2000}, 0x0) 20:25:57 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x15000000) [ 2768.461052][T15740] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2768.470013][T15740] IPv6: NLM_F_CREATE should be set when creating new route [ 2768.490858][T15743] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:25:57 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x8a51}, 0x0) 20:25:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c0009000876071c", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:57 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xfc00}, 0x0) [ 2768.806976][T15751] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2768.815877][T15751] IPv6: NLM_F_CREATE should be set when creating new route 20:25:57 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x18000000) [ 2768.948976][T15745] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2768.961476][T15745] CPU: 0 PID: 15745 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2768.971941][T15745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2768.982035][T15745] Call Trace: [ 2768.985344][T15745] [ 2768.988327][T15745] dump_stack_lvl+0x1e7/0x2e0 [ 2768.993062][T15745] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2768.999434][T15745] ? __pfx__printk+0x10/0x10 [ 2769.004066][T15745] ? ___ratelimit+0x4c4/0x670 [ 2769.008799][T15745] ? __pfx____ratelimit+0x10/0x10 [ 2769.013884][T15745] dump_header+0xda/0x6a0 [ 2769.018271][T15745] oom_kill_process+0x3a7/0x930 [ 2769.023167][T15745] out_of_memory+0xf67/0x1320 [ 2769.027894][T15745] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2769.033583][T15745] ? __pfx___mutex_lock+0x10/0x10 [ 2769.038670][T15745] ? __pfx_out_of_memory+0x10/0x10 [ 2769.043832][T15745] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2769.049415][T15745] ? __pfx_lock_release+0x10/0x10 [ 2769.054501][T15745] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2769.060615][T15745] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2769.065849][T15745] ? mem_cgroup_iter+0x3e9/0x560 [ 2769.070839][T15745] try_charge_memcg+0xda2/0x18a0 [ 2769.075815][T15745] ? mark_lock+0x9a/0x350 [ 2769.080212][T15745] ? __pfx_try_charge_memcg+0x10/0x10 [ 2769.085638][T15745] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2769.091822][T15745] charge_memcg+0xa2/0x160 [ 2769.096294][T15745] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2769.102404][T15745] __read_swap_cache_async+0x480/0x8b0 [ 2769.107918][T15745] ? mark_lock+0x9a/0x350 [ 2769.112319][T15745] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2769.118355][T15745] swap_cluster_readahead+0x67c/0x810 [ 2769.123787][T15745] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2769.129734][T15745] ? __pfx_lock_release+0x10/0x10 [ 2769.134813][T15745] ? xas_descend+0x37e/0x470 [ 2769.136118][T15759] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2769.139431][T15745] swapin_readahead+0x1ea/0x1070 [ 2769.148370][T15759] IPv6: NLM_F_CREATE should be set when creating new route [ 2769.151530][T15745] ? filemap_get_entry+0x127/0x4e0 [ 2769.164023][T15745] ? __pfx_swapin_readahead+0x10/0x10 [ 2769.169460][T15745] ? __filemap_get_folio+0x935/0xbc0 [ 2769.174794][T15745] ? swap_cache_get_folio+0x9f/0x570 [ 2769.180129][T15745] do_swap_page+0x8ab/0x3da0 [ 2769.184765][T15745] ? __pte_offset_map+0x2c4/0x380 [ 2769.189839][T15745] ? do_swap_page+0x154/0x3da0 [ 2769.194647][T15745] ? __pfx_do_swap_page+0x10/0x10 20:25:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x20000000) [ 2769.199721][T15745] ? pte_offset_map_nolock+0x137/0x1f0 [ 2769.205223][T15745] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2769.211078][T15745] ? __pfx_validate_chain+0x10/0x10 [ 2769.216339][T15745] __handle_mm_fault+0x15e8/0x72d0 [ 2769.221534][T15745] ? __pfx___handle_mm_fault+0x10/0x10 [ 2769.227052][T15745] ? mt_find+0x226/0x850 [ 2769.231337][T15745] ? __pfx_lock_release+0x10/0x10 [ 2769.236435][T15745] ? mt_find+0x62d/0x850 [ 2769.240733][T15745] ? mt_find+0x226/0x850 [ 2769.245046][T15745] ? find_vma+0x142/0x1c0 [ 2769.249424][T15745] ? __pfx_find_vma+0x10/0x10 [ 2769.254147][T15745] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2769.260184][T15745] handle_mm_fault+0x3c1/0x8a0 [ 2769.265010][T15745] exc_page_fault+0x2ad/0x870 [ 2769.269749][T15745] asm_exc_page_fault+0x26/0x30 [ 2769.274649][T15745] RIP: 0010:__get_user_8+0x11/0x20 [ 2769.279795][T15745] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2769.299463][T15745] RSP: 0018:ffffc90018e5fd78 EFLAGS: 00050202 [ 2769.305584][T15745] RAX: 0000555555e1bda8 RBX: ffff8880806cee78 RCX: ffffc90018e5fc03 [ 2769.313612][T15745] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6da0 [ 2769.321623][T15745] RBP: ffffc90018e5fec0 R08: ffffffff8f8567ef R09: 1ffffffff1f0acfd [ 2769.329635][T15745] R10: dffffc0000000000 R11: fffffbfff1f0acfe R12: ffffc90018e5fd80 [ 2769.337648][T15745] R13: ffffc90018e5ffd8 R14: dffffc0000000000 R15: ffff8880806cd940 [ 2769.345695][T15745] __rseq_handle_notify_resume+0x158/0x1490 [ 2769.351663][T15745] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2769.358048][T15745] ? irqentry_exit_to_user_mode+0x52/0x280 [ 2769.363996][T15745] irqentry_exit_to_user_mode+0xbb/0x280 [ 2769.364956][T15762] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2769.369659][T15745] exc_page_fault+0x587/0x870 [ 2769.369700][T15745] asm_exc_page_fault+0x26/0x30 [ 2769.369733][T15745] RIP: 0033:0x7f091a852714 20:25:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x21000000) [ 2769.369754][T15745] Code: 48 89 54 24 18 48 89 4c 24 20 64 48 8b 04 25 28 00 00 00 48 89 84 24 f8 00 00 00 31 c0 80 3d ea d7 12 00 00 0f 85 3c 05 00 00 <48> 8b 04 24 48 83 e8 01 48 83 f8 fd 76 1e 4c 8d 64 24 60 4c 89 e7 [ 2769.369775][T15745] RSP: 002b:00007ffdf4c5ca60 EFLAGS: 00010246 [ 2769.378631][T15762] IPv6: NLM_F_CREATE should be set when creating new route [ 2769.381622][T15745] [ 2769.381632][T15745] RAX: 0000000000000000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a9abf80 [ 2769.434592][T15745] RDX: 00007f091a834bb0 RSI: 00007ffdf4c5cd00 RDI: 00007ffdf4c5ccb8 [ 2769.442598][T15745] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c 20:25:58 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xff00}, 0x0) [ 2769.450606][T15745] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007f091a9abf80 [ 2769.458621][T15745] R13: 0000000000000064 R14: 00007f091a9abf80 R15: 00007f091a834bb0 [ 2769.466650][T15745] 20:25:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008ffffff", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2769.552854][T15745] memory: usage 307180kB, limit 307200kB, failcnt 182853 [ 2769.562886][T15745] memory+swap: usage 307416kB, limit 9007199254740988kB, failcnt 0 [ 2769.572385][T15745] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2769.580332][T15745] Memory cgroup stats for /syz1: [ 2769.580495][T15745] cache 0 [ 2769.590894][T15745] rss 12288 [ 2769.594211][T15745] rss_huge 0 [ 2769.597717][T15745] shmem 0 [ 2769.600847][T15745] mapped_file 0 [ 2769.604600][T15745] dirty 0 [ 2769.607911][T15745] writeback 0 [ 2769.611446][T15745] workingset_refault_anon 60280 [ 2769.617010][T15745] workingset_refault_file 0 [ 2769.621806][T15745] swap 241664 [ 2769.625372][T15745] swapcached 12288 [ 2769.629627][T15745] pgpgin 208950 [ 2769.634870][T15745] pgpgout 208947 [ 2769.643284][T15745] pgfault 470959 20:25:58 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x34000}, 0x0) [ 2769.645576][T15769] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2769.655571][T15769] IPv6: NLM_F_CREATE should be set when creating new route [ 2769.657439][T15745] pgmajfault 57834 [ 2769.680631][T15745] inactive_anon 12288 [ 2769.684795][T15745] active_anon 0 [ 2769.695507][T15745] inactive_file 0 [ 2769.700105][T15745] active_file 0 20:25:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x25000000) [ 2769.708869][T15745] unevictable 0 [ 2769.720381][T15745] hierarchical_memory_limit 314572800 [ 2769.731019][T15745] hierarchical_memsw_limit 9223372036854771712 [ 2769.740098][T15745] total_cache 0 [ 2769.743854][T15745] total_rss 12288 [ 2769.749091][T15745] total_rss_huge 0 [ 2769.753173][T15745] total_shmem 0 [ 2769.757106][T15745] total_mapped_file 0 [ 2769.761446][T15745] total_dirty 0 [ 2769.766184][T15745] total_writeback 0 [ 2769.770426][T15745] total_workingset_refault_anon 60280 [ 2769.792361][T15745] total_workingset_refault_file 0 [ 2769.805213][T15745] total_swap 241664 [ 2769.812349][T15745] total_swapcached 12288 [ 2769.824120][T15745] total_pgpgin 208950 [ 2769.830606][T15745] total_pgpgout 208947 [ 2769.836965][T15745] total_pgfault 470959 [ 2769.842141][T15745] total_pgmajfault 57834 [ 2769.857277][T15745] total_inactive_anon 12288 [ 2769.861840][T15745] total_active_anon 0 [ 2769.865862][T15745] total_inactive_file 0 20:25:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000048", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:58 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x400300}, 0x0) [ 2769.921001][T15745] total_active_file 0 [ 2769.925060][T15745] total_unevictable 0 [ 2769.952920][T15745] anon_cost 0 [ 2769.961273][T15745] file_cost 0 [ 2769.972975][T15745] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15745,uid=0 [ 2770.007968][T15745] Memory cgroup out of memory: Killed process 15745 (syz-executor.1) total-vm:56424kB, anon-rss:444kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:25:58 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x0, 0x2000}, 0x0) [ 2770.049336][T15775] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2770.058235][T15775] IPv6: NLM_F_CREATE should be set when creating new route 20:25:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x3f000000) 20:25:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x1000000}, 0x0) [ 2770.162822][T15780] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2770.170750][T15780] IPv6: NLM_F_CREATE should be set when creating new route 20:25:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c0009000888a8ff", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:25:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x2000000}, 0x0) [ 2770.337393][T15786] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2770.346562][T15786] IPv6: NLM_F_CREATE should be set when creating new route [ 2770.382550][T15781] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2770.394424][T15781] CPU: 1 PID: 15781 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2770.404889][T15781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2770.414985][T15781] Call Trace: [ 2770.418305][T15781] [ 2770.421273][T15781] dump_stack_lvl+0x1e7/0x2e0 [ 2770.426015][T15781] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2770.431261][T15781] ? __pfx__printk+0x10/0x10 [ 2770.435911][T15781] ? ___ratelimit+0x4c4/0x670 [ 2770.440642][T15781] ? __pfx____ratelimit+0x10/0x10 [ 2770.445729][T15781] dump_header+0xda/0x6a0 [ 2770.450110][T15781] oom_kill_process+0x3a7/0x930 [ 2770.455017][T15781] out_of_memory+0xf67/0x1320 [ 2770.459743][T15781] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2770.465416][T15781] ? __pfx___mutex_lock+0x10/0x10 [ 2770.470497][T15781] ? __pfx_out_of_memory+0x10/0x10 [ 2770.475676][T15781] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2770.481274][T15781] ? __pfx_lock_release+0x10/0x10 [ 2770.486367][T15781] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2770.492516][T15781] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2770.497769][T15781] ? mem_cgroup_iter+0x3e9/0x560 [ 2770.502767][T15781] try_charge_memcg+0xda2/0x18a0 [ 2770.507751][T15781] ? mark_lock+0x9a/0x350 [ 2770.512186][T15781] ? __pfx_try_charge_memcg+0x10/0x10 [ 2770.517638][T15781] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2770.523833][T15781] charge_memcg+0xa2/0x160 20:25:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x3000000}, 0x0) 20:25:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x4000000}, 0x0) [ 2770.528307][T15781] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2770.534416][T15781] __read_swap_cache_async+0x480/0x8b0 [ 2770.539935][T15781] ? mark_lock+0x9a/0x350 [ 2770.544323][T15781] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2770.550363][T15781] swap_cluster_readahead+0x67c/0x810 [ 2770.555790][T15781] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2770.561735][T15781] ? __pfx_lock_release+0x10/0x10 [ 2770.566810][T15781] ? xas_descend+0x37e/0x470 [ 2770.571449][T15781] swapin_readahead+0x1ea/0x1070 [ 2770.576433][T15781] ? filemap_get_entry+0x127/0x4e0 [ 2770.581611][T15781] ? __pfx_swapin_readahead+0x10/0x10 [ 2770.587044][T15781] ? __filemap_get_folio+0x935/0xbc0 [ 2770.592388][T15781] ? swap_cache_get_folio+0x9f/0x570 [ 2770.597723][T15781] do_swap_page+0x8ab/0x3da0 [ 2770.602361][T15781] ? __pte_offset_map+0x2c4/0x380 [ 2770.607435][T15781] ? __pfx_validate_chain+0x10/0x10 [ 2770.612668][T15781] ? do_swap_page+0x154/0x3da0 [ 2770.617470][T15781] ? __pfx_do_swap_page+0x10/0x10 [ 2770.622537][T15781] ? pte_offset_map_nolock+0x137/0x1f0 [ 2770.628044][T15781] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2770.633908][T15781] __handle_mm_fault+0x15e8/0x72d0 [ 2770.639094][T15781] ? reacquire_held_locks+0x3eb/0x690 [ 2770.644509][T15781] ? __pfx___handle_mm_fault+0x10/0x10 [ 2770.650016][T15781] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2770.655881][T15781] ? mtree_range_walk+0x6fd/0x8e0 [ 2770.660954][T15781] ? lock_vma_under_rcu+0x18a/0x730 [ 2770.666193][T15781] ? __pfx_lock_release+0x10/0x10 [ 2770.671258][T15781] ? lock_vma_under_rcu+0x2f9/0x730 [ 2770.676532][T15781] ? lock_vma_under_rcu+0x18a/0x730 20:25:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x5000000}, 0x0) [ 2770.681763][T15781] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2770.687352][T15781] handle_mm_fault+0x3c1/0x8a0 [ 2770.692170][T15781] exc_page_fault+0x456/0x870 [ 2770.696898][T15781] asm_exc_page_fault+0x26/0x30 [ 2770.701804][T15781] RIP: 0033:0x7f091a82826f [ 2770.706255][T15781] Code: ca 00 4c 63 05 7a d4 ca 00 48 8b 05 7b d4 ca 00 49 01 c8 48 39 c8 72 13 4c 39 c0 73 0e 48 8d 50 04 89 38 48 89 15 61 d4 ca 00 52 48 8d 35 c3 0e 0a 00 48 89 c2 48 8d 3d cf 0e 0a 00 31 c0 e8 [ 2770.725996][T15781] RSP: 002b:00007ffdf4c5cb98 EFLAGS: 00010287 [ 2770.732112][T15781] RAX: 0000001b2fb20000 RBX: 0000000000000003 RCX: 0000001b2fb20000 [ 2770.740145][T15781] RDX: 0000001b2fb20004 RSI: 0000000000000000 RDI: 0000000000000000 [ 2770.748157][T15781] RBP: 0000000000000001 R08: 0000001b30120000 R09: 0000000000040000 [ 2770.756166][T15781] R10: 0000000000000011 R11: 0000000000000293 R12: 0000000000000001 [ 2770.764179][T15781] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 2770.772210][T15781] 20:25:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x40000000) 20:25:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x6000000}, 0x0) [ 2770.803515][T15781] memory: usage 307176kB, limit 307200kB, failcnt 183013 [ 2770.853699][T15781] memory+swap: usage 307436kB, limit 9007199254740988kB, failcnt 0 [ 2770.866790][T15781] kmem: usage 307164kB, limit 9007199254740988kB, failcnt 0 [ 2770.878734][T15781] Memory cgroup stats for /syz1: [ 2770.878886][T15781] cache 0 [ 2770.896272][T15781] rss 8192 [ 2770.899562][T15781] rss_huge 0 [ 2770.905199][T15781] shmem 0 [ 2770.911720][T15781] mapped_file 0 [ 2770.919463][T15781] dirty 0 [ 2770.928240][T15781] writeback 0 [ 2770.931776][T15781] workingset_refault_anon 60319 [ 2770.938893][T15781] workingset_refault_file 0 [ 2770.943652][T15781] swap 270336 [ 2770.947780][T15781] swapcached 8192 [ 2770.951622][T15781] pgpgin 209013 20:25:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x7000000}, 0x0) [ 2770.955324][T15781] pgpgout 209011 [ 2770.962068][T15781] pgfault 471061 [ 2770.977561][T15781] pgmajfault 57888 [ 2770.984018][T15781] inactive_anon 8192 [ 2770.990065][T15781] active_anon 0 [ 2770.997942][T15781] inactive_file 0 [ 2771.001830][T15781] active_file 0 20:25:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c000900087fffff", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2771.005494][T15781] unevictable 0 [ 2771.010334][T15781] hierarchical_memory_limit 314572800 [ 2771.048529][T15781] hierarchical_memsw_limit 9223372036854771712 [ 2771.068627][T15781] total_cache 0 [ 2771.075684][T15781] total_rss 8192 [ 2771.086640][T15802] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 20:26:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x48000000) [ 2771.095439][T15802] IPv6: NLM_F_CREATE should be set when creating new route [ 2771.110054][T15781] total_rss_huge 0 [ 2771.113990][T15781] total_shmem 0 [ 2771.117831][T15781] total_mapped_file 0 20:26:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x8000000}, 0x0) [ 2771.169739][T15781] total_dirty 0 [ 2771.173265][T15781] total_writeback 0 [ 2771.201481][T15781] total_workingset_refault_anon 60319 [ 2771.229653][T15781] total_workingset_refault_file 0 [ 2771.241999][T15781] total_swap 270336 [ 2771.247225][T15781] total_swapcached 8192 [ 2771.251564][T15781] total_pgpgin 209013 [ 2771.255682][T15781] total_pgpgout 209011 [ 2771.260886][T15781] total_pgfault 471061 [ 2771.265121][T15781] total_pgmajfault 57888 [ 2771.270035][T15781] total_inactive_anon 8192 [ 2771.274661][T15781] total_active_anon 0 20:26:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008f0ffff", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x9000000}, 0x0) [ 2771.307071][T15781] total_inactive_file 0 [ 2771.312033][T15781] total_active_file 0 [ 2771.326351][T15781] total_unevictable 0 [ 2771.330382][T15781] anon_cost 0 [ 2771.333692][T15781] file_cost 0 [ 2771.337337][T15781] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15781,uid=0 20:26:00 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a06020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2771.372263][T15781] Memory cgroup out of memory: Killed process 15781 (syz-executor.1) total-vm:56424kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:1000 20:26:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xa000000}, 0x0) [ 2771.449998][T15812] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2771.458874][T15812] IPv6: NLM_F_CREATE should be set when creating new route 20:26:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x4c000000) 20:26:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008a9dd87", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xb000000}, 0x0) [ 2771.690495][T15817] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2771.722256][T15817] CPU: 1 PID: 15817 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2771.732847][T15817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2771.742947][T15817] Call Trace: [ 2771.746261][T15817] [ 2771.749223][T15817] dump_stack_lvl+0x1e7/0x2e0 [ 2771.753955][T15817] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2771.759195][T15817] ? __pfx__printk+0x10/0x10 [ 2771.763828][T15817] ? ___ratelimit+0x4c4/0x670 [ 2771.768544][T15817] ? __pfx____ratelimit+0x10/0x10 [ 2771.773627][T15817] dump_header+0xda/0x6a0 [ 2771.778011][T15817] oom_kill_process+0x3a7/0x930 [ 2771.782908][T15817] out_of_memory+0xf67/0x1320 [ 2771.787636][T15817] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2771.793314][T15817] ? __pfx___mutex_lock+0x10/0x10 [ 2771.798406][T15817] ? __pfx_out_of_memory+0x10/0x10 [ 2771.803575][T15817] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2771.809165][T15817] ? __pfx_lock_release+0x10/0x10 [ 2771.814253][T15817] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2771.820372][T15817] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2771.825616][T15817] ? mem_cgroup_iter+0x3e9/0x560 [ 2771.830607][T15817] try_charge_memcg+0xda2/0x18a0 [ 2771.835590][T15817] ? mark_lock+0x9a/0x350 [ 2771.839989][T15817] ? __pfx_try_charge_memcg+0x10/0x10 [ 2771.845441][T15817] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2771.851636][T15817] charge_memcg+0xa2/0x160 [ 2771.856100][T15817] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2771.862260][T15817] __read_swap_cache_async+0x480/0x8b0 [ 2771.867808][T15817] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2771.873842][T15817] ? mlock_drain_local+0x79/0x490 [ 2771.878907][T15817] ? mlock_drain_local+0x79/0x490 [ 2771.883971][T15817] ? mlock_drain_local+0x28c/0x490 [ 2771.889149][T15817] swap_cluster_readahead+0x67c/0x810 [ 2771.894585][T15817] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2771.900541][T15817] ? __pfx_lock_release+0x10/0x10 [ 2771.905634][T15817] ? xas_descend+0x37e/0x470 [ 2771.910309][T15817] swapin_readahead+0x1ea/0x1070 [ 2771.915288][T15817] ? filemap_get_entry+0x127/0x4e0 [ 2771.920444][T15817] ? __pfx_swapin_readahead+0x10/0x10 [ 2771.926044][T15817] ? __filemap_get_folio+0x935/0xbc0 [ 2771.931385][T15817] ? swap_cache_get_folio+0x9f/0x570 [ 2771.936727][T15817] do_swap_page+0x8ab/0x3da0 20:26:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xc000000}, 0x0) [ 2771.941365][T15817] ? __pte_offset_map+0x2c4/0x380 [ 2771.946453][T15817] ? do_swap_page+0x154/0x3da0 [ 2771.951264][T15817] ? __pfx_do_swap_page+0x10/0x10 [ 2771.956339][T15817] ? pte_offset_map_nolock+0x137/0x1f0 [ 2771.961855][T15817] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2771.967723][T15817] __handle_mm_fault+0x15e8/0x72d0 [ 2771.972905][T15817] ? reacquire_held_locks+0x3eb/0x690 [ 2771.978312][T15817] ? __pfx___handle_mm_fault+0x10/0x10 [ 2771.983827][T15817] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2771.989614][T15817] ? mtree_range_walk+0x6fd/0x8e0 [ 2771.994681][T15817] ? lock_vma_under_rcu+0x18a/0x730 [ 2771.999920][T15817] ? __pfx_lock_release+0x10/0x10 [ 2772.004989][T15817] ? lock_vma_under_rcu+0x2f9/0x730 [ 2772.010262][T15817] ? lock_vma_under_rcu+0x18a/0x730 [ 2772.015504][T15817] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2772.021107][T15817] handle_mm_fault+0x3c1/0x8a0 [ 2772.025941][T15817] exc_page_fault+0x456/0x870 [ 2772.029775][T15823] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2772.030659][T15817] asm_exc_page_fault+0x26/0x30 [ 2772.030700][T15817] RIP: 0033:0x7f091a8373be [ 2772.030722][T15817] Code: 8d 4c 24 0c 31 c0 b9 40 42 0f 00 4c 89 ce ba 81 00 00 00 bf ca 00 00 00 41 c7 44 24 0c 01 00 00 00 4c 89 0c 24 e8 d2 69 04 00 <80> 3d ed e2 c9 00 00 4c 8b 0c 24 0f 84 71 ff ff ff 4c 8d ac 24 60 [ 2772.039724][T15823] IPv6: NLM_F_CREATE should be set when creating new route [ 2772.042761][T15817] RSP: 002b:00007ffdf4c5cba0 EFLAGS: 00010217 [ 2772.080236][T15817] RAX: 0000000000000000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a87dda9 20:26:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x60000000) [ 2772.088262][T15817] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f091a9abf8c [ 2772.096272][T15817] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2772.104283][T15817] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007f091a9abf80 [ 2772.112293][T15817] R13: 0000000000000fbb R14: 00007f091a9abf80 R15: 00007ffdf4c5cca8 [ 2772.120325][T15817] 20:26:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xf000000}, 0x0) [ 2772.148787][T15830] __nla_validate_parse: 33 callbacks suppressed [ 2772.148807][T15830] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2772.168037][T15817] memory: usage 307192kB, limit 307200kB, failcnt 183190 [ 2772.175397][T15817] memory+swap: usage 307416kB, limit 9007199254740988kB, failcnt 0 [ 2772.221726][T15817] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2772.233642][T15832] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2772.256707][T15817] Memory cgroup stats for /syz1: [ 2772.256864][T15817] cache 0 [ 2772.273690][T15817] rss 12288 [ 2772.286513][T15817] rss_huge 0 [ 2772.292157][T15817] shmem 0 [ 2772.300798][T15817] mapped_file 0 [ 2772.305213][T15817] dirty 0 [ 2772.310831][T15817] writeback 0 [ 2772.311686][T15836] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:26:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x10000000}, 0x0) [ 2772.314221][T15817] workingset_refault_anon 60379 [ 2772.336094][T15835] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2772.346486][T15817] workingset_refault_file 0 [ 2772.351314][T15817] swap 229376 [ 2772.378310][T15817] swapcached 8192 [ 2772.390820][T15817] pgpgin 209086 [ 2772.399601][T15817] pgpgout 209083 [ 2772.411245][T15817] pgfault 471172 [ 2772.415107][T15817] pgmajfault 57943 [ 2772.415204][T15837] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2772.421604][T15817] inactive_anon 4096 [ 2772.427749][T15837] IPv6: NLM_F_CREATE should be set when creating new route [ 2772.431781][T15817] active_anon 8192 [ 2772.444654][T15817] inactive_file 0 [ 2772.449051][T15817] active_file 0 [ 2772.452836][T15817] unevictable 0 [ 2772.458260][T15817] hierarchical_memory_limit 314572800 [ 2772.464368][T15817] hierarchical_memsw_limit 9223372036854771712 [ 2772.471879][T15817] total_cache 0 20:26:01 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x68000000) [ 2772.475649][T15838] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2772.475770][T15817] total_rss 12288 [ 2772.483422][T15838] IPv6: NLM_F_CREATE should be set when creating new route [ 2772.494212][T15840] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2772.516334][T15817] total_rss_huge 0 [ 2772.520226][T15817] total_shmem 0 20:26:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2772.525510][T15817] total_mapped_file 0 [ 2772.532749][T15817] total_dirty 0 [ 2772.536498][T15817] total_writeback 0 [ 2772.540492][T15817] total_workingset_refault_anon 60379 [ 2772.546307][T15817] total_workingset_refault_file 0 [ 2772.551507][T15817] total_swap 229376 [ 2772.555478][T15817] total_swapcached 8192 [ 2772.559855][T15817] total_pgpgin 209086 20:26:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x14000000}, 0x0) [ 2772.586070][T15817] total_pgpgout 209083 [ 2772.590639][T15817] total_pgfault 471172 [ 2772.596648][T15817] total_pgmajfault 57943 [ 2772.606735][T15817] total_inactive_anon 4096 [ 2772.614733][T15817] total_active_anon 8192 [ 2772.622574][T15842] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2772.634095][T15817] total_inactive_file 0 [ 2772.638762][T15817] total_active_file 0 [ 2772.646067][T15817] total_unevictable 0 [ 2772.656865][T15817] anon_cost 0 [ 2772.665142][T15817] file_cost 0 20:26:01 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a06020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2772.672141][T15817] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15817,uid=0 [ 2772.688073][T15817] Memory cgroup out of memory: Killed process 15817 (syz-executor.1) total-vm:56424kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2772.747691][T15845] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:26:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x60000000}, 0x0) [ 2772.817902][T15846] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2772.833871][T15848] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2772.842858][T15848] IPv6: NLM_F_CREATE should be set when creating new route [ 2772.898470][T15849] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2772.906331][T15849] IPv6: NLM_F_CREATE should be set when creating new route 20:26:01 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x6c000000) 20:26:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x65580000}, 0x0) 20:26:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2772.962811][T15852] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2772.993918][T15850] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2773.024932][T15850] CPU: 0 PID: 15850 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2773.035418][T15850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2773.045517][T15850] Call Trace: [ 2773.048836][T15850] [ 2773.051801][T15850] dump_stack_lvl+0x1e7/0x2e0 [ 2773.056533][T15850] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2773.061783][T15850] ? __pfx__printk+0x10/0x10 [ 2773.063500][T15856] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2773.066401][T15850] ? ___ratelimit+0x4c4/0x670 [ 2773.066443][T15850] ? __pfx____ratelimit+0x10/0x10 [ 2773.066477][T15850] dump_header+0xda/0x6a0 [ 2773.066513][T15850] oom_kill_process+0x3a7/0x930 [ 2773.066548][T15850] out_of_memory+0xf67/0x1320 [ 2773.066584][T15850] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2773.066614][T15850] ? __pfx___mutex_lock+0x10/0x10 [ 2773.066660][T15850] ? __pfx_out_of_memory+0x10/0x10 [ 2773.066702][T15850] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2773.066729][T15850] ? __pfx_lock_release+0x10/0x10 [ 2773.066765][T15850] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2773.066800][T15850] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2773.066829][T15850] ? mem_cgroup_iter+0x3e9/0x560 [ 2773.066864][T15850] try_charge_memcg+0xda2/0x18a0 [ 2773.066888][T15850] ? mark_lock+0x9a/0x350 [ 2773.066938][T15850] ? __pfx_try_charge_memcg+0x10/0x10 [ 2773.066996][T15850] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2773.067020][T15850] charge_memcg+0xa2/0x160 [ 2773.067058][T15850] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2773.067086][T15850] __read_swap_cache_async+0x480/0x8b0 [ 2773.067119][T15850] ? mark_lock+0x9a/0x350 [ 2773.067154][T15850] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2773.067197][T15850] swap_cluster_readahead+0x67c/0x810 [ 2773.067240][T15850] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2773.067276][T15850] ? __pfx_lock_release+0x10/0x10 [ 2773.067310][T15850] ? xas_descend+0x37e/0x470 [ 2773.067350][T15850] swapin_readahead+0x1ea/0x1070 20:26:02 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x81000000}, 0x0) 20:26:02 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x88470000}, 0x0) [ 2773.067381][T15850] ? filemap_get_entry+0x127/0x4e0 [ 2773.067431][T15850] ? __pfx_swapin_readahead+0x10/0x10 [ 2773.067476][T15850] ? __filemap_get_folio+0x935/0xbc0 [ 2773.067516][T15850] ? swap_cache_get_folio+0x9f/0x570 [ 2773.067555][T15850] do_swap_page+0x8ab/0x3da0 [ 2773.067586][T15850] ? __pte_offset_map+0x2c4/0x380 [ 2773.067621][T15850] ? __pfx_validate_chain+0x10/0x10 [ 2773.067656][T15850] ? do_swap_page+0x154/0x3da0 [ 2773.067682][T15850] ? __pfx_do_swap_page+0x10/0x10 [ 2773.067709][T15850] ? pte_offset_map_nolock+0x137/0x1f0 [ 2773.067742][T15850] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2773.067786][T15850] __handle_mm_fault+0x15e8/0x72d0 [ 2773.067849][T15850] ? reacquire_held_locks+0x3eb/0x690 [ 2773.067875][T15850] ? __pfx___handle_mm_fault+0x10/0x10 [ 2773.067919][T15850] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2773.067965][T15850] ? mtree_range_walk+0x6fd/0x8e0 [ 2773.067992][T15850] ? lock_vma_under_rcu+0x18a/0x730 [ 2773.068019][T15850] ? __pfx_lock_release+0x10/0x10 [ 2773.068046][T15850] ? lock_vma_under_rcu+0x2f9/0x730 [ 2773.068099][T15850] ? lock_vma_under_rcu+0x18a/0x730 [ 2773.068127][T15850] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2773.068159][T15850] handle_mm_fault+0x3c1/0x8a0 [ 2773.068199][T15850] exc_page_fault+0x456/0x870 [ 2773.068238][T15850] asm_exc_page_fault+0x26/0x30 [ 2773.068269][T15850] RIP: 0033:0x7f091a85274e [ 2773.068292][T15850] Code: 64 24 60 4c 89 e7 e8 11 0e 00 00 89 c5 85 c0 0f 85 a2 00 00 00 c6 44 24 43 01 eb 09 c6 44 24 43 00 4c 8b 24 24 e8 a2 b4 02 00 <4c> 8b 2d c3 2f c8 00 48 8b 0d cc 2f c8 00 31 d2 8d 68 ff 89 c3 4c [ 2773.068312][T15850] RSP: 002b:00007ffdf4c5ca60 EFLAGS: 00010206 [ 2773.068334][T15850] RAX: 0000000000001000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a9abf80 [ 2773.068351][T15850] RDX: 00007f091a834bb0 RSI: 00007ffdf4c5cd00 RDI: 00007ffdf4c5ccb8 [ 2773.068367][T15850] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2773.068383][T15850] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007ffdf4c5cd00 [ 2773.068397][T15850] R13: 0000000000000064 R14: 00007f091a9abf80 R15: 00007f091a834bb0 [ 2773.068433][T15850] [ 2773.098976][T15850] memory: usage 307200kB, limit 307200kB, failcnt 183367 20:26:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2773.465133][T15850] memory+swap: usage 307448kB, limit 9007199254740988kB, failcnt 0 [ 2773.474557][T15850] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2773.482171][T15850] Memory cgroup stats for /syz1: [ 2773.482321][T15850] cache 0 [ 2773.503598][T15850] rss 12288 [ 2773.511417][T15850] rss_huge 0 [ 2773.521109][T15850] shmem 0 [ 2773.529858][T15850] mapped_file 0 [ 2773.535103][T15850] dirty 0 [ 2773.543642][T15850] writeback 0 [ 2773.555279][T15850] workingset_refault_anon 60436 [ 2773.564575][T15850] workingset_refault_file 0 20:26:02 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x88480000}, 0x0) [ 2773.575877][T15850] swap 253952 [ 2773.583445][T15850] swapcached 12288 [ 2773.604713][T15850] pgpgin 209158 [ 2773.610379][T15850] pgpgout 209155 [ 2773.614135][T15850] pgfault 471289 20:26:02 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x74000000) [ 2773.669243][T15850] pgmajfault 58001 [ 2773.673031][T15850] inactive_anon 4096 [ 2773.704379][T15850] active_anon 8192 [ 2773.711321][T15850] inactive_file 0 [ 2773.715104][T15850] active_file 0 [ 2773.720186][T15850] unevictable 0 [ 2773.723859][T15850] hierarchical_memory_limit 314572800 [ 2773.730527][T15850] hierarchical_memsw_limit 9223372036854771712 [ 2773.737136][T15850] total_cache 0 [ 2773.740895][T15850] total_rss 12288 [ 2773.745022][T15850] total_rss_huge 0 [ 2773.780163][T15850] total_shmem 0 [ 2773.783976][T15850] total_mapped_file 0 [ 2773.804913][T15850] total_dirty 0 [ 2773.813621][T15850] total_writeback 0 [ 2773.823856][T15850] total_workingset_refault_anon 60436 [ 2773.824128][T15867] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2773.832717][T15850] total_workingset_refault_file 0 [ 2773.837133][T15867] IPv6: NLM_F_CREATE should be set when creating new route [ 2773.842980][T15850] total_swap 253952 [ 2773.854766][T15850] total_swapcached 12288 [ 2773.861609][T15850] total_pgpgin 209158 [ 2773.866251][T15850] total_pgpgout 209155 [ 2773.870525][T15850] total_pgfault 471289 [ 2773.874791][T15850] total_pgmajfault 58001 [ 2773.879890][T15850] total_inactive_anon 4096 [ 2773.884594][T15850] total_active_anon 8192 [ 2773.889815][T15850] total_inactive_file 0 [ 2773.894605][T15850] total_active_file 0 [ 2773.899861][T15850] total_unevictable 0 [ 2773.904239][T15850] anon_cost 0 [ 2773.908701][T15850] file_cost 0 20:26:02 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x88a8ffff}, 0x0) 20:26:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2773.927767][T15850] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15850,uid=0 [ 2773.960203][T15850] Memory cgroup out of memory: Killed process 15850 (syz-executor.1) total-vm:56424kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:26:02 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a06020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2774.060629][T15872] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2774.069680][T15872] IPv6: NLM_F_CREATE should be set when creating new route 20:26:03 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x7a000000) 20:26:03 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x8a510000}, 0x0) [ 2774.174285][T15877] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2774.182185][T15877] IPv6: NLM_F_CREATE should be set when creating new route 20:26:03 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:03 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xe0ffffff}, 0x0) [ 2774.362731][T15883] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2774.371913][T15883] IPv6: NLM_F_CREATE should be set when creating new route 20:26:03 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x7e120000) [ 2774.533416][T15886] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2774.541229][T15886] IPv6: NLM_F_CREATE should be set when creating new route 20:26:03 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xf0ffffff}, 0x0) [ 2774.606423][T15878] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2774.626280][T15878] CPU: 0 PID: 15878 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2774.636818][T15878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2774.647158][T15878] Call Trace: [ 2774.650491][T15878] [ 2774.653504][T15878] dump_stack_lvl+0x1e7/0x2e0 [ 2774.658268][T15878] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2774.663699][T15878] ? __pfx__printk+0x10/0x10 [ 2774.668363][T15878] ? ___ratelimit+0x4c4/0x670 [ 2774.673161][T15878] ? __pfx____ratelimit+0x10/0x10 [ 2774.678346][T15878] dump_header+0xda/0x6a0 [ 2774.682836][T15878] oom_kill_process+0x3a7/0x930 [ 2774.687763][T15878] out_of_memory+0xf67/0x1320 [ 2774.692656][T15878] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2774.698736][T15878] ? __pfx___mutex_lock+0x10/0x10 20:26:03 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2774.703940][T15878] ? __pfx_out_of_memory+0x10/0x10 [ 2774.709309][T15878] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2774.714932][T15878] ? __pfx_lock_release+0x10/0x10 [ 2774.720019][T15878] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2774.726434][T15878] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2774.731691][T15878] ? mem_cgroup_iter+0x3e9/0x560 [ 2774.736687][T15878] try_charge_memcg+0xda2/0x18a0 [ 2774.741676][T15878] ? mark_lock+0x9a/0x350 [ 2774.746098][T15878] ? __pfx_try_charge_memcg+0x10/0x10 [ 2774.751703][T15878] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2774.757907][T15878] charge_memcg+0xa2/0x160 [ 2774.762392][T15878] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2774.768531][T15878] __read_swap_cache_async+0x480/0x8b0 [ 2774.774053][T15878] ? mark_lock+0x9a/0x350 [ 2774.778448][T15878] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2774.784518][T15878] swap_cluster_readahead+0x67c/0x810 [ 2774.790062][T15878] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2774.796019][T15878] ? __pfx_lock_release+0x10/0x10 [ 2774.801101][T15878] ? xas_descend+0x37e/0x470 20:26:03 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xfc000000}, 0x0) [ 2774.805743][T15878] swapin_readahead+0x1ea/0x1070 [ 2774.810728][T15878] ? filemap_get_entry+0x127/0x4e0 [ 2774.815922][T15878] ? __pfx_swapin_readahead+0x10/0x10 [ 2774.821361][T15878] ? __filemap_get_folio+0x935/0xbc0 [ 2774.826705][T15878] ? swap_cache_get_folio+0x9f/0x570 [ 2774.832054][T15878] do_swap_page+0x8ab/0x3da0 [ 2774.836702][T15878] ? __pte_offset_map+0x2c4/0x380 [ 2774.841788][T15878] ? __pfx_validate_chain+0x10/0x10 [ 2774.847042][T15878] ? do_swap_page+0x154/0x3da0 [ 2774.852110][T15878] ? __pfx_do_swap_page+0x10/0x10 [ 2774.857197][T15878] ? pte_offset_map_nolock+0x137/0x1f0 [ 2774.862705][T15878] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2774.868689][T15878] __handle_mm_fault+0x15e8/0x72d0 [ 2774.874267][T15878] ? reacquire_held_locks+0x3eb/0x690 [ 2774.879824][T15878] ? __pfx___handle_mm_fault+0x10/0x10 [ 2774.885542][T15878] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2774.891374][T15878] ? mtree_range_walk+0x6fd/0x8e0 [ 2774.896493][T15878] ? lock_vma_under_rcu+0x18a/0x730 [ 2774.901834][T15878] ? __pfx_lock_release+0x10/0x10 20:26:03 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xfe80ffff}, 0x0) [ 2774.907044][T15878] ? lock_vma_under_rcu+0x2f9/0x730 [ 2774.912398][T15878] ? lock_vma_under_rcu+0x18a/0x730 [ 2774.917675][T15878] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2774.923566][T15878] handle_mm_fault+0x3c1/0x8a0 [ 2774.928493][T15878] exc_page_fault+0x456/0x870 [ 2774.933349][T15878] asm_exc_page_fault+0x26/0x30 [ 2774.935152][T15891] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2774.938376][T15878] RIP: 0033:0x7f091a85b2c0 [ 2774.938411][T15878] Code: 5d c3 0f 1f 84 00 00 00 00 00 e8 8b b9 ff ff e9 ae fd ff ff 66 0f 1f 44 00 00 48 8d 35 a9 43 12 00 49 39 f5 0f 85 ef 00 00 00 <80> 3d 31 4c 12 00 00 0f 85 45 ff ff ff e9 24 ff ff ff 66 0f 1f 44 [ 2774.938429][T15878] RSP: 002b:00007ffdf4c5ca00 EFLAGS: 00010246 [ 2774.938449][T15878] RAX: 0000555555e1c900 RBX: 0000000000000110 RCX: 0000555555e1c8f0 [ 2774.938530][T15878] RDX: 0000000000000121 RSI: 00007f091a97f660 RDI: 0000555555e1c900 [ 2774.938547][T15878] RBP: 0000555555e1c8f0 R08: 00000000ffffffff R09: 0000000000000000 [ 2774.938562][T15878] R10: 0000000000021000 R11: 0000000000000010 R12: 0000000000020710 [ 2774.938575][T15878] R13: 00007f091a97f660 R14: 0000000000001000 R15: 0000000000000000 [ 2774.938608][T15878] [ 2775.022189][T15891] IPv6: NLM_F_CREATE should be set when creating new route [ 2775.080666][ T1242] ieee802154 phy0 wpan0: encryption failed: -22 [ 2775.087485][ T1242] ieee802154 phy1 wpan1: encryption failed: -22 [ 2775.123578][T15878] memory: usage 307180kB, limit 307200kB, failcnt 183702 [ 2775.140037][T15878] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0 [ 2775.149250][T15878] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2775.157468][T15878] Memory cgroup stats for /syz1: [ 2775.157624][T15878] cache 0 [ 2775.165695][T15878] rss 12288 [ 2775.169084][T15878] rss_huge 0 20:26:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x84020000) [ 2775.172316][T15878] shmem 0 [ 2775.175527][T15878] mapped_file 0 [ 2775.179451][T15878] dirty 0 [ 2775.182494][T15878] writeback 0 [ 2775.185814][T15878] workingset_refault_anon 60551 [ 2775.193999][T15878] workingset_refault_file 0 [ 2775.199040][T15878] swap 233472 [ 2775.202364][T15878] swapcached 8192 [ 2775.206281][T15878] pgpgin 209296 [ 2775.209880][T15878] pgpgout 209293 [ 2775.213482][T15878] pgfault 471498 [ 2775.217331][T15878] pgmajfault 58111 [ 2775.221083][T15878] inactive_anon 0 [ 2775.224739][T15878] active_anon 12288 [ 2775.229487][T15878] inactive_file 0 [ 2775.233158][T15878] active_file 0 [ 2775.236888][T15878] unevictable 0 [ 2775.240400][T15878] hierarchical_memory_limit 314572800 [ 2775.246334][T15878] hierarchical_memsw_limit 9223372036854771712 [ 2775.252529][T15878] total_cache 0 [ 2775.256419][T15878] total_rss 12288 [ 2775.260166][T15878] total_rss_huge 0 [ 2775.263968][T15878] total_shmem 0 [ 2775.267776][T15878] total_mapped_file 0 [ 2775.271789][T15878] total_dirty 0 [ 2775.275362][T15878] total_writeback 0 [ 2775.291603][T15878] total_workingset_refault_anon 60551 20:26:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xfec0ffff}, 0x0) [ 2775.320396][T15878] total_workingset_refault_file 0 [ 2775.325502][T15878] total_swap 233472 [ 2775.343630][T15878] total_swapcached 8192 [ 2775.354114][T15878] total_pgpgin 209296 [ 2775.362963][T15878] total_pgpgout 209293 [ 2775.372473][T15878] total_pgfault 471498 [ 2775.383185][T15878] total_pgmajfault 58111 [ 2775.398365][T15878] total_inactive_anon 0 [ 2775.402675][T15878] total_active_anon 12288 [ 2775.410488][T15878] total_inactive_file 0 [ 2775.410545][T15898] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2775.417953][T15878] total_active_file 0 [ 2775.422579][T15898] IPv6: NLM_F_CREATE should be set when creating new route [ 2775.436342][T15878] total_unevictable 0 [ 2775.440368][T15878] anon_cost 0 [ 2775.443673][T15878] file_cost 0 [ 2775.451444][T15878] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15878,uid=0 20:26:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x8409d7e2) 20:26:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2775.483553][T15878] Memory cgroup out of memory: Killed process 15878 (syz-executor.1) total-vm:56556kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:26:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xff000000}, 0x0) 20:26:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000afc000000000000000000000c00080008"], 0x3c}}, 0x0) 20:26:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x86020000) 20:26:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xffff0000}, 0x0) [ 2775.733724][T15913] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2775.741769][T15913] IPv6: NLM_F_CREATE should be set when creating new route 20:26:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xffff80fe}, 0x0) [ 2775.888071][T15912] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2775.900240][T15912] CPU: 1 PID: 15912 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2775.910979][T15912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2775.921051][T15912] Call Trace: [ 2775.924360][T15912] [ 2775.928084][T15912] dump_stack_lvl+0x1e7/0x2e0 [ 2775.932806][T15912] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2775.938118][T15912] ? __pfx__printk+0x10/0x10 [ 2775.942757][T15912] ? ___ratelimit+0x4c4/0x670 [ 2775.947564][T15912] ? __pfx____ratelimit+0x10/0x10 [ 2775.952625][T15912] dump_header+0xda/0x6a0 [ 2775.957156][T15912] oom_kill_process+0x3a7/0x930 [ 2775.962045][T15912] out_of_memory+0xf67/0x1320 [ 2775.966744][T15912] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2775.972480][T15912] ? __pfx___mutex_lock+0x10/0x10 [ 2775.977541][T15912] ? __pfx_out_of_memory+0x10/0x10 [ 2775.982682][T15912] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2775.988429][T15912] ? __pfx_lock_release+0x10/0x10 [ 2775.993593][T15912] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2775.999689][T15912] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2776.004997][T15912] ? mem_cgroup_iter+0x3e9/0x560 [ 2776.009963][T15912] try_charge_memcg+0xda2/0x18a0 [ 2776.014928][T15912] ? mark_lock+0x9a/0x350 [ 2776.019297][T15912] ? __pfx_try_charge_memcg+0x10/0x10 [ 2776.024711][T15912] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2776.030880][T15912] charge_memcg+0xa2/0x160 [ 2776.035319][T15912] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2776.041403][T15912] __read_swap_cache_async+0x480/0x8b0 [ 2776.046884][T15912] ? mark_lock+0x9a/0x350 [ 2776.051236][T15912] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2776.057247][T15912] swap_cluster_readahead+0x67c/0x810 [ 2776.062652][T15912] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2776.068570][T15912] ? __pfx_lock_release+0x10/0x10 [ 2776.073620][T15912] ? xas_descend+0x37e/0x470 [ 2776.078236][T15912] swapin_readahead+0x1ea/0x1070 [ 2776.083192][T15912] ? filemap_get_entry+0x127/0x4e0 [ 2776.088346][T15912] ? __pfx_swapin_readahead+0x10/0x10 [ 2776.093744][T15912] ? __filemap_get_folio+0x935/0xbc0 [ 2776.099050][T15912] ? swap_cache_get_folio+0x9f/0x570 [ 2776.104354][T15912] do_swap_page+0x8ab/0x3da0 [ 2776.108959][T15912] ? __pte_offset_map+0x2c4/0x380 [ 2776.114017][T15912] ? do_swap_page+0x154/0x3da0 [ 2776.118823][T15912] ? __pfx_do_swap_page+0x10/0x10 [ 2776.123861][T15912] ? pte_offset_map_nolock+0x137/0x1f0 [ 2776.129337][T15912] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2776.135171][T15912] __handle_mm_fault+0x15e8/0x72d0 [ 2776.140324][T15912] ? reacquire_held_locks+0x3eb/0x690 [ 2776.145713][T15912] ? __pfx___handle_mm_fault+0x10/0x10 [ 2776.151208][T15912] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2776.157321][T15912] ? mtree_range_walk+0x6fd/0x8e0 [ 2776.162454][T15912] ? lock_vma_under_rcu+0x18a/0x730 [ 2776.167714][T15912] ? __pfx_lock_release+0x10/0x10 [ 2776.172759][T15912] ? lock_vma_under_rcu+0x2f9/0x730 [ 2776.177992][T15912] ? lock_vma_under_rcu+0x18a/0x730 [ 2776.183296][T15912] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2776.188882][T15912] handle_mm_fault+0x3c1/0x8a0 [ 2776.193674][T15912] exc_page_fault+0x456/0x870 [ 2776.198380][T15912] asm_exc_page_fault+0x26/0x30 [ 2776.203256][T15912] RIP: 0033:0x7f091a85274e [ 2776.207695][T15912] Code: 64 24 60 4c 89 e7 e8 11 0e 00 00 89 c5 85 c0 0f 85 a2 00 00 00 c6 44 24 43 01 eb 09 c6 44 24 43 00 4c 8b 24 24 e8 a2 b4 02 00 <4c> 8b 2d c3 2f c8 00 48 8b 0d cc 2f c8 00 31 d2 8d 68 ff 89 c3 4c [ 2776.227588][T15912] RSP: 002b:00007ffdf4c5ca60 EFLAGS: 00010206 [ 2776.233764][T15912] RAX: 0000000000001000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a9abf80 [ 2776.241922][T15912] RDX: 00007f091a834bb0 RSI: 00007ffdf4c5cd00 RDI: 00007ffdf4c5ccb8 [ 2776.250373][T15912] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2776.258562][T15912] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007ffdf4c5cd00 [ 2776.266880][T15912] R13: 0000000000000064 R14: 00007f091a9abf80 R15: 00007f091a834bb0 [ 2776.274989][T15912] [ 2776.284710][T15912] memory: usage 307192kB, limit 307200kB, failcnt 183873 20:26:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xc1440000) [ 2776.419231][T15912] memory+swap: usage 307432kB, limit 9007199254740988kB, failcnt 0 [ 2776.449337][T15912] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 20:26:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xffffa888}, 0x0) [ 2776.464694][T15925] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2776.464742][T15912] Memory cgroup stats for [ 2776.472548][T15925] IPv6: NLM_F_CREATE should be set when creating new route [ 2776.485183][T15912] /syz1: [ 2776.485311][T15912] cache 0 [ 2776.491685][T15912] rss 12288 [ 2776.494917][T15912] rss_huge 0 [ 2776.500444][T15912] shmem 0 [ 2776.503539][T15912] mapped_file 0 [ 2776.512177][T15912] dirty 0 20:26:05 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2776.529052][T15912] writeback 0 [ 2776.532551][T15912] workingset_refault_anon 60615 [ 2776.543733][T15912] workingset_refault_file 0 [ 2776.556343][T15912] swap 258048 [ 2776.559720][T15912] swapcached 8192 [ 2776.563377][T15912] pgpgin 209368 [ 2776.571038][T15912] pgpgout 209365 [ 2776.589953][T15912] pgfault 471608 [ 2776.593689][T15912] pgmajfault 58171 [ 2776.606307][T15912] inactive_anon 4096 [ 2776.611729][T15912] active_anon 8192 [ 2776.620175][T15912] inactive_file 0 [ 2776.631646][T15912] active_file 0 20:26:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xc2440000) [ 2776.638890][T15912] unevictable 0 [ 2776.648479][T15912] hierarchical_memory_limit 314572800 [ 2776.665536][T15912] hierarchical_memsw_limit 9223372036854771712 [ 2776.681902][T15912] total_cache 0 [ 2776.690533][T15912] total_rss 12288 [ 2776.717706][T15912] total_rss_huge 0 [ 2776.728105][T15912] total_shmem 0 [ 2776.731627][T15912] total_mapped_file 0 [ 2776.735638][T15912] total_dirty 0 [ 2776.756128][T15912] total_writeback 0 [ 2776.760007][T15912] total_workingset_refault_anon 60615 20:26:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xffffc0fe}, 0x0) [ 2776.771010][T15912] total_workingset_refault_file 0 [ 2776.776448][T15912] total_swap 258048 [ 2776.780459][T15912] total_swapcached 8192 [ 2776.782877][T15931] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2776.784723][T15912] total_pgpgin 209368 [ 2776.792473][T15931] IPv6: NLM_F_CREATE should be set when creating new route [ 2776.805291][T15912] total_pgpgout 209365 [ 2776.809724][T15912] total_pgfault 471608 [ 2776.814940][T15912] total_pgmajfault 58171 20:26:05 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2776.869530][T15912] total_inactive_anon 4096 [ 2776.874025][T15912] total_active_anon 8192 [ 2776.888918][T15912] total_inactive_file 0 [ 2776.893252][T15912] total_active_file 0 [ 2776.904160][T15912] total_unevictable 0 [ 2776.916034][T15912] anon_cost 0 20:26:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xffffff7f}, 0x0) [ 2776.919772][T15912] file_cost 0 [ 2776.924618][T15912] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15912,uid=0 [ 2776.949833][T15912] Memory cgroup out of memory: Killed process 15912 (syz-executor.1) total-vm:56424kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:26:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xe0ffffff) 20:26:05 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000afc000000000000000000000c00080008"], 0x3c}}, 0x0) [ 2777.125306][T15940] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2777.133727][T15940] IPv6: NLM_F_CREATE should be set when creating new route 20:26:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xe2d70984) [ 2777.262785][T15942] __nla_validate_parse: 34 callbacks suppressed [ 2777.262805][T15942] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2777.295821][T15947] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:26:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xffffffe0}, 0x0) [ 2777.430880][T15944] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2777.439835][T15948] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2777.455146][T15948] IPv6: NLM_F_CREATE should be set when creating new route [ 2777.463480][T15944] CPU: 0 PID: 15944 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2777.473955][T15944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2777.474985][T15952] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2777.484024][T15944] Call Trace: [ 2777.484041][T15944] [ 2777.484053][T15944] dump_stack_lvl+0x1e7/0x2e0 [ 2777.484096][T15944] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2777.484128][T15944] ? __pfx__printk+0x10/0x10 [ 2777.514451][T15944] ? ___ratelimit+0x4c4/0x670 [ 2777.519183][T15944] ? __pfx____ratelimit+0x10/0x10 [ 2777.524266][T15944] dump_header+0xda/0x6a0 [ 2777.528658][T15944] oom_kill_process+0x3a7/0x930 [ 2777.533566][T15944] out_of_memory+0xf67/0x1320 [ 2777.538309][T15944] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2777.543985][T15944] ? __pfx___mutex_lock+0x10/0x10 [ 2777.549067][T15944] ? __pfx_out_of_memory+0x10/0x10 [ 2777.554245][T15944] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2777.559926][T15944] ? __pfx_lock_release+0x10/0x10 [ 2777.564999][T15944] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2777.571115][T15944] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2777.576331][T15944] ? mem_cgroup_iter+0x3e9/0x560 [ 2777.581289][T15944] try_charge_memcg+0xda2/0x18a0 [ 2777.586268][T15944] ? mark_lock+0x9a/0x350 [ 2777.590627][T15944] ? __pfx_try_charge_memcg+0x10/0x10 [ 2777.596037][T15944] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2777.602202][T15944] charge_memcg+0xa2/0x160 [ 2777.606642][T15944] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2777.612724][T15944] __read_swap_cache_async+0x480/0x8b0 [ 2777.618203][T15944] ? mark_lock+0x9a/0x350 [ 2777.622565][T15944] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2777.628571][T15944] swap_cluster_readahead+0x67c/0x810 [ 2777.633999][T15944] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2777.639919][T15944] ? __pfx_lock_release+0x10/0x10 [ 2777.644962][T15944] ? xas_descend+0x37e/0x470 [ 2777.649579][T15944] swapin_readahead+0x1ea/0x1070 [ 2777.654535][T15944] ? filemap_get_entry+0x127/0x4e0 [ 2777.659681][T15944] ? __pfx_swapin_readahead+0x10/0x10 [ 2777.665080][T15944] ? __filemap_get_folio+0x935/0xbc0 [ 2777.670561][T15944] ? swap_cache_get_folio+0x9f/0x570 [ 2777.675940][T15944] do_swap_page+0x8ab/0x3da0 [ 2777.680564][T15944] ? __pte_offset_map+0x2c4/0x380 [ 2777.685625][T15944] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2777.691876][T15944] ? do_swap_page+0x154/0x3da0 [ 2777.696672][T15944] ? __pfx_do_swap_page+0x10/0x10 [ 2777.701738][T15944] ? pte_offset_map_nolock+0x137/0x1f0 [ 2777.707239][T15944] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 2777.713182][T15944] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2777.719008][T15944] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 2777.724918][T15944] ? __pfx_validate_chain+0x10/0x10 [ 2777.730223][T15944] __handle_mm_fault+0x15e8/0x72d0 [ 2777.735412][T15944] ? __pfx___handle_mm_fault+0x10/0x10 [ 2777.740908][T15944] ? mt_find+0x226/0x850 [ 2777.745177][T15944] ? __pfx_lock_release+0x10/0x10 [ 2777.750272][T15944] ? mt_find+0x62d/0x850 [ 2777.754568][T15944] ? mt_find+0x226/0x850 [ 2777.758872][T15944] ? find_vma+0x142/0x1c0 [ 2777.763233][T15944] ? __pfx_find_vma+0x10/0x10 [ 2777.767939][T15944] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2777.773950][T15944] handle_mm_fault+0x3c1/0x8a0 [ 2777.778739][T15944] exc_page_fault+0x2ad/0x870 [ 2777.783446][T15944] asm_exc_page_fault+0x26/0x30 [ 2777.788318][T15944] RIP: 0010:__get_user_8+0x11/0x20 [ 2777.793451][T15944] Code: ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 2777.813187][T15944] RSP: 0018:ffffc9000351fd78 EFLAGS: 00050202 [ 2777.819324][T15944] RAX: 0000555555e1bda8 RBX: ffff8881a1f932f8 RCX: ffffc9000351fc03 [ 2777.827406][T15944] RDX: 0000000000000000 RSI: ffffffff8baac7e0 RDI: ffffffff8bfe6da0 [ 2777.835395][T15944] RBP: ffffc9000351fec0 R08: ffffffff8f8567ef R09: 1ffffffff1f0acfd [ 2777.843374][T15944] R10: dffffc0000000000 R11: fffffbfff1f0acfe R12: ffffc9000351fd80 [ 2777.851395][T15944] R13: ffffc9000351ffd8 R14: dffffc0000000000 R15: ffff8881a1f91dc0 [ 2777.859412][T15944] __rseq_handle_notify_resume+0x158/0x1490 [ 2777.865354][T15944] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 2777.871731][T15944] ? irqentry_exit_to_user_mode+0x52/0x280 [ 2777.877673][T15944] irqentry_exit_to_user_mode+0xbb/0x280 [ 2777.883681][T15944] exc_page_fault+0x587/0x870 [ 2777.888426][T15944] asm_exc_page_fault+0x26/0x30 [ 2777.893307][T15944] RIP: 0033:0x7f091a836fcf [ 2777.897741][T15944] Code: 48 89 84 24 90 00 00 00 48 89 9c 24 98 00 00 00 4c 8b 35 c4 69 17 00 4d 8d ae 00 00 40 00 4d 39 ec 0f 83 91 06 00 00 4c 89 eb <4d> 8b 2c 24 4d 8d 7c 24 08 4c 89 bc 24 08 01 00 00 49 83 fd ff 0f [ 2777.917382][T15944] RSP: 002b:00007ffdf4c5cba0 EFLAGS: 00010287 [ 2777.923592][T15944] RAX: 00007ffdf4c5cca8 RBX: 00007f091a800000 RCX: 00000000002a5fa8 [ 2777.931599][T15944] RDX: 000000000000014b RSI: 00007ffdf4c5cb80 RDI: 7fffffffffffffff [ 2777.939666][T15944] RBP: 0000000000000001 R08: 0000000000000010 R09: 0000000000000000 [ 2777.947941][T15944] R10: 00007ffdf4c84080 R11: 000000000007d2f4 R12: 00007f091a400000 [ 2777.955961][T15944] R13: 00007f091a800000 R14: 00007f091a400000 R15: 0000000000000001 [ 2777.964257][T15944] [ 2777.974911][T15951] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:26:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xfffffff0}, 0x0) 20:26:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2778.010063][T15944] memory: usage 307180kB, limit 307200kB, failcnt 184070 [ 2778.028819][T15944] memory+swap: usage 307396kB, limit 9007199254740988kB, failcnt 0 [ 2778.037711][T15944] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2778.045535][T15955] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:26:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xf0ffffff) [ 2778.055803][T15944] Memory cgroup stats for /syz1: [ 2778.060608][T15944] cache 0 [ 2778.097181][T15944] rss 12288 [ 2778.100463][T15944] rss_huge 0 [ 2778.106036][T15944] shmem 0 20:26:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x7f532dc7dda9}, 0x0) [ 2778.109687][T15944] mapped_file 0 [ 2778.126213][T15944] dirty 0 [ 2778.134232][T15944] writeback 0 [ 2778.138153][T15957] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2778.158305][T15944] workingset_refault_anon 60686 [ 2778.165203][T15944] workingset_refault_file 0 [ 2778.170189][T15944] swap 221184 [ 2778.173668][T15944] swapcached 8192 [ 2778.177679][T15944] pgpgin 209446 [ 2778.181340][T15944] pgpgout 209443 [ 2778.185031][T15944] pgfault 471733 [ 2778.192038][T15944] pgmajfault 58236 [ 2778.196056][T15944] inactive_anon 0 [ 2778.199889][T15944] active_anon 12288 [ 2778.211313][T15944] inactive_file 0 [ 2778.215362][T15944] active_file 0 [ 2778.221028][T15944] unevictable 0 [ 2778.224729][T15944] hierarchical_memory_limit 314572800 [ 2778.230731][T15944] hierarchical_memsw_limit 9223372036854771712 [ 2778.237182][T15944] total_cache 0 [ 2778.240859][T15944] total_rss 12288 [ 2778.244699][T15944] total_rss_huge 0 [ 2778.248941][T15944] total_shmem 0 [ 2778.252615][T15944] total_mapped_file 0 [ 2778.256915][T15944] total_dirty 0 [ 2778.260573][T15944] total_writeback 0 [ 2778.266978][T15944] total_workingset_refault_anon 60686 [ 2778.272653][T15944] total_workingset_refault_file 0 [ 2778.279745][T15944] total_swap 221184 [ 2778.283878][T15944] total_swapcached 8192 [ 2778.285167][T15959] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2778.288944][T15944] total_pgpgin 209446 [ 2778.302871][T15944] total_pgpgout 209443 [ 2778.307814][T15944] total_pgfault 471733 [ 2778.312142][T15944] total_pgmajfault 58236 [ 2778.317421][T15944] total_inactive_anon 0 [ 2778.321833][T15944] total_active_anon 12288 [ 2778.332800][T15944] total_inactive_file 0 [ 2778.340612][T15944] total_active_file 0 [ 2778.346514][T15944] total_unevictable 0 [ 2778.350802][T15944] anon_cost 0 [ 2778.354325][T15944] file_cost 0 20:26:07 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000afc000000000000000000000c00080008"], 0x3c}}, 0x0) [ 2778.359213][T15944] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15944,uid=0 [ 2778.377740][T15944] Memory cgroup out of memory: Killed process 15944 (syz-executor.1) total-vm:56424kB, anon-rss:384kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2778.417504][T15960] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2778.425309][T15960] IPv6: NLM_F_CREATE should be set when creating new route 20:26:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xfc000000) 20:26:07 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2778.465304][T15962] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:26:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xffff00000000}, 0x0) [ 2778.532682][T15966] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:26:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xfcffffff) [ 2778.655509][T15968] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2778.693411][T15964] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2778.736823][T15964] CPU: 0 PID: 15964 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2778.747301][T15964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2778.757398][T15964] Call Trace: [ 2778.760728][T15964] [ 2778.763696][T15964] dump_stack_lvl+0x1e7/0x2e0 [ 2778.768426][T15964] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2778.771942][T15972] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2778.773646][T15964] ? __pfx__printk+0x10/0x10 [ 2778.773687][T15964] ? ___ratelimit+0x4c4/0x670 [ 2778.781463][T15972] IPv6: NLM_F_CREATE should be set when creating new route [ 2778.785477][T15964] ? __pfx____ratelimit+0x10/0x10 [ 2778.802437][T15964] dump_header+0xda/0x6a0 [ 2778.806816][T15964] oom_kill_process+0x3a7/0x930 [ 2778.811725][T15964] out_of_memory+0xf67/0x1320 [ 2778.816469][T15964] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2778.822147][T15964] ? __pfx___mutex_lock+0x10/0x10 [ 2778.827228][T15964] ? __pfx_out_of_memory+0x10/0x10 [ 2778.832394][T15964] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2778.837989][T15964] ? __pfx_lock_release+0x10/0x10 [ 2778.843068][T15964] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2778.849181][T15964] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2778.854422][T15964] ? mem_cgroup_iter+0x3e9/0x560 [ 2778.859405][T15964] try_charge_memcg+0xda2/0x18a0 [ 2778.864392][T15964] ? mark_lock+0x9a/0x350 [ 2778.868798][T15964] ? __pfx_try_charge_memcg+0x10/0x10 [ 2778.874248][T15964] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2778.880446][T15964] charge_memcg+0xa2/0x160 20:26:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x40030000000000}, 0x0) 20:26:07 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2778.884917][T15964] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2778.891035][T15964] __read_swap_cache_async+0x480/0x8b0 [ 2778.896543][T15964] ? mark_lock+0x9a/0x350 [ 2778.900927][T15964] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2778.906974][T15964] swap_cluster_readahead+0x67c/0x810 [ 2778.912426][T15964] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2778.918387][T15964] ? __pfx_lock_release+0x10/0x10 [ 2778.923461][T15964] ? xas_descend+0x37e/0x470 [ 2778.928100][T15964] swapin_readahead+0x1ea/0x1070 [ 2778.933089][T15964] ? filemap_get_entry+0x127/0x4e0 [ 2778.938283][T15964] ? __pfx_swapin_readahead+0x10/0x10 [ 2778.943721][T15964] ? __filemap_get_folio+0x935/0xbc0 [ 2778.949066][T15964] ? swap_cache_get_folio+0x9f/0x570 [ 2778.954406][T15964] do_swap_page+0x8ab/0x3da0 [ 2778.959044][T15964] ? __pte_offset_map+0x2c4/0x380 [ 2778.964128][T15964] ? do_swap_page+0x154/0x3da0 [ 2778.968933][T15964] ? __pfx_do_swap_page+0x10/0x10 [ 2778.974003][T15964] ? pte_offset_map_nolock+0x137/0x1f0 [ 2778.979621][T15964] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2778.985509][T15964] __handle_mm_fault+0x15e8/0x72d0 [ 2778.990706][T15964] ? reacquire_held_locks+0x3eb/0x690 [ 2778.996124][T15964] ? __pfx___handle_mm_fault+0x10/0x10 [ 2779.001648][T15964] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2779.007444][T15964] ? mtree_range_walk+0x6fd/0x8e0 [ 2779.012512][T15964] ? lock_vma_under_rcu+0x18a/0x730 [ 2779.017757][T15964] ? __pfx_lock_release+0x10/0x10 [ 2779.022828][T15964] ? lock_vma_under_rcu+0x2f9/0x730 [ 2779.028095][T15964] ? lock_vma_under_rcu+0x18a/0x730 [ 2779.033338][T15964] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2779.038936][T15964] handle_mm_fault+0x3c1/0x8a0 [ 2779.043758][T15964] exc_page_fault+0x456/0x870 [ 2779.048487][T15964] asm_exc_page_fault+0x26/0x30 [ 2779.053387][T15964] RIP: 0033:0x7f091a836fd8 [ 2779.057830][T15964] Code: 89 9c 24 98 00 00 00 4c 8b 35 c4 69 17 00 4d 8d ae 00 00 40 00 4d 39 ec 0f 83 91 06 00 00 4c 89 eb 4d 8b 2c 24 4d 8d 7c 24 08 <4c> 89 bc 24 08 01 00 00 49 83 fd ff 0f 84 82 0c 00 00 49 83 fd fe [ 2779.077473][T15964] RSP: 002b:00007ffdf4c5cba0 EFLAGS: 00010287 [ 2779.083578][T15964] RAX: 00007ffdf4c5cca8 RBX: 00007f091a800000 RCX: 00000000002a6390 [ 2779.091586][T15964] RDX: 0000000000000266 RSI: 00007ffdf4c5cb80 RDI: 7fffffffffffffff [ 2779.099600][T15964] RBP: 0000000000000001 R08: 0000000000000010 R09: 0000000000000000 [ 2779.107604][T15964] R10: 00007ffdf4c84080 R11: 000000000007d39e R12: 00007f091a400000 [ 2779.115633][T15964] R13: 0000000000000fbb R14: 00007f091a400000 R15: 00007f091a400008 [ 2779.123687][T15964] 20:26:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x100000000000000}, 0x0) 20:26:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xfe80ffff) [ 2779.134940][T15978] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2779.142831][T15978] IPv6: NLM_F_CREATE should be set when creating new route [ 2779.152345][T15964] memory: usage 307180kB, limit 307200kB, failcnt 184251 [ 2779.171257][T15964] memory+swap: usage 307420kB, limit 9007199254740988kB, failcnt 0 [ 2779.179940][T15964] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2779.237104][T15964] Memory cgroup stats for /syz1: [ 2779.237291][T15964] cache 0 [ 2779.245314][T15964] rss 12288 [ 2779.255383][T15964] rss_huge 0 [ 2779.262721][T15964] shmem 0 [ 2779.271880][T15964] mapped_file 0 [ 2779.277377][T15964] dirty 0 20:26:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x200000000000000}, 0x0) [ 2779.286264][T15964] writeback 0 [ 2779.296794][T15964] workingset_refault_anon 60758 [ 2779.306831][T15964] workingset_refault_file 0 [ 2779.316147][T15964] swap 245760 [ 2779.326084][T15964] swapcached 8192 [ 2779.330503][T15964] pgpgin 209527 [ 2779.334707][T15964] pgpgout 209524 [ 2779.339072][T15964] pgfault 471853 [ 2779.342742][T15964] pgmajfault 58290 [ 2779.346774][T15964] inactive_anon 0 [ 2779.350576][T15964] active_anon 12288 [ 2779.354797][T15964] inactive_file 0 [ 2779.358719][T15964] active_file 0 [ 2779.362283][T15964] unevictable 0 [ 2779.366138][T15964] hierarchical_memory_limit 314572800 [ 2779.371623][T15964] hierarchical_memsw_limit 9223372036854771712 [ 2779.380382][T15964] total_cache 0 [ 2779.385761][T15964] total_rss 12288 [ 2779.394061][T15964] total_rss_huge 0 [ 2779.398430][T15964] total_shmem 0 [ 2779.402007][T15964] total_mapped_file 0 [ 2779.406173][T15964] total_dirty 0 [ 2779.409741][T15964] total_writeback 0 [ 2779.413641][T15964] total_workingset_refault_anon 60758 [ 2779.419909][T15964] total_workingset_refault_file 0 [ 2779.425191][T15964] total_swap 245760 [ 2779.429893][T15964] total_swapcached 8192 [ 2779.434228][T15964] total_pgpgin 209527 20:26:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xfec0ffff) [ 2779.452155][T15964] total_pgpgout 209524 [ 2779.461592][T15964] total_pgfault 471853 [ 2779.471765][T15964] total_pgmajfault 58290 [ 2779.483452][T15964] total_inactive_anon 0 [ 2779.494797][T15964] total_active_anon 12288 [ 2779.501312][T15964] total_inactive_file 0 [ 2779.518688][T15964] total_active_file 0 [ 2779.523948][T15964] total_unevictable 0 [ 2779.533243][T15964] anon_cost 0 [ 2779.541891][T15964] file_cost 0 [ 2779.545821][T15964] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 2779.547487][T15988] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2779.553685][T15964] ,oom_memcg= [ 2779.557438][T15988] IPv6: NLM_F_CREATE should be set when creating new route [ 2779.569942][T15964] /syz1,task_memcg=/syz1,task=syz-executor.1,pid=15964,uid=0 20:26:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x300000000000000}, 0x0) 20:26:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2779.602665][T15964] Memory cgroup out of memory: Killed process 15964 (syz-executor.1) total-vm:56424kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:26:08 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000110a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x400000000000000}, 0x0) 20:26:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xff000000) [ 2779.832069][T16000] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2779.839996][T16000] IPv6: NLM_F_CREATE should be set when creating new route 20:26:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x500000000000000}, 0x0) 20:26:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xffff0000) 20:26:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x600000000000000}, 0x0) [ 2780.185499][T16010] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2780.193379][T16010] IPv6: NLM_F_CREATE should be set when creating new route 20:26:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2780.238079][T15999] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2780.260254][T15999] CPU: 1 PID: 15999 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2780.270739][T15999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2780.280876][T15999] Call Trace: [ 2780.284190][T15999] [ 2780.287153][T15999] dump_stack_lvl+0x1e7/0x2e0 [ 2780.291901][T15999] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2780.297156][T15999] ? __pfx__printk+0x10/0x10 [ 2780.301799][T15999] ? ___ratelimit+0x4c4/0x670 [ 2780.306539][T15999] ? __pfx____ratelimit+0x10/0x10 [ 2780.311617][T15999] dump_header+0xda/0x6a0 [ 2780.316004][T15999] oom_kill_process+0x3a7/0x930 [ 2780.320910][T15999] out_of_memory+0xf67/0x1320 [ 2780.325638][T15999] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2780.331318][T15999] ? __pfx___mutex_lock+0x10/0x10 20:26:09 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xffff80fe) [ 2780.336393][T15999] ? __pfx_out_of_memory+0x10/0x10 [ 2780.341572][T15999] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2780.347174][T15999] ? __pfx_lock_release+0x10/0x10 [ 2780.352245][T15999] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2780.358349][T15999] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2780.363564][T15999] ? mem_cgroup_iter+0x3e9/0x560 [ 2780.368522][T15999] try_charge_memcg+0xda2/0x18a0 [ 2780.373471][T15999] ? mark_lock+0x9a/0x350 [ 2780.377836][T15999] ? __pfx_try_charge_memcg+0x10/0x10 [ 2780.383247][T15999] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2780.389409][T15999] charge_memcg+0xa2/0x160 [ 2780.394104][T15999] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2780.400205][T15999] __read_swap_cache_async+0x480/0x8b0 [ 2780.405679][T15999] ? mark_lock+0x9a/0x350 [ 2780.410027][T15999] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2780.416045][T15999] swap_cluster_readahead+0x67c/0x810 [ 2780.421455][T15999] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2780.427371][T15999] ? __pfx_lock_release+0x10/0x10 [ 2780.432413][T15999] ? xas_descend+0x37e/0x470 [ 2780.437030][T15999] swapin_readahead+0x1ea/0x1070 [ 2780.441980][T15999] ? filemap_get_entry+0x127/0x4e0 [ 2780.447120][T15999] ? __pfx_swapin_readahead+0x10/0x10 [ 2780.452524][T15999] ? __filemap_get_folio+0x935/0xbc0 [ 2780.457828][T15999] ? swap_cache_get_folio+0x9f/0x570 [ 2780.463128][T15999] do_swap_page+0x8ab/0x3da0 [ 2780.467739][T15999] ? __pte_offset_map+0x2c4/0x380 [ 2780.472782][T15999] ? do_swap_page+0x154/0x3da0 [ 2780.477568][T15999] ? __pfx_do_swap_page+0x10/0x10 [ 2780.482601][T15999] ? pte_offset_map_nolock+0x137/0x1f0 [ 2780.488078][T15999] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2780.493914][T15999] __handle_mm_fault+0x15e8/0x72d0 [ 2780.499064][T15999] ? reacquire_held_locks+0x3eb/0x690 [ 2780.504448][T15999] ? __pfx___handle_mm_fault+0x10/0x10 [ 2780.509938][T15999] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2780.515698][T15999] ? mtree_range_walk+0x6fd/0x8e0 [ 2780.520750][T15999] ? lock_vma_under_rcu+0x18a/0x730 [ 2780.525973][T15999] ? __pfx_lock_release+0x10/0x10 [ 2780.531022][T15999] ? lock_vma_under_rcu+0x2f9/0x730 [ 2780.536253][T15999] ? lock_vma_under_rcu+0x18a/0x730 [ 2780.541465][T15999] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2780.547029][T15999] handle_mm_fault+0x3c1/0x8a0 [ 2780.551815][T15999] exc_page_fault+0x456/0x870 [ 2780.556528][T15999] asm_exc_page_fault+0x26/0x30 [ 2780.561392][T15999] RIP: 0033:0x7f091a852860 [ 2780.565815][T15999] Code: 8e 31 c0 be 01 00 00 00 f0 0f b1 35 9a 8a c8 00 0f 85 26 0a 00 00 c1 e1 02 48 8b 05 aa 8a c8 00 48 8d 35 a3 8a c8 00 83 e1 04 <89> 4c 24 30 83 c9 03 89 4c 24 44 48 39 f0 0f 84 4c 07 00 00 31 db [ 2780.585445][T15999] RSP: 002b:00007ffdf4c5ca60 EFLAGS: 00010246 [ 2780.591527][T15999] RAX: 00007f0919a00980 RBX: fffffffffffff000 RCX: 0000000000000000 [ 2780.599510][T15999] RDX: 000000000000003f RSI: 00007f091b4db300 RDI: 00007ffdf4c5ccb8 [ 2780.607491][T15999] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2780.615473][T15999] R10: 0000000000021000 R11: 0000000000020000 R12: 00007ffdf4c5cd00 [ 2780.623454][T15999] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 2780.631543][T15999] 20:26:09 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x700000000000000}, 0x0) [ 2780.658020][T15999] memory: usage 307180kB, limit 307200kB, failcnt 184501 [ 2780.679779][T15999] memory+swap: usage 307380kB, limit 9007199254740988kB, failcnt 0 [ 2780.696204][T15999] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2780.706968][T15999] Memory cgroup stats for /syz1: [ 2780.707127][T15999] cache 0 [ 2780.733594][T15999] rss 12288 [ 2780.737071][T15999] rss_huge 0 [ 2780.744296][T15999] shmem 0 [ 2780.769613][T15999] mapped_file 0 [ 2780.773401][T15999] dirty 0 [ 2780.777225][T15999] writeback 0 [ 2780.780648][T15999] workingset_refault_anon 60849 [ 2780.785640][T15999] workingset_refault_file 0 [ 2780.791855][T15999] swap 204800 [ 2780.795322][T15999] swapcached 8192 [ 2780.799733][T15999] pgpgin 209626 [ 2780.803353][T15999] pgpgout 209623 [ 2780.807749][T15999] pgfault 472009 [ 2780.811471][T15999] pgmajfault 58378 [ 2780.815324][T15999] inactive_anon 8192 [ 2780.820180][T15999] active_anon 4096 [ 2780.825745][T15999] inactive_file 0 [ 2780.830431][T15999] active_file 0 [ 2780.834401][T15999] unevictable 0 [ 2780.838423][T15999] hierarchical_memory_limit 314572800 [ 2780.844159][T15999] hierarchical_memsw_limit 9223372036854771712 [ 2780.851208][T15999] total_cache 0 [ 2780.854814][T15999] total_rss 12288 [ 2780.859207][T15999] total_rss_huge 0 [ 2780.863374][T15999] total_shmem 0 20:26:09 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x800000000000000}, 0x0) [ 2780.867588][T15999] total_mapped_file 0 [ 2780.871748][T15999] total_dirty 0 [ 2780.875337][T15999] total_writeback 0 [ 2780.879919][T15999] total_workingset_refault_anon 60849 [ 2780.896951][T15999] total_workingset_refault_file 0 [ 2780.906606][T15999] total_swap 204800 20:26:09 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xffffc0fe) [ 2780.927232][T15999] total_swapcached 8192 [ 2780.945039][T15999] total_pgpgin 209626 [ 2780.957009][T15999] total_pgpgout 209623 [ 2780.961230][T15999] total_pgfault 472009 [ 2780.969144][T15999] total_pgmajfault 58378 [ 2780.978168][T15999] total_inactive_anon 8192 [ 2780.991703][T15999] total_active_anon 4096 [ 2781.001510][T15999] total_inactive_file 0 [ 2781.008819][T15999] total_active_file 0 [ 2781.016618][T15999] total_unevictable 0 [ 2781.023187][T15999] anon_cost 0 [ 2781.027459][T16022] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2781.035242][T16022] IPv6: NLM_F_CREATE should be set when creating new route [ 2781.042190][T15999] file_cost 0 [ 2781.045878][T15999] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15999,uid=0 20:26:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:09 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000110a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:09 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x900000000000000}, 0x0) [ 2781.071587][T15999] Memory cgroup out of memory: Killed process 15999 (syz-executor.1) total-vm:56424kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:26:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xa00000000000000}, 0x0) 20:26:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xffffff7f) 20:26:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xb00000000000000}, 0x0) [ 2781.391842][T16034] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2781.399695][T16034] IPv6: NLM_F_CREATE should be set when creating new route 20:26:10 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xc00000000000000}, 0x0) 20:26:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xffffffe0) [ 2781.739012][T16044] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2781.746966][T16044] IPv6: NLM_F_CREATE should be set when creating new route 20:26:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xf00000000000000}, 0x0) [ 2781.808188][T16032] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2781.819916][T16032] CPU: 0 PID: 16032 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2781.830393][T16032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2781.840516][T16032] Call Trace: [ 2781.843836][T16032] [ 2781.846811][T16032] dump_stack_lvl+0x1e7/0x2e0 [ 2781.851551][T16032] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2781.856813][T16032] ? __pfx__printk+0x10/0x10 [ 2781.861455][T16032] ? ___ratelimit+0x4c4/0x670 [ 2781.866197][T16032] ? __pfx____ratelimit+0x10/0x10 [ 2781.871283][T16032] dump_header+0xda/0x6a0 [ 2781.875659][T16032] oom_kill_process+0x3a7/0x930 [ 2781.880564][T16032] out_of_memory+0xf67/0x1320 [ 2781.885291][T16032] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2781.890969][T16032] ? __pfx___mutex_lock+0x10/0x10 [ 2781.896054][T16032] ? __pfx_out_of_memory+0x10/0x10 [ 2781.901221][T16032] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2781.906990][T16032] ? __pfx_lock_release+0x10/0x10 [ 2781.912282][T16032] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2781.918412][T16032] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2781.923662][T16032] ? mem_cgroup_iter+0x3e9/0x560 [ 2781.928665][T16032] try_charge_memcg+0xda2/0x18a0 [ 2781.933765][T16032] ? __pfx_try_charge_memcg+0x10/0x10 [ 2781.939206][T16032] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2781.945060][T16032] ? __pfx_lock_release+0x10/0x10 [ 2781.950147][T16032] ? memcg_account_kmem+0x1e7/0x210 [ 2781.955414][T16032] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2781.961279][T16032] __memcg_kmem_charge_page+0xe1/0x250 [ 2781.966800][T16032] memcg_charge_kernel_stack+0x210/0x550 [ 2781.972661][T16032] dup_task_struct+0x40d/0x7d0 [ 2781.977620][T16032] copy_process+0x5d5/0x3fc0 [ 2781.982371][T16032] ? __might_fault+0xa9/0x120 [ 2781.987100][T16032] ? __pfx_lock_release+0x10/0x10 [ 2781.992184][T16032] ? __pfx_copy_process+0x10/0x10 [ 2781.997256][T16032] ? __might_fault+0xc5/0x120 [ 2782.002012][T16032] ? __asan_memset+0x23/0x50 [ 2782.006849][T16032] kernel_clone+0x21d/0x8d0 [ 2782.011496][T16032] ? __pfx_kernel_clone+0x10/0x10 [ 2782.016594][T16032] __se_sys_clone3+0x2cb/0x350 [ 2782.021415][T16032] ? __pfx___se_sys_clone3+0x10/0x10 [ 2782.026791][T16032] ? do_syscall_64+0x108/0x240 [ 2782.031619][T16032] ? do_syscall_64+0xb4/0x240 [ 2782.036484][T16032] do_syscall_64+0xf9/0x240 [ 2782.041046][T16032] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2782.046997][T16032] RIP: 0033:0x7f091a8a9b99 20:26:10 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x1000000000000000}, 0x0) [ 2782.051558][T16032] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2782.071321][T16032] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2782.079884][T16032] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2782.087924][T16032] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2782.096121][T16032] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 20:26:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xfffffff0) [ 2782.104155][T16032] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2782.112175][T16032] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2782.120237][T16032] 20:26:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x1400000000000000}, 0x0) 20:26:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2782.197629][T16056] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2782.205439][T16056] IPv6: NLM_F_CREATE should be set when creating new route [ 2782.232797][T16032] memory: usage 307200kB, limit 307200kB, failcnt 184878 [ 2782.280666][T16032] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0 [ 2782.294445][T16032] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0 [ 2782.303776][T16032] Memory cgroup stats for /syz1: [ 2782.303929][T16032] cache 0 [ 2782.312256][T16032] rss 12288 [ 2782.315878][T16032] rss_huge 0 [ 2782.321580][T16032] shmem 0 [ 2782.324695][T16032] mapped_file 0 [ 2782.328979][T16032] dirty 0 [ 2782.332115][T16032] writeback 0 [ 2782.335562][T16032] workingset_refault_anon 60984 [ 2782.341342][T16032] workingset_refault_file 0 [ 2782.346789][T16032] swap 217088 [ 2782.350238][T16032] swapcached 8192 [ 2782.354033][T16032] pgpgin 209774 [ 2782.359360][T16032] pgpgout 209771 [ 2782.363164][T16032] pgfault 472237 [ 2782.367468][T16032] pgmajfault 58507 [ 2782.371391][T16032] inactive_anon 0 [ 2782.378250][T16032] active_anon 12288 [ 2782.382291][T16032] inactive_file 0 [ 2782.384985][T16061] __nla_validate_parse: 34 callbacks suppressed [ 2782.385004][T16061] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2782.387307][T16032] active_file 0 [ 2782.399922][T16063] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2782.409933][T16032] unevictable 0 [ 2782.419276][T16032] hierarchical_memory_limit 314572800 [ 2782.424834][T16032] hierarchical_memsw_limit 9223372036854771712 20:26:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x6000000000000000}, 0x0) 20:26:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xfffffffc) [ 2782.434015][T16032] total_cache 0 [ 2782.438138][T16032] total_rss 12288 [ 2782.442011][T16032] total_rss_huge 0 [ 2782.476479][T16032] total_shmem 0 [ 2782.483548][T16032] total_mapped_file 0 [ 2782.494811][T16032] total_dirty 0 [ 2782.504613][T16032] total_writeback 0 [ 2782.515060][T16032] total_workingset_refault_anon 60984 [ 2782.525331][T16032] total_workingset_refault_file 0 [ 2782.531689][T16032] total_swap 217088 [ 2782.535885][T16032] total_swapcached 8192 [ 2782.542831][T16032] total_pgpgin 209774 [ 2782.547517][T16032] total_pgpgout 209771 [ 2782.551810][T16032] total_pgfault 472237 [ 2782.556608][T16032] total_pgmajfault 58507 [ 2782.561100][T16032] total_inactive_anon 0 [ 2782.567390][T16032] total_active_anon 12288 [ 2782.571925][T16032] total_inactive_file 0 [ 2782.578157][T16032] total_active_file 0 [ 2782.582389][T16032] total_unevictable 0 [ 2782.587480][T16032] anon_cost 0 [ 2782.591008][T16032] file_cost 0 [ 2782.594554][T16032] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16032,uid=0 [ 2782.603493][T16064] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 20:26:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2782.614695][T16032] Memory cgroup out of memory: Killed process 16032 (syz-executor.1) total-vm:56556kB, anon-rss:424kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2782.618021][T16064] IPv6: NLM_F_CREATE should be set when creating new route [ 2782.654109][T16067] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:26:11 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000110a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x7fb84427dda9) 20:26:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x6558000000000000}, 0x0) [ 2782.799606][T16068] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2782.820121][T16071] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:26:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2782.950112][T16073] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2782.957979][T16073] IPv6: NLM_F_CREATE should be set when creating new route [ 2782.971441][T16076] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:26:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x8100000000000000}, 0x0) [ 2783.085212][T16077] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 20:26:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xffff00000000) [ 2783.128922][T16080] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2783.254104][T16072] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2783.264593][T16072] CPU: 0 PID: 16072 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2783.275043][T16072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2783.283381][T16082] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2783.285119][T16072] Call Trace: [ 2783.285132][T16072] [ 2783.285143][T16072] dump_stack_lvl+0x1e7/0x2e0 [ 2783.285184][T16072] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2783.295057][T16083] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2783.297830][T16072] ? __pfx__printk+0x10/0x10 [ 2783.297865][T16072] ? ___ratelimit+0x4c4/0x670 [ 2783.297899][T16072] ? __pfx____ratelimit+0x10/0x10 [ 2783.297933][T16072] dump_header+0xda/0x6a0 [ 2783.301419][T16083] IPv6: NLM_F_CREATE should be set when creating new route [ 2783.305562][T16072] oom_kill_process+0x3a7/0x930 [ 2783.348606][T16072] out_of_memory+0xf67/0x1320 [ 2783.353317][T16072] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2783.358968][T16072] ? __pfx___mutex_lock+0x10/0x10 [ 2783.364013][T16072] ? __pfx_out_of_memory+0x10/0x10 [ 2783.369148][T16072] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2783.374724][T16072] ? __pfx_lock_release+0x10/0x10 [ 2783.379766][T16072] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2783.385860][T16072] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2783.391078][T16072] ? mem_cgroup_iter+0x3e9/0x560 [ 2783.396036][T16072] try_charge_memcg+0xda2/0x18a0 [ 2783.401013][T16072] ? __pfx_try_charge_memcg+0x10/0x10 [ 2783.406397][T16072] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2783.412126][T16072] ? __pfx_lock_release+0x10/0x10 [ 2783.417168][T16072] ? memcg_account_kmem+0x1e7/0x210 [ 2783.422395][T16072] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2783.428226][T16072] __memcg_kmem_charge_page+0xe1/0x250 [ 2783.433708][T16072] memcg_charge_kernel_stack+0x37e/0x550 [ 2783.439363][T16072] dup_task_struct+0x15d/0x7d0 [ 2783.444141][T16072] copy_process+0x5d5/0x3fc0 [ 2783.448756][T16072] ? __might_fault+0xa9/0x120 [ 2783.453452][T16072] ? __pfx_lock_release+0x10/0x10 [ 2783.458495][T16072] ? __pfx_copy_process+0x10/0x10 [ 2783.463524][T16072] ? __might_fault+0xc5/0x120 [ 2783.468219][T16072] ? __asan_memset+0x23/0x50 [ 2783.472836][T16072] kernel_clone+0x21d/0x8d0 [ 2783.477373][T16072] ? __pfx_kernel_clone+0x10/0x10 [ 2783.482440][T16072] __se_sys_clone3+0x2cb/0x350 [ 2783.487221][T16072] ? __pfx___se_sys_clone3+0x10/0x10 [ 2783.492532][T16072] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2783.498540][T16072] ? exc_page_fault+0x587/0x870 [ 2783.503410][T16072] ? do_syscall_64+0xb4/0x240 [ 2783.508109][T16072] do_syscall_64+0xf9/0x240 [ 2783.512634][T16072] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2783.518549][T16072] RIP: 0033:0x7f091a8a9b99 [ 2783.522979][T16072] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2783.542684][T16072] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2783.551193][T16072] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2783.559171][T16072] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2783.567155][T16072] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2783.575136][T16072] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2783.583111][T16072] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2783.591106][T16072] [ 2783.601459][T16085] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2783.627630][T16072] memory: usage 307200kB, limit 307200kB, failcnt 185266 [ 2783.634794][T16072] memory+swap: usage 307452kB, limit 9007199254740988kB, failcnt 0 [ 2783.654598][T16072] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 20:26:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x1000000000000) 20:26:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c0009000800007f", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2783.688273][T16072] Memory cgroup stats for /syz1: [ 2783.688420][T16072] cache 0 [ 2783.706405][T16072] rss 28672 [ 2783.709679][T16072] rss_huge 0 [ 2783.713000][T16072] shmem 0 [ 2783.718921][T16072] mapped_file 0 [ 2783.723648][T16072] dirty 0 [ 2783.729404][T16072] writeback 0 [ 2783.733964][T16072] workingset_refault_anon 61102 20:26:12 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x8847000000000000}, 0x0) [ 2783.762870][T16072] workingset_refault_file 0 [ 2783.796298][T16072] swap 229376 [ 2783.799650][T16072] swapcached 16384 [ 2783.803388][T16072] pgpgin 209903 [ 2783.816310][T16072] pgpgout 209896 [ 2783.819923][T16072] pgfault 472429 [ 2783.832725][T16072] pgmajfault 58620 [ 2783.838907][T16072] inactive_anon 24576 [ 2783.843031][T16072] active_anon 4096 [ 2783.847588][T16072] inactive_file 0 [ 2783.851353][T16072] active_file 0 [ 2783.855685][T16072] unevictable 0 [ 2783.860234][T16072] hierarchical_memory_limit 314572800 [ 2783.865730][T16072] hierarchical_memsw_limit 9223372036854771712 [ 2783.873114][T16072] total_cache 0 [ 2783.877194][T16072] total_rss 28672 [ 2783.880975][T16072] total_rss_huge 0 [ 2783.884825][T16072] total_shmem 0 [ 2783.889516][T16072] total_mapped_file 0 [ 2783.893672][T16072] total_dirty 0 [ 2783.900362][T16072] total_writeback 0 [ 2783.904337][T16072] total_workingset_refault_anon 61102 [ 2783.910414][T16072] total_workingset_refault_file 0 [ 2783.915604][T16072] total_swap 229376 [ 2783.926657][T16072] total_swapcached 16384 [ 2783.931046][T16072] total_pgpgin 209903 [ 2783.935172][T16072] total_pgpgout 209896 [ 2783.940180][T16072] total_pgfault 472429 [ 2783.944437][T16072] total_pgmajfault 58620 [ 2783.966396][T16072] total_inactive_anon 24576 [ 2783.975806][T16072] total_active_anon 4096 [ 2783.980806][T16091] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2783.988287][T16072] total_inactive_file 0 [ 2783.989739][T16091] IPv6: NLM_F_CREATE should be set when creating new route [ 2783.992614][T16072] total_active_file 0 [ 2784.005854][T16094] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 20:26:12 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x8848000000000000}, 0x0) [ 2784.013615][T16094] IPv6: NLM_F_CREATE should be set when creating new route [ 2784.026239][T16072] total_unevictable 0 [ 2784.030271][T16072] anon_cost 0 [ 2784.033586][T16072] file_cost 0 [ 2784.046202][T16072] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16072,uid=0 20:26:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x100000000000000) 20:26:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:12 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x88a8ffff00000000}, 0x0) [ 2784.078986][T16072] Memory cgroup out of memory: Killed process 16072 (syz-executor.1) total-vm:56556kB, anon-rss:368kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:26:13 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000060a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:13 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x8a51000000000000}, 0x0) [ 2784.429213][T16103] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2784.438259][T16103] IPv6: NLM_F_CREATE should be set when creating new route 20:26:13 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xa9ddc72d537f0000}, 0x0) 20:26:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:13 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x200000000000000) [ 2784.638087][T16104] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2784.650682][T16104] CPU: 0 PID: 16104 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2784.661144][T16104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2784.671232][T16104] Call Trace: [ 2784.674545][T16104] [ 2784.677495][T16104] dump_stack_lvl+0x1e7/0x2e0 [ 2784.682226][T16104] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2784.687469][T16104] ? __pfx__printk+0x10/0x10 [ 2784.692089][T16104] ? ___ratelimit+0x4c4/0x670 [ 2784.696804][T16104] ? __pfx____ratelimit+0x10/0x10 [ 2784.701876][T16104] dump_header+0xda/0x6a0 [ 2784.706260][T16104] oom_kill_process+0x3a7/0x930 [ 2784.711163][T16104] out_of_memory+0xf67/0x1320 [ 2784.715884][T16104] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2784.721540][T16104] ? __pfx___mutex_lock+0x10/0x10 [ 2784.726612][T16104] ? __pfx_out_of_memory+0x10/0x10 [ 2784.731774][T16104] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2784.737349][T16104] ? __pfx_lock_release+0x10/0x10 [ 2784.742402][T16104] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2784.748493][T16104] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2784.753705][T16104] ? mem_cgroup_iter+0x3e9/0x560 [ 2784.758682][T16104] try_charge_memcg+0xda2/0x18a0 [ 2784.763634][T16104] ? mark_lock+0x9a/0x350 [ 2784.767992][T16104] ? __pfx_try_charge_memcg+0x10/0x10 [ 2784.773398][T16104] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2784.779561][T16104] charge_memcg+0xa2/0x160 [ 2784.783993][T16104] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2784.790069][T16104] __read_swap_cache_async+0x480/0x8b0 [ 2784.795576][T16104] ? mark_lock+0x9a/0x350 [ 2784.799944][T16104] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2784.805973][T16104] swap_cluster_readahead+0x67c/0x810 [ 2784.811412][T16104] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2784.817353][T16104] ? __pfx_lock_release+0x10/0x10 [ 2784.822403][T16104] ? xas_descend+0x37e/0x470 [ 2784.827018][T16104] swapin_readahead+0x1ea/0x1070 [ 2784.831974][T16104] ? filemap_get_entry+0x127/0x4e0 [ 2784.837144][T16104] ? __pfx_swapin_readahead+0x10/0x10 [ 2784.842550][T16104] ? __filemap_get_folio+0x935/0xbc0 [ 2784.847858][T16104] ? swap_cache_get_folio+0x9f/0x570 [ 2784.853200][T16104] do_swap_page+0x8ab/0x3da0 [ 2784.857822][T16104] ? __pte_offset_map+0x2c4/0x380 [ 2784.862886][T16104] ? do_swap_page+0x154/0x3da0 [ 2784.867669][T16104] ? __pfx_do_swap_page+0x10/0x10 [ 2784.872708][T16104] ? pte_offset_map_nolock+0x137/0x1f0 [ 2784.878192][T16104] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2784.884050][T16104] __handle_mm_fault+0x15e8/0x72d0 [ 2784.889220][T16104] ? reacquire_held_locks+0x3eb/0x690 [ 2784.894612][T16104] ? __pfx___handle_mm_fault+0x10/0x10 [ 2784.900119][T16104] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2784.905874][T16104] ? mtree_range_walk+0x6fd/0x8e0 [ 2784.910932][T16104] ? lock_vma_under_rcu+0x18a/0x730 [ 2784.916155][T16104] ? __pfx_lock_release+0x10/0x10 [ 2784.921205][T16104] ? lock_vma_under_rcu+0x2f9/0x730 [ 2784.926446][T16104] ? lock_vma_under_rcu+0x18a/0x730 [ 2784.931673][T16104] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2784.937328][T16104] handle_mm_fault+0x3c1/0x8a0 [ 2784.942112][T16104] exc_page_fault+0x456/0x870 [ 2784.946813][T16104] asm_exc_page_fault+0x26/0x30 [ 2784.951679][T16104] RIP: 0033:0x7f091a85274e [ 2784.956193][T16104] Code: 64 24 60 4c 89 e7 e8 11 0e 00 00 89 c5 85 c0 0f 85 a2 00 00 00 c6 44 24 43 01 eb 09 c6 44 24 43 00 4c 8b 24 24 e8 a2 b4 02 00 <4c> 8b 2d c3 2f c8 00 48 8b 0d cc 2f c8 00 31 d2 8d 68 ff 89 c3 4c [ 2784.975808][T16104] RSP: 002b:00007ffdf4c5ca60 EFLAGS: 00010206 [ 2784.981902][T16104] RAX: 0000000000001000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a9abf80 [ 2784.989920][T16104] RDX: 00007f091a834bb0 RSI: 00007ffdf4c5cd00 RDI: 00007ffdf4c5ccb8 [ 2784.997910][T16104] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2785.005997][T16104] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007ffdf4c5cd00 [ 2785.013996][T16104] R13: 0000000000000064 R14: 00007f091a9abf80 R15: 00007f091a834bb0 [ 2785.022007][T16104] [ 2785.038103][T16104] memory: usage 307200kB, limit 307200kB, failcnt 185597 [ 2785.045190][T16104] memory+swap: usage 307440kB, limit 9007199254740988kB, failcnt 0 [ 2785.064674][T16104] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2785.072698][T16104] Memory cgroup stats for /syz1: [ 2785.072863][T16104] cache 0 [ 2785.103353][T16114] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2785.111241][T16114] IPv6: NLM_F_CREATE should be set when creating new route [ 2785.120447][T16104] rss 12288 [ 2785.127610][T16104] rss_huge 0 [ 2785.131248][T16104] shmem 0 [ 2785.141445][T16115] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 20:26:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xe0ffffff00000000}, 0x0) [ 2785.150211][T16115] IPv6: NLM_F_CREATE should be set when creating new route [ 2785.158198][T16104] mapped_file 0 [ 2785.164099][T16104] dirty 0 [ 2785.167351][T16104] writeback 0 [ 2785.171304][T16104] workingset_refault_anon 61201 [ 2785.177049][T16104] workingset_refault_file 0 [ 2785.206102][T16104] swap 245760 [ 2785.216207][T16104] swapcached 8192 [ 2785.220505][T16104] pgpgin 210013 20:26:14 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xf0ffffff00000000}, 0x0) 20:26:14 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x300000000000000) [ 2785.271707][T16104] pgpgout 210010 [ 2785.275404][T16104] pgfault 472608 [ 2785.286129][T16104] pgmajfault 58719 [ 2785.291523][T16104] inactive_anon 4096 [ 2785.298736][T16104] active_anon 8192 [ 2785.302625][T16104] inactive_file 0 20:26:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xfc00000000000000}, 0x0) [ 2785.327010][T16104] active_file 0 [ 2785.335247][T16104] unevictable 0 [ 2785.348454][T16104] hierarchical_memory_limit 314572800 [ 2785.362583][T16104] hierarchical_memsw_limit 9223372036854771712 [ 2785.371156][T16104] total_cache 0 [ 2785.380511][T16104] total_rss 12288 [ 2785.393522][T16104] total_rss_huge 0 [ 2785.411385][T16104] total_shmem 0 [ 2785.433363][T16104] total_mapped_file 0 [ 2785.446298][T16104] total_dirty 0 [ 2785.450438][T16104] total_writeback 0 [ 2785.454319][T16104] total_workingset_refault_anon 61201 [ 2785.460046][T16104] total_workingset_refault_file 0 [ 2785.465183][T16104] total_swap 245760 [ 2785.476623][T16104] total_swapcached 8192 [ 2785.480924][T16104] total_pgpgin 210013 [ 2785.485007][T16104] total_pgpgout 210010 [ 2785.492795][T16104] total_pgfault 472608 [ 2785.502561][T16104] total_pgmajfault 58719 [ 2785.513701][T16104] total_inactive_anon 4096 [ 2785.520844][T16125] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2785.520894][T16104] total_active_anon 8192 [ 2785.529761][T16125] IPv6: NLM_F_CREATE should be set when creating new route [ 2785.535502][T16104] total_inactive_file 0 [ 2785.545450][T16104] total_active_file 0 [ 2785.550613][T16104] total_unevictable 0 [ 2785.554909][T16104] anon_cost 0 [ 2785.558750][T16104] file_cost 0 [ 2785.562364][T16104] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16104,uid=0 20:26:14 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000060a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xfe80ffff00000000}, 0x0) 20:26:14 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x400000000000000) [ 2785.578974][T16104] Memory cgroup out of memory: Killed process 16104 (syz-executor.1) total-vm:56424kB, anon-rss:380kB, file-rss:8704kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2785.579429][T16124] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2785.604060][T16124] IPv6: NLM_F_CREATE should be set when creating new route 20:26:14 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xfec0ffff00000000}, 0x0) [ 2785.829140][T16134] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2785.838080][T16134] IPv6: NLM_F_CREATE should be set when creating new route 20:26:14 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x500000000000000) 20:26:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xff00000000000000}, 0x0) [ 2786.009166][T16137] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2786.016988][T16137] IPv6: NLM_F_CREATE should be set when creating new route 20:26:14 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000200", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2786.143020][T16141] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2786.151919][T16141] IPv6: NLM_F_CREATE should be set when creating new route 20:26:15 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x600000000000000) 20:26:15 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xffffff7f00000000}, 0x0) [ 2786.312749][T16132] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2786.323092][T16146] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2786.323684][T16146] IPv6: NLM_F_CREATE should be set when creating new route [ 2786.351347][T16132] CPU: 0 PID: 16132 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2786.361834][T16132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2786.371920][T16132] Call Trace: [ 2786.375224][T16132] [ 2786.378175][T16132] dump_stack_lvl+0x1e7/0x2e0 [ 2786.382902][T16132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2786.388146][T16132] ? __pfx__printk+0x10/0x10 [ 2786.392766][T16132] ? ___ratelimit+0x4c4/0x670 [ 2786.397483][T16132] ? __pfx____ratelimit+0x10/0x10 [ 2786.402551][T16132] dump_header+0xda/0x6a0 [ 2786.406930][T16132] oom_kill_process+0x3a7/0x930 [ 2786.411841][T16132] out_of_memory+0xf67/0x1320 [ 2786.416564][T16132] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2786.422234][T16132] ? __pfx___mutex_lock+0x10/0x10 [ 2786.427480][T16132] ? __pfx_out_of_memory+0x10/0x10 [ 2786.432634][T16132] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2786.438234][T16132] ? __pfx_lock_release+0x10/0x10 [ 2786.440772][T16150] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2786.443287][T16132] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2786.443328][T16132] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2786.452270][T16150] IPv6: NLM_F_CREATE should be set when creating new route [ 2786.456556][T16132] ? mem_cgroup_iter+0x3e9/0x560 [ 2786.456595][T16132] try_charge_memcg+0xda2/0x18a0 [ 2786.456654][T16132] ? __pfx_try_charge_memcg+0x10/0x10 [ 2786.456687][T16132] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2786.490116][T16132] ? __pfx_lock_release+0x10/0x10 [ 2786.495191][T16132] ? memcg_account_kmem+0x1e7/0x210 [ 2786.500446][T16132] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2786.506300][T16132] __memcg_kmem_charge_page+0xe1/0x250 [ 2786.511818][T16132] memcg_charge_kernel_stack+0x37e/0x550 [ 2786.517507][T16132] dup_task_struct+0x15d/0x7d0 [ 2786.522319][T16132] copy_process+0x5d5/0x3fc0 [ 2786.526964][T16132] ? __might_fault+0xa9/0x120 [ 2786.531683][T16132] ? __pfx_lock_release+0x10/0x10 [ 2786.536760][T16132] ? __pfx_copy_process+0x10/0x10 [ 2786.541811][T16132] ? __might_fault+0xc5/0x120 [ 2786.546504][T16132] ? __asan_memset+0x23/0x50 [ 2786.551113][T16132] kernel_clone+0x21d/0x8d0 [ 2786.555638][T16132] ? __pfx_kernel_clone+0x10/0x10 [ 2786.560710][T16132] __se_sys_clone3+0x2cb/0x350 [ 2786.565530][T16132] ? __pfx___se_sys_clone3+0x10/0x10 [ 2786.570852][T16132] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2786.576858][T16132] ? exc_page_fault+0x587/0x870 [ 2786.581719][T16132] ? do_syscall_64+0xb4/0x240 [ 2786.586409][T16132] do_syscall_64+0xf9/0x240 [ 2786.590927][T16132] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2786.596832][T16132] RIP: 0033:0x7f091a8a9b99 [ 2786.601255][T16132] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2786.620878][T16132] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2786.629317][T16132] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2786.637310][T16132] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2786.645298][T16132] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2786.653273][T16132] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 20:26:15 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0xffffffff00000000}, 0x0) 20:26:15 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000300", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:15 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x700000000000000) [ 2786.661263][T16132] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2786.669282][T16132] [ 2786.703928][T16132] memory: usage 307200kB, limit 307200kB, failcnt 186070 20:26:15 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x2}, 0x0) [ 2786.748710][T16132] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0 [ 2786.764130][T16132] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2786.783018][T16132] Memory cgroup stats for /syz1: [ 2786.783188][T16132] cache 0 [ 2786.799280][T16132] rss 8192 [ 2786.803813][T16132] rss_huge 0 [ 2786.807919][T16132] shmem 0 [ 2786.812404][T16132] mapped_file 0 [ 2786.816373][T16132] dirty 0 [ 2786.819340][T16132] writeback 4096 [ 2786.822903][T16132] workingset_refault_anon 61376 [ 2786.840200][T16132] workingset_refault_file 0 [ 2786.844752][T16132] swap 200704 20:26:15 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x3}, 0x0) [ 2786.854746][T16132] swapcached 8192 [ 2786.862148][T16132] pgpgin 210198 [ 2786.876213][T16132] pgpgout 210195 [ 2786.880638][T16132] pgfault 472880 [ 2786.884320][T16132] pgmajfault 58883 [ 2786.890648][T16132] inactive_anon 0 [ 2786.894458][T16132] active_anon 4096 [ 2786.898761][T16132] inactive_file 0 [ 2786.907014][T16132] active_file 0 [ 2786.914030][T16132] unevictable 0 [ 2786.921346][T16132] hierarchical_memory_limit 314572800 [ 2786.932967][T16132] hierarchical_memsw_limit 9223372036854771712 [ 2786.945091][T16132] total_cache 0 [ 2786.953910][T16132] total_rss 8192 20:26:15 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x4}, 0x0) [ 2786.961135][T16132] total_rss_huge 0 [ 2786.971816][T16132] total_shmem 0 [ 2786.979082][T16132] total_mapped_file 0 [ 2786.990105][T16132] total_dirty 0 [ 2787.000198][T16132] total_writeback 4096 [ 2787.004308][T16132] total_workingset_refault_anon 61376 [ 2787.024402][T16157] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2787.033290][T16157] IPv6: NLM_F_CREATE should be set when creating new route [ 2787.041462][T16132] total_workingset_refault_file 0 [ 2787.049199][T16132] total_swap 200704 [ 2787.053839][T16132] total_swapcached 8192 [ 2787.058862][T16132] total_pgpgin 210198 [ 2787.065216][T16132] total_pgpgout 210195 20:26:15 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x5}, 0x0) [ 2787.072460][T16132] total_pgfault 472880 [ 2787.077177][T16160] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2787.084965][T16160] IPv6: NLM_F_CREATE should be set when creating new route [ 2787.093276][T16132] total_pgmajfault 58883 [ 2787.106101][T16132] total_inactive_anon 0 [ 2787.110327][T16132] total_active_anon 4096 [ 2787.114597][T16132] total_inactive_file 0 20:26:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x800000000000000) 20:26:16 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000400", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2787.139308][T16132] total_active_file 0 [ 2787.143353][T16132] total_unevictable 0 [ 2787.159740][T16132] anon_cost 0 [ 2787.163083][T16132] file_cost 0 [ 2787.168633][T16132] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16132,uid=0 20:26:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x6}, 0x0) [ 2787.186346][T16132] Memory cgroup out of memory: Killed process 16132 (syz-executor.1) total-vm:56556kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:26:16 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000060a00020040000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2787.289059][T16171] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2787.297855][T16171] IPv6: NLM_F_CREATE should be set when creating new route 20:26:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x900000000000000) 20:26:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x7}, 0x0) 20:26:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x8}, 0x0) [ 2787.492036][T16175] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2787.499862][T16175] IPv6: NLM_F_CREATE should be set when creating new route 20:26:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x9}, 0x0) [ 2787.533163][T16179] __nla_validate_parse: 30 callbacks suppressed [ 2787.533184][T16179] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:26:16 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000500", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xa}, 0x0) 20:26:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xb}, 0x0) [ 2787.717693][T16181] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2787.726526][T16181] IPv6: NLM_F_CREATE should be set when creating new route 20:26:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xa00000000000000) [ 2787.761162][T16186] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2787.775716][T16178] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2787.812333][T16178] CPU: 1 PID: 16178 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2787.822824][T16178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2787.832917][T16178] Call Trace: [ 2787.836235][T16178] [ 2787.839203][T16178] dump_stack_lvl+0x1e7/0x2e0 [ 2787.843950][T16178] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2787.849199][T16178] ? __pfx__printk+0x10/0x10 [ 2787.854181][T16178] ? ___ratelimit+0x4c4/0x670 [ 2787.858908][T16178] ? __pfx____ratelimit+0x10/0x10 [ 2787.863989][T16178] dump_header+0xda/0x6a0 [ 2787.868381][T16178] oom_kill_process+0x3a7/0x930 [ 2787.873296][T16178] out_of_memory+0xf67/0x1320 [ 2787.878080][T16178] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2787.883763][T16178] ? __pfx___mutex_lock+0x10/0x10 [ 2787.888837][T16178] ? __pfx_out_of_memory+0x10/0x10 [ 2787.894014][T16178] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2787.899613][T16178] ? __pfx_lock_release+0x10/0x10 [ 2787.904690][T16178] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2787.910804][T16178] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2787.916058][T16178] ? mem_cgroup_iter+0x3e9/0x560 [ 2787.921051][T16178] try_charge_memcg+0xda2/0x18a0 [ 2787.926059][T16178] ? __pfx_try_charge_memcg+0x10/0x10 [ 2787.931462][T16178] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2787.937199][T16178] ? __pfx_lock_release+0x10/0x10 [ 2787.942273][T16178] ? memcg_account_kmem+0x1e7/0x210 [ 2787.947517][T16178] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2787.953345][T16178] __memcg_kmem_charge_page+0xe1/0x250 [ 2787.958826][T16178] memcg_charge_kernel_stack+0x37e/0x550 [ 2787.964482][T16178] dup_task_struct+0x40d/0x7d0 [ 2787.969274][T16178] copy_process+0x5d5/0x3fc0 [ 2787.973889][T16178] ? __might_fault+0xa9/0x120 [ 2787.978587][T16178] ? __pfx_lock_release+0x10/0x10 [ 2787.983637][T16178] ? __pfx_copy_process+0x10/0x10 [ 2787.988690][T16178] ? __might_fault+0xc5/0x120 [ 2787.993405][T16178] ? __asan_memset+0x23/0x50 [ 2787.998138][T16178] kernel_clone+0x21d/0x8d0 [ 2788.002677][T16178] ? __pfx_kernel_clone+0x10/0x10 [ 2788.007742][T16178] __se_sys_clone3+0x2cb/0x350 [ 2788.012530][T16178] ? __pfx___se_sys_clone3+0x10/0x10 [ 2788.017843][T16178] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2788.023879][T16178] ? exc_page_fault+0x587/0x870 [ 2788.028775][T16178] ? do_syscall_64+0xb4/0x240 [ 2788.033476][T16178] do_syscall_64+0xf9/0x240 [ 2788.038019][T16178] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2788.043932][T16178] RIP: 0033:0x7f091a8a9b99 [ 2788.048356][T16178] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2788.068064][T16178] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 2788.076487][T16178] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2788.084475][T16178] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2788.092458][T16178] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2788.100444][T16178] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 20:26:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xc}, 0x0) [ 2788.108608][T16178] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2788.116610][T16178] [ 2788.151483][T16189] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2788.159316][T16189] IPv6: NLM_F_CREATE should be set when creating new route [ 2788.164564][T16178] memory: usage 307200kB, limit 307200kB, failcnt 186372 20:26:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xf}, 0x0) 20:26:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000600", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2788.209893][T16178] memory+swap: usage 307428kB, limit 9007199254740988kB, failcnt 0 [ 2788.224574][T16195] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:26:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x10}, 0x0) [ 2788.262550][T16178] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2788.301802][T16178] Memory cgroup stats for /syz1: [ 2788.301963][T16178] cache 0 [ 2788.326052][T16178] rss 0 [ 2788.328870][T16178] rss_huge 0 [ 2788.332323][T16178] shmem 0 [ 2788.337796][T16178] mapped_file 0 [ 2788.342051][T16198] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2788.342174][T16178] dirty 0 [ 2788.350953][T16198] IPv6: NLM_F_CREATE should be set when creating new route [ 2788.364819][T16178] writeback 0 20:26:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x14}, 0x0) [ 2788.374418][T16178] workingset_refault_anon 61479 [ 2788.385157][T16178] workingset_refault_file 0 [ 2788.396153][T16178] swap 233472 [ 2788.402049][T16178] swapcached 0 [ 2788.405536][T16178] pgpgin 210314 [ 2788.409341][T16178] pgpgout 210314 [ 2788.413001][T16178] pgfault 473049 [ 2788.418297][T16178] pgmajfault 58974 [ 2788.422200][T16178] inactive_anon 0 20:26:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xb00000000000000) [ 2788.429108][T16200] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2788.461816][T16178] active_anon 0 [ 2788.465344][T16178] inactive_file 0 20:26:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x60}, 0x0) [ 2788.488424][T16178] active_file 0 [ 2788.491942][T16178] unevictable 0 [ 2788.495437][T16178] hierarchical_memory_limit 314572800 [ 2788.515455][T16178] hierarchical_memsw_limit 9223372036854771712 [ 2788.527595][T16178] total_cache 0 [ 2788.531107][T16178] total_rss 0 [ 2788.534448][T16178] total_rss_huge 0 [ 2788.556598][T16178] total_shmem 0 [ 2788.565125][T16178] total_mapped_file 0 [ 2788.572744][T16202] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2788.572807][T16178] total_dirty 0 [ 2788.580654][T16202] IPv6: NLM_F_CREATE should be set when creating new route [ 2788.588414][T16178] total_writeback 0 [ 2788.595208][T16178] total_workingset_refault_anon 61479 [ 2788.601174][T16178] total_workingset_refault_file 0 20:26:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000700", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xfc}, 0x0) [ 2788.609030][T16178] total_swap 233472 [ 2788.613183][T16178] total_swapcached 0 [ 2788.618844][T16178] total_pgpgin 210314 [ 2788.623080][T16178] total_pgpgout 210314 [ 2788.630638][T16207] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2788.638569][T16178] total_pgfault 473049 [ 2788.644505][T16178] total_pgmajfault 58974 [ 2788.668686][T16178] total_inactive_anon 0 [ 2788.679928][T16178] total_active_anon 0 [ 2788.688809][T16178] total_inactive_file 0 [ 2788.697718][T16178] total_active_file 0 [ 2788.707437][T16178] total_unevictable 0 [ 2788.718883][T16178] anon_cost 0 [ 2788.725625][T16178] file_cost 0 [ 2788.733775][T16178] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16178,uid=0 [ 2788.759435][T16210] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2788.763929][T16178] Memory cgroup out of memory: Killed process 16178 (syz-executor.1) total-vm:56556kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2788.768371][T16210] IPv6: NLM_F_CREATE should be set when creating new route 20:26:17 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x702f}, 0x0) 20:26:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x300}, 0x0) [ 2788.824636][T16213] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:26:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xc00000000000000) 20:26:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x500}, 0x0) 20:26:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x600}, 0x0) [ 2788.971188][T16215] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2788.979040][T16215] IPv6: NLM_F_CREATE should be set when creating new route 20:26:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000800", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2789.027521][T16220] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:26:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x700}, 0x0) 20:26:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x900}, 0x0) [ 2789.242581][T16223] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2789.251556][T16223] IPv6: NLM_F_CREATE should be set when creating new route 20:26:18 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xd00000000000000) [ 2789.291779][T16227] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:26:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xa00}, 0x0) [ 2789.372734][T16218] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2789.428829][T16218] CPU: 0 PID: 16218 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2789.439344][T16218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2789.449441][T16218] Call Trace: [ 2789.451797][T16230] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2789.452731][T16218] [ 2789.452745][T16218] dump_stack_lvl+0x1e7/0x2e0 [ 2789.452790][T16218] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2789.460584][T16230] IPv6: NLM_F_CREATE should be set when creating new route [ 2789.462913][T16218] ? __pfx__printk+0x10/0x10 [ 2789.484634][T16218] ? ___ratelimit+0x4c4/0x670 [ 2789.489368][T16218] ? __pfx____ratelimit+0x10/0x10 [ 2789.494449][T16218] dump_header+0xda/0x6a0 [ 2789.498828][T16218] oom_kill_process+0x3a7/0x930 [ 2789.503730][T16218] out_of_memory+0xf67/0x1320 [ 2789.508465][T16218] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2789.514142][T16218] ? __pfx___mutex_lock+0x10/0x10 [ 2789.519236][T16218] ? __pfx_out_of_memory+0x10/0x10 [ 2789.524404][T16218] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2789.529985][T16218] ? __pfx_lock_release+0x10/0x10 [ 2789.535030][T16218] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2789.541116][T16218] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2789.546324][T16218] ? mem_cgroup_iter+0x3e9/0x560 [ 2789.551275][T16218] try_charge_memcg+0xda2/0x18a0 [ 2789.556247][T16218] ? __pfx_try_charge_memcg+0x10/0x10 [ 2789.561637][T16218] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 2789.567362][T16218] ? __pfx_lock_release+0x10/0x10 [ 2789.572401][T16218] ? memcg_account_kmem+0x1e7/0x210 [ 2789.577642][T16218] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 2789.583546][T16218] __memcg_kmem_charge_page+0xe1/0x250 [ 2789.589027][T16218] memcg_charge_kernel_stack+0x37e/0x550 [ 2789.594676][T16218] dup_task_struct+0x40d/0x7d0 [ 2789.599450][T16218] copy_process+0x5d5/0x3fc0 [ 2789.604151][T16218] ? __might_fault+0xa9/0x120 [ 2789.608839][T16218] ? __pfx_lock_release+0x10/0x10 [ 2789.613885][T16218] ? __lock_acquire+0x1345/0x1fd0 [ 2789.618924][T16218] ? __pfx_copy_process+0x10/0x10 [ 2789.623958][T16218] ? __might_fault+0xc5/0x120 [ 2789.628653][T16218] ? __asan_memset+0x23/0x50 [ 2789.633267][T16218] kernel_clone+0x21d/0x8d0 [ 2789.637791][T16218] ? __pfx_kernel_clone+0x10/0x10 [ 2789.642835][T16218] ? __pfx_lock_release+0x10/0x10 [ 2789.647889][T16218] __se_sys_clone3+0x2cb/0x350 [ 2789.652665][T16218] ? __might_fault+0xa9/0x120 [ 2789.657354][T16218] ? __pfx___se_sys_clone3+0x10/0x10 [ 2789.662651][T16218] ? rcu_is_watching+0x15/0xb0 [ 2789.667445][T16218] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2789.673462][T16218] ? exc_page_fault+0x587/0x870 [ 2789.678332][T16218] ? do_syscall_64+0xb4/0x240 [ 2789.683026][T16218] do_syscall_64+0xf9/0x240 [ 2789.687549][T16218] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2789.693461][T16218] RIP: 0033:0x7f091a8a9b99 [ 2789.697888][T16218] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 2789.717521][T16218] RSP: 002b:00007ffdf4c5c988 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 20:26:18 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000900", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2789.725958][T16218] RAX: ffffffffffffffda RBX: 00007f091a852270 RCX: 00007f091a8a9b99 [ 2789.733956][T16218] RDX: 00007f091a852270 RSI: 0000000000000058 RDI: 00007ffdf4c5c9d0 [ 2789.741945][T16218] RBP: 00007f091b5596c0 R08: 00007f091b5596c0 R09: 00007ffdf4c5cab7 [ 2789.749928][T16218] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 2789.757909][T16218] R13: 000000000000000b R14: 00007ffdf4c5c9d0 R15: 00007ffdf4c5cab8 [ 2789.765910][T16218] [ 2789.779895][T16218] memory: usage 307200kB, limit 307200kB, failcnt 186768 [ 2789.796008][T16218] memory+swap: usage 307464kB, limit 9007199254740988kB, failcnt 0 20:26:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xb00}, 0x0) [ 2789.824250][T16234] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2789.837257][T16218] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 2789.848828][T16218] Memory cgroup stats for /syz1: [ 2789.848987][T16218] cache 0 [ 2789.857493][T16218] rss 4096 [ 2789.860559][T16218] rss_huge 0 [ 2789.863797][T16218] shmem 0 [ 2789.867499][T16218] mapped_file 0 [ 2789.870992][T16218] dirty 0 [ 2789.873947][T16218] writeback 0 [ 2789.878177][T16218] workingset_refault_anon 61605 [ 2789.883055][T16218] workingset_refault_file 0 [ 2789.888288][T16218] swap 266240 [ 2789.891611][T16218] swapcached 4096 [ 2789.895333][T16218] pgpgin 210461 [ 2789.899522][T16218] pgpgout 210460 [ 2789.903103][T16218] pgfault 473263 [ 2789.907683][T16218] pgmajfault 59101 [ 2789.911446][T16218] inactive_anon 0 [ 2789.915100][T16218] active_anon 4096 [ 2789.919698][T16218] inactive_file 0 [ 2789.923685][T16218] active_file 0 [ 2789.927954][T16218] unevictable 0 [ 2789.939266][T16218] hierarchical_memory_limit 314572800 [ 2789.944682][T16218] hierarchical_memsw_limit 9223372036854771712 [ 2789.951492][T16218] total_cache 0 [ 2789.954998][T16218] total_rss 4096 [ 2789.959279][T16218] total_rss_huge 0 [ 2789.963034][T16218] total_shmem 0 [ 2789.967445][T16218] total_mapped_file 0 [ 2789.971464][T16218] total_dirty 0 [ 2789.974954][T16218] total_writeback 0 [ 2789.979631][T16218] total_workingset_refault_anon 61605 [ 2789.985040][T16218] total_workingset_refault_file 0 [ 2789.990877][T16218] total_swap 266240 [ 2789.994728][T16218] total_swapcached 4096 [ 2789.999663][T16218] total_pgpgin 210461 [ 2790.003677][T16218] total_pgpgout 210460 [ 2790.008438][T16218] total_pgfault 473263 [ 2790.009353][T16235] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2790.012523][T16218] total_pgmajfault 59101 20:26:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xc00}, 0x0) [ 2790.012537][T16218] total_inactive_anon 0 [ 2790.012547][T16218] total_active_anon 4096 [ 2790.012557][T16218] total_inactive_file 0 [ 2790.012567][T16218] total_active_file 0 [ 2790.012577][T16218] total_unevictable 0 [ 2790.012586][T16218] anon_cost 0 [ 2790.012595][T16218] file_cost 0 [ 2790.012606][T16218] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) [ 2790.021563][T16235] IPv6: NLM_F_CREATE should be set when creating new route [ 2790.038124][T16218] ,cpuset= 20:26:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xf00}, 0x0) [ 2790.064187][T16239] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2790.067741][T16218] syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16218,uid=0 [ 2790.091380][T16218] Memory cgroup out of memory: Killed process 16218 (syz-executor.1) total-vm:56556kB, anon-rss:368kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:26:19 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0xe00000000000000) 20:26:19 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x702f}, 0x0) 20:26:19 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x1400}, 0x0) [ 2790.412640][T16240] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2790.420495][T16240] IPv6: NLM_F_CREATE should be set when creating new route [ 2790.448123][T16250] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 20:26:19 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000a00", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:19 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x4788}, 0x0) [ 2790.456980][T16250] IPv6: NLM_F_CREATE should be set when creating new route 20:26:19 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x1000000000000000) 20:26:19 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x4888}, 0x0) [ 2790.588172][T16249] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2790.608765][T16249] CPU: 0 PID: 16249 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2790.619249][T16249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2790.629342][T16249] Call Trace: [ 2790.632658][T16249] [ 2790.635621][T16249] dump_stack_lvl+0x1e7/0x2e0 [ 2790.640353][T16249] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2790.645600][T16249] ? __pfx__printk+0x10/0x10 [ 2790.650232][T16249] ? ___ratelimit+0x4c4/0x670 [ 2790.654969][T16249] ? __pfx____ratelimit+0x10/0x10 [ 2790.660045][T16249] dump_header+0xda/0x6a0 [ 2790.664431][T16249] oom_kill_process+0x3a7/0x930 [ 2790.669332][T16249] out_of_memory+0xf67/0x1320 [ 2790.674060][T16249] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2790.679734][T16249] ? __pfx___mutex_lock+0x10/0x10 [ 2790.684819][T16249] ? __pfx_out_of_memory+0x10/0x10 [ 2790.689983][T16249] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2790.695576][T16249] ? __pfx_lock_release+0x10/0x10 [ 2790.700648][T16249] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2790.706757][T16249] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2790.711998][T16249] ? mem_cgroup_iter+0x3e9/0x560 [ 2790.716970][T16249] try_charge_memcg+0xda2/0x18a0 [ 2790.721930][T16249] ? mark_lock+0x9a/0x350 [ 2790.726307][T16249] ? __pfx_try_charge_memcg+0x10/0x10 [ 2790.731736][T16249] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2790.737920][T16249] charge_memcg+0xa2/0x160 [ 2790.742426][T16249] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2790.748535][T16249] __read_swap_cache_async+0x480/0x8b0 [ 2790.748601][T16255] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2790.754013][T16249] ? mark_lock+0x9a/0x350 [ 2790.754055][T16249] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2790.761873][T16255] IPv6: NLM_F_CREATE should be set when creating new route [ 2790.765675][T16249] ? blk_start_plug+0x6f/0x1b0 [ 2790.783683][T16249] swap_cluster_readahead+0x398/0x810 20:26:19 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x518a}, 0x0) [ 2790.789128][T16249] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2790.795097][T16249] ? __pfx_lock_release+0x10/0x10 [ 2790.800173][T16249] ? xas_descend+0x37e/0x470 [ 2790.804822][T16249] swapin_readahead+0x1ea/0x1070 [ 2790.809817][T16249] ? filemap_get_entry+0x127/0x4e0 [ 2790.814986][T16249] ? __pfx_swapin_readahead+0x10/0x10 [ 2790.820411][T16249] ? __filemap_get_folio+0x935/0xbc0 [ 2790.825760][T16249] ? swap_cache_get_folio+0x9f/0x570 [ 2790.831101][T16249] do_swap_page+0x8ab/0x3da0 20:26:19 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000b00", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2790.835730][T16249] ? __pte_offset_map+0x2c4/0x380 [ 2790.840812][T16249] ? do_swap_page+0x154/0x3da0 [ 2790.845613][T16249] ? __pfx_do_swap_page+0x10/0x10 [ 2790.850689][T16249] ? pte_offset_map_nolock+0x137/0x1f0 [ 2790.856195][T16249] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2790.862064][T16249] __handle_mm_fault+0x15e8/0x72d0 [ 2790.867275][T16249] ? reacquire_held_locks+0x3eb/0x690 [ 2790.872695][T16249] ? __pfx___handle_mm_fault+0x10/0x10 [ 2790.878211][T16249] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2790.883990][T16249] ? mtree_range_walk+0x6fd/0x8e0 [ 2790.889063][T16249] ? lock_vma_under_rcu+0x18a/0x730 [ 2790.894327][T16249] ? __pfx_lock_release+0x10/0x10 [ 2790.899400][T16249] ? lock_vma_under_rcu+0x2f9/0x730 [ 2790.904672][T16249] ? lock_vma_under_rcu+0x18a/0x730 [ 2790.909916][T16249] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2790.915510][T16249] handle_mm_fault+0x3c1/0x8a0 [ 2790.920346][T16249] exc_page_fault+0x456/0x870 [ 2790.925086][T16249] asm_exc_page_fault+0x26/0x30 [ 2790.929994][T16249] RIP: 0033:0x7f091a8371b5 [ 2790.934444][T16249] Code: c0 0f 83 18 0d 00 00 49 89 ca 48 89 ce 48 89 cf 48 89 c8 49 c1 ea 08 48 c1 ee 10 4c 8d 42 18 0f b6 dd 48 c1 ef 18 48 c1 e8 20 <48> 0f af 05 cb e4 c9 00 48 03 42 10 41 81 e2 fe 00 00 00 4c 89 84 [ 2790.950355][T16261] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2790.954058][T16249] RSP: 002b:00007ffdf4c5cba0 EFLAGS: 00010246 [ 2790.954089][T16249] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000008 [ 2790.954106][T16249] RDX: 00007f091a400018 RSI: 0000000000000000 RDI: 0000000000000000 [ 2790.954120][T16249] RBP: 0000000000000000 R08: 00007f091a400030 R09: 0000000000000000 [ 2790.954134][T16249] R10: 0000000000000000 R11: 000000000007db2c R12: 00007ffdf4c5cd40 [ 2790.963073][T16261] IPv6: NLM_F_CREATE should be set when creating new route [ 2790.967378][T16249] R13: 0000000000000fbb R14: 00007ffdf4c5cd58 R15: 00007ffdf4c5cca8 [ 2790.967418][T16249] [ 2790.979535][T16249] memory: usage 307192kB, limit 307200kB, failcnt 186978 [ 2791.027962][T16249] memory+swap: usage 307388kB, limit 9007199254740988kB, failcnt 0 20:26:19 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x5865}, 0x0) [ 2791.036157][T16249] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2791.056485][T16249] Memory cgroup stats for /syz1: [ 2791.056659][T16249] cache 0 [ 2791.065836][T16249] rss 12288 [ 2791.069441][T16249] rss_huge 0 [ 2791.072836][T16249] shmem 0 [ 2791.076188][T16249] mapped_file 0 [ 2791.079823][T16249] dirty 0 [ 2791.082934][T16249] writeback 0 20:26:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x1100000000000000) [ 2791.108333][T16249] workingset_refault_anon 61677 [ 2791.117930][T16249] workingset_refault_file 0 [ 2791.127256][T16249] swap 212992 [ 2791.132973][T16249] swapcached 12288 20:26:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x6000}, 0x0) [ 2791.157598][T16249] pgpgin 210545 [ 2791.168546][T16249] pgpgout 210542 [ 2791.174629][T16249] pgfault 473388 [ 2791.181880][T16249] pgmajfault 59162 [ 2791.193768][T16249] inactive_anon 0 [ 2791.199303][T16249] active_anon 12288 [ 2791.207994][T16249] inactive_file 0 [ 2791.214610][T16249] active_file 0 [ 2791.218444][T16249] unevictable 0 [ 2791.229886][T16249] hierarchical_memory_limit 314572800 [ 2791.235580][T16266] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2791.243497][T16266] IPv6: NLM_F_CREATE should be set when creating new route [ 2791.251645][T16249] hierarchical_memsw_limit 9223372036854771712 20:26:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x6558}, 0x0) [ 2791.258195][T16249] total_cache 0 [ 2791.261846][T16249] total_rss 12288 [ 2791.270485][T16249] total_rss_huge 0 [ 2791.281426][T16249] total_shmem 0 [ 2791.297638][T16249] total_mapped_file 0 [ 2791.305270][T16249] total_dirty 0 20:26:20 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000c00", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x8100}, 0x0) [ 2791.322680][T16249] total_writeback 0 [ 2791.330544][T16249] total_workingset_refault_anon 61677 [ 2791.344801][T16249] total_workingset_refault_file 0 [ 2791.364590][T16249] total_swap 212992 20:26:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x8847}, 0x0) [ 2791.387504][T16249] total_swapcached 12288 [ 2791.398243][T16249] total_pgpgin 210545 [ 2791.413975][T16249] total_pgpgout 210542 [ 2791.428511][T16249] total_pgfault 473388 [ 2791.444180][T16249] total_pgmajfault 59162 [ 2791.454318][T16249] total_inactive_anon 0 [ 2791.473964][T16249] total_active_anon 12288 [ 2791.487230][T16249] total_inactive_file 0 20:26:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x1200000000000000) [ 2791.506097][T16249] total_active_file 0 [ 2791.510933][T16249] total_unevictable 0 [ 2791.515857][T16249] anon_cost 0 [ 2791.527397][T16249] file_cost 0 20:26:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x8848}, 0x0) [ 2791.546736][T16249] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16249,uid=0 [ 2791.576918][T16249] Memory cgroup out of memory: Killed process 16249 (syz-executor.1) total-vm:56424kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:26:20 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000f00", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:20 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}, 0x1, 0x0, 0x702f}, 0x0) [ 2791.589094][T16280] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2791.602008][T16280] IPv6: NLM_F_CREATE should be set when creating new route [ 2791.627297][T24983] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) 20:26:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x8a51}, 0x0) 20:26:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xfc00}, 0x0) [ 2791.774023][T16287] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2791.782895][T16287] IPv6: NLM_F_CREATE should be set when creating new route 20:26:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xff00}, 0x0) 20:26:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x1400000000000000) 20:26:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x34000}, 0x0) [ 2792.005473][T16293] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2792.013349][T16293] IPv6: NLM_F_CREATE should be set when creating new route [ 2792.019155][T16292] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2792.033089][T16292] CPU: 1 PID: 16292 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2792.043548][T16292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2792.053638][T16292] Call Trace: [ 2792.056930][T16292] [ 2792.059901][T16292] dump_stack_lvl+0x1e7/0x2e0 [ 2792.064601][T16292] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2792.069819][T16292] ? __pfx__printk+0x10/0x10 [ 2792.074422][T16292] ? ___ratelimit+0x4c4/0x670 [ 2792.079116][T16292] ? __pfx____ratelimit+0x10/0x10 [ 2792.084161][T16292] dump_header+0xda/0x6a0 [ 2792.088515][T16292] oom_kill_process+0x3a7/0x930 [ 2792.093389][T16292] out_of_memory+0xf67/0x1320 [ 2792.098085][T16292] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2792.103731][T16292] ? __pfx___mutex_lock+0x10/0x10 [ 2792.108788][T16292] ? __pfx_out_of_memory+0x10/0x10 [ 2792.113923][T16292] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2792.119480][T16292] ? __pfx_lock_release+0x10/0x10 [ 2792.124520][T16292] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2792.130602][T16292] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2792.135812][T16292] ? mem_cgroup_iter+0x3e9/0x560 [ 2792.140767][T16292] try_charge_memcg+0xda2/0x18a0 [ 2792.145714][T16292] ? mark_lock+0x9a/0x350 [ 2792.150076][T16292] ? __pfx_try_charge_memcg+0x10/0x10 [ 2792.155485][T16292] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2792.161648][T16292] charge_memcg+0xa2/0x160 [ 2792.166093][T16292] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2792.172182][T16292] __read_swap_cache_async+0x480/0x8b0 [ 2792.177654][T16292] ? mark_lock+0x9a/0x350 [ 2792.182004][T16292] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2792.188008][T16292] swap_cluster_readahead+0x67c/0x810 [ 2792.193404][T16292] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 2792.199319][T16292] ? __pfx_lock_release+0x10/0x10 [ 2792.204369][T16292] ? xas_descend+0x37e/0x470 [ 2792.208992][T16292] swapin_readahead+0x1ea/0x1070 [ 2792.213944][T16292] ? filemap_get_entry+0x127/0x4e0 [ 2792.219083][T16292] ? __pfx_swapin_readahead+0x10/0x10 [ 2792.224474][T16292] ? __filemap_get_folio+0x935/0xbc0 [ 2792.229777][T16292] ? swap_cache_get_folio+0x9f/0x570 [ 2792.235080][T16292] do_swap_page+0x8ab/0x3da0 [ 2792.239686][T16292] ? __pte_offset_map+0x2c4/0x380 [ 2792.244730][T16292] ? __pfx_lock_acquire+0x10/0x10 [ 2792.249784][T16292] ? do_swap_page+0x154/0x3da0 [ 2792.254898][T16292] ? __pfx_do_swap_page+0x10/0x10 [ 2792.259931][T16292] ? pte_offset_map_nolock+0x137/0x1f0 [ 2792.265414][T16292] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2792.271252][T16292] __handle_mm_fault+0x15e8/0x72d0 [ 2792.276407][T16292] ? reacquire_held_locks+0x3eb/0x690 [ 2792.281789][T16292] ? __pfx___handle_mm_fault+0x10/0x10 [ 2792.287269][T16292] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2792.293015][T16292] ? mtree_range_walk+0x6fd/0x8e0 [ 2792.298057][T16292] ? lock_vma_under_rcu+0x18a/0x730 [ 2792.303268][T16292] ? __pfx_lock_release+0x10/0x10 [ 2792.308309][T16292] ? lock_vma_under_rcu+0x2f9/0x730 [ 2792.313539][T16292] ? lock_vma_under_rcu+0x18a/0x730 [ 2792.318755][T16292] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2792.324316][T16292] handle_mm_fault+0x3c1/0x8a0 [ 2792.329101][T16292] exc_page_fault+0x456/0x870 [ 2792.333807][T16292] asm_exc_page_fault+0x26/0x30 [ 2792.338678][T16292] RIP: 0033:0x7f091a852707 [ 2792.343104][T16292] Code: 08 01 00 00 48 89 7c 24 10 48 89 34 24 48 89 54 24 18 48 89 4c 24 20 64 48 8b 04 25 28 00 00 00 48 89 84 24 f8 00 00 00 31 c0 <80> 3d ea d7 12 00 00 0f 85 3c 05 00 00 48 8b 04 24 48 83 e8 01 48 [ 2792.362723][T16292] RSP: 002b:00007ffdf4c5ca60 EFLAGS: 00010246 [ 2792.368806][T16292] RAX: 0000000000000000 RBX: 00007ffdf4c5cd00 RCX: 00007f091a9abf80 [ 2792.376787][T16292] RDX: 00007f091a834bb0 RSI: 00007ffdf4c5cd00 RDI: 00007ffdf4c5ccb8 [ 2792.384766][T16292] RBP: 0000000000000000 R08: 00007f091a9abf8c R09: 00007f091a9abf8c [ 2792.392828][T16292] R10: 00007f091a400060 R11: 0000000000000246 R12: 00007f091a9abf80 [ 2792.400807][T16292] R13: 0000000000000064 R14: 00007f091a9abf80 R15: 00007f091a834bb0 [ 2792.408804][T16292] 20:26:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x400300}, 0x0) 20:26:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008001000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2792.449868][T16292] memory: usage 307180kB, limit 307200kB, failcnt 187164 [ 2792.488393][T21836] Bluetooth: hci5: command 0x0406 tx timeout 20:26:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x1000000}, 0x0) [ 2792.527674][T16292] memory+swap: usage 307360kB, limit 9007199254740988kB, failcnt 0 [ 2792.556334][T16292] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2792.576112][T16292] Memory cgroup stats for /syz1: [ 2792.576266][T16292] cache 0 [ 2792.584198][T16292] rss 12288 [ 2792.606825][T16292] rss_huge 0 [ 2792.610081][T16292] shmem 0 [ 2792.613043][T16292] mapped_file 0 [ 2792.614186][T16300] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 20:26:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x2000000}, 0x0) [ 2792.625368][T16300] IPv6: NLM_F_CREATE should be set when creating new route [ 2792.631577][T16292] dirty 0 [ 2792.635570][T16292] writeback 0 [ 2792.659153][T16292] workingset_refault_anon 61745 [ 2792.667402][T16309] __nla_validate_parse: 9 callbacks suppressed 20:26:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x1500000000000000) [ 2792.667420][T16309] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2792.689634][T16292] workingset_refault_file 0 [ 2792.694303][T16292] swap 184320 [ 2792.699576][T16292] swapcached 8192 [ 2792.715365][T16292] pgpgin 210622 20:26:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x3000000}, 0x0) [ 2792.731546][T16292] pgpgout 210619 [ 2792.743157][T16292] pgfault 473506 [ 2792.755722][T16292] pgmajfault 59221 [ 2792.764269][T16292] inactive_anon 12288 [ 2792.772017][T16292] active_anon 0 [ 2792.786300][T16292] inactive_file 0 [ 2792.789992][T16292] active_file 0 [ 2792.793476][T16292] unevictable 0 [ 2792.807767][T16292] hierarchical_memory_limit 314572800 [ 2792.813200][T16292] hierarchical_memsw_limit 9223372036854771712 [ 2792.829805][T16292] total_cache 0 [ 2792.833325][T16292] total_rss 12288 [ 2792.847172][T16292] total_rss_huge 0 [ 2792.850956][T16292] total_shmem 0 [ 2792.854456][T16292] total_mapped_file 0 [ 2792.862162][T16292] total_dirty 0 [ 2792.862214][T16311] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2792.865655][T16292] total_writeback 0 [ 2792.865667][T16292] total_workingset_refault_anon 61745 [ 2792.865677][T16292] total_workingset_refault_file 0 [ 2792.865687][T16292] total_swap 184320 [ 2792.865703][T16292] total_swapcached 8192 [ 2792.865713][T16292] total_pgpgin 210622 [ 2792.865722][T16292] total_pgpgout 210619 [ 2792.865732][T16292] total_pgfault 473506 [ 2792.865741][T16292] total_pgmajfault 59221 [ 2792.865751][T16292] total_inactive_anon 12288 [ 2792.873564][T16311] IPv6: NLM_F_CREATE should be set when creating new route [ 2792.901004][T16292] total_active_anon 0 20:26:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x4000000}, 0x0) 20:26:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008001100", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2792.935556][T16314] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2792.956042][T16292] total_inactive_file 0 [ 2792.967754][T16292] total_active_file 0 [ 2792.987062][T16292] total_unevictable 0 [ 2792.991187][T16292] anon_cost 0 [ 2793.001832][T16292] file_cost 0 [ 2793.017652][T16292] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16292,uid=0 20:26:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x5000000}, 0x0) 20:26:22 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2793.078341][T16321] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2793.086553][T16292] Memory cgroup out of memory: Killed process 16292 (syz-executor.1) total-vm:56424kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 20:26:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x6000000}, 0x0) [ 2793.192386][T16316] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2793.201479][T16316] IPv6: NLM_F_CREATE should be set when creating new route 20:26:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x7000000}, 0x0) [ 2793.239120][T16322] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2793.246977][T16322] IPv6: NLM_F_CREATE should be set when creating new route 20:26:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x1800000000000000) 20:26:22 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008001400", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x8000000}, 0x0) [ 2793.378427][T16332] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 20:26:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x9000000}, 0x0) [ 2793.539353][T16333] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 20:26:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xa000000}, 0x0) [ 2793.625491][T16325] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2793.649871][T16325] CPU: 0 PID: 16325 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2793.660360][T16325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2793.670458][T16325] Call Trace: [ 2793.673771][T16325] [ 2793.676836][T16325] dump_stack_lvl+0x1e7/0x2e0 [ 2793.681580][T16325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2793.686834][T16325] ? __pfx__printk+0x10/0x10 [ 2793.691473][T16325] ? ___ratelimit+0x4c4/0x670 [ 2793.696204][T16325] ? __pfx____ratelimit+0x10/0x10 [ 2793.701281][T16325] dump_header+0xda/0x6a0 [ 2793.705659][T16325] oom_kill_process+0x3a7/0x930 [ 2793.710571][T16325] out_of_memory+0xf67/0x1320 [ 2793.715307][T16325] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2793.720982][T16325] ? __pfx___mutex_lock+0x10/0x10 20:26:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xb000000}, 0x0) [ 2793.726061][T16325] ? __pfx_out_of_memory+0x10/0x10 [ 2793.731236][T16325] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2793.736827][T16325] ? __pfx_lock_release+0x10/0x10 [ 2793.741900][T16325] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2793.748015][T16325] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2793.753310][T16325] ? mem_cgroup_iter+0x3e9/0x560 [ 2793.758302][T16325] try_charge_memcg+0xda2/0x18a0 [ 2793.763281][T16325] ? mark_lock+0x9a/0x350 [ 2793.767689][T16325] ? __pfx_try_charge_memcg+0x10/0x10 [ 2793.773144][T16325] ? mem_cgroup_swapin_charge_folio+0x35/0x3a0 [ 2793.779437][T16325] charge_memcg+0xa2/0x160 [ 2793.783911][T16325] mem_cgroup_swapin_charge_folio+0x267/0x3a0 [ 2793.784907][T16334] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2793.790003][T16325] __read_swap_cache_async+0x480/0x8b0 [ 2793.790043][T16325] ? mark_lock+0x9a/0x350 [ 2793.790080][T16325] ? __pfx___read_swap_cache_async+0x10/0x10 [ 2793.790123][T16325] swap_cluster_readahead+0x67c/0x810 [ 2793.790172][T16325] ? __pfx_swap_cluster_readahead+0x10/0x10 20:26:22 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008001500", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2793.797969][T16334] IPv6: NLM_F_CREATE should be set when creating new route [ 2793.802848][T16325] ? __pfx_lock_release+0x10/0x10 [ 2793.836775][T16325] ? xas_descend+0x37e/0x470 [ 2793.841429][T16325] swapin_readahead+0x1ea/0x1070 [ 2793.846414][T16325] ? filemap_get_entry+0x127/0x4e0 [ 2793.851589][T16325] ? __pfx_swapin_readahead+0x10/0x10 [ 2793.857022][T16325] ? __filemap_get_folio+0x935/0xbc0 [ 2793.862380][T16325] ? swap_cache_get_folio+0x9f/0x570 [ 2793.867810][T16325] do_swap_page+0x8ab/0x3da0 [ 2793.872445][T16325] ? __pte_offset_map+0x2c4/0x380 [ 2793.877535][T16325] ? __pfx_validate_chain+0x10/0x10 [ 2793.882778][T16325] ? do_swap_page+0x154/0x3da0 [ 2793.887583][T16325] ? __pfx_do_swap_page+0x10/0x10 [ 2793.892650][T16325] ? pte_offset_map_nolock+0x137/0x1f0 [ 2793.898253][T16325] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2793.904122][T16325] __handle_mm_fault+0x15e8/0x72d0 [ 2793.909327][T16325] ? reacquire_held_locks+0x3eb/0x690 [ 2793.914736][T16325] ? __pfx___handle_mm_fault+0x10/0x10 [ 2793.920260][T16325] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2793.926046][T16325] ? mtree_range_walk+0x6fd/0x8e0 [ 2793.931136][T16325] ? lock_vma_under_rcu+0x18a/0x730 [ 2793.935068][T16345] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2793.936369][T16325] ? __pfx_lock_release+0x10/0x10 [ 2793.936408][T16325] ? lock_vma_under_rcu+0x2f9/0x730 [ 2793.936462][T16325] ? lock_vma_under_rcu+0x18a/0x730 [ 2793.936491][T16325] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2793.966726][T16325] handle_mm_fault+0x3c1/0x8a0 [ 2793.971555][T16325] exc_page_fault+0x456/0x870 [ 2793.976288][T16325] asm_exc_page_fault+0x26/0x30 [ 2793.981263][T16325] RIP: 0033:0x7f091a886db9 [ 2793.985701][T16325] Code: 89 7c 24 08 40 88 74 24 17 48 85 ff 0f 84 58 01 00 00 48 8b 5f 08 48 8d 3d 74 91 0f 00 48 89 1c 24 e8 5b d3 fc ff 4c 8b 7b f0 <48> 8b 3d 88 e9 c4 00 49 39 ff 0f 82 87 01 00 00 48 c7 44 24 18 00 [ 2794.005352][T16325] RSP: 002b:00007ffdf4c5ca00 EFLAGS: 00010206 [ 2794.011465][T16325] RAX: 0000000000000000 RBX: 0000555555e1c910 RCX: 0000555555e1c8f0 [ 2794.019479][T16325] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 00007f091a97ff20 20:26:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xc000000}, 0x0) [ 2794.027481][T16325] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 [ 2794.035488][T16325] R10: 0000000000021000 R11: 0000000000000010 R12: 00007ffdf4c5cd00 [ 2794.043492][T16325] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 000000000000000f [ 2794.051520][T16325] [ 2794.059810][T16335] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2794.068997][T16335] IPv6: NLM_F_CREATE should be set when creating new route [ 2794.110501][T16347] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2794.111142][T16325] memory: usage 307180kB, limit 307200kB, failcnt 187492 [ 2794.118354][T16347] IPv6: NLM_F_CREATE should be set when creating new route [ 2794.136486][T16325] memory+swap: usage 307392kB, limit 9007199254740988kB, failcnt 0 [ 2794.144480][T16325] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 2794.152471][T16325] Memory cgroup stats for /syz1: 20:26:23 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x2000000000000000) [ 2794.152620][T16325] cache 0 [ 2794.161662][T16325] rss 8192 [ 2794.165344][T16325] rss_huge 0 [ 2794.170105][T16325] shmem 0 [ 2794.187265][ T29] INFO: task syz-executor.2:13533 blocked for more than 143 seconds. [ 2794.195489][ T29] Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2794.206397][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2794.215421][ T29] task:syz-executor.2 state:D stack:23280 pid:13533 tgid:13532 ppid:5106 flags:0x00004006 [ 2794.236188][T16325] mapped_file 0 [ 2794.241347][T16325] dirty 0 [ 2794.244439][T16325] writeback 0 [ 2794.247953][T16325] workingset_refault_anon 61868 [ 2794.254880][T16325] workingset_refault_file 0 20:26:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008006000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xf000000}, 0x0) [ 2794.259910][ T29] Call Trace: [ 2794.263942][T16325] swap 217088 [ 2794.267668][ T29] [ 2794.270645][ T29] __schedule+0x17d1/0x49f0 [ 2794.275237][ T29] ? __pfx___schedule+0x10/0x10 [ 2794.288510][T16325] swapcached 12288 [ 2794.292441][T16325] pgpgin 210756 [ 2794.305249][T16325] pgpgout 210753 [ 2794.316448][ T29] ? __pfx_lock_release+0x10/0x10 [ 2794.321665][ T29] ? schedule+0x8e/0x260 [ 2794.329637][T16325] pgfault 473708 [ 2794.336990][T16325] pgmajfault 59334 [ 2794.344306][ T29] schedule+0x149/0x260 [ 2794.349719][T16325] inactive_anon 0 [ 2794.353503][ T29] schedule_timeout+0xb0/0x310 [ 2794.359877][T16353] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2794.369714][T16325] active_anon 8192 [ 2794.373707][T16325] inactive_file 0 [ 2794.377669][ T29] ? __pfx_schedule_timeout+0x10/0x10 [ 2794.383129][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2794.389681][T16325] active_file 0 [ 2794.396169][T16325] unevictable 0 [ 2794.406132][T16325] hierarchical_memory_limit 314572800 [ 2794.411651][ T29] ? wait_for_completion+0x2fd/0x620 20:26:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x10000000}, 0x0) [ 2794.417332][T16325] hierarchical_memsw_limit 9223372036854771712 [ 2794.426487][ T29] ? wait_for_completion+0x2fd/0x620 [ 2794.431849][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 2794.443049][T16325] total_cache 0 [ 2794.446938][T16325] total_rss 8192 [ 2794.453040][ T29] ? lockdep_hardirqs_on+0x98/0x140 [ 2794.467529][T16325] total_rss_huge 0 [ 2794.471469][T16325] total_shmem 0 [ 2794.475023][ T29] ? wait_for_completion+0x2fd/0x620 [ 2794.486117][T16325] total_mapped_file 0 [ 2794.490228][ T29] wait_for_completion+0x354/0x620 [ 2794.495422][ T29] ? __pfx_wait_for_completion+0x10/0x10 [ 2794.501393][T16325] total_dirty 0 20:26:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x14000000}, 0x0) [ 2794.517546][T16325] total_writeback 0 [ 2794.521423][T16325] total_workingset_refault_anon 61868 [ 2794.535650][ T29] ? __flush_work+0xe9/0xad0 [ 2794.546710][ T29] __flush_work+0x950/0xad0 [ 2794.551855][ T29] ? __cancel_work_timer+0x46b/0x6b0 [ 2794.558150][T16325] total_workingset_refault_file 0 [ 2794.563221][T16325] total_swap 217088 [ 2794.572150][ T29] ? __flush_work+0xe9/0xad0 [ 2794.579811][T16355] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2794.579856][ T29] ? __pfx___flush_work+0x10/0x10 [ 2794.596422][T16325] total_swapcached 12288 [ 2794.605780][ T29] ? __pfx_wq_barrier_func+0x10/0x10 [ 2794.611724][T16325] total_pgpgin 210756 [ 2794.615835][ T29] ? __pfx_unregister_nexthop_notifier+0x10/0x10 [ 2794.623117][T16325] total_pgpgout 210753 [ 2794.627831][ T29] nsim_fib_destroy+0xa1/0x180 [ 2794.632831][T16325] total_pgfault 473708 [ 2794.637700][ T29] nsim_dev_reload_destroy+0x2e3/0x490 [ 2794.643375][T16325] total_pgmajfault 59334 [ 2794.650701][ T29] nsim_dev_reload_down+0x98/0xd0 [ 2794.656623][ T29] devlink_reload+0x189/0x870 [ 2794.661535][T16325] total_inactive_anon 0 [ 2794.665810][ T29] ? __pfx_devlink_reload+0x10/0x10 20:26:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x60000000}, 0x0) [ 2794.676007][T16325] total_active_anon 8192 [ 2794.686261][ T29] ? bpf_lsm_capable+0x9/0x10 [ 2794.691457][T16325] total_inactive_file 0 [ 2794.696143][ T29] ? security_capable+0x90/0xb0 [ 2794.701847][T16325] total_active_file 0 [ 2794.708446][ T29] devlink_nl_reload_doit+0x9c3/0xe50 [ 2794.714110][T16325] total_unevictable 0 [ 2794.726825][ T29] ? __pfx_devlink_nl_reload_doit+0x10/0x10 [ 2794.732906][T16325] anon_cost 0 [ 2794.737315][T16325] file_cost 0 [ 2794.740747][ T29] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 2794.754265][T16325] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16325,uid=0 20:26:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x65580000}, 0x0) [ 2794.776024][ T29] genl_rcv_msg+0xad6/0xe50 [ 2794.781195][ T29] ? mark_lock+0x9a/0x350 [ 2794.796263][ T29] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2794.801492][ T29] ? __pfx_lock_acquire+0x10/0x10 [ 2794.807283][T16325] Memory cgroup out of memory: Killed process 16325 (syz-executor.1) total-vm:56556kB, anon-rss:388kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:1000 [ 2794.826130][ T29] ? __pfx_devlink_nl_pre_doit_dev_lock+0x10/0x10 [ 2794.834391][T16357] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2794.843261][T16357] IPv6: NLM_F_CREATE should be set when creating new route [ 2794.854750][ T29] ? __pfx_devlink_nl_reload_doit+0x10/0x10 [ 2794.861139][ T29] ? __pfx_devlink_nl_post_doit_dev_lock+0x10/0x10 [ 2794.876460][ T29] ? __pfx___might_resched+0x10/0x10 [ 2794.881837][ T29] netlink_rcv_skb+0x1e3/0x430 [ 2794.889550][T16358] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2794.893532][ T29] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2794.897485][T16358] IPv6: NLM_F_CREATE should be set when creating new route [ 2794.902649][ T29] ? __pfx_netlink_rcv_skb+0x10/0x10 20:26:23 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) 20:26:23 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x2100000000000000) [ 2794.926882][ T29] ? __pfx_lock_release+0x10/0x10 [ 2794.932000][ T29] ? __netlink_deliver_tap+0x77e/0x7c0 20:26:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x81000000}, 0x0) [ 2794.976041][ T29] genl_rcv+0x28/0x40 [ 2794.980166][ T29] netlink_unicast+0x7ea/0x980 [ 2794.985068][ T29] ? __pfx_netlink_unicast+0x10/0x10 20:26:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000003", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2795.019145][ T29] ? __virt_addr_valid+0x44e/0x520 [ 2795.024351][ T29] ? __phys_addr_symbol+0x2f/0x70 [ 2795.042070][ T29] ? __check_object_size+0x4bb/0xa00 [ 2795.054397][ T29] ? bpf_lsm_netlink_send+0x9/0x10 [ 2795.069169][ T29] netlink_sendmsg+0xa3b/0xd70 [ 2795.074459][T16369] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2795.082550][T16370] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2795.095208][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2795.106101][ T29] ? __import_iovec+0x552/0x890 [ 2795.111125][ T29] ? aa_sock_msg_perm+0x91/0x160 [ 2795.126151][T16370] CPU: 1 PID: 16370 Comm: syz-executor.1 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2795.136636][T16370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2795.146742][T16370] Call Trace: [ 2795.150062][T16370] [ 2795.153039][T16370] dump_stack_lvl+0x1e7/0x2e0 [ 2795.157765][T16370] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2795.163099][T16370] ? __pfx__printk+0x10/0x10 [ 2795.167750][T16370] ? ___ratelimit+0x4c4/0x670 [ 2795.172596][T16370] ? __pfx____ratelimit+0x10/0x10 [ 2795.177659][T16370] dump_header+0xda/0x6a0 [ 2795.182027][T16370] oom_kill_process+0x3a7/0x930 [ 2795.186902][T16370] out_of_memory+0xf67/0x1320 [ 2795.191600][T16370] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 2795.197248][T16370] ? __pfx___mutex_lock+0x10/0x10 [ 2795.202298][T16370] ? __pfx_out_of_memory+0x10/0x10 [ 2795.207437][T16370] mem_cgroup_out_of_memory+0x263/0x3b0 [ 2795.213086][T16370] ? __pfx_lock_release+0x10/0x10 [ 2795.218133][T16370] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 2795.224217][T16370] ? do_raw_spin_unlock+0x13b/0x8b0 [ 2795.229523][T16370] ? mem_cgroup_iter+0x3e9/0x560 [ 2795.234486][T16370] try_charge_memcg+0xda2/0x18a0 [ 2795.239461][T16370] ? __pfx_try_charge_memcg+0x10/0x10 [ 2795.244858][T16370] ? percpu_ref_tryget+0x14/0x180 [ 2795.249927][T16370] charge_memcg+0xa2/0x160 [ 2795.254374][T16370] __mem_cgroup_charge+0x27/0x80 [ 2795.259350][T16370] folio_prealloc+0x52/0x170 [ 2795.263960][T16370] do_wp_page+0x1222/0x4c90 [ 2795.268533][T16370] ? page_ext_put+0x9c/0xc0 [ 2795.273744][T16370] ? __pfx_do_wp_page+0x10/0x10 [ 2795.278609][T16370] ? page_ext_get+0x20/0x2a0 [ 2795.283207][T16370] ? page_ext_get+0x1d6/0x2a0 [ 2795.287901][T16370] ? __page_table_check_ptes_set+0x220/0x280 [ 2795.293896][T16370] ? folio_add_anon_rmap_ptes+0x10d3/0x1750 [ 2795.299814][T16370] ? folio_unlock+0x126/0x2f0 [ 2795.304508][T16370] do_swap_page+0x207c/0x3da0 [ 2795.309214][T16370] ? do_swap_page+0x154/0x3da0 [ 2795.313989][T16370] ? __pfx_do_swap_page+0x10/0x10 [ 2795.319036][T16370] ? pte_offset_map_nolock+0x137/0x1f0 [ 2795.324512][T16370] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 2795.330431][T16370] __handle_mm_fault+0x15e8/0x72d0 [ 2795.335583][T16370] ? reacquire_held_locks+0x3eb/0x690 [ 2795.340992][T16370] ? __pfx___handle_mm_fault+0x10/0x10 [ 2795.346603][T16370] ? __pfx_reacquire_held_locks+0x10/0x10 [ 2795.352347][T16370] ? mtree_range_walk+0x6fd/0x8e0 [ 2795.357384][T16370] ? lock_vma_under_rcu+0x18a/0x730 [ 2795.362595][T16370] ? __pfx_lock_release+0x10/0x10 [ 2795.367644][T16370] ? lock_vma_under_rcu+0x2f9/0x730 [ 2795.372881][T16370] ? lock_vma_under_rcu+0x18a/0x730 [ 2795.378091][T16370] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 2795.383654][T16370] handle_mm_fault+0x3c1/0x8a0 [ 2795.388469][T16370] exc_page_fault+0x456/0x870 [ 2795.393176][T16370] asm_exc_page_fault+0x26/0x30 [ 2795.398051][T16370] RIP: 0033:0x7f091a87a9c9 [ 2795.402475][T16370] Code: 48 83 3d a1 e5 0f 00 00 0f 84 83 02 00 00 e8 7e f7 fd ff e8 f9 03 00 00 41 89 c4 85 c0 0f 85 7e 02 00 00 48 8b 05 97 fd c5 00 05 ad 4b 10 00 01 00 00 00 c7 05 03 09 c6 00 00 00 00 00 c7 05 [ 2795.422100][T16370] RSP: 002b:00007ffdf4c5ccd0 EFLAGS: 00010246 [ 2795.428181][T16370] RAX: 0000000000000004 RBX: 0000000000000000 RCX: 00007f091a87ae0d [ 2795.436160][T16370] RDX: 0000000000000000 RSI: 0000000000000018 RDI: 0000555555e1b760 [ 2795.444134][T16370] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 2795.452113][T16370] R10: 0000555555e1b750 R11: 0000000000000246 R12: 0000000000000000 [ 2795.460090][T16370] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 2795.468084][T16370] [ 2795.516439][T25742] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2795.525979][ T29] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2795.531964][ T29] ? security_socket_sendmsg+0x87/0xb0 [ 2795.536523][T16370] memory: usage 307200kB, limit 307200kB, failcnt 187606 [ 2795.544513][T16370] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0 [ 2795.545970][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2795.564652][T16370] kmem: usage 307172kB, limit 9007199254740988kB, failcnt 0 [ 2795.573592][T16370] Memory cgroup stats for /syz1: [ 2795.573748][T16370] cache 0 [ 2795.575998][ T29] __sock_sendmsg+0x221/0x270 [ 2795.579209][T16370] rss 20480 [ 2795.581709][ T29] ____sys_sendmsg+0x525/0x7d0 [ 2795.586619][T16370] rss_huge 0 [ 2795.586631][T16370] shmem 0 [ 2795.586641][T16370] mapped_file 0 [ 2795.604646][T16370] dirty 0 [ 2795.606008][ T29] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2795.607921][T16370] writeback 0 [ 2795.612886][ T29] __sys_sendmsg+0x2b0/0x3a0 [ 2795.617429][T16370] workingset_refault_anon 61891 [ 2795.632221][ T29] ? __pfx___sys_sendmsg+0x10/0x10 [ 2795.632854][T16370] workingset_refault_file 0 [ 2795.637779][ T29] ? restore_fpregs_from_fpstate+0x100/0x250 [ 2795.648028][T16370] swap 212992 [ 2795.648042][T16370] swapcached 12288 [ 2795.648053][T16370] pgpgin 210791 [ 2795.648063][T16370] pgpgout 210784 [ 2795.648072][T16370] pgfault 473757 [ 2795.648081][T16370] pgmajfault 59358 [ 2795.648108][T16370] inactive_anon 4096 [ 2795.648119][T16370] active_anon 20480 [ 2795.648128][T16370] inactive_file 0 [ 2795.648137][T16370] active_file 0 [ 2795.648147][T16370] unevictable 0 [ 2795.648156][T16370] hierarchical_memory_limit 314572800 [ 2795.648166][T16370] hierarchical_memsw_limit 9223372036854771712 [ 2795.648178][T16370] total_cache 0 [ 2795.648187][T16370] total_rss 20480 [ 2795.648197][T16370] total_rss_huge 0 [ 2795.648206][T16370] total_shmem 0 20:26:24 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x88470000}, 0x0) [ 2795.648216][T16370] total_mapped_file 0 [ 2795.656021][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2795.675064][T16370] total_dirty 0 [ 2795.740292][ T29] ? do_syscall_64+0x108/0x240 [ 2795.753447][T16375] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2795.762404][ T29] ? do_syscall_64+0xb4/0x240 [ 2795.782814][ T29] do_syscall_64+0xf9/0x240 [ 2795.798439][ T29] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 2795.809089][T16370] total_writeback 0 [ 2795.819937][T16370] total_workingset_refault_anon 61891 [ 2795.821614][ T29] RIP: 0033:0x7f46c3c7dda9 20:26:24 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x88480000}, 0x0) [ 2795.849584][ T29] RSP: 002b:00007f46c49600c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2795.852887][T16373] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2795.866985][T16373] IPv6: NLM_F_CREATE should be set when creating new route [ 2795.876505][T16370] total_workingset_refault_file 0 [ 2795.881676][ T29] RAX: ffffffffffffffda RBX: 00007f46c3dabf80 RCX: 00007f46c3c7dda9 20:26:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x2500000000000000) [ 2795.894963][T16377] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2795.902814][T16377] IPv6: NLM_F_CREATE should be set when creating new route [ 2795.916025][T16370] total_swap 212992 [ 2795.919896][T16370] total_swapcached 12288 [ 2795.924172][T16370] total_pgpgin 210791 [ 2795.936136][ T29] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 000000000000000b [ 2795.944173][ T29] RBP: 00007f46c3cca47a R08: 0000000000000000 R09: 0000000000000000 20:26:24 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000005", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2795.972271][T16370] total_pgpgout 210784 [ 2795.979539][ T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2795.987925][T16370] total_pgfault 473757 [ 2795.992029][T16370] total_pgmajfault 59358 [ 2795.998753][ T29] R13: 000000000000000b R14: 00007f46c3dabf80 R15: 00007ffd9e1abc78 [ 2796.016453][T16370] total_inactive_anon 4096 20:26:24 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x88a8ffff}, 0x0) [ 2796.020920][T16370] total_active_anon 20480 [ 2796.025269][T16370] total_inactive_file 0 [ 2796.029575][ T29] [ 2796.037464][ T29] [ 2796.037464][ T29] Showing all locks held in the system: [ 2796.045227][ T29] 1 lock held by khungtaskd/29: [ 2796.057894][T16370] total_active_file 0 [ 2796.062022][ T29] #0: ffffffff8e130c60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 2796.081504][T16370] total_unevictable 0 [ 2796.086497][T16370] anon_cost 0 [ 2796.092192][ T29] 3 locks held by kworker/1:2/4482: [ 2796.097788][T16370] file_cost 0 [ 2796.115561][T16370] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=29516,uid=0 [ 2796.136481][ T29] #0: ffff888014c8c938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 2796.156344][ T29] #1: ffffc9000df7fd20 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 20:26:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0x8a510000}, 0x0) [ 2796.171779][T16370] Memory cgroup out of memory: Killed process 29516 (syz-executor.1) total-vm:50536kB, anon-rss:504kB, file-rss:8960kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:0 [ 2796.196634][ T29] #2: ffff8881597cb240 (&data->fib_lock){+.+.}-{3:3}, at: nsim_fib_event_work+0x2d1/0x4130 [ 2796.211068][ T29] 2 locks held by getty/4821: 20:26:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xe0ffffff}, 0x0) [ 2796.234227][ T29] #0: ffff88802b97c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 2796.267116][ T29] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b4/0x1e10 [ 2796.281595][T16386] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2796.290464][T16386] IPv6: NLM_F_CREATE should be set when creating new route [ 2796.299808][ T29] 3 locks held by syz-executor.4/5104: [ 2796.305348][ T29] 3 locks held by kworker/1:6/5152: [ 2796.313536][ T29] #0: ffff88802b22ad38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 20:26:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x3f00000000000000) [ 2796.328675][ T29] #1: ffffc90004507d20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 2796.356127][ T29] #2: ffffffff8f375a08 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 2796.373269][ T29] 3 locks held by kworker/u4:42/25742: [ 2796.379626][ T29] 3 locks held by kworker/0:0/26514: 20:26:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xf0ffffff}, 0x0) [ 2796.385071][ T29] #0: ffff88802b22ad38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 2796.432922][ T29] #1: ffffc9000328fd20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 2796.455870][T16389] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2796.463763][T16389] IPv6: NLM_F_CREATE should be set when creating new route [ 2796.464326][ T29] #2: ffffffff8f375a08 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 2796.482594][ T29] 2 locks held by kworker/1:0/28107: [ 2796.493070][ T29] #0: ffff888014c8e538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 20:26:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xfc000000}, 0x0) 20:26:25 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000006", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2796.527892][ T29] #1: ffffc9000576fd20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 2796.542474][ T29] 3 locks held by syz-executor.2/13533: [ 2796.550670][ T29] #0: ffffffff8f3d9570 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 20:26:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xfe80ffff}, 0x0) [ 2796.576080][ T29] #1: ffff888047c310e8 (&dev->mutex){....}-{3:3}, at: devlink_get_from_attrs_lock+0x159/0x3d0 [ 2796.607783][ T29] #2: ffff88801df87250 (&devlink->lock_key#2){+.+.}-{3:3}, at: devlink_get_from_attrs_lock+0x168/0x3d0 [ 2796.633985][ T29] 5 locks held by syz-executor.2/13739: [ 2796.648324][ T29] #0: ffff88803021a420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x233/0xcb0 [ 2796.658827][T16398] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2796.661431][ T29] #1: ffff888198048c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 2796.667805][T16398] IPv6: NLM_F_CREATE should be set when creating new route [ 2796.677432][ T29] #2: ffff88801e0b6100 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 [ 2796.701828][ T29] #3: ffffffff8ecb55e8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480 [ 2796.721962][ T29] #4: ffff888047c310e8 (&dev->mutex){....}-{3:3}, at: device_del+0xa6/0xa30 20:26:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xfec0ffff}, 0x0) [ 2796.735814][ T29] 4 locks held by syz-executor.2/15144: [ 2796.742460][ T29] #0: ffff88803021a420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x233/0xcb0 20:26:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020000000000000000000c00090008000000", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x4000000000000000) 20:26:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xff000000}, 0x0) [ 2796.777463][ T29] #1: ffff8881a0a22c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 2796.817268][ T29] #2: ffff88801e0b6100 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 20:26:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xffff0000}, 0x0) [ 2796.854697][ T29] #3: ffffffff8ecb55e8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480 [ 2796.879056][ T29] 1 lock held by dhcpcd/16361: [ 2796.890665][ T29] #0: ffff888084794a10 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: sock_close+0x90/0x240 [ 2796.916113][ T29] 1 lock held by syz-executor.1/16370: [ 2796.922407][ T29] #0: ffffffff8e1365f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x46c/0x890 [ 2796.930234][T16405] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2796.935491][ T29] 2 locks held by dhcpcd/16376: [ 2796.941203][T16405] IPv6: NLM_F_CREATE should be set when creating new route [ 2796.945613][ T29] #0: ffff88801fe40130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 2796.964522][ T29] #1: ffffffff8e1365f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x46c/0x890 [ 2796.976644][ T29] 4 locks held by syz-executor.0/16405: [ 2796.994661][ T29] #0: ffff8880b943c958 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 20:26:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xffff80fe}, 0x0) 20:26:25 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010014000000000000000a00020040000000000000000c00090008000007", @ANYRES32=r3, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0) [ 2797.016616][ T29] #1: ffff8880b9428988 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x441/0x770 [ 2797.057381][ T29] #2: ffff888025893ee8 (&(&sig->stats_lock)->lock){....}-{2:2}, at: release_task+0x821/0x1810 [ 2797.088548][ T29] #3: ffff888025893ea0 (&____s->seqcount#5){....}-{0:0}, at: do_exit+0x1a62/0x2740 [ 2797.101184][ T29] 1 lock held by syz-executor.3/16411: 20:26:26 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00080008"], 0x3c}, 0x1, 0x0, 0xffffa888}, 0x0) [ 2797.108386][ T29] #0: ffff8880b953c958 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 2797.119685][T16413] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2797.128546][T16413] IPv6: NLM_F_CREATE should be set when creating new route [ 2797.136917][ T29] 1 lock held by syz-executor.3/16413: [ 2797.157519][ T29] [ 2797.175443][ T29] ============================================= [ 2797.175443][ T29] [ 2797.230750][ T29] NMI backtrace for cpu 1 [ 2797.235136][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2797.244976][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2797.255064][ T29] Call Trace: [ 2797.258357][ T29] [ 2797.261294][ T29] dump_stack_lvl+0x1e7/0x2e0 [ 2797.266003][ T29] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2797.271227][ T29] ? __pfx__printk+0x10/0x10 [ 2797.275830][ T29] ? vprintk_emit+0x607/0x720 [ 2797.280608][ T29] ? __pfx_vprintk_emit+0x10/0x10 [ 2797.285648][ T29] nmi_cpu_backtrace+0x49c/0x4d0 [ 2797.290600][ T29] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 2797.296066][ T29] ? _printk+0xd5/0x120 [ 2797.300229][ T29] ? __pfx__printk+0x10/0x10 [ 2797.304826][ T29] ? __wake_up_klogd+0xcc/0x110 [ 2797.309707][ T29] ? __pfx__printk+0x10/0x10 [ 2797.314327][ T29] ? __rcu_read_unlock+0xa0/0x110 [ 2797.319365][ T29] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 2797.325356][ T29] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 2797.331353][ T29] watchdog+0xfaf/0xff0 [ 2797.335556][ T29] ? watchdog+0x1e9/0xff0 [ 2797.339905][ T29] ? __pfx_watchdog+0x10/0x10 [ 2797.344594][ T29] kthread+0x2ef/0x390 [ 2797.348669][ T29] ? __pfx_watchdog+0x10/0x10 [ 2797.353362][ T29] ? __pfx_kthread+0x10/0x10 [ 2797.357961][ T29] ret_from_fork+0x4b/0x80 [ 2797.362393][ T29] ? __pfx_kthread+0x10/0x10 [ 2797.366990][ T29] ret_from_fork_asm+0x1b/0x30 [ 2797.371782][ T29] [ 2797.376361][ T29] Sending NMI from CPU 1 to CPUs 0: [ 2797.381616][ C0] NMI backtrace for cpu 0 [ 2797.381628][ C0] CPU: 0 PID: 15847 Comm: kworker/0:2 Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2797.381647][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2797.381659][ C0] Workqueue: events free_obj_work [ 2797.381716][ C0] RIP: 0010:__sanitizer_cov_trace_switch+0xbb/0x120 [ 2797.381746][ C0] Code: c2 49 39 d2 74 71 4c 8b 74 d6 10 65 8b 05 95 4b 70 7e a9 00 01 ff 00 74 11 a9 00 01 00 00 74 de 41 83 bb fc 15 00 00 00 74 d4 <41> 8b 83 d8 15 00 00 83 f8 03 75 c8 49 8b 8b e0 15 00 00 45 8b bb [ 2797.381761][ C0] RSP: 0018:ffffc900032af560 EFLAGS: 00000246 [ 2797.381776][ C0] RAX: 0000000080000001 RBX: 0000000000000000 RCX: ffff88803910d940 [ 2797.381789][ C0] RDX: 0000000000000002 RSI: ffffffff8dfa0200 RDI: 0000000000000004 [ 2797.381801][ C0] RBP: 0000000000000004 R08: 0000000000000005 R09: ffffffff81405513 [ 2797.381813][ C0] R10: 0000000000000008 R11: ffff88803910d940 R12: ffffffff8f9819d4 [ 2797.381825][ C0] R13: dffffc0000000000 R14: 0000000000000004 R15: 1ffff92000655ecc [ 2797.381838][ C0] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 2797.381853][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2797.381866][ C0] CR2: 00007f532e8d56c6 CR3: 000000002b6c2000 CR4: 00000000003506f0 [ 2797.381881][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2797.381891][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2797.381903][ C0] Call Trace: [ 2797.381909][ C0] [ 2797.381916][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 2797.381936][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 2797.381964][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 2797.381981][ C0] ? nmi_handle+0x2a/0x580 [ 2797.382020][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 2797.382040][ C0] ? nmi_handle+0x14f/0x580 [ 2797.382055][ C0] ? nmi_handle+0x2a/0x580 [ 2797.382072][ C0] ? __sanitizer_cov_trace_switch+0xbb/0x120 [ 2797.382097][ C0] ? default_do_nmi+0x63/0x160 [ 2797.382117][ C0] ? exc_nmi+0x121/0x210 [ 2797.382134][ C0] ? end_repeat_nmi+0xf/0x60 [ 2797.382154][ C0] ? unwind_next_frame+0x7c3/0x29e0 [ 2797.382181][ C0] ? __sanitizer_cov_trace_switch+0xbb/0x120 [ 2797.382206][ C0] ? __sanitizer_cov_trace_switch+0xbb/0x120 [ 2797.382233][ C0] ? __sanitizer_cov_trace_switch+0xbb/0x120 [ 2797.382260][ C0] [ 2797.382265][ C0] [ 2797.382273][ C0] unwind_next_frame+0x7c3/0x29e0 [ 2797.382304][ C0] ? __unwind_start+0x6b3/0x7a0 [ 2797.382327][ C0] ? stack_trace_save+0x117/0x1d0 [ 2797.382348][ C0] ? stack_trace_save+0x117/0x1d0 [ 2797.382369][ C0] ? __kernel_text_address+0xd/0x40 [ 2797.382390][ C0] ? stack_trace_save+0x117/0x1d0 [ 2797.382410][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 2797.382433][ C0] arch_stack_walk+0x150/0x1b0 [ 2797.382455][ C0] ? stack_trace_save+0x117/0x1d0 [ 2797.382478][ C0] stack_trace_save+0x117/0x1d0 [ 2797.382500][ C0] ? __pfx_validate_chain+0x10/0x10 [ 2797.382519][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 2797.382542][ C0] ? free_obj_work+0x4ff/0x6d0 [ 2797.382566][ C0] ? stack_depot_save_flags+0x29/0x5c0 [ 2797.382589][ C0] ? __pfx_validate_chain+0x10/0x10 [ 2797.382607][ C0] ? free_obj_work+0x4ff/0x6d0 [ 2797.382630][ C0] kasan_save_track+0x3f/0x80 [ 2797.382685][ C0] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 2797.382715][ C0] kasan_save_free_info+0x4e/0x60 [ 2797.382736][ C0] poison_slab_object+0xa6/0xe0 [ 2797.382762][ C0] ? free_obj_work+0x4ff/0x6d0 [ 2797.382784][ C0] __kasan_slab_free+0x34/0x70 [ 2797.382809][ C0] kmem_cache_free+0x102/0x2a0 [ 2797.382833][ C0] free_obj_work+0x4ff/0x6d0 [ 2797.382859][ C0] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 2797.382885][ C0] ? __pfx_free_obj_work+0x10/0x10 [ 2797.382908][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2797.382942][ C0] ? process_scheduled_works+0x825/0x1420 [ 2797.382969][ C0] process_scheduled_works+0x913/0x1420 [ 2797.383016][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 2797.383047][ C0] ? assign_work+0x364/0x3d0 [ 2797.383076][ C0] worker_thread+0xa5f/0x1000 [ 2797.383114][ C0] ? __pfx_worker_thread+0x10/0x10 [ 2797.383140][ C0] kthread+0x2ef/0x390 [ 2797.383158][ C0] ? __pfx_worker_thread+0x10/0x10 [ 2797.383188][ C0] ? __pfx_kthread+0x10/0x10 [ 2797.383207][ C0] ret_from_fork+0x4b/0x80 [ 2797.383231][ C0] ? __pfx_kthread+0x10/0x10 [ 2797.383250][ C0] ret_from_fork_asm+0x1b/0x30 [ 2797.383284][ C0] [ 2797.474123][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 2797.474143][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.8.0-rc5-syzkaller-00173-gb611b776a9c8 #0 [ 2797.474169][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 2797.474183][ T29] Call Trace: [ 2797.474192][ T29] [ 2797.474201][ T29] dump_stack_lvl+0x1e7/0x2e0 [ 2797.474248][ T29] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2797.474282][ T29] ? __pfx__printk+0x10/0x10 [ 2797.474321][ T29] ? vscnprintf+0x5d/0x90 [ 2797.474346][ T29] panic+0x349/0x860 [ 2797.474378][ T29] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 2797.474417][ T29] ? __pfx_panic+0x10/0x10 [ 2797.474442][ T29] ? tick_nohz_tick_stopped+0x7b/0xc0 [ 2797.474466][ T29] ? __irq_work_queue_local+0x137/0x3e0 [ 2797.474496][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 2797.474520][ T29] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 2797.474542][ T29] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 2797.474569][ T29] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 2797.474596][ T29] watchdog+0xfee/0xff0 [ 2797.474630][ T29] ? watchdog+0x1e9/0xff0 [ 2797.474669][ T29] ? __pfx_watchdog+0x10/0x10 [ 2797.474701][ T29] kthread+0x2ef/0x390 [ 2797.474726][ T29] ? __pfx_watchdog+0x10/0x10 [ 2797.474756][ T29] ? __pfx_kthread+0x10/0x10 [ 2797.474780][ T29] ret_from_fork+0x4b/0x80 [ 2797.474809][ T29] ? __pfx_kthread+0x10/0x10 [ 2797.474832][ T29] ret_from_fork_asm+0x1b/0x30 [ 2797.474878][ T29] [ 2797.480077][ T29] Kernel Offset: disabled [ 2797.964671][ T29] Rebooting in 86400 seconds..