ables: iptables: counters copy to user failed while replacing table [ 2108.214907] ip_tables: iptables: counters copy to user failed while replacing table [ 2108.221080] nla_parse: 3 callbacks suppressed [ 2108.221086] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2108.230219] ip_tables: iptables: counters copy to user failed while replacing table [ 2108.250940] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2108.263450] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2108.263583] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. 07:16:46 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="50c882ecca3c000000010401030000000000000000000000000800034000002e000600064000020000"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2108.297186] FAULT_INJECTION: forcing a failure. [ 2108.297186] name failslab, interval 1, probability 0, space 0, times 0 [ 2108.309098] ip_tables: iptables: counters copy to user failed while replacing table [ 2108.312743] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2108.332165] ip_tables: iptables: counters copy to user failed while replacing table 07:16:46 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev={0xac, 0x14, 0x14, 0x34}, [0xffffffff, 0xff000000, 0xffffff00], 0x4e21, 0x4e24, 0x4e20, 0x4e23, 0xe3, 0xf084, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:16:46 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000680)='/dev/ocfs2_control\x00', 0x602, 0x0) r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r2, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000100)={'team0\x00'}) recvfrom$inet6(r1, &(0x7f00000006c0)=""/71, 0x47, 0x2, 0x0, 0x0) setuid(0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000010401030000000000000000000000000877b0eab29b5a550c0006405df749de9232759e0bbccf230adedc3a19b90710c58ba01e401b90dc114ed00c42fc6585b04d6ee83df9b4a33243a1aafe674878a262ab827d4b409a0c"], 0x50}}, 0x0) r4 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x8c34, 0x40000) ioctl$PPPIOCSPASS(r4, 0x40107447, &(0x7f00000001c0)={0x0, &(0x7f0000000180)}) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r5, &(0x7f0000007fc0), 0x60, 0x0) [ 2108.419517] CPU: 1 PID: 6534 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2108.427354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2108.436711] Call Trace: [ 2108.439310] dump_stack+0x1b2/0x283 [ 2108.442950] should_fail.cold+0x10a/0x154 [ 2108.447108] should_failslab+0xd6/0x130 [ 2108.451085] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2108.456199] __kmalloc_node_track_caller+0x38/0x70 [ 2108.461142] __alloc_skb+0x96/0x510 07:16:46 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r3, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r3, 0xc008551a, &(0x7f0000000040)={0x6c, 0x18, [0x3, 0xe7, 0x9, 0x3, 0xc8a9, 0x5]}) [ 2108.463313] ip_tables: iptables: counters copy to user failed while replacing table [ 2108.464776] alloc_skb_with_frags+0x85/0x500 [ 2108.464792] sock_alloc_send_pskb+0x577/0x6d0 [ 2108.464799] ? SyS_sendmmsg+0x2f/0x50 [ 2108.464812] ? do_syscall_64+0x1d5/0x640 [ 2108.483118] ip_tables: iptables: counters copy to user failed while replacing table [ 2108.485264] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2108.485281] ? sock_kzfree_s+0x50/0x50 [ 2108.485292] ? __ip_dev_find+0x248/0x470 [ 2108.485305] ? lock_acquire+0x170/0x3f0 [ 2108.514379] __ip_append_data+0x11ec/0x1ff0 [ 2108.518699] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2108.523898] ? ip_do_fragment+0x1f50/0x1f50 [ 2108.528230] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2108.533246] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2108.538441] ? ip_setup_cork+0x6b0/0x6b0 [ 2108.542516] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2108.547705] ? ipv4_mtu+0x27e/0x370 [ 2108.550259] ip_tables: iptables: counters copy to user failed while replacing table [ 2108.551331] ? ip_do_fragment+0x1f50/0x1f50 [ 2108.551344] ip_make_skb+0x167/0x1b0 [ 2108.560541] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2108.563452] ? ip_flush_pending_frames+0x20/0x20 [ 2108.563465] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2108.563474] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2108.563489] ? xfrm_lookup_route+0x43/0x1b0 [ 2108.563500] udp_sendmsg+0x156f/0x1c00 [ 2108.563514] ? ip_do_fragment+0x1f50/0x1f50 [ 2108.563526] ? udp_seq_next+0xa0/0xa0 [ 2108.563539] ? __might_fault+0x104/0x1b0 [ 2108.563548] ? rw_copy_check_uvector+0x1dd/0x2b0 07:16:46 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001", @ANYRESHEX=r0], 0x50}}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @loopback}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) r2 = dup3(r0, r0, 0x0) sendmsg$DEVLINK_CMD_PORT_SET(r2, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xa4, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x6}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x6, 0x4, 0x3}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x6, 0x4, 0x3}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000844}, 0x1) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2108.563560] ? lock_acquire+0x170/0x3f0 [ 2108.563576] ? dup_iter+0x240/0x240 [ 2108.563592] ? kernel_recvmsg+0x210/0x210 [ 2108.563603] inet_sendmsg+0x11a/0x4e0 [ 2108.563612] ? security_socket_sendmsg+0x83/0xb0 [ 2108.563621] ? inet_recvmsg+0x4d0/0x4d0 [ 2108.563632] sock_sendmsg+0xb5/0x100 [ 2108.563641] ___sys_sendmsg+0x326/0x800 [ 2108.563652] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2108.563664] ? lock_downgrade+0x740/0x740 [ 2108.563678] ? up_read+0x17/0x30 [ 2108.563688] ? __do_page_fault+0x19a/0xb50 [ 2108.563698] ? retint_kernel+0x2d/0x2d [ 2108.563709] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2108.563721] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2108.563733] ? retint_kernel+0x2d/0x2d [ 2108.563753] __sys_sendmmsg+0x129/0x330 [ 2108.563764] ? SyS_sendmsg+0x40/0x40 [ 2108.563787] ? __mutex_unlock_slowpath+0x75/0x770 [ 2108.563797] ? wait_for_completion_io+0x10/0x10 [ 2108.563807] ? vfs_write+0x319/0x4d0 [ 2108.595088] ip_tables: iptables: counters copy to user failed while replacing table [ 2108.595662] ? fput+0xb/0x140 [ 2108.595674] ? SyS_write+0x14d/0x210 [ 2108.600141] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2108.604022] ? SyS_read+0x210/0x210 [ 2108.604036] SyS_sendmmsg+0x2f/0x50 [ 2108.604043] ? __sys_sendmmsg+0x330/0x330 [ 2108.604054] do_syscall_64+0x1d5/0x640 [ 2108.604068] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2108.604075] RIP: 0033:0x45e179 [ 2108.604084] RSP: 002b:00007ff2f744ec78 EFLAGS: 00000246 [ 2108.683634] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2108.686460] ORIG_RAX: 0000000000000133 [ 2108.686467] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2108.686472] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2108.686477] RBP: 00007ff2f744eca0 R08: 0000000000000000 R09: 0000000000000000 [ 2108.686481] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000d [ 2108.686485] R13: 00007fff66e6d33f R14: 00007ff2f744f9c0 R15: 000000000118cff4 [ 2108.723875] ip_tables: iptables: counters copy to user failed while replacing table [ 2108.781157] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2108.841519] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. 07:16:49 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x42, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:16:49 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [0xffffffff, 0xff000000, 0xffffff00], 0x4e21, 0x4e24, 0x4e20, 0x4e23, 0xe3, 0xf084, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:16:49 executing program 4 (fault-call:10 fault-nth:14): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:16:49 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) dup(0xffffffffffffffff) r3 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:16:49 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000000104010300000000000000000000000008000340000000e805000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) pipe(&(0x7f0000000040)) 07:16:49 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x507440) read$FUSE(r2, 0x0, 0x0) ioctl$KDADDIO(r1, 0x4b34, 0x53f2f28a) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:16:49 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r1, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm-monitor\x00', 0x40000, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000300)={r3, 0x7ff, 0x1, 0x1}) ioctl$TUNSETOFFLOAD(r4, 0x400454d0, 0x4) write$FUSE_INIT(r3, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x9, 0x0, 0x82, 0x1, 0x9, 0x3ff}}, 0x50) sendmsg$NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000200)={0x34, r2, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_SSID={0xf}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x3}, @NL80211_ATTR_ACL_POLICY={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x24008040}, 0x60000040) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r2, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x891}, 0x85) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r7, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r7, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r7, &(0x7f0000007fc0), 0x60, 0x0) [ 2111.256479] FAULT_INJECTION: forcing a failure. [ 2111.256479] name failslab, interval 1, probability 0, space 0, times 0 [ 2111.307774] CPU: 1 PID: 6593 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2111.315611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2111.324969] Call Trace: [ 2111.327562] dump_stack+0x1b2/0x283 [ 2111.331201] should_fail.cold+0x10a/0x154 [ 2111.335364] should_failslab+0xd6/0x130 [ 2111.339346] kmem_cache_alloc+0x40/0x3c0 [ 2111.343421] dst_alloc+0xed/0x6d0 [ 2111.346904] rt_dst_alloc+0x6b/0x430 [ 2111.350629] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2111.355923] ip_route_output_key_hash+0x195/0x2a0 [ 2111.360778] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2111.366323] ? udp_sendmsg+0xe45/0x1c00 [ 2111.370320] ? lock_acquire+0x170/0x3f0 [ 2111.374309] ? lock_downgrade+0x740/0x740 [ 2111.378470] ip_route_output_flow+0x22/0xb0 [ 2111.382806] udp_sendmsg+0x13b5/0x1c00 [ 2111.386709] ? ip_do_fragment+0x1f50/0x1f50 [ 2111.391049] ? udp_seq_next+0xa0/0xa0 [ 2111.394860] ? __might_fault+0x104/0x1b0 [ 2111.398938] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2111.403732] ? lock_acquire+0x170/0x3f0 [ 2111.407722] ? dup_iter+0x240/0x240 [ 2111.411365] ? kernel_recvmsg+0x210/0x210 [ 2111.415526] inet_sendmsg+0x11a/0x4e0 [ 2111.419456] ? security_socket_sendmsg+0x83/0xb0 [ 2111.424216] ? inet_recvmsg+0x4d0/0x4d0 [ 2111.428197] sock_sendmsg+0xb5/0x100 [ 2111.431914] ___sys_sendmsg+0x326/0x800 [ 2111.435903] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2111.440673] ? lock_downgrade+0x740/0x740 [ 2111.444837] ? trace_hardirqs_on+0x10/0x10 [ 2111.449087] ? up_read+0x17/0x30 [ 2111.452513] ? __do_page_fault+0x19a/0xb50 07:16:49 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x98, 0x0, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'gretap0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private2={0xfc, 0x2, [], 0x1}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @NLBL_UNLABEL_A_SECCTX={0x24, 0x7, 'system_u:object_r:var_lock_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private0}]}, 0x98}, 0x1, 0x0, 0x0, 0x20040011}, 0x400c044) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000040)={0x2, 0x3}) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x0, 0x80) 07:16:49 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [0xffffffff, 0xff000000], 0x4e21, 0x4e24, 0x4e20, 0x4e23, 0xe3, 0xf084, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2111.456760] ? retint_kernel+0x2d/0x2d [ 2111.460662] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2111.465694] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2111.470466] ? __might_fault+0x104/0x1b0 [ 2111.474543] ? lock_acquire+0x170/0x3f0 [ 2111.478538] __sys_sendmmsg+0x129/0x330 [ 2111.482528] ? SyS_sendmsg+0x40/0x40 [ 2111.486263] ? __mutex_unlock_slowpath+0x75/0x770 [ 2111.491124] ? wait_for_completion_io+0x10/0x10 [ 2111.495798] ? vfs_write+0x319/0x4d0 [ 2111.499524] ? fput+0xb/0x140 [ 2111.502627] ? SyS_write+0x14d/0x210 07:16:49 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) open(&(0x7f0000000040)='./file0\x00', 0xa4840, 0x62) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2111.506340] ? SyS_read+0x210/0x210 [ 2111.509972] SyS_sendmmsg+0x2f/0x50 [ 2111.513602] ? __sys_sendmmsg+0x330/0x330 [ 2111.517754] do_syscall_64+0x1d5/0x640 [ 2111.521659] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2111.526870] RIP: 0033:0x45e179 [ 2111.530059] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2111.537775] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2111.545047] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 07:16:49 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000010401030000000000000000000000000800034000000000060006a20002000005000100018f29263ee0420c362ab7b863943faad21e0d610f1766bc7923aa7cc4622ef41170a06eb171d0444d9ea08b5f4f597f93ff861c9ba84864bd0b2e80c008992337975bddcb9d3cea58130b37fdcc27d58c8e690d2cb1303297b9acc3699f912448d950e71946f623db3f83d184dd71cb155b915c8cfabaccaa31199e20004f2222d7059bbcea2ec1ef161ff6a04471934ce848bbe0"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r3, 0x8955, &(0x7f00000002c0)={0x2, 'vlan1\x00'}) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2111.552324] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2111.559773] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000e [ 2111.567048] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c [ 2111.575909] audit: type=1800 audit(8043607009.353:446): pid=6617 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=16379 res=0 07:16:49 executing program 4 (fault-call:10 fault-nth:15): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2111.662291] audit: type=1800 audit(8043607009.703:447): pid=6620 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=16379 res=0 [ 2111.810673] FAULT_INJECTION: forcing a failure. [ 2111.810673] name failslab, interval 1, probability 0, space 0, times 0 [ 2111.850288] CPU: 0 PID: 6632 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2111.858125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2111.867493] Call Trace: [ 2111.870104] dump_stack+0x1b2/0x283 [ 2111.873800] should_fail.cold+0x10a/0x154 [ 2111.877965] should_failslab+0xd6/0x130 [ 2111.881949] kmem_cache_alloc_node+0x263/0x410 [ 2111.886524] __alloc_skb+0x5c/0x510 [ 2111.890133] alloc_skb_with_frags+0x85/0x500 [ 2111.894525] sock_alloc_send_pskb+0x577/0x6d0 [ 2111.898999] ? SyS_sendmmsg+0x2f/0x50 [ 2111.902776] ? do_syscall_64+0x1d5/0x640 [ 2111.906823] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2111.912183] ? sock_kzfree_s+0x50/0x50 [ 2111.916062] ? netlbl_enabled+0x5/0x50 [ 2111.919933] ? __ip_dev_find+0x248/0x470 [ 2111.923979] ? lock_acquire+0x170/0x3f0 [ 2111.927933] __ip_append_data+0x11ec/0x1ff0 [ 2111.932248] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2111.937438] ? ip_do_fragment+0x1f50/0x1f50 [ 2111.941754] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2111.946770] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2111.951949] ? ip_setup_cork+0x6b0/0x6b0 [ 2111.955991] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2111.961159] ? ipv4_mtu+0x27e/0x370 [ 2111.964796] ? ip_do_fragment+0x1f50/0x1f50 [ 2111.969111] ip_make_skb+0x167/0x1b0 [ 2111.972813] ? ip_flush_pending_frames+0x20/0x20 [ 2111.977570] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2111.982563] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2111.988097] ? xfrm_lookup_route+0x43/0x1b0 [ 2111.992400] udp_sendmsg+0x156f/0x1c00 [ 2111.996271] ? ip_do_fragment+0x1f50/0x1f50 [ 2112.000572] ? udp_seq_next+0xa0/0xa0 [ 2112.004375] ? __might_fault+0x104/0x1b0 [ 2112.008413] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2112.013154] ? lock_acquire+0x170/0x3f0 [ 2112.017134] ? dup_iter+0x240/0x240 [ 2112.021433] ? kernel_recvmsg+0x210/0x210 [ 2112.025583] inet_sendmsg+0x11a/0x4e0 [ 2112.029364] ? security_socket_sendmsg+0x83/0xb0 [ 2112.034115] ? inet_recvmsg+0x4d0/0x4d0 [ 2112.038085] sock_sendmsg+0xb5/0x100 [ 2112.042312] ___sys_sendmsg+0x326/0x800 [ 2112.046268] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2112.051009] ? lock_downgrade+0x740/0x740 [ 2112.055138] ? trace_hardirqs_on+0x10/0x10 [ 2112.059351] ? up_read+0x17/0x30 [ 2112.062696] ? __do_page_fault+0x19a/0xb50 [ 2112.066910] ? retint_kernel+0x2d/0x2d [ 2112.070835] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2112.075833] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2112.080568] ? __might_fault+0x104/0x1b0 [ 2112.084663] ? lock_acquire+0x170/0x3f0 [ 2112.088621] __sys_sendmmsg+0x129/0x330 [ 2112.092574] ? SyS_sendmsg+0x40/0x40 [ 2112.096288] ? __mutex_unlock_slowpath+0x75/0x770 [ 2112.101110] ? wait_for_completion_io+0x10/0x10 [ 2112.105800] ? vfs_write+0x319/0x4d0 [ 2112.109519] ? fput+0xb/0x140 [ 2112.112605] ? SyS_write+0x14d/0x210 [ 2112.116310] ? SyS_read+0x210/0x210 [ 2112.119926] SyS_sendmmsg+0x2f/0x50 [ 2112.123545] ? __sys_sendmmsg+0x330/0x330 [ 2112.127710] do_syscall_64+0x1d5/0x640 [ 2112.131614] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2112.136957] RIP: 0033:0x45e179 [ 2112.140179] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2112.148021] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2112.155366] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2112.162654] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2112.169903] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000f [ 2112.177153] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:16:52 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x42, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:16:52 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) lookup_dcookie(0x36e68f47, &(0x7f0000000040)=""/89, 0x59) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:16:52 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [0xffffffff], 0x4e21, 0x4e24, 0x4e20, 0x4e23, 0xe3, 0xf084, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:16:52 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) ioctl$CHAR_RAW_ROSET(r2, 0x125d, &(0x7f0000000140)=0x3) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYRESDEC=r0, @ANYRES64=r1, @ANYRES32=0x0, @ANYRES16=r0, @ANYRES64], 0x50}}, 0x20008810) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x404080, 0x0) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000080)={'bond_slave_0\x00'}) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x60, 0x0) 07:16:52 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, &(0x7f00000000c0)={0x400, {{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x88) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x20400, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f0000000180)=0xff) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_PROTO_DOWN={0x5}]}, 0x28}}, 0x0) bind$can_raw(r2, &(0x7f00000001c0)={0x1d, r5}, 0x10) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:16:52 executing program 4 (fault-call:10 fault-nth:16): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2114.280686] net_ratelimit: 17 callbacks suppressed [ 2114.280691] ip_tables: iptables: counters copy to user failed while replacing table [ 2114.301283] ip_tables: iptables: counters copy to user failed while replacing table 07:16:52 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x4e21, 0x4e24, 0x4e20, 0x4e23, 0xe3, 0xf084, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2114.327143] ip_tables: iptables: counters copy to user failed while replacing table [ 2114.331448] nla_parse: 13 callbacks suppressed [ 2114.331453] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2114.343189] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2114.372348] ip_tables: iptables: counters copy to user failed while replacing table [ 2114.385429] FAULT_INJECTION: forcing a failure. [ 2114.385429] name failslab, interval 1, probability 0, space 0, times 0 [ 2114.400261] ip_tables: iptables: counters copy to user failed while replacing table [ 2114.445820] ip_tables: iptables: counters copy to user failed while replacing table [ 2114.454023] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2114.454545] CPU: 1 PID: 6660 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2114.470519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2114.479871] Call Trace: [ 2114.482474] dump_stack+0x1b2/0x283 [ 2114.486114] should_fail.cold+0x10a/0x154 [ 2114.490270] should_failslab+0xd6/0x130 07:16:52 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001140)=ANY=[@ANYBLOB="500000000104010300000000000000000200000008000340000000000600064000020000050001000106c4c61fbd8f797bf13cf1e0f24247677b0cf820a3c032bacc4524d2fa78bddc27448e4a2fabcbc38db21c659376a53d50b9d2beb3edb08a505b0fb3b7c849a5f4681890a361b0794ac052a488d0f05bda84847eb487bb55d9d970defa01000000000000000000000f00000000"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0xcc00, 0x0) sendmsg$L2TP_CMD_SESSION_MODIFY(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000800)={0x40, 0x0, 0x20, 0x70bd2b, 0x25dfdbfd, {}, [@L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x7f}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'macvlan1\x00'}]}, 0x40}}, 0x800) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000000740)=[{{&(0x7f0000000200)=@rc={0x1f, @any, 0x80}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000280)="06772793338c8cb026119ca5025350eb1b89830b369b08ff59765fefa8b81daeac97", 0x22}, {&(0x7f00000002c0)="77bceebbe5d371f283d9f50b0948e5b7c087a0a66e4d339b958f67571304248a62e36fecd6f0ceeea93c7a622e829685121ef6d08e2fee1edf11b2361654dc82164ef886ab70b4eef226ca0f0e75cd7c9e722865649a4863197c270a770b3df969e6f68eb3a4d1d03d72a88d0ac1b123ce8c9b65676feb3982f476cdf98c8a3ef8cbc286edf1b3111ee94a6b9fbc6ad131c049520c7f668faff397190db9cb021743822572a3120adc001169ba47af13df2d43a00d1b22bd248f6ef216e6f9", 0xbf}, {&(0x7f0000000380)="9f93ec352c789f65bde08fbec74b35524fd034b87813b42813f6a436dd01f7a9f17bf1899cf448b71742c1177062d514a1df65f5fe7b46f94bcc61aa08c8986c11b130bf7e7337f5a27e129df65cd3d06cc6ba33a8eec860dae5bb4fc9", 0x5d}, {&(0x7f0000000400)="d60f562a6936d8f9f7548c459c3d34da48fb768c0e02e09ee021cc7f2d5c263b02f6b8daacfb74b7e2aa6b09858d299c2e0e9cbab8011ed1638173585725264ceb3626124d8c7fe5c0faea869d4c0d44853c7ce3978c952018ac8315e9c000e961a2a42c7af86b2397cb800d7c", 0x6d}, {&(0x7f0000000480)="028c32471e7374091ac60aba10c2c3835dcad356c2fe48e22491660b457a266cdf55dcd34875cc72f830f7387dbc15e7d32763a1be8ac2a33ad1c25e87855995b31648cd47c0d7863adfb82c5bbaec731b1475ffcbbc447277f60d008c18157662e112b635ae060b56f70c6e70518d186c231af1809814a370430cbf3b48872463195eea797c28495f027d5d9c96", 0x8e}], 0x5, &(0x7f0000000c80)=[{0xc8, 0x10f, 0x17, "c483989a09013b326c25fb006f7b207829c9e50159981b8e6252ccb96aa5d8b6c86425957955a88265182364792528c9fd49185813e20dad3bdb13dd6cca580f18acc6f359835aade31ce63dd3fe0f10002f7c315c2d4ad140c91083462e1a9bfbdef7baf0d1934b5a091d5aae1f5c8f92d56215adfde73510993e19293bd737ae34ece8c1651cb9db7b6fec9c9ca305af601dfa93f9ada386e874ff02f2a95c4c49b04c3a974fdb417f3970335e4c9d7f50"}, {0x108, 0x1, 0x0, "da9b22fd8d7b35c62893db8f7aafdb8c84b0d803a35b979bd48525c111af1874113fbc814f7ed1b8793e3dafa5278395862a05dc34a627b7504e8b6218e1e529eec145a9d1e922591aeae3e03e6b28b708b8a074a96d74138b939e307a233d3ec286ec834d3d6ac5674f9697d45c9d981b15ada04e3475d6c639d41bba5abba176171b859dcdb6de12478afb769bb6f999bb939e898583d64983ed9086dd133ac9189b4c45db7778a7e83b4db2dfa93150c55c77c136e1ed72ca7e8ec012ecc7c6b8a5e9b92f0471b268b5e853e2fdc08c8193fc5dfb1f230fd4b2a938c13b6ad7223af012f3e6597776913a39a6002083"}, {0x28, 0x100, 0x8, "4747651704f040dad3070e53a84de8266f53"}, {0xe8, 0xff, 0x7, "009a7e56dad75dd36df290f55229103bed78a7ce9b8d83a7486c49bd79973652f91c1bfdc87148615457e4b18b36c95a3e001e964b399e1cc4e11b1dff95450436ce1ab69f25b1e31fc40944b98920cf562642c94d37867a344b31f63d1065aa8edf58cf2fac78cce1a5da50f62872988e35b0b2504403b9be1ed4b4b25825b4e849dfd1cd10360038bc0c6d5721221f8dd785b659b682dd82b5ea91c4162bddd110c3779ea07e9813d6287b24dbe6cc5b421b4de3a7e37666ecee81a233d1871754bf16f0c367bf698be591aba924ef78a7698196c51ffe"}, {0x10, 0x22b, 0x101}, {0xe8, 0x103, 0x0, "cc5b1aaef99a65b738315547496f0a9695a4b3470bcfe7254b54830183a93b15a50ac247838c906cf63f47abb995b2a48231db52e4fb46fcfdfcf55a90f6600419aa7bcb0c2dcaaaaa314e013d68cf9d0de81421bca4db4b03dafc4ffb8b7407b246bce21e23cd1d0775572f0e520cabb7849c4f2ae8ddc012ca322a2da87f647d869b7a7fcfd32dc00f3838ed09f05d8017c59635ab2175b6317cf3c09f09a26ede0281f14420a75a4cfa3e17b42984c9ca5951bd92941636083e6284ec7e08741f70e9b0995edebb8c8c7a6059251e831b30"}], 0x3d8}}, {{&(0x7f00000005c0)=@nfc={0x27, 0x1, 0x1, 0x6}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000640)="7b7b0cab14740e29416366a313727e3e2c857dc936899bacdbd6695b1d711906531570b6cf2a573ad1086e176071f391b120924486a7989aa08246785f84fb842206c1177f02406d9a74f4a3b43ea45fb0a9d58d77893f2efb32e36c6b516cba428c8b0de9dabb53cba6ac2085818e226e2ff8c4f036f9500f344caae6905ea39867d43280497c0edb3b3ecbe579bdb8846637bd36ed4df78e2a06730c4b694eee0ec39d6312cba0b04dea89", 0xac}], 0x1}}], 0x2, 0x0) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f00000007c0)) [ 2114.494246] kmem_cache_alloc_node+0x263/0x410 [ 2114.498833] __alloc_skb+0x5c/0x510 [ 2114.502549] alloc_skb_with_frags+0x85/0x500 [ 2114.506967] sock_alloc_send_pskb+0x577/0x6d0 [ 2114.511462] ? SyS_sendmmsg+0x2f/0x50 [ 2114.515265] ? do_syscall_64+0x1d5/0x640 [ 2114.519328] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2114.524704] ? sock_kzfree_s+0x50/0x50 [ 2114.528598] ? netlbl_enabled+0x5/0x50 [ 2114.532499] ? __ip_dev_find+0x248/0x470 [ 2114.536569] ? lock_acquire+0x170/0x3f0 [ 2114.540549] __ip_append_data+0x11ec/0x1ff0 [ 2114.544882] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2114.550072] ? ip_do_fragment+0x1f50/0x1f50 [ 2114.554419] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2114.559443] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2114.564642] ? ip_setup_cork+0x6b0/0x6b0 [ 2114.568712] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2114.573909] ? ipv4_mtu+0x27e/0x370 [ 2114.577545] ? ip_do_fragment+0x1f50/0x1f50 [ 2114.581874] ip_make_skb+0x167/0x1b0 [ 2114.585600] ? ip_flush_pending_frames+0x20/0x20 [ 2114.590366] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2114.595393] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2114.600955] ? xfrm_lookup_route+0x43/0x1b0 [ 2114.605285] udp_sendmsg+0x156f/0x1c00 [ 2114.609181] ? ip_do_fragment+0x1f50/0x1f50 [ 2114.613512] ? udp_seq_next+0xa0/0xa0 [ 2114.617316] ? __might_fault+0x104/0x1b0 [ 2114.621370] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2114.626125] ? lock_acquire+0x170/0x3f0 [ 2114.630109] ? dup_iter+0x240/0x240 [ 2114.633744] ? kernel_recvmsg+0x210/0x210 [ 2114.637895] inet_sendmsg+0x11a/0x4e0 [ 2114.641697] ? security_socket_sendmsg+0x83/0xb0 [ 2114.646455] ? inet_recvmsg+0x4d0/0x4d0 [ 2114.650436] sock_sendmsg+0xb5/0x100 [ 2114.654186] ___sys_sendmsg+0x326/0x800 [ 2114.658166] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2114.662934] ? lock_downgrade+0x740/0x740 [ 2114.667091] ? trace_hardirqs_on+0x10/0x10 [ 2114.671337] ? up_read+0x17/0x30 [ 2114.674712] ? __do_page_fault+0x19a/0xb50 [ 2114.678968] ? retint_kernel+0x2d/0x2d [ 2114.682865] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2114.687891] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2114.692654] ? __might_fault+0x104/0x1b0 [ 2114.696730] ? lock_acquire+0x170/0x3f0 [ 2114.700705] __sys_sendmmsg+0x129/0x330 [ 2114.704674] ? SyS_sendmsg+0x40/0x40 [ 2114.708399] ? __mutex_unlock_slowpath+0x75/0x770 [ 2114.713242] ? wait_for_completion_io+0x10/0x10 [ 2114.717909] ? vfs_write+0x319/0x4d0 [ 2114.721644] ? fput+0xb/0x140 [ 2114.724746] ? SyS_write+0x14d/0x210 [ 2114.728456] ? SyS_read+0x210/0x210 [ 2114.732073] SyS_sendmmsg+0x2f/0x50 [ 2114.735687] ? __sys_sendmmsg+0x330/0x330 [ 2114.739832] do_syscall_64+0x1d5/0x640 07:16:52 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) getxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.syz\x00', &(0x7f0000000140)=""/39, 0x27) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2114.743723] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2114.748903] RIP: 0033:0x45e179 [ 2114.752089] RSP: 002b:00007ff2f742dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2114.759795] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2114.767100] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2114.774375] RBP: 00007ff2f742dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2114.781854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000010 [ 2114.789126] R13: 00007fff66e6d33f R14: 00007ff2f742e9c0 R15: 000000000118d09c 07:16:52 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x4e21, 0x4e24, 0x4e20, 0x4e23, 0xe3, 0xf084, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2114.820137] ip_tables: iptables: counters copy to user failed while replacing table [ 2114.850981] ip_tables: iptables: counters copy to user failed while replacing table 07:16:52 executing program 4 (fault-call:10 fault-nth:17): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2114.881924] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2114.913975] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. 07:16:53 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="50135b0c6c6c3e16640000000000000800034000000000060006400000000100000100010000000000"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) process_vm_writev(0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/99, 0x63}, {&(0x7f0000000140)=""/104, 0x68}, {&(0x7f00000001c0)=""/117, 0x75}], 0x3, &(0x7f0000000300)=[{&(0x7f0000000280)=""/95, 0x5f}], 0x1, 0x0) [ 2114.931513] ip_tables: iptables: counters copy to user failed while replacing table [ 2114.980781] ip_tables: iptables: counters copy to user failed while replacing table [ 2115.002249] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2115.011500] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2115.040879] FAULT_INJECTION: forcing a failure. [ 2115.040879] name failslab, interval 1, probability 0, space 0, times 0 [ 2115.069939] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2115.087262] CPU: 0 PID: 6685 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2115.095112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2115.104469] Call Trace: [ 2115.107069] dump_stack+0x1b2/0x283 [ 2115.110706] should_fail.cold+0x10a/0x154 [ 2115.114866] should_failslab+0xd6/0x130 [ 2115.118851] kmem_cache_alloc+0x40/0x3c0 [ 2115.122906] dst_alloc+0xed/0x6d0 [ 2115.126361] rt_dst_alloc+0x6b/0x430 [ 2115.130097] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2115.135397] ip_route_output_key_hash+0x195/0x2a0 [ 2115.140250] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2115.145840] ? udp_sendmsg+0xe45/0x1c00 [ 2115.149821] ? lock_acquire+0x170/0x3f0 [ 2115.153799] ? lock_downgrade+0x740/0x740 [ 2115.157954] ip_route_output_flow+0x22/0xb0 [ 2115.162276] udp_sendmsg+0x13b5/0x1c00 [ 2115.166171] ? ip_do_fragment+0x1f50/0x1f50 [ 2115.170499] ? udp_seq_next+0xa0/0xa0 [ 2115.174319] ? __might_fault+0x104/0x1b0 [ 2115.178381] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2115.183145] ? lock_acquire+0x170/0x3f0 [ 2115.187170] ? dup_iter+0x240/0x240 [ 2115.190812] ? kernel_recvmsg+0x210/0x210 [ 2115.194965] inet_sendmsg+0x11a/0x4e0 [ 2115.198768] ? security_socket_sendmsg+0x83/0xb0 [ 2115.203526] ? inet_recvmsg+0x4d0/0x4d0 [ 2115.207509] sock_sendmsg+0xb5/0x100 [ 2115.211244] ___sys_sendmsg+0x326/0x800 [ 2115.215300] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2115.220046] ? lock_downgrade+0x740/0x740 [ 2115.224176] ? trace_hardirqs_on+0x10/0x10 [ 2115.228390] ? up_read+0x17/0x30 [ 2115.231787] ? __do_page_fault+0x19a/0xb50 [ 2115.236004] ? retint_kernel+0x2d/0x2d [ 2115.239956] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2115.245088] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2115.249880] ? __might_fault+0x104/0x1b0 [ 2115.254103] ? lock_acquire+0x170/0x3f0 [ 2115.258069] __sys_sendmmsg+0x129/0x330 [ 2115.262106] ? SyS_sendmsg+0x40/0x40 [ 2115.265814] ? __mutex_unlock_slowpath+0x75/0x770 [ 2115.270638] ? wait_for_completion_io+0x10/0x10 [ 2115.275290] ? vfs_write+0x319/0x4d0 [ 2115.278988] ? fput+0xb/0x140 [ 2115.282071] ? SyS_write+0x14d/0x210 [ 2115.285768] ? SyS_read+0x210/0x210 [ 2115.289437] SyS_sendmmsg+0x2f/0x50 [ 2115.293048] ? __sys_sendmmsg+0x330/0x330 [ 2115.297185] do_syscall_64+0x1d5/0x640 [ 2115.301058] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2115.306262] RIP: 0033:0x45e179 [ 2115.309435] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2115.317126] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2115.324393] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2115.331647] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2115.338897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000011 [ 2115.346163] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:16:55 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x42, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:16:55 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x800, 0x4f82a5f6eaf31884) r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r2, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r3, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) r4 = syz_open_dev$vcsa(&(0x7f0000000440)='/dev/vcsa#\x00', 0x9, 0x10000) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRES32=r1], 0x50}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r5, &(0x7f0000007fc0), 0x60, 0x0) 07:16:55 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x4e24, 0x4e20, 0x4e23, 0xe3, 0xf084, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:16:55 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x104000, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e23, 0x25f, @mcast2, 0x401}}, [0xa12, 0x4, 0x2f1f, 0xb1, 0x6, 0x28000000000, 0x3, 0x6, 0xb461, 0x10001, 0x4, 0x5, 0x8, 0xffff, 0x8]}, &(0x7f0000000080)=0x100) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000240)=@sack_info={r4, 0x8, 0x7}, 0xc) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:16:55 executing program 4 (fault-call:10 fault-nth:18): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:16:55 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000040)=@gcm_128={{0x304}, "29f8ae05e318ff3f", "3663df5246820bdb85531092628df8b4", "cce0ffad", "de14e72458baa016"}, 0x28) [ 2117.333129] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2117.333281] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. 07:16:55 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x4e20, 0x4e23, 0xe3, 0xf084, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:16:55 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f0000000140)=""/68) setsockopt$llc_int(r2, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRESHEX=r2], 0x50}}, 0x14008041) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r3, 0x0, 0x0) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r4, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r3, r4, 0x11}, 0x10) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r5, &(0x7f0000007fc0), 0x60, 0x0) [ 2117.429262] FAULT_INJECTION: forcing a failure. [ 2117.429262] name failslab, interval 1, probability 0, space 0, times 0 [ 2117.483668] CPU: 1 PID: 6714 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2117.491500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2117.500859] Call Trace: [ 2117.503462] dump_stack+0x1b2/0x283 [ 2117.507106] should_fail.cold+0x10a/0x154 [ 2117.511268] should_failslab+0xd6/0x130 [ 2117.515255] kmem_cache_alloc_node+0x263/0x410 [ 2117.519851] __alloc_skb+0x5c/0x510 [ 2117.523519] alloc_skb_with_frags+0x85/0x500 [ 2117.527939] sock_alloc_send_pskb+0x577/0x6d0 07:16:55 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}, 0x1, 0x0, 0x0, 0x8010}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2117.532442] ? SyS_sendmmsg+0x2f/0x50 [ 2117.536258] ? do_syscall_64+0x1d5/0x640 [ 2117.540325] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2117.545707] ? sock_kzfree_s+0x50/0x50 [ 2117.549608] ? netlbl_enabled+0x5/0x50 [ 2117.553504] ? __ip_dev_find+0x248/0x470 [ 2117.557611] ? lock_acquire+0x170/0x3f0 [ 2117.561591] __ip_append_data+0x11ec/0x1ff0 [ 2117.565927] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2117.571125] ? ip_do_fragment+0x1f50/0x1f50 [ 2117.575459] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2117.580486] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2117.585697] ? ip_setup_cork+0x6b0/0x6b0 [ 2117.589766] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2117.595106] ? ipv4_mtu+0x27e/0x370 [ 2117.598753] ? ip_do_fragment+0x1f50/0x1f50 [ 2117.603087] ip_make_skb+0x167/0x1b0 [ 2117.606823] ? ip_flush_pending_frames+0x20/0x20 [ 2117.611625] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2117.616654] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2117.622208] ? xfrm_lookup_route+0x43/0x1b0 [ 2117.626544] udp_sendmsg+0x156f/0x1c00 07:16:55 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r1, 0x0, 0x0) setsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000000140), 0x4) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) getsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x278, 0x0, 0x0, 0xb0, 0xe0, 0xb0, 0x1e0, 0x1a8, 0x1a8, 0x1e0, 0x1a8, 0x3, 0x0, {[{{@ip={@dev={0xac, 0x14, 0x14, 0x24}, @dev={0xac, 0x14, 0x14, 0x26}}, 0x0, 0x70, 0xe0}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x100, 0x4, 0x4, 0x1, 0x0, "2e54acc22ec35dd6db031fb1d6d207922ab7008b38e6bc5ee040276229a0db7d03bd1410fd739b2295c98d1c1b7c80eede7280f7e6f3af0a097a3d3bc946dc07"}}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28, 'ttl\x00'}, {0x2, 0x20}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x6, 0x4, 0x2, 0x5f, 'snmp\x00', 'syz1\x00', {0xfff}}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x2d8) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r3, 0x0, 0x0) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r4, 0x0, 0x0) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRESDEC], 0x50}, 0x1, 0x0, 0x0, 0x44010}, 0x24008814) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x36}}, 0xffffffffffffffa9) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e23, @remote}, 0x10) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) sendmmsg(r6, &(0x7f0000007fc0), 0x0, 0x404400d) [ 2117.630436] ? ip_do_fragment+0x1f50/0x1f50 [ 2117.634761] ? udp_seq_next+0xa0/0xa0 [ 2117.638563] ? __might_fault+0x104/0x1b0 [ 2117.642626] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2117.647737] ? lock_acquire+0x170/0x3f0 [ 2117.651723] ? dup_iter+0x240/0x240 [ 2117.655366] ? kernel_recvmsg+0x210/0x210 [ 2117.659520] inet_sendmsg+0x11a/0x4e0 [ 2117.663350] ? security_socket_sendmsg+0x83/0xb0 [ 2117.668118] ? inet_recvmsg+0x4d0/0x4d0 [ 2117.672110] sock_sendmsg+0xb5/0x100 [ 2117.675831] ___sys_sendmsg+0x326/0x800 [ 2117.679812] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2117.684583] ? lock_downgrade+0x740/0x740 [ 2117.688740] ? trace_hardirqs_on+0x10/0x10 [ 2117.692981] ? up_read+0x17/0x30 [ 2117.696362] ? __do_page_fault+0x19a/0xb50 [ 2117.700613] ? retint_kernel+0x2d/0x2d [ 2117.704512] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2117.709537] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2117.714301] ? __might_fault+0x104/0x1b0 [ 2117.718411] ? lock_acquire+0x170/0x3f0 [ 2117.722397] __sys_sendmmsg+0x129/0x330 [ 2117.726384] ? SyS_sendmsg+0x40/0x40 [ 2117.730162] ? __mutex_unlock_slowpath+0x75/0x770 [ 2117.735021] ? wait_for_completion_io+0x10/0x10 [ 2117.739699] ? vfs_write+0x319/0x4d0 [ 2117.743422] ? fput+0xb/0x140 [ 2117.746531] ? SyS_write+0x14d/0x210 [ 2117.750246] ? SyS_read+0x210/0x210 [ 2117.754018] SyS_sendmmsg+0x2f/0x50 [ 2117.757735] ? __sys_sendmmsg+0x330/0x330 [ 2117.761891] do_syscall_64+0x1d5/0x640 [ 2117.765794] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2117.770987] RIP: 0033:0x45e179 [ 2117.774178] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 07:16:55 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r3, 0x0, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000840)={0x0, 0xfffffffd}, &(0x7f0000005e40)=0x8) sendmmsg(r2, &(0x7f0000005dc0)=[{{&(0x7f0000000040)=@sco, 0x80, &(0x7f0000000600)=[{&(0x7f0000000140)="d2a6d3efb6d5d811f4c5ca56cd845a8f9ce92e2ecfd3d73e1ece79fa2df42d5f9d7f472a1885c9a90f36e0e8288c84c9ca316f3d2b026307400e5eb3d5aec36e3f9527c25eecd1badae89f8fbfa2117873a2f22c916178c877cf3b6bbc27d4a72a743be7c9cd48983e5ac3d1f90849acb50f060608222aac2423d069991a7f23ba08788dde35e49b45de58286397c353a8158925e35e15de4e0c7c50", 0x9c}, {&(0x7f0000000200)="50f8412af6edd1e1430ed16e1a", 0x7}, {&(0x7f0000000240)="d85417224b800561b99ef64a38e6df735b18b7e79ec252a81c5ef3cfb14ea0a00f6d7281d10cdd3764aadfc9814e50f15c54d62f6985be06e678e7d7fa372e6246dbd0e2c40fd712459d8e5e0e5e75b0c23f782467cdf8da3df27396832038a88f003283ff7cbdd369b137c0df039cb5c457264a95b7424eb8300bf9a12d483f56", 0x81}, {&(0x7f0000000300)="291f2925a0104c94be3a7ba6e2a1bef7f54718b8833ab6aa7e9d567615e679f5cc4cc42e55b4eb4acffc7746c1107e502041dd0833fad0e17a4b029063eab4f7beea6ca5666187d3546fcb5f656ea66f158355d67305622a63bd76273f38d00a44001952173059de091c07d2b45126becd81347d3f35cf870308e0a68eb145710fd7dcb1a9b1cf71ca100ca135f499f65fe9b263bf20d9dfc986070f0b2d65de3631cd1cd6f16fd1472e8774501651fd73cfa3d232ce0a043105d11c733988f4aa3017594efa2485757bfe42d89a2c1d", 0xd0}, {&(0x7f0000000400)="96de859fef6a33ba5d8d85214841f12f37be055f7e0486853ecf863e828527ef77c7d696618534363cdbc58b0f986f0013c3c9db0155ea980d133e847fe349187dc4434a37d151a52c35a7cc35210912b971cf1332acbb15f249bbb969aca224d6221b7e4218545706e2ab3ead1ff4181b260174ca0e6f79622de332de0f44b315b49c426ffce0f4", 0x88}, {&(0x7f00000004c0)="dee49a18e75d16816316001281e467d55f926830d2d42dffd0e89dac2d7f455644534f2efafdf50f713b432bdd87d002ed2c3bdd1f74ef0374a16bd259b95744fb9fff82135e87e2f14378e4052bca13a6f3bd6b166962b5499834dff2db1d66a076e0d1e482213f4b5b19b1132214b4647fe27c125b6720693eac68fcd796f0bc789d75484134d4d0d7d549a71576446dc00b94994c96", 0x97}, {&(0x7f0000000580)="cca52795ac4208108e625f5321a7a018af", 0x11}, {&(0x7f0000000c80)="91b1f5f4945675e68baba1d539834cdee8e321498fbb5c5d1a52a158954702676baecc330219e450abe5669653e463a4f27c3fb9e66a758d875adb5d45b4091c5d08f6d4646242d14c31fa15f856aecf4f9cb45bfe39695425013101a97787d736e78ed32bb3d06b97cd2ce2b3568996cae0ca2bdf2d5f2788194aa0e514f2ef8fc4a665942d362df7c5f0eb8646bc407285f9ac16a78286d676d7c8103631bf27fdb3112355588664e90d5400ef0b45639a1deaf3d6be2e9abc9352b43bb1a62d44246df8154f24b7f1c64f63fa57a2d45a257456be2dbb0d3791334fb90a31cc2fe71b6150d808620eb39a5edd58b243db23a3f1d8b1703e06831b3f541978acfd3f7bdf323592222cacd21d81f298cd1aa69f25acb0c4e0b031175037c525791500913017513ae3b9420b8c4fa48fec8df70e243251a3550b646a1dd823332b30fec4e0d5e13d641dbc61927bf1e5e1e8188e436476069b27334f009064c10ed41c97a516b72d976f3803524ea3bc7e021db0dd3d6c413aabffd89dc848d252844a77ce03038243075b62f43c1bd59ace71c659ad485c2e6c90fe5bffa8e923a56409f0cabc372219e6d3a904cb5b5705e14e290ab26e08c8000d6782d4731ac22d861bc5aaeb2d6ba531fee2bbf7fd7197739cf3124434282c0a7a408128a4c186605176331cbf81d8fd06a9726175c8cfe69d74af5feb53522c7f630822c5e9cee10e07421325879eb7fa322f37de4c73204dc4b456d16d87c68331a3074d3199881b370817e44aeedd804d0f5c16368d9e077959860eb491185533651ad4594e02a3be7fe856291c310f456ecf7533418d26402903e504366c37b80f8296d6ddade5b84b01b13dfc6cd24d6f4ca52f1dac520274d18039c8cd4a54b60f6b4b3620cac28d1827a14252bc016d3b4f913d30e243918adc1f65a017fe5878de90a3d6289b7f948e2981885509cff886d7006243591ee238541a8f4a30db0143e5d90c01f9754a3c35aab364f0189f53e5ee0cb37bed3304780b8a46f1d14bbba3d62ca1d320090a2414b3503781f4ae9e6d9d07d4fc0a93964ae83338689a5e29d9f23bf6fb1349f8a8531c8aa96cbde3d4c2b7cd35ddcfb9d952f3acd85c7b03ba6c359ce96c4898bcebc0dbd3776172a6ef4648f3154f767d3e968a7edb8bfd52efeee081bb95c14eeff5ade6a8f6f8fd3fdb542fbdeed9455c8529be1accb4af20bf5cd24b2f91d653ee2951dc9c3d76025a957c2cb1e2544da49872e962a6c14ec4a43c588bc245551defe4a39d625a5a521c66e2238b0c5f2bdf34996c4d561e06c481f6a89980f81c08e33a61f61fe63b9fa21abcc2788119b9cadecca26fa679fa87b65270576ddeeeed5a046096b74a6d3bb0f53b0d477cadc36b239e5dbc10b6fd313b60db00c761c66c1a2c6a2fd9e92f4f759a236fb3f920a49912a75d67c40c1f237a6af4edfe93bfa0407702fcee6504db49060fd5f0fdc32eeb6af08862b8634874ead834aea3d5ce1277565f47e01d9574a3372c42037839e7d3f7657a65b297277384e709ebf4a35be4f0649e3f6c0ee7eece53fed0ab92c5d90c471d6854448c91408eb5619d673fd5fce574b3a4b9b7575a8592319e0d35c5913962ad6176a0c0d59bb3f4891ff044c8c71d2a4a0c1dda9a88820ab8fdeb65fe19d204bc0c40bc1ca599afa9ccaddb7d5f2fc767fade05b7b02b8a7a103ea4049e86a05358b82e4bcf8806700dea4ec2a8edcc08f01a3ea2c195fe58a63a80607ad8856252378eca49eae812fc61ce3f00a241da50a100f2fe20daa4fdbd0393cb587ebe78f722797983f1a67c9a75ebb786a744733d0ab524c800d7a57a4d78fc7238a13986fd6bffee8f51a91df71d6b7696bddc54ff30c906fa5e79a43f18297f51ea42a927f36ead36b116a785dacc6284f949e110a7bd50a44a1d7d4d20e65fb18965b73a0a58fd6a8e8f668891d97cfb370e1edf84ec6711dca021ab0a98cfe0fb3d76a2183559099210b4250cda2c78fcd7f4de5760198f808771df33a848d8c00c5b0dd0486e2a00b1fa2b4053488ff296529c424563b47b5e7bce9bd9327af7f8d132f3e1010726b78640fe9a1bb25236ad06d3e441716916ce391267e54558ca366f5b91a6389bbb0095d37de0bba9ee5e97baaa7d83555f527fd4038298e973d09a1dfae15a3b9b1ca33e326d733b80f1793b334361be49ec41eee53f3df9b5caabe8a3122304373c3298e638232edd47ce7a18c259b2f006d908d468a7d21db754c6929072148be4d4180259cfc7856519dbec8f52cfc4be05ec9fd881a773b3d5fea6510f448b95804a0f4b648dd36cc610fa56c19879f95610f491e043acf9f71433903ddfef17770b5279ec756fe0adcf5a38d1437ae4ac8a8640df0f244b79c6604c0e33db6c6143d1e8b5e7a7fb2961ce181abcc68a06725ebb9dd47f27922bf7a7001bbb3478b30f8cd634ae502bb78513a0155b7c187a60477c29f3f682a186d9cb915a5b97003092305275a5d1f8dd9b5f358720feaea5819cc8e9aa7a3d53592750023bd0de03cbe993c779884a49845c6b7a3f2142c5d3c1cbf4af3d48c439b36ea997afe9dcb2472e14f36c6d7ea16ac93eb89dac716b9b75656b11176401d45613be46d9aa1543f7741ea953e66c346fd18e779f71811848bea7df925ede36cf6939a9bc73461cf4e57d68fac6a628b5bfd80e7cbd47ec9d14d0d7c5fe89a86ab67017c1868b4fbc97ab29c11a2deeb7842e2fa18aa3642e1f97d31c7d90eae8eaffbe78ed0a3a28f035f2361605962cb0298d47a383721a9ee205825e38a7a9234e1cdfef59f3abf35eac7f930883a03c673e1082ef8713aa516860108fa5b1c98189f3a7d944541dd24ee2bb16595202398e404908523dad83761967089c102fb36151f63573321a86ecc0a008d486ccd1d6a9107ec2e264f96c6a4c51ab13f2bb3dbb5d7825f879fa82228a36a3ca3de2aa16cf220a1264844ffe13b63d26cad38c1a8c2c1489d4fd25bb94e85634a993934a5b42ffb6c80e3ca33541a8cf8c74cda90de5bc983a37e312d6bf9c7fbcaa278ffbb140d2bf90660c0ceaab60f1f171f4b5e075cae4e24bef88573c98718f78eb2a2e5d6d73eb72bb518d417a9b584731fa5a6ae9943873c0accf60aea6efec5e506eb2addbc6339887264922c230749c930711458665f200d91fd120a2795e1071cf9da0a5ea73df0fd1e873b7b47290896f64f7f45821c399e2d31f95750c0f3386e8699f9698af2eca4935be637d6029fef0f938d7e4443281c5629b3625c00d940af25aadb2e467a12390ba4485e535e7b3713290b1f27dec6607900a359e03daa119effb9c09fb55c7fd25d4e2daa9ff747fb7357c2d9972ebc547c882329b29f5fe334e3a7915bc38596f7971971545d5c6305158852891ac220fadb7927dcfb1b0487780a84c8a2e45176b94044242df54c62cfee4ae77b3ea198f9de2605056db35f6f9aff05cae5057b76923016d26d18c1c3e592886fd130913f8b9b212a2289073cbd19fe29fcae850ac60a56d63972b44c0fa3fb0db09fbd0ad31e380a525165d2bf08a828a8791ba3be59bc18b344bceab8e0cfe886ca2e755fd34ee9e838fc8759e5383cabd1f54eef91a6daed99e92cdaeb4c5f7f95f4bab20e49b188fdc3e59427dd92be8b0b716141a0040fd51062d45eceb4160f7f95508d4bcfb5dc39bf0c282239e30881afedd77482fbfeb3dde581f54a8ca37b4142ce3fb3d22022e4ee43536821b78a91a79670f5c0f84200fdb82e942042a45228215d8273ac09cbba5d6d3a59ede4c69150aa3c72aaaca990adeef546b28c28264264c5443d9152a119bec9d7dbea5a9290f75d92ad95bb28e97479157e3ea01c4650024eedfc8c0739ad0558988d6bd069e6eabdc607486a2903c625b7510e0a811e64022289250cde4ea10cdfa6cc46212594a8a08624db348c71bfb170aa66613f92efe20be8afd1b4e7824c5e91850579ed733bc0288216eb33271ad0bb23e68cc1b8a9fd22a54d4fee7b92ad3e83e28f6e19ff4ce3f33624ffacd610fc787e4b7a0e5e8c4e53c16d55ff9146989df7839b3efb6e45e8aa4554333a6942931635fb1cf5584ec0c23698a672eb4143d2ad3f575f9e7728165fa981d529e69280d7202b6bd3604777ca57afd48b02b5769c9495aca728f39923dda35a914eb6defacbcb62647d49560a6ed793f0b9d2b639bcc0c795543c48487b1e54640d7455304730d7913d5c74bd0a001d0558117093bc75440384ee80546f365373f693ad5501ef354e01cd22cbe817ac70a1422ebf13b064f2677ff4498d42a5c974e25b26835808101113e10f61772b3802da7d33acabb1b5f17b38319618137bda3cb62f9c767a788d328030d7e1ac25a6b58accb6447cf60cc6905b007e289d705ccbfce1bf8fc1fbec9b5ecd78b889df563486febecb49352f23b9f4201e16a66bdcd16bd42b72b82b20e6f126287948d449f113950612232a0d21a63e9b3dad5f9d94363d1b4532af05a90e249d568b384284e6f53bcea7cf162be0671f69db8ff1465260cf5bb34115c306d634fa7f163b51f6ba8f404a0f4ea0871242d54378027a0bdcf3ac83a79fa06a22a8e61b93f54af14f72e88ef57b18ed4cb46f3d897ef317687f1fcde24bcaae5d2b2a05473dd9d7bc9beeeebfbc1802aa93c4a6e3a6e4035141c793812ebe21692cf06c15d9a8c920edc3390a985a14efb5db54593a8f828aa83dcd3b183d8a2e958f5c342390ed627dc2d2a64646569f32aa2027d3eecee8dd9202eb154167d014f4e3917250959235a4ad30791d0e8ee952e03095c776e0caa3f906e41b4c307ebf9babe5ca44a7944404cf06641e0c06d3ad2f511bb9cd8228b77079ebad38dbd9b19feefbbe2579ff3868c40545e44589cf0973bc9335718a22792c6c1b81adb807d3039c854ddf05446d9669f6313f779d854c367eec12ce011c35d7470a0d9429162541c16b7b6ad499f749224f5c8f889c7b15666d22e33ff6bfd2b8b1d7b724b4260388b41f98035706297e08ee69d0d441f9a54a11092834ba2affa69b5d976d2d63b4dae6a5f3dbc999cc75cd3a74b14620d990b22b1fbdb7a25a31f51decc4ece6f4d68e3d2c5d8f8773ed929c12f999258022a08f8ff5623e5e031fd3fc5ed6e7af23db4501f72492840da999d73ec7f5b89da256c88e3fea9429b6ec2d5d74326328a6bc2f21387a335fbc48ec41db8230cf101186850fee45ba31ad9937ec176026b39eff57db7a69d5c64c267d8cd0bb3df775ebd3b7917e0e6e14d00380727b5e8eb6b95633209c39984423e4a47f60a0c08730654497901eba885be7866fcb74fe45e80e3ddc05e237aae3b6ba6b7eecb0be09ea43057dbf95d7b7cb21621aa22bcaa24622a039d81bb33715fa7874580fd2e9292a1cffa3035d701c2638b4248a5b1866d5413d328bdec5a9d73940a8876a4d937c33cc656be8de79fc47605c7941109ac694ef0ea122976bb7f45f73e65c1f78182dd49f07a7d350d360d21c019f4f3c1d74d8f1c7c6b7a342ea38e0eb6ec630a555fbb10e05bfb0d781169650eb6160d854ca59f50b3557ed06bd1b6663e7476ec2a8c8ef088d0fe2b8e4be81e2b7cccb668d786451c56d16aaf03dc8b68a0499335a7ecab9ed98de1262f0d2a4a664f0c61057514e5565cb0763360277cdad617f510ae923f009aee916f4f4c54646d952a396f257a7bcf3402d5dadb5c661f9db04d1cbf93ad2a26890e8dbe916ddef98f9c34", 0x1000}, {&(0x7f00000005c0)="b77b4979c3c5e43deb24e21e78013863aa27fc", 0x13}], 0x9}}, {{0x0, 0x0, &(0x7f0000003c80)=[{&(0x7f00000006c0)="04e3f1aa0e2cc42a514c6e28b674e4e2c4b3ac6a4f4faeb98a4bc136bf434dcae8318f4e475498f62a4834fb947d07d8f56c", 0x32}, {&(0x7f0000001c80)="6bd6f40b86f1bf9a325918636c308d87c155a78bae32539c3f9570d1b645f6f23e506f7b51f86ef4a8fca71dbc8eb72b705e1b121d8b1709929033286bf67e1d0224ee1dd4b4882b166ced2a04b54f1f2163562db954e01d829fb2969ad5c50b0ac54b5dedb72daadbea72d30f418a1f8a59e86b005479b22d64f84ffc7438eabc9983e3009e22199062794cf0d43d575cb8befa827168b5a46251f1cd5349b8f93c46366d0fc9d0d91dc53a0db2de276b7a35d96985ec7ccde6f6d9767e8196861ade3131642f5b476ff4e77ba3ba3f82aaa132086ca9dc97517134f08b77688793c0e1a030cda99a51a440e82d5ba5baf565a85557a1d46474a4a6e28e0bcafa6abaa04d05de1ff7a70b7576279fcebd135e3a8b841f512dd3291393a1088e4a25e0e9d354e3da0994a943fa7431508fb1e47903c89c482c6b396d737b1b9fcb34d521d9b29d21b5fcdf23127e20f4d88269e55c39767fad994a371a7e33842c587077eed248d4df5aed42b21641403f3868da6ca4a390b4304a2de4f09c852d036a52d00e0b8fc0b3b09def4d288d698c05549a67dc96907d8c06dbe05d0d55884709e2a09de4825acb297812709f8a64ec4912f9776a1a6c526d26b850b8b54da064e793d052cbd948fc4f8a63d8f33791129259e109315e6505960ee2bbda713c108255c10d492d7baba31506f238bb9596bb7b8c33c93702f25ca8c108d0e17e743514e80fb35d0340da78dc1e8275b4336413ea1c0b1b8a29ee78600278e50fc27061c7274a5fd80d053db0345374762c57fc0b57beeb585df064c380fe493c303b3988e095f6546afdc1c37037c15f1d55d5461b298ef14b8f6fdc8bcbcd8df0d71bd4a8d9c6fdb767a806f5dad3e31fa9426e886a4f2ca387a8097f90aeb3bad2db984c8d5b4d06bc9c1c0ce4481588dee8189d20f3dc1c946d6a2bb257aada092393f3037da891bc2a007e70acb6005ec3be208434f065fe3e1e7b64d6c2d90140a352548c4062aeb1d8db119db8a1b96145feb7c428447087752071761a92b0b473716babab55d9d3663f73986cbe82ea0b66709b1e48ffecce002f7ef103a5854c66518e720fa43bcf2d8306bbe7fa2291b6f5a93779be5c0f623961a7e698936e328c000305cda8b8e2ad1a17182f193d5f78bc93c8997ca637c71456175d25a6a5a9622c418b4b0a7e7564f19187dc0eec543a9d36f9088cbddbf262ac2333f43dc2340368722e3d999f29071975f66d017b02d990586f37501ababdb7748d1c781c13922618b9f999317528b6836f23c4b8c6c9c082d73be741b969ef3a7b09ce9aff17ef9ab46243ae1c3c06147fa3418d4eb5c30ff0af2dd7e123a5d3a6979d7a7177a37c407e5db3cdb02e7ea4d058829eb924534b3705de7cf089b0c5f106b1676218929914dead77cbb5fa8d4b03eff8b2873637e1bcc8bba24f5f1fcf8dc13bc5965b708c58651bc804fc1def66d2a4fc99c8f5f4847a236ba27aca755d903da5860422340299ca73393f799da091f1059914b0649254e92a9a6df027878cf46736dd9f6edff25daa1292ea586fdcab5489e94c54da5ff4d927a570ecc14a587b77aed5270e339025c6c00d5000594c5ef2e0d231b67eaeec777a3c1eb860530fdece09a48bc590e715b47fe4da647471838adc3af7e26da663f00b4fb9bb0c30c782454873a8a0d7bec48197335c8b4aa75e76402d113b0c1322e8287c078a051c6b15e58a01bb01cde7422e02eda615fe4c85bf0f0b6788830916f15db4d0a575c16f571b4df305ce71c86311fa8e84f685fdc4c6355751d5d88d814f8197896fb236b652687ebc00121d3f54c1b2a1c3d479ebf12f27f5c944a06f43f21307aa4aa0d0062233c52503c0c92c21b982160d7a42a579b45d24eeb3eb084b3d47df6d7aefd72bc0a8ad8578579822aa3c6723aca09e5de4605097df50a9fe4fbaf9c5b87ad7e11bdbd34a3726e26b81d23ad3be386170da76bd5a2e40dd015c522c9a99b5dfd096c61b91b89c9774f31ca85b75406b9f1ba7453a5a248e3d91b6fcce945aaf5cd4ff2e40fef8a4f358422ad00f0223650a4dfaf2b9be596760f4bdd69b10df571855820a90eaa37ee11b5e8ca366ff44be72755b03bb4a167fcc2eb8451ef184341e0bf22ddba9247e91274dfc5698d4b7e3404a7b96fd10117d1eaae84072e2725d65547bce0f9d365a995f61638d348c238fa7aabbb9c639551d0452d69ebfdf55736e15f9f2e2ac385af581a5af8212bc75eaf5c77b9483d115af2259ef1c446957b239b6da01fec47e164e36b893cd0f07cc540518d3e74197d7b00505b926e85d6d8645234dfbe883eeb93df4fb4cbd569ebf94b61f1007d65c07c1d22ce313b637f7ced1ce06f666dcfe2c0ac9fb31340cb940288bdc2afa48ca5432c94a2d3a2f93ca0139921a9f49226fbaa435fca59e2cbf42fd6fd0f100f81d35b38ad10d0843b918a6c652d59008518f8e4390d0be29484bf78ec0e967302e2b8f2cd327f440dd1fbf8703570af23d015f2b980e1742e696b55545146c956fff39ab75a7c1e1aef3895bb8dc95eb1652aeef86804e7cf7d699a353c6af44eb6449355a0bd1d5ada860dc37a2a3c461e20647635f8a5f73aec28722f9ca4d9cf3a288e12e3e4d06c109187a561274e98e466e1942e4338837718b6d76b5cda19f364fce22250ca8c7ca75ab1511c2a1342cafef2dfeddca383655a63324bfbf6027c071c11768ecb56fa22714519fad3a878908016923001a0e16e663e1ccd657ca71a8b6ad635162d3c8434ea6e868b1162a9ac419803cc950f48bdf58c3fa51d5800946dcc50f2ac4cfa9a4af38598d102a482b3b4820ba74f9f2ed6e45e72126545f22895ac0bd3f13361b5ea79cce4737710d8118ce1bb17584d1eb64a29ad65e59d80c0fe7daeff87f16236fb9d40a86a66860803b16537d188f77a6ca6d6a03729110382076b8b501df6915433023bbabb50e8d20c3282c0af0e8c1b5e6172453558d6509972c54af6ff521e671aa86c82ca9d54b17d28737243e53e6cc01a4d36ebeb342266ecc25ccd8195ad52b5adf75cde1c66f002093af67e761611482235d42f8cface56faf9cb5c96e4272e3365cb7dee3803940b8d637aa8eca7ff1e0ba3b20fd0118d295fcb218846a25da79750bb37b254a145f1afeabed22d7ff87084b5fa38ac439777a9895b7f59d93d6a806707c2e3bcba605ab700b857123e17f220a19efc16b60ceec9a4fb11c57896bdcc9834c996a0d7fe5b3da65187472a0a04c1a07adcb14cdf45b1f46cfd204f805cc52e449bfe97f0e40a46d5fdb93aeab1a98e2dca553a897c83558b1fbd430ba58831805789e690f9841d35cf6e29ff5ecacdf4a2b8314e225c21511af326a9873fcbeec72681c0565201f1c202d890d58c8d5728b63cd0f54a594bc882421ebb68adcc9c192d411c47ea30a8565b14b7a89264b38c23674c9ca67a977e2aebdb5a69234076879e952bd11ca541175aabd9fec98b397cb4a2039d5389933c5eec4576f8d86484ac953b7bbb9f4fd9e81b47a469af62971dca0df1ad2c72c86e51598dadf6a6d9b3958f5dfb60f55ee10f226ecd162e0f7a559ab930f79254ba222242805a7cf419ac3f11a23c40d36cf2d2c5614ddb8b3674d64f08fb2398c21dd156afb39ab6d90efacf5c6d919e0be14f716b4f26399b867ceb598a707cff7cbd50ddbce93c1ee7fea5bad111e5d8b7b15c32b3b93fd11ab66880bce0464b8c3075d55cefd6f7984bf99736a883f7a7f4debb76b888b8bbf3a2aa6c3888d0a496e1b528b1ada73dac210982e19345a0c2c4291cba0fce955f4a15fb63a743e6c3db2535528aaf829afe18bfccd6f14c64dd3e6e3775e9acfc367979280bb4af5d57273d0d8d61e31ec3a790c07f27931eac63bb25320632429e215986aca7f48237b672ea691593e02f39cf5256f7eb4c27d498f072265a79a68c3ec6c0cccf472602d8a3917a233232a84ef34616ba0243cfa9ba481591f2d17f59c3a18e94b53766a74f7b75f556f3cef17ba85ecc468daa472b4440348e44a899d821f513a4333e25bf80f09c4ed40d87a2729d911ba96783b9d7f5b3e3007b2367dfa260fc7af2d39bb79b0eb107efd7e6fa5b1d3cbb5296a9bf2cb99cb8f6b77638e0ccc6396aba0eb96cc302c99063a7133a8a22b4bc1a533b2a3a932740c6c5fd48dde2431ba3035af942a29519842563060eb4c88ded76a0bd0bb3ec191be6665e2108539454e007cc4bbefe088c41c8e1412ca48fed79de82bc4c6a8c39d2df3a8040db487ce8664e4e1c834677b4ab545096e6eb329651a5b23a5ab6b7ea4e2242546f684b209f07422b965bdd56116ca6ce00b13c5558437db085cc3b8b52225c310b2c342e56ed510dae70bf23bbbcd6492ee6d94e5d4583f6f41041c9d9f9b849f4845110eed9cf8289b5adf8b931277271595c2539d69b457fcbafec5ca4cfd39c03d477d37424d5854ccc06d4c285265dc8ce5ed22c715dc9f31360a9082c73ec6efd4d72ce1788f9269855821a304e318890f39a4fe9be5c5410d0968ff7daf0719546722318e04e0852bcaea4fa3a1506d4e2e465bfbb2341f9ca70ff46848a157db47e48f9054b22c19fde1e430fc3ca5ceda8b3cfee595a3105226d7822d1dd319b111c2edd55ed6dcd288ffd4469f8027ca70b9d98327eaa2ef882282bbc2c4dcd45d440b0530a738edb8a971f82ddafb11a4c0388a50f83d91ac0ba0de54dbec9b73b523168268cbaa2f5310894b6416634992fef3f08075bcbb04f0dff91c13263e125a330b37298b1c545d01e9d74c3473953761eb87c6ec588785d7559fcfdaf5d18cdfdcecee60316a713a335be2c9d65670644df006d956987bc9d050849d4c783752ccb7ebbcf655eba1e239a318da75c6c2182feba4a95ce737c573811e4368ebdbbe3f6837e37ab9132843b6d4c2606295b7160225f0fa1752cf8928c8df316b7aafb28e4158e2bf1e720bf2ce127e5b20bf2a8fa80aad48c7a8dc9164a6bc6997eccf1544fac903cdefc307cb55baf561e2cb35b15f67240601cfb5d75f9ae32a1b6a40d350736e0b99992fe8a51883cc97ee0e9dd0c92eab3d7bda78d55fb018121415cca5bed6e8dc2b79d4c6387bcbd92096be523361c41119eb7b482a5b335a6bca2b02c4735f9323812e8162b7059e8adc0cb0419b54869be13da8964e9c1fc1e9ddb6c46890eb1af45311d0dae9a295a21185f57b23fe7640509ee731576f402cc2a6ba2a6936653659f58ce77956e8548b577bf433e7f44890b5d39d611cf7bb7fb72083fccd88c61f88f8c0e895bd043283e0b379516fc1ee1710b9b66177834f4e4360f3dfb5774b8ff40d0babe6bd1ec41f20860d47e31faf8a0ded894482b14b0e916050b716356341a12ed9f9d97e4377780be7442a29fde3bed5e60d9520000308747450fdfb335a4d184ab7114fc7b8bc106275e11477366c35f8b1ecef8100c56a510b5566b5d44545bc23673ba327ecf3bbf5dd8a97b40ddaa2b6f21ebe277a004539e45b3421ae831dfd5b524d8580352370f8de728c68e8add67794b52239c82e82ad85fde1219e955c5295e957a2bd6cd7b6680835e75c516d3fd164967fc68714d989e39dda21d8e5fce7c6969a23864a8b746b50bff3b0807471e0b47ddd0b3328bc26ec3588e9e3e313063cf8d99c9c62bcf014d79cd5841d369df51be6d533389745887407a76751dae7c90c31436352c3c3c647dac397a3b473afc103bfb05fbd94764d251c", 0x1000}, {&(0x7f0000000700)="0d324656d4d2d65a9e4f1c606d4130bcf8fd8ba14f9e19ed8a5f7876ece933861a1756d7fe9d18dc2d9fd5fd", 0x2c}, {&(0x7f0000000740)="693186d62e1b5543f392d3562c608859f79dcac86e47e270fc221e6c3115d2686105a7f5dbb7c3c132448c15efa6d7675285e22e7ccffa1143f5184cc9ed5dd0abc5bb901acf53589df7f558ffd7bc74485de3cd774409fb83e5aef933b3aa28f754bf3f7fe9e5ac7da18401c07de72c9205c65b90e0728f22b43ed0358da210ffac39f52d4607780cd723565d7d8d8c24b27b080379ec71d1527589544ad3c09ad76fcce4f391ef748ccafe7a327795a32b1918195d1583d77f76dfe447d329f7951133439679bd484fab3f9ec21823fa2f68e3a8f70741149132d86a1cd7f4a14d912f13de9bf25e525f38b21d7274b49dab76dc10108d30", 0xf9}, {&(0x7f0000002c80)="d9ed703881c97b0b358c75e8a8d13bab80e488f8be88520ce475ff74f37e9fc0e071e339a4052f2a18255e18d43dc44c452bee50abd97db3dd20e2ecbe150362fcfd3bf768558e57a2cccdf6449e43309681fead976481cbf28fb067d0d3642b51b0c3abf649234e1f839a70b0572af3b6571be6cc1f40b3fb75c66f4431af5ea3776f06eaba7fc6a0c9c4cec44362c1ed33e8f45d842c6e199d3ee6eb98400b0434f5214246ec43378626726fb274131fb19c69a9f17a2d39bca9f9f8aa73274fe77249fa39aadfa02e379f67755998b7c944baf08e2f34b98d21ee28990f9ef01e368903afac45efdc20c46801c6bac14d00ebfbdd456acbb04157e2732afb0d373aa812a9b9924b1049a8d2b8724abc413f4a1f4bd6ac4f99df39ac6e18156e18873c6c6e4955cc94d5bd096acbc4dd555b0f47d74b85ffebfcb8b6235a24ba865cab48a8641e027c39cf771d8e794fe530c21280ab66553fe5aa23e37340fb6f7a68df1e3ab0e747d3a4f9a32a908bd90aba49c011919601f39693cec35c0988bf7deb74151c6abe36f9b4d1479e047bdfc28bcde8fb969bda07c3dc8f2cae4b0393ba1814463e6df5dcdde0f140e3c0a93d7f261463874182aa571daca7c7c9da93bd6931f9161e68269b7cac34a43713044ec0943ac012bd5954a5458e255ad9436629845c7bc1062ec64cef6c1b7dab5b3c7eb8b0bfdb4df216dd8b1b04940e9bc26baa295e5d9fb6e3ad71a42d85cdddd42bc2d2ef61932027499856928f6a36df307e1942c956288957aeb6d7863b816cd451f24cd4d6ea4e3b4236e1b54afc5cd8065f649add5b0b155b0c412dfb1048f41f412f120969cdba336767bf1eb18b8d8be1f3cb278d7b5e8ef424836738f1312a1f26e7bcc72398630a026e13afc078eb2ab7f51ac7d3571b0987f8d96b566928f23c4dabf50fb733449c407348181a258ac863911ea6070c26adadf99bf83ce407d6eed4c5b0420c42f1a66b9f86a27434e621b13201821063ffe3b0a7b2fd1c2d6fdd8eac584adb50ac143dfebfce86340484e0829cb76633c10e4f36c793989ef9b9a8f1c70658f3a1109feda228c1ef37e64ebca48af1aacca1feb78d3c98e3e50857986057d4c18ca0cfc8167e0b62012601fb9580e25020d64a5ac50e6538a664b77fc198f59ed50e0f3f30191a40ce6d983eeb15f60383e2a046d9a243d20fa6f1c0ce361169447cd50eba01876b5178badb223f05f0a8a60a3dfc6239db7ad304d4fc9473fc0cabc0d3a73a86f6b3fba4c631ee5d40605d7e5a860cfeea15b3aed1eb2d7cd690e3a32213bb882a6e751c23139d31822acc0286c8c4817bcaad0db401194708962816d8b933eccc4ea993ce68dad3971cfb61b56097340b35dab74501c5df1aebbe609b1bc81987eca6d6437d9fe9e0cb8cd6c9cca7c91ccfde8ca45f2ce3157fc5a20a4fdbd9d60bef9686d2b8463bb34a4e1e13b78c4931b990a5d95132b873a634bb21be36af014e2ff2140c8c78f8a0a41d88abb9cb75bf8056a0db0f07aaf919b184496be0faad927eccb004111c806a4bbde9cad91c1c5faf1b7630fb98927d63b184cca130af5cd56d40db3fee115aaa397cd476cde599e225ba96978013dde96e7b7b7ca4d1fb8d2baa4b4b82482d2da8f82cd3ca8ae5f30173253ef6aa5ada328d6b6385f30ebae6473abe038bf4ec1633fcb73d77dfe9dd46059842487d8e1354a67446f23b8912900d6c8bfe61070ae45212b30b71b666cce5d5062faa212e4bc1eb0050a28b9d1dce6612c52ab60444ba55d4989be6fab1e385203fd4efe3f132928060fd32ac6b5391c378619a4634e3b0c5e0b546c8defb37e21fead4c088eb736be3ec9228eab4329b244ee7b83deba58c90fb873cf05c398c359e63eb0fdfbd5056411c0d070ed115fa30e0441ce7659aa29e598424a4a622bb6d0c747fd901bf6ad804390c21fd9c964a0aa04a67b2a98747bc2d420167dfbdd9712845ded59dcee02e62070bb66dca6ea2f8d3b422e05b51bc252149205a92875d46c239fb4162c8d108f877a82096f0347c75607a0976b3ddf0f8b07f3ad999aeed9d9f4d30f8530129e337ae3e4c857af04d3020484ac6371d868c1a184cd2084191da060e57d1a2a5c40d45338589312e2c36d79eae218eb919f35e4ab6e73e718d6e29cbf1bbae832c340d5123c59db4656cfc3f8e15ff4cf374eab9d9511bcd3300325a58ae1e219b76173343d54a6cf493214e2228ed570705a0f1fcbf6aafd2c5d84b63d3792625d028c563fe6a0bb52caf9bddfaa049f11c8e97b70480bc1ef3f25430287012cb6058f170d980c400c90abb5010b2556cc594a4d1516bc9d6f96900d8795cc9babafa0784db621ce11053941d24800a720eb6b0877cf2eb63b4aecf73da1d6d2a3365a0c4de4546109c5517a011e44839f3103b9ef9a2b848179029654c211dcb389f909583d32bc2146c32c9da78bcbf7bb7c21b36f3f56cc9d4f243d8f2e268d20f6245797a006e64a590f44ad316ca0203ef8d5fbbbf998fbbcbad6808d5f3d7f6ea3fa2fe716e44aca1aadb99f589c47756cfb2d9f25adab3ee7b17288f5960ffe81ae05bff1f46b33dcb0e15ea06707c46dd6503952ee09471f0aec50a266e17651bb2c4ae6a289a70e749ce2b0aaaf0679953e25c3d47ad10990fa70c9d82df07f8514bb49fceb8d20977f14e0d034277db459a09af7434eda7e2389d0a9f61b8f2b80aa9b47c86f9fc60b64c25f3472fa6e8c772fc9e61a9d63a3287194424b0e068c00fd2c94f506ecd5f4211d055210dd152c51f125cc0efa44bf1693690a685a899ed1ffac018712279631f33185d6a06ab190997b13a12f83d80c775e88230be2fc7aa8eaa3043fffd132b882ca2eaa3c03d3a69a50859c553cc8d73239ae0c2dc31201498327e8a5900867312cf84ee8f9b10bb75a4f4ac047c2c3703c3db49a326227a22feb4b334ae1c73784cba2322edda25540b0f6db3d9f84ba401cf0f942fcc067f43927f67dffd84b8cd4d5924511c93f48c2b96cdfa5f18fb142c370748c939873b25985c9b80873cb959131f7eb4d228108127988cc42436864d25b28f9cd1c25716943940a2ab905d785c68dd6f8dc8eacd7587db1c4eb8ab2e11f47d9eab3a3ea4768424a4a7dbdcb46025de02c51d7f79dee02aa269c2c6fb8e96528e2acdacd1a2fab8b7feda61f8f07170e789fb9992cdeb331d193b9d39cc228d295d2ccf5f9302af8e7d2570fe23a9937c585e1e0a616c28479129f18030ead1d98f8146193d0d8cbf9daec194837a2548b13efe7e9fa825392503a752581952b07ced3e7e6d68c4f7e4f91ffacf3f0ff0f66d65d6a6959d802cd6bdc6352390517fb64855e3837ddcfc3a32618bce2dbe87d12cab9a545bb6f36ff8704bcb9296c8359e67c48b56bfd66ecac6052961227c2803524e28b5fb80705799b4133fc5680ff31f96129efd416a14ec50bbe16f3142b305dc9f60aeba10ac103d0ad20609fdb0349ca091850db552fe116d31c44cbbd44e4b8321a684aed42dff15c5adba9827f76a2ded2de5e19d0c959845c6c318758e093f045718b7cd1a039926ed6e83f7f9481911266549e185003f1e2c8b070209911a1bf3b32e06d8be337c5ccba9ccec69a37ef99db236c3d2f50ae3355071eb652f76c25044336a2d719a2009c9af21f802c85851836eadfe7123e962b70037bced3039e0662add2a97e99d9b26b164d4bac126adcec06086725dfaf7880f0ea8af11f0ff961bf43ebdee4257ba4fb7059bdacec9c3f4e600e6db4e0c6d294a6b40b88dc29a4a14692c4bdc447adcb687fc442973cd2a7abba2ee651a731f61d26f0be9a1433a23807f87e7ee74d5326cbb9de467885d05358f2766fa952846019700aa8121e28a0659366b4c87e16daae703a9e33d07e84d7ec997d5cb194f8ff7f212646c2ec3bf253517891a2e0ac849e2afe8762f2983e108b3b658506d8023365fdf1178f2797ddeca67c9ac798eb5bec3cf8fe367fd9d35427a4b23abcc9445e7bb64adc559258434b1e22113e61de6759db13d23db9e58231ca35b7d0d2b20e193eebc3bd08b9b81163117933a6b7cae5f50654d86bd1342fcb93112d1fc01524f9e4ef04a574bed7b3ea24d1b356fae9fc12a9f6f6406a0815639ef5f2ad400d270154c005297583b4bec97b32f389d87e1951a54791c4249a950834c257d71ff3193609e4cf36e1b63c902e4504b0724d4a5c6f2ae3e0fb81b207086c87291545ff8a9d0c826f09b99fcecd15856d7194ce8e7b3677bb3934fda2f9560e284193bd6bcfb8c4332a6c9eab0622ef4347d78587e7ea095665a3c1f0ba928f89cc094866d3455e712b0668cec0e12a9431532108960ab422a863b17f8fcaf5c4272a3bde37cc24af0daa1428dd9b9c12bc95870435d9fec474c27712b53eb75fe2c6acc40bd028cc7a6149da4961e52862b7474bc7aefb82688183ba8ad565f2fdc66292381031adeebc8a69ab54ff59f05866221e6543b813dec2a077c92f8bff3d22b581009841069307731f228822683401d14bd243cf9103c82a884e4691904b1bfbfb13d17b869fb0e243e0e4b2b3fc0921ad2fc46ebf62b7172b2f5414b9d40c8e483e1f096c908d2250b61963b544846f88fac16325dc5e4682d8ae6197264615114ff43c02d7006612cda89565143b5925ee9f15ea6c62abd1f6d179678b79bd8fe068784da2f6e8cc6470d5f251e99bcfc5cbce1a7d9ac8e830ebd2b64f7bd16e397178eb168a8c2dfff5840807a8b0a61465920bcf4f1d284cccc2697f81b2f6892b675627b313a75369b5d755c944f22c6b54220f7811dc7cd7e3297a367ee3a58b91fef3491c95e6c192fbfbfcd26c1b745942a0f74722efb37b003b34cbb466a89ed645f0010256207957130f607f7692da0b3c5ae845c130916153f7ceea059a5522a27cfbd140192c96969ff467dc58013729a0ddf2040619aca8eb1dc711eeac22a98788da721a4e00cc8df3848898171ec02f83250e06169ab6a94464b2705517d495c979866276dfb077eb5cb31428d697df45287aa4b8987e4a454de52570dc16fc90f0d6b743c6a1d7e8d863d15409ffba0f55438d862be1ec76a84224c577aa4c57ee6dae6d6774ddf717d5e4aaadd8b973e22c183717b56368797a57800eaa7a453007900499eef779ad0fdf910b18187db636dd25bf1fbc9c9a509d866a9ace4903071109465a72cc8997c82405b072d8d79bbaf8bd27ca249e90ca820366c9c4d2cf026010973f6a95a32b2d614d58a53fb9b6134003d71b30a8330d4b4506945a3af99348b8afcf6dd587f2e6b66d07d1374316e30938d804997a36cdc1835c22e16df66212caf9731ada028af549ff520a0e197b23820ef41cc99eba26434ea5ad207e4a9c97e526a8720158d00f1e17b027f2c1ebac730f3e2e9ab8877a23260d2d68b4919fe7650253e4d3832e27b044eb6127c3301016f77d3df497221ac56eb742caa051657179a54aa1c5e0df309cdf3583bd89ff371c01f771be4edc418ab17d4b531e9957089031ec71464c4c0180f780139c876a05781d440200e4d2270ccf87a8bb8c52561eb803f553b689fed9c758b22bd0f5fb00b34a803c90c8dd2fc2f055e87048f432c6414273e2119f816bef925a35f3c11a814514610ff8996f8d690958d9379c0c650cb366e311222e131d7f378364e97776f63fc302fe92da3f02efdb94e388e2bcd7b508a63bd66c6e2196de7f502ba9b0487af64c558283652c8a9", 0x1000}], 0x5, &(0x7f0000003d00)=[{0x1010, 0x109, 0x5, "1d2325b71eab10d94b3c5dbd05e30ecce9951e0044f573f55b469557c373c26da019faf670953ae768e6b1bf8a9da92ec3da5c6b498bf0e9c0e241a5718db7541f963f4b627e1cecd1f479f6a659313aee5fba8d6a24b34e88f51036746f63359fb95a85c7e8c896c48e9023712f34547a957fc74fb3b69821cfe0156386fad38b1642f63ce871b8662505d4224285c414c26b933b6eaa5be9c04042ebcd114478863ce51fa90844160cb97a3f9b1a41b5ad71bf735c35225996d821736d5cf2ead25a5e329d52266ffdafc79ea322b646d904bb11b3d1d7d376908aaaeb99b9766dd047a35be0ae623a189db754e467d05610174228b490b0da12035f60b95c3690395c4a9b8a43229d1a968c3f989974a7201c95762b3e44b10ddad079147dfc7c229f49db99dfd1747b5886d952288eccc992281e366396bc86a6e02a7e40e1fcfb4cad1625db8c24162c0044949cfee91592b6e99f327ad2e65a72a9d95d59a826ea804c0e5fd6009843974745ee7fb9b7d0d6ec2616cef7710c28c0e546d1ae978136c68696e193f08c6c4efb267e902d9a0dd63c1cd5c532f8ddef36ddffed615f04fc8d2277cdad045a97e5e6faa96fd256a8ad260b2b707e3b57aa9243ee76e760cbde0a627aa42643e439556d768a1f839489d266c53918668b3f98426897141bc2be0580d73f9c187ce7c8bfd4f5d5d6e68845c3897939b7af6ba261f5fa6f5353d0c8e2f6ea118cf65990edcc1dcdd60a62da0e590c4ba8ae21c971671f566b2cee9aa141e13cc3fe1d05abfa3671d7d807675a21ffdf16eca03542fcb4bf94e2b93bea46204bfe0860d0098a3c13a51c84728cdd0da72b642db2c024a1333ec7c3ea6fd78fec3d8075c2f277a96be0f4416aa56c575bb659b5e5087aaf286611d48efc80b7fba9d1efa9212e19e10c27b046792338611a24a31bbdbedc8f192ac20e104fbcd9520e2a243db97bcc84b84a161787042273becd859f542e37ba1f3e72b59c4fe2ad6fac2528c2b6c59a1764ffd9439007ad3db7c46bb06dc707f54deff76b995c5aeb4f545badfcd282c51ea7c5c0192b6929c15f4ffcba147fde2a9e517d04b8d4d1f12050d2b46ecc89762a5ebb175d7ee9e84463472a506a2831d1d8be20aaeecb6568a37522310a3c04c11031cc8c275db793737c41d9ccb78669a173bfb633fa53708b5213f6e748736a15fc4980abb864976142e787af2f60a710a67399e7c3fea159e04037aa6905079b7cb1606652fd723e1516f2477ad313de20c4de35098243b1d10cd8469c746b4b822697252712d0a51c7ac7f731023c6a905038a5aec0a104d2509378b85d3ce0f6aa2e822b6c83cd63a4fc1892172116afca9b6ab8ad4c3e57250424e1350d6926a877a393b67ed3bf43ed8c20ad4693cad0fc56a8643555994a7b9d441122b52a64774b90c94f41bd0c00ce10e7957573c573c34f0fbb08bfce10bd2c0536cac1fb3f0f7f64340fc6b91539aa94d8a503e25a41b83e56baee66aee4f4fb989711d786362e63a7d03a893df4c842859950cde4080e257668695117c054fc4af31aac77659f9db46685c2674ab8115660000ed576054951637f10be92110a6f001cf21b48088d6f087937ac639803a7497db8755e8357a96c7586eeca4ee12e35ddffdacad53ec5406590a0bb00d85eb16cce259f86f81b5ae2301fe47ca48e1977377b9dd26180c6a6068f5a3ba2cd1370e2e8aff8ed5efb76cf85f05afcbc8d6e0b81f51f9eb5c6ee808c15f970328d20215149923cd7aceda150153c67276acc2cea20f9c322f3312863a55f5322727103b68676b50609bc8990b81827ff1d7996393190d4af1037f68930fb9ebad219a4a8afbba48cf6c68c532c9eaa6d1c350b9098f97daa0627b56ea331e4f203306d32728682be55cd0c0c0312700845b27b370eca6e7572227ed0f6ebf34dc8f7d3814957c0ed871bf38ef1c0e27012775d8dbf5f49ad988ecf7be7c4e3e22d21c7e1e6ad7030e42baa41e8685a13d91509e0d21616cb25ad4f52a551b883a1f49333d51e46c917535c78e92e6aed5bfaec7ade041e595e4269e04f4423b5358c111f3e9b74ba6106ddb0f860433e49c5d0483aad6a2c74126916ffc36ddbdd524c408a77634f87d3c6c6298a64bbb4b4b847795c62e1f426b498811779d1b7ba05d199e09bc8f444c5a11c039c34181ca086e2f2f9826aaeb8a123d03a3eafe81400f1dedc1307363c1a6a650908e17a91473c6539784c3ab41874dae43e38ed316138fc2fd24350a253b3b554991c68a8b9c33bd5c47b61cddb1deaa8e67b0b253e871e86773441333bfcfb21bd0fc337e201ad8cd0b440302d3985998873f4d29f45feb5049bff3cb46fe25c7af405a8fd0f4a55416a6e699e0a2bedf364a6f912eff88c7e3476c50fa7a19cac9e4e6cf9d272d3ac4fdabaa630fa85cbed6ad0637f285582d86e00fcf259b323d227a85a28cb0a7d3398b24148fc078cbc023a2fcb9256d7a2fa003465e1f2a2b8dc2c1716c93ca3b5187381c701e9152782da57ce7178bdc42545991426a69349ef36a2a4fa61616efad320ddbfd0b0a4fb044f7ecf51f5f93933a8fc208cc7acba690a1f9094a30187c25213da97962803ccdad9783de565ee8ac955db014f0a64d8525bfc1e22046bb448b306d7c60a201f2e2f7841df8005f286f444eac55f124457cf5ccd96ae2aca63379bb6f4d7b36ce69ea63a829640945dcce4f3b6bd7f846a99c3a8bb2c516ee0e653d560ab62371a849208aa0e777b6cb17b3333a5dfde07dc5d6dffa1b247bcfa9aef65a471d0b55193605ac74268ac67136b97434bf78fc2c8d5ee10a8e9e7c0d53ce14599088f0899fcefa8deda9ba9a30fe0a2c5e20d45e25d7b84f14da5851d6493974c1002365d9354f712905db032ee441014fcb85beccbd6ff2d0594de38dbdb205b0e753e19b5c3684baacc8020fd1a7575433efce8fcc508624f336c69fb6a19f9fbf48183df1c76c84eebdc78964c4ae04a46363c5a320c1a860ce1cfadb9090f367132f6c41367ca0dd14c4f3bf0e2aba6012129fbab8d39a616562e8299ad74123636ab6fd5cceb4534c940a3986e68fba94cd81e87bd4b590837b0222ba3eee0bd67c896eb0ccfa421963becf1c8531cfa565a57840cdc5298575961af3fcb1e662663d4a240d4ed44b81c58fe28db53d162dd63149bf870a131019bde8c15eb3d8d77cd71ee4d5d58c91c5031e6ed9718d95dda665e127ce4c6979774879cd8d206d26191f24a00f44722ca02e20346e3750a09e22eb1b9c15736fddcafe0777ce1b16ea345ff2af7ee915cae03c8b537414996e85b1b8cf3c888adb91cb0a50fd153bf9ec00896b4145e0cb447461111bdbe269534ea4915ecc58dbecf243819b7aef91e5751b39b328762f7a940b2db6c9458330e3beaea901cffe0ebe7fa24d1731ff4e5c1e2a236e3f52f54177e32c6cb4f705d8f3d590f61d6cc9b3b42d52189be83754714afe439002d8f7b403cba86eb9b57c11757286e01f712e7824c729739d789ff6347dd421ec0c18323edc2f3f983cd0a3824df6e102fb295c1f2789d60fa552f553c8624b7585e118084003633f9c25c2e43ac9e7dfc931d081babe208e9ded97f2e5ffacb3d5466a4b52f74d102443a06fb8f36876e73b2b89776d565d125975d20d5c2ce4028a6703945b6a07f4c2fe6eacc2a73a1470c57bdd03d383fc735b73697d8694f7fffbeebf22ecf44900dae1cd278f2a3015749486e50121da8c547fa48db0a9ed2ccdd94058385f84c5ce691d30e638252b8b5f1f42157c07eb9086b0a8e3675552f25f70dcd38275634f54e0c324d0f294f0c00b6a6e7c539ab7a1ad1a6ae21ade68179117cbcca9dfc54f57e92f3093dc6ed73337f9a5265649264a6645ee4a2b8e9a3766d43c7113015b97560dbcc35d4ba5a9931c9c66e123f016483077f98ad3e0dcb96251d45af388deda8505a473fcfe84c972140c8677ec47f98904550b0175e75026714c63171d787c0a90a0972ccca18031612d7317ebe18e735b049c7841b74daea00c995398f2170a15b5514e4fdb112288fcda988b0071d5b5a8fdf24311baba49652441a7dce2e4cf1ec58d1c4bd54c0c18e9102f63f9c7bd4a7473abe52783341cf61869f3045b8b97e4949be457427caf87653d5232fbc674b08eff63a8b0ab3dc0bacd0f3b8475326fb3ff64bcd6cf830ede809ad18e695563b61cabedd3c1baf83c167df5f647d46e5ff39280a9b131c5197877de1899c49efa159088bb2a88e4f4e2281a6444acb9dddba1695622888f3d34c9d6b902fe4b3068025e8a22655ab6b4f623b4fa3bada8260978a1a9a65595e1dc7edd5e0d5887b896f37327901e0bea7338190a22dd2fc8af6afdaf01429784f19a5816a8e2c608ebe1286e31d10565d2d2817e8460abafcb9d4d440301fd2bfb4d8c9ff6cd699e534e50bebecfbed344f8419ef7897facf1323958270d1727978996ba058900d01388f5704fb958c912dc60aee875fdeb094b74a58d92d825b61ff85e060ee828e75e6f473fadf6120ff97d10473a3c6bf3373cbd1e9934144a95d08c753e4e631251a11fc06df09ba82a0bce7ec9f83d01ad1fae4e0f77d0942eafd364a247905bcad02e87003e26b96e163dc54ffe0967b604b316196bb59b0b71c9a7af195ea884fbdb95d7d42df7eeb7bba7ff0b3bc270caedbd2d0c53df6105dfc893c5494dd5354b897b94fddafbbf712a6c3fcae09098a97dd9344650b9265325b177673f83a76eb212ae3eeaff572b63e4886fac087d8f4f65d11bbe134a8af9585188593def21aef69adbf670433113f3cbee57c5625d3526ac06ccce0ca699f90f570d27a385bb4e1a8f93a21a47413245a26044fa22e367953a579627754b60b7b538a7fb714ee12bda3cc035adbf545ec34a09e75c11d828f683e5bf160e498d4e16bd70a1d1503100f72f54ef41f25a9a485e5dba08d08d54957fe75632f265ed5494e13ca456796ae4ffaa47c7f93e2bf7ae378fa5fc4d8059b5348afe444f51b218514283c0e66ae11f80b4295b9e8e0b7f448eda64687eff86580d1f5e0bb729a63275e5e9337a59c5a8ea3e189757c9e796771092f41ccbe38574102471c0539bbb218e72cb6c50c50dd31d038d18d085a62ffdff47680593f25576a45c9abe362ae2ea061ac74f630d7638a18e5af0fae7957744e8674ac3de40999bac62e1daecf26b31112f4ed5c83f83c9c1aec1fac6b4c852c30c29fbb8c33a174b318388b32bf3e8cd781ce914bbd5f700835275fbfe833c0d1717c9603c6b28e2a2119ac8961bd0bb6dfec584a69f7de67e705005a7aee877c88a9de96a6842d26e134dcead7361a9a020f62edfcc30dd7f38d93a6ecf8c7c3f8add4db046b022158a66e5772d9c0e5d89c6c57bb52ab04298eec57fdbb7e530f0c19c05f277ceb0dfbc9f14fccb0010a90b44c6c7179b1d64394470855dc9d7a909a91d9c85b8f322aa161d775ec9ad7ae2215ac40e3dd976585ed13afa285677d29ea572366235addc613c07c21d4f46cd4f9a4481e02f1b7913e80ff669fa385542d619fdeadc30364661011c32b352fa4508acc9668cf37a846adbaf7771e86538fde0fb20f122695988c76681ae0b71172ca7c286e73a01180281c5047b9b57640e14277f69b131979af51e07f3975b0a742037174a7773e7fdbcc7e7883bfb7c1eaf9ed4f3a623d5c0e5b9781b7aa4e53aacbdf532b31d60b205189bf146587b6a3083f60627244a795"}, {0x68, 0x114, 0x0, "36c2f61b2f74f4692823338ecc3b54278c6f01980a6c01cc8ec6055b0ee084d02071f3d76a7f58a2f9580805187b93d04ffa24565f8d70eb8aec753416106cab1b0916a29cc09b4ef1362af6d1f9f036feff1d7aad2922"}, {0x38, 0x114, 0xd50, "b4ba060411cc59eca6ef8503919c54dfef9c14360c3cfd14f80feb155b4b3c6ad66f3f5290"}, {0x1010, 0x0, 0x4, "e9c12ed971bd836e63856017e140186d89947781ede9741fdc68dd1046d351d64e3f208ac9c53ee98dd9cafa282706498d71edfdd7552c775ab941fcc99f9256466533eddf7266df42affe8614d96ee7cd8ae13b8c5920723682f51e7ff88bb663964aad290a8da5b0451514107488c2322dda55d027e826fece625f7478506e7f7ded80aa49157b7ef8c41abb0e91705b12f8f47e5538a49c02930daab2554eddaea099f2a509baf501db896bc3dc8dcb43585434e338c1503881138e03c1786d15768180268ea282b224a4f45f8cec747768a875255db120e893fbfd1842a44075806a070fa181a659186836d9d4319ce84479b1b09cd68eedc06a7b4885ed9e414b5bda293e0b83342636b080012877fd70d05fd83aad58bba8c73a3b1dde8049119955e255491980b1fb13378be314ce3f87296c4a9317ef78a9a7ec2a6ab09d82b1280d84d0c7e586d76598d63a9cf31f2b64fdf8ba6f21bfb09527ff047f5a0149566c1132e501fe1d8df3989d378cb39af5e2c003e592878c0aac87a23be17ebbd50a9d98ce41d1d3d31bef8eee5b4a6bf82d09cc3d68f1b169f671cfcc6a6e907535ff86f846ce7261d5e32c5afe002a59060b907098091aeacd35213460420ec0c4df40712182d94a50fadda7e209e0aaa45a1d6fbd064b31646025f6e07934363b2bb9c0016c641c6f0c190ebfcd23635f17a69a22ede8b730fd2b91295930039e25d0ed9f5a6b85845e27895fdd994d115334dd7d245c34af9d7bd5a1208622f739c319d8ccb30e158a43923a4f16aa223b42ef0806b48db08b6bd2b1e37593656a5e8b26db8e04f229944020ddd441127b0cb61ab76f730823c0fbcacd90e8e86c5c3fd038a0f0ae948899f7dbee33ca8ced9bc21244f1dfc9e7dc58177d5f34cc4eddb08cb0b410f6141329df55100181f7520f3d9a72657136f4214929dd5e0d4b7c3bef068bd8dd3e59ada6faea95a83508ed654d6bec8c47c2a4ab2a34e7abbcd586ad1a8e728f684e0fb51235a8ebde0ed381f6529abf7a5a9562b429bf20d91534d8c25ac3d4bc37efd5f7896ee0c8bb530e171672bde9c8ae58bfc86d1a0ca876ab58ac93bec86fe97d8d143c5f76096eb3e86f47fccb3cffe05ec0dcb3d5e7012219bbc19c11f33e4995ac7fa95aabacd4cacc50b9cbb813a556254ca4e29c08703c8d61e12754172a95262f3cf94c4b9156d689dfc7d68c7bb8fe801eff40dc5167f074309bbd6b9b2d692295c417e79773db0e8c15d2aa9130d08813a56e4cbe257c7cc2deb61bdf41eaaac7e33e555a339cde7ba6b295da086395d249dcd9e7a33349a00e29134cae27d6187d6d3bec842d8bdc5d985af7fd67fbc88d37070af3400489c3d4753fa00df5ea914e5d13b7c61614cb4acccb8a1dd241b91fe0a755114228add6a4005be2328c5d4107e642b8cb92a127a57f4b2c89f5d80e89c570edfa9e18e7c9d9b2c6d3fe8aa5b2909626e2b4f329b1f73d52f37cd1988b48fd396924a4ae46df8a031bf92393ee4c537e1ce692f26c7380d1d738695b1711f139d86ac78a853609b63cf33e0489f0276c8b8d7350ae482e334c002999a6b716da34b16926b426c9c951b5fb7c653886178df0063cddf1bd24a3e6af9de39ba68866511f4f21c03c530ccb03ae74004bd507e8958f999172a75409520a19e35e26c573bcc6906a1c1adea1886494485aab56099bd9f7a434969332584ea6dbdd33c113755574492bc8f4e96350494cfbd20aeb661bebf29fd5da44c841da0ec7c8bd2b28f42922db8c9eca94c95d7b19ba83781dce1fcedebaf07e0999300d711a9609eb4fcea069e1d4bffec674d6315d794260bc93f30e99728fd41153cc1f08b54a0202dec32ce63dd18ba519819a97f8e37f3911fb094a23f40e586cb0a61652d81e82c863fdeeb29ff4bc6a2f2863f7c23376e345ff76d0499bb4b0e29dbb2b54fd5cce3b5d6a93c209984c8f265ed700ee680712e7a67d279cfc9e7ef448b39fe34586739d3dcdfd915b71ae67f641310932f578e688f7ee670b1eb08eadb72f3dadb92eb8a2e34e569e9b6fbae8058d49494248699c38dde264b5fc38cfdcf1c70774240e572c584940e519b7ebbfd6e520e6a51ab4dc9957af0e6ec87895e8a282fb2cdd499cbe821d9b0daaa54463ddbecf3185715ee8a76db000ae635a91a2301bcdf5b4d36dec4485b53afcf7f3a24646cb0765a961f605d1671735e73d16d6fc3400038403de32240b93361d8194cfce69e0ff28f7f16c4c6e93ddc0a6ba243a6cdd3bd78036153eae6971a9f3ffc301138f86e48bae7d82da1c22010fa9fc4f950bd3755bef4d4546087f6f1e7dae540c8e50e7645b94e049c88f827caf34489216029fa1bb8a49f1fd102e46924fb8064475763759a96d62e7406109bb8e69fe2f227c36f3f1fc461d193b2a80ebf6e76204a20ce7fc55b24aef996eb4fe6f0c12bb523459479d3c13c6bfe22ea5f83248b13ddbf52ddb8ba11e3cde2607e123f8277fdf47ccb05a44d0612b783b146ed33153efc89b01fa337019002a6e29ec4c6413e64c3bb60bac046df66b99d54f6488e62bbc922063e8fc106d4916907293fb4e0cb13f51cd3a22204d5901c99b09da474c45b840ebd350614676bef1aaf57fc9bcc04ee766291655dd75d9f21827cdbae01a6623b0c9ff7b9542cd646bf46445e2512254b337966562cc3df05e2f7e63496c421a654fbec972215c7281f3cc22730a75167be0c17301b6c02f52dc39f7aef9273bef084fe84dc85ab3b5f5f6156af3c3d895c6df0294809fd36874006c17eaa4d39901496d38864f275351f5c7aca5338b7b1021ef87d7bb1056b28fe2ee31f8c69184c766a227b418966f16afcf3767db4382e34f46111b80c7acf016e7eb667d3e07fbff9ed9316acc10b680a98d640abce239fd63496db692898541f54b0237eeda89f634fddfbee4a791e12f6ca2abd84ea8d3f68e2fbcaa266f95a6bcc0ae1945d00bc2d0552ea6e5a598c96ae1c6eb9117b43f0445ef771b5468702a704f96c984a8f80e90a7e8ccfa3ba624a01c5dadc1f31edb89996cd09dc63be7228a6ce81ed47b39c871f061b381417b904dad9b6d3f5d42efc553801bc313df56e4aa58a1672d25f02d0d8db3ba2dc437d6a461b143e811ca6e433cd982c4e8759ef5b7c8eeac91d035df3bea5b5c6530eadb187167ebe6db5cb5a4395a2241857d540b939e9ebc204e275951309e797aeac3a1b30df8f2e0bb5d0ce64d0878a4c9c383e4ec0bd47a1aafea282609d8e8ac9b5843258089cf18ccd1b3c367a6e31654ab7ca8b261b979c84ddbba9b3de83e4bb59a6c24daf6120795e56dd65d472d4df68b87fafe6f53b4d1a54fdd726c1af2eaa6fb83fee5c301d8399561646bdcf95caa18deae2d323cdb2f3ab4abe07cfc9a377a1392e3e00c71b326f7384503055abe2f3c356cfb2c681faa787b38efc48e096c2d7d03647acba9ffc7f9bc7c21fefdb3b51b3499bbd249d78362c7bd0dc1ae7edc07170955da4894d494e7e89fa4dd4686b6753662a781bbd3e73c28d58b1c2abbe9812e645d9e33c89f80963999e2e48847595c4f81c6ac649857005e157f94545feb722b60510029c5b46af2138a00d653a696b154225041cb513990a286796daaa8e28faf574011adac82aee4c67babd0b0226ac2985f699b315f27769a04806d72102b5830caeb94047ac2121b3d94d8f28d821d44b4a53d388bb03145d198157e37ffa4e78d3a43f0aa22ede945d5b468b2d3b858e223c56f28bf33590d624b64c0bcc21d2586b7e3ce5785916b77f350c7879e52e39299e41d51ad2db4bd6cf117229bfdc566382952359599cc3d83aba94a20647369a9bfa70d39b23db7fb0babb5103aba02f4b15d879269a68c6cafffd64f16eeb974b145956198fb22104fe107006dbda3f671a811f45f9864845b729017dfdfaf59ec2d32a6d94026780dacdc6a45da8cbb7c0259ff7cacba458df900df1a7fc5619b59cca4577211a1c2e9d28ad6e638b66946f15891320a3de0881e790bb3a64298889a1f4bb162872c65c6a41dbba0ee18856aba1539c0a0bc996a7d89ce43657ec71b7620143074945099686b4d2d4907fb0f951d50a6122f2d2127cbf16623f08b0365126acea4cd3583877cc08806dbc4d33bdb0b6e1bc42d0d977cb8626ef62e84f1f2b5466d05575d6d0b2940dac73213dd3427b32cbfa5e9c8eadb38d2531c3cdc911cca2346ad8283b6c5d7d585b904b75190ebe52d4886e44bef66e271aef8be0c7d38704dbc7089760e27fe77b6a05390d5308f0c7b4926aae538dbe636371a618d1567e9d63d3917a7d96cd50e2b2f5a8e5c5a11c97e2642c93d537889c3077d59b4d14fe2d34873ef14ac493bfea9ebde2886d824905446aacd75df3fd10e834c1b8c6b44e5bcadd35226d8d2227d04d4f8bbe37be78d508153f8ef779be94e6a99ac13e7f9bb7db294f8d071dba676f767d60a45a5bcb8ac187e83989e950e8bfb4ff4bedc7867dc9f12a59e70c9e1be3a7ec638f81be7e55cba66033b6e3f5b79e12bf0863d61674c66e9b9419f2f868e38fa8775a221b0667866786358afcc3d3164bf4ad055251e287d7509262166d033d51a65db66d98b47fe44ec5ec5b3dc50a5e90aa30ad1a749b1c833892a84708938d55ac36c09a80c1bc964cd084d4221a62e1747ec101e622e1bcbd0e69e10c11133f7a2ac81509914e347dd6d12896805c7d9b9e144beefb0ff1b2cae0ac663d12532ea372c63c5f2df9d97a40eee7868df25fe11e9a03f1ef13431a7e7d077fefb5cc59c5c2d3f530a78fbbd2a4c0667bfe62d68dd3dcffa4876179608af26a513c6143a431430529c163218879829bfddd07ca2f16382c575f02fc719c8dbd71238e72b0d1e379b40bebc7a434567e48ddc15d687d47540d1bd50a700fc367a956d0f0ca5cdcb2e042f61b35ffa228994efe0ef4efa6e74750d81a956df6d5e85e615c2bb480eb480db1c91ef0a9e6958a1e29cefe0670bd180c86934cfa17eb381865c6d409d7835b9253e70f176e0954265ecace4703e2ea798f5bb7a02c78ff7022224e3717e6bf75dedb1c2566e93b7ad688457d653189a996e59f7b7b08cac24a947272f9da9bd28a9e77a131f42afa8f95e2adb7c92322d6dd59dfbf3b206cfe44ac58675560b95bebc4fb94d3c35736c76c9034d7f3ad38919855ecfe6e629f6a530b559bd4ff4714adaff09795c39034ef05e6b51460110410e704e50311626706742c29683737ce3a53420bdcfe5bb7e34f709bdbdc29073ff28e2cc1a2d972980c3ecdbbb0cba41ac0f1d7451ebc2a09e9e3c09aaa5581b3505682e50a88c07cd7e06120a1c0ca5a5d32c3bfe4ef261ceedad244abcdbcc6ed1d6617488c7f8aa466a473fc023e315fa9104f1e3eea9d42956b9d4e9accca9ecfe5537631653254ae8a287566532ecdec111604c27414d61e7889219c3bee59771d46f1e87f3cb551b4076604d4ba99da1bb30b6f55091d8f7d132e7ac1a70b2e879051bb2a16b46a5e0603b7baff7432a0af9f2e003adf4a24127f234cf7e60ed44dee1f5bd0fdde6955da7e512828b26a9a0c76db494e1b575eafdff37aeac243b6494656714e23e08e8eb10ffb97750734f43ffc6af8634f6c82b5b4c5aa3307c836c41e9bd880182b87beddd7a66e8c8f9830ad4f97b0c62f351156a675223e3888c2ed7d0f03a523cc32df145f5e338aaf39aef8a92f3f741d236d5817de664232a5c1199692e6be1c400203353"}], 0x20c0}}], 0x2, 0x0) 07:16:55 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000005380)={{0x16, @remote, 0x4e20, 0x0, 'sed\x00', 0x1, 0xffc00000, 0x27}, {@multicast2, 0x4e21, 0x3, 0x4, 0x95ae, 0x6}}, 0x44) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000080010001"], 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00') sendmmsg(r3, &(0x7f0000008880)=[{{&(0x7f0000000140)=@ax25={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6}, [@default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast]}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000001c0)="210bd12952c987661a79c898e1c7d4f11781520f699dfb7f71750e88a784bb14603a5810cb794b187f55e03611d9a48704a9d3cd7c71a1df418573baa01d1078260c357e0beb006f1131df4bd0944315f9dff36c55318dd428d9f76625691c2f8e9bf500450f5bfe10147db55327f21e2c0df716c779fce035e81bae0167d4b6467bf198cae1c659a205", 0x8a}, {&(0x7f0000000280)="743438cb2ec62bd20b07201f5f7f7c7dd48fabbc4fae877b591bb2443179da9003a3c4c051fe2a1321fef57c7811276b73e138e9db0a1be1a7726b01b9829bea4a943a3b86629249b9253584a5daeda08fdcb606809dc8affa27c7761b8f33123926cf5c663a6d94c3bfe0a8d2c555b958b14178887053a0fb55bc24f9d55d5b45b35b88d8b17a52cd746f84f65c280c982890fdc39d8886ad11e8635c81166063ab33807db108a027d7606dedf47b53296dc5fca6fae94b0b686931c26f37ffae262bf3f85bf181cba522470050859c5c9fb958841906584184bdb07e6e59cea881400d04b5", 0xe6}, {&(0x7f0000000c80)="6b86e5e1298a0da01a87acbc5955e71379e686e89ae2d9dc2a1b94042ffb7b03795df78ca403e531f4ee7ffe83a578e07ccfb91978877915f0894e05edde059adba3cf352055220e087ac0cca4a9319db8e89ff1a5945352af95dab3968f9abf96ad76d5aa9afc71e0f859770d95dee9eafb0b812d717b6e05391175a15404560825b9b7573e4b68f75a264ded270dd8080ac250e01d443efa10dc7e0f8d20ed85ab06ab183fad6da5cd57525bc37a86a8c2eefbbfdc9441991a86c3885bb558c55097df59b77d77f043667d27fc845b48dbe3fe7da47e42b3244e14320da1636b10be3f193499be384837c421adbb0832bf9b0f99314c704db73aab9482a354c0f633bf0715de8abde27b66158158ca5cebdcc5183a64b1281f318089d6c689f2ba6bf9a23affe9545028c9823be77b728a8ed7d774982946edcd736ad9d605b5a5a9b17f9df195447f25430533ed6199ebb74ceb747d142c3488b8e26b222e7deed1ba9fa7fb2808f610cc4b6170611938b2c5f8900f30a9ac2620a2e0a1e50a095a8afeaa450a19c189c0fc1cad1f084d563392e742ef2db8ac247801490ccd8482d3784c902676e3ebe79af034925887658947038942a8e054bae5a47ca0bb2d67c9e9606c71f79f9b238c3756dc1f3b6c26136bf1a3464ca9a1ebbbc0443cf1ada85336fd30832cadbe67d309f7208f0a949c75794c19c121e83e737a3078b6b6f838a5ca75014b7bd8341a2fb43d2453b4d5677989bd3d5f2c6fb6a9302bcad8d0406c64d27724c52b69d4e12ff2247cdb30a1e82615484983bb04068d9dba8ade5c74d037e29f72e679c31a5ac36524170a4e4673d65184db22847658e87ecde1d7f814979cd9f1e10dca7f9b1403d66b9d798326439dfb40c8c764e9be11c556c8dec2031f29aaaac51ac01eb5c422d31277bf359468c6769e02b788c3d7837788b4f64a6aed8451cdaa9e01f56d762868cc9e40bc5197827734b0cb40cf5c0f234374693a02586250c48e669cc7af953a65cf72aa08153c77908d5f01d9f3c3655ed3e8fe6c9a97c9f994c84efe418dc69875f84060aabc4c87c08ea2263a22d349e21f1971137cabb9fa22f267b176d5cce76390870e0333e973f505d404ac6c52de69cd23bb8729f312f20b0ec95575bfae17f7c538f8390b384c3fb163960fc95f216e4c0c6a30760c384c39c92310a9e51eef1d4a06681d18db50f7242b2de8d8035551b79a5c7b4fd343c443e51b3caa3db7cd597ab7d453725680fd78a59c63d8776b677e7baf42d7744ce89dcb610708f1ec9c15839b2075c45f76a271030c04b5baabcca98b6450747a246eeb05c9237ff2a567bcefd81cf0c62815cf64f4a736cd1ee3e3e896c903f29455a033741e156022fa42f1aa9970f752ad3f7f70e93333c9125825b096ad580c85aba74e00a1aa9012981206614dd1d2b9da56bfecdb2c4844ad811a191507af81265c8c8b006e2bf921285ab6505a309bd6413dde032baa9b3b8ac6923171fb17175df624b577c5a642e9374ee3b9b71d8c72f03243a484a0cb420258dc4945ff0b891679e38f354bdeaaa785ee033101c9da1ee6696af57e2198d255ffa3acfa93a7729640b57e275006ac7b9d1b958451800e22627df9c34f99034696d35b2d1a8ec37820c0ee2382823ce091fe2b45119b99eaa763d316d89df6e4dbe87780f0b776e2563a95ce5120e34ccf415bfc67009d65fd71d3b2313c8bed20c631c58f528a3744320ee6aa48d254dac8495d3362379347c00ae8150210605e92ca6424ffb50451faa967140fae736e30d0953aa1f2b8ee26fb5ebd3714fbcfc3f93b8578977b3d73afc0795d4c5be87217d3c59bc6c68d58d07bbdb08ff67dffef6a00a5b4e8e71868222cc8eac86c24346075eb46f491500e8ea0d6b1864d24477eb5016a3193ee60d0288cd1a47f166c1849eea830eaf70ce105d8cd99eca07906ceb03eaf6d786e2968948dd7290350184c711040bafb3ca71a62f8b88966710a44009705e89b7532ce87e643f7fa696bf77ab032c52d2a1e9a8eba89195b213beef7ba8807f2693b34f07947db0013a569c9bacb340ed4f24aa0f3271113277738113e553256eb8b8785aee16d1d3fd662f22a01a3acb08995ed1f46a1c26515be3a6b2880e4d58e833578d4bfd4353b6731036bbffdc653f2796022ee929fbb9a03c471ab938db84d955404c1f7d9c89f791fce495b5692a80f26504e7dc7b80639b9dc26af52126d6749ffedcfac2fea708fe71cb02ac148dc5f972178aae008c4ece79f2263a7a0a638fe571fde21d475ee465edb330e5243a5e7ac2e989375d579a99e16f02d095f8e1df31c3c50480c8e42db1813a9b32e26be49251a67764396c6b77fa27f9052b1db714183fe7d3532dba96c3b4075d0e0c28d3df975f50df493c1fa7809c94113a98d4b5cea160ddd23f2fc708ad4064678eb87faa74cdc5ffb80b23524f8f61b9143a69878f74734a0d22b1a3b258acc45b4c94b5a65256a4ac192cf320cd2ceb144cc0777b05724138c53faae2b7a1954bc365425f2de1459a554cb1774d6c52f634a8e06bc3869c1e27f46bef5d98274cbf2bc681a2ab16400574201db7b64011897dbfa1b3ecc009c319767147dc8a792b734d12ea075e0e2c5173fd0f650cdc8f10de581fa7dda0d9a8020dfb4a108c1505b64996cf12bba0d9cac6b9e9e8e59c4025d2e3b9c06016e91addd99560c1de2873cf6fcf4765a433b3f729ef793e37e869052bc372816c60e425542d8fe00b8bf39ffe766c6ca0a3d64cc46755fd8f95543639e3dde8acedb7ee197da004a07512b9a54bc4b9b6025d91e62dd707c3ba047185c1c19f6bd594f87f0aea5f8b5b0dc798f4c1c3b475ee8c30bcec43f1e3443d416573078ecb169c1c65be80c6608f66e6be02c05f68f2f9fa5c1f554d0dcbeeeada94967794615b868fed6428bc2c718fa8d9b18ce0bcd43a3bbf0920ac91f5a452c5510b0e1d7effac105c47eac9a3587664ce472c01b9d8d51877cc7f29c03320c34dda9190ab930183e6067ada8e9456c286e9a53ceb533b962ff9a19faddb93a3a87119f44bc92eeec0c207d0896e717c3b65480ff15279844dbca1172ad85e410278504831cd135180b8e5e8e553fa4d64a796daee88e402f1eded994aeee2ec4a1fd188fa7722d228e718dca19dd47dcf47bfbe5de70b5cd1d86579a3729969764af09d9084521279597a2168aaf22d399993ceaa138cb20e77bb32d12ac6bf6887788d3b9a3cd5b0139932950c8aa192af0f57aaad570e93369511e034c8ed22876816335e51dac7c4e77289a4ea82afb9c9e3e0cd4f9417cda03ba0e4c9a60c7320a305810e86fb9de652f44c590eee7dfe3edaabeac06d2cbf65df15a9af3a0df20eb95b6e10ebed0ede57a188cb188a9c18de17e607c89ef6e6ae152074fa7b55948a738a88455bc0333258f1d3a91c9127ac020940784e71b984663e8b4f54ebc957cddce2bfb109c40132366c6d63fc5d5796c9efe0a1973df88d219b171ca994d638a960280794273009f19e8d23eaa842e460186e790cebb05b5e3484a8629d97e347cd2afa4c24e962ca0f1db9fee7c77ffd905a51c28f5d3c1d83999a7db922d7a37cbd8a7b5b31579723501c6db55192f03a655567cf7c88ea734e7066fd71284d5baf08594eb73c0972a334e50a0c613569ae71d969084b6689fe755ec252eba7af1f62db77d4a5b68d6a8251bcd3b26d4278eee2239459cf608da9848a4b406a6b96ddac264c9d286a0ea2f0ebf9156ab35de9a8fdb922461f42bcfbe79f6df55a2074bb687646eee201eb3829dec62283b8f1edb5e7951e42eeb72a10275812558863181511fadb0cc26b56a5922ce654bf2eeac9f721f58436ff0497e0692abfe66b8c25c25f5fa884cc4994f801ded969d9974202c3ad9a1f9728267171d320da7649965a31d799a9dcb853e001778589cc11770d47b3dc777e0230a4dad18e49303aa7d35779722b30756c4206eaa55aab23b64a1443e14331a5683c847529217e22096d40f6a9cafe3ec4d47c752f240481fcc150a58fcd93d2858e6e73aec318a342040a78a0138233f8e5efada626da95ac929b551f14d30f8d5710981d56021177202efb620f9d013f37924efda22bef9c5b058a4af176b9344a5ae03288455c3292a3b4e5c91c90dca4eef21d27d0b05c5d4ffceb55328e3dbadd5d2e21af44d20230a3fcb0dce604bc02288f8247c8f73acbaa150ac47a1ff1004dc241bdfd326b8ffd1e1ec307e2bfd660e34edd422a3af2c44a23da60d408828a14253a0cd99af49756b6b0ced4287ab24b7f4c3fde0c98bd16ee95960021ccf42746839012b933a4114063db69c77ebab23fe07e2334f4e2909ed4c54ba4fb7702aceed253c03ba2d1052de9e84c9c9ce3922e69d264cb858b522d8bc6b82c39902970396b6f9b6fc349bc8b9a057bfecdf08598007e218e124a914b56d0895c6b309235c70439beb53b82986120575afd62bdd18e001aa249d2769a725774fdfdf5fb7aa6d864882d8fe670b5957fb49eb461ae548e092da35b27def3b85c9e118ff35884f203cd677da6ef51e0181fc60d03c2e92bc1a121a645673145267dbf5d3e6e15845325a8b80bb073256bc3ababfabbb664a19f3fcb0abaa740a5309167fa45c87129d4c6355c043faa3b16431602efe47eb937760de0c0f63c4ad04aae875141c8d7958f82353b283d0821a356315d8744aeb7eb10450bbbc2f22ea11dcc06408294ad776cd869cd5d73c4e0ec4430d5177dd5c2782d545b6a1fbd6769ebb4c4044c552f580a817bc82fb1c36c3af746a31367d7314bed3064d70a380e2b2d6b57e7a3a942cffd9d6dbb2eb70654587feb481b01f6d0eac4f5a5807c7b84c74edef6c46d48114b6eeecca411f277f84bf77de445c1526bff14192e87a757a3b25ef6a941359f20b4d35602b4fc25affb205722e23a8d344672783575d82e8af3182733a0cea774aec394141fdb4ccac92b0eae271f713fface05ae5be1082d5e6a1997684c5bd76f9642b25872285693087e1529f8b399bf1cf76937e25ae4f22512b5f852e3e58cf854da5282778e8c0d72fca043fc453c388ada63615373c91731bcd6ae1827bb9233d56d8e6ff6413346dec141cdbc725fe797ea1af91dcbd9bec49c7336f18cc62c6b3cb399b9b15cc15333c4ee1aa348cc570856fc5da07a5734a84b0ca5b4af2f994a287c5e62604a88328e180ba288e4cddba5d8a818bb9e19102fd0c937518289229ae5673c1a5472168ad3d7f39b286ccd923be357d757312e025cfc617b02d72f0d4f5811e3ed18f3e280f5f14e3fc1435731fcb424df0c5e64c2ee64adcd759833b9ac8b0dba6106275929cc23c1820a1b55e3a32da33c2e0d8026c57a82a452bd9f6cab5787ccf2802b5f9fcc2454425bcaad48a6d5d582d0e81579d73ccd664ba54410b3c6345c3dca153aa376043780f08d02ef331ba4abf46f6a97fc26766e1d09d87ab66187d168cf7860c2c54d57c428676b081d142d560d56ad662aadfd0aed8c850134c27d443d2dd7a67719b404db8298f240e568f01647bb7a6fad39a483a24f323244fd56c878a6cdd0a7063ebcd0f70db1e51ae7d569164dd5aa1fd6bdbf868150913d742c23471ef9e30e5fa97b786f83ca211c5fa0135cfbd9088972967b3f3e7279ff8d6148754ad54a3abab00987865bb3d01e63ac7ce6c797bfa1d80c3fe1032f5f87e40a2e39f12cfb087b71d217b92762c81898c7e3748", 0x1000}, {&(0x7f0000000080)="b1111f8fd80798f4ade990a4baa5151cba200d90281a0d022f5dee9506", 0x1d}, {&(0x7f0000001c80)="dafc9b81000053e87f20ca2a584c6985c37e776f303a268e8cec795ef745bc9a8118d5a3b25dbff3d703648178e9b6b63f2021ebdd3b8d855bb132b3765ae6720e5703215c7b7052a5e16ae1cf8d1fd129f3b0987b662d13572a1f8f9813290e8f585a284d1be2c4ed285edc100bd6daad40c08e06d25025aac8c2b6f16fc7fe027d5cf03b2d75a2540ae37e0933da2877e5b1dd3c83f00f25fb24bad7cb801063cdba348b83bbf986c7a5542d55629fcedafe7897f2fb42c90d1cf7341a89d1afa81ca0463bf7297586a488ca04fc85d66255000d3f886e9669340d4d6843712dff3f8a28cff665341058575b0656b793252400b5a8ceafa5db5b8178b027345a8caf4bb8377a22e52b712308254bfeabcbc282cd2fe79dc557794d65f3151a606a8fdae4c3d7e8cba40d1a14557fef75b4dab67cb4ca169c0149905b6eb46c2fbcef4aed92348948a1f55770212f71df6bb03130ded30dc571b7ce9b23cf2b0e8d3973751db9d84ab86e989fa1e45702c113a4e894118c44af90c4bee0a95e8514583ea592c9d631d61d973233f63daf844e9fc59c03e079b6b4c24fb80ba2798a31d9b18056cd898c6cc0fb2584a99f87dc11c38ce837b02cc279ef76908793f1fe4d4d037986aea6188c5a20e799418ac76e4fc492898e52e1468535e0f5eeeb6b69d84f02bddf860764f24800fbf8253ce19cedc9f79b03cee8dff22fbe6a870c4c9fad7ee237fa89b024245c27ccd2f16a89ba1eb4e9b498ea9e0342ccc2a9dbf578c6ad2740a9f68c1d157bcd3782e521511044617449dc553b4d7331009444b3bd14a978002da60436718a6f8c3d4c1765fb9564e63636fcd82c7e096e7becb03284c6532d909b101b05a993aa85fd6aae9bac45c4c31666de5b3b656fd765c502a887e990a93008ad7597e87ea600367932182488638a93f219a60495b3a6ab1b35eea8c1e39784506e8935952922ad3fdf93aef8a91c05d425341402f9b0292ca651d55f0e09d285c6503ec7547f05209d29234e715c09fb211fea179d7b029bc566e69471d1eb795f5d57db9fc9a8ecc85f27b90441df30725863c9b25ac76557e750bf4157fb3e4292fe9869ffa43e9af047ef53f1becbaef50bd0e97337a681e4933b8e3c62ee9b88182e17a9e8340035449074b644f46187a8cc770d0ef147767872cda0375c920407572595f95b8bc44e535cae1fb55da5e4fb3c88054fdf1d7b8f57593f21242b29d530febae019228caaa7de0104301f09fd3a60e22d868477e9d1dd2bbb5d4ab01a4a8ee17accbf23ead9398c7661e1c7a56ef1edc9adbc60c57ebbfbb5228a867046e4d689ee43b41979b133a81f9a97c2cf9d98caf8b7dd666641bca6b87c36d5169e99bd3e329584efd3c7b32e24d55320922598e9745afa6c098f3df15fce6e663d409f9ea5e09d483320a38401d6e10c797b284295e8b425c43d05b51cf8eba5c31e544d8f977c81bb4772cec925ef97b74ca8b7219eee08df4bdeb24836969757c2fc380a72e51cd4c297ce9176049980823836be14ca98d9a88cf55c7fce0858a9fbbb3f117b40b6802a8c506f8e637134a7d96efb49dc0dd343118472b7eca612c06e94072f2742f84263f0edd3b02676818d406235a133fc177ffd578ce35bb1f371e8f9c0c62719782f8f4b455ffd4cf62344bf5190dd6ffd00d06e04f28656e85e12a296fc7a9428342cf8015df6165b50417144b58acd3851b3441dbf394b34773e7ca07dcc2017e11eec0e3adca0414527c23eb5f7803c4b16a27c53560b57b00dfdbe8400fba9e3f6f481141158768d4667c335cd848f2cba97ff03bab85abbf08e91d12a986239c91ff19ccef0c4a522eea68653400dc20c917a6f9dd7ead1da70104a11db6dfd9d5fd4119af287621f9fe3b7084d21f5256c16cd416c4a975e77180c770a1be458253128d0bd01e20bfe53d33cf5c2bc8ae9d98d08b0cf97215e4e3a9ad881381c545b2a244d94a401cf956c893194ca7c1e047c995b77b7d1d1d7ebe6285d9e28c9ce9af14df969ea5ac760fd84ab7d36e671da5959d8ba72981cffaf92cca2e5ccaa8df7d63606daa1faf03b9cb8535e0129ff17d62f7ddcec1823b68efd585bb07e7ea267d2b8ee284e7ea8887d629239379c1c566d0069129b78416ee21e12bc116e4020b91311d37b7a80b51d3469663a66eb9a46b94260e1756875a329c47d679d9c85b1129857f5d38dd151df6f9e3590358c2ff63aa7de794d076e319860b10c9435c05e2cd5dc19da4ecdcccc0cc6115139912d42bce717d8abd223cb06798f4869afe080139ddd497cc037dd44caf546250b907a88800e1aaec38ce27a8190dab067f0360f662e86798bc96eb2ecb2ed20869f16e7ec692e2100254180b884ffd29235cb9c69b193721dba1df6d22743ed08387b669a7de12710fcedc44ae20f003246b6bb742ad2f3a351149cb851a0b744ca0d09c93de97dffa94031b14f76996470e0118e4c1fcd0efab0e794da2f95d9bab2aeee759821b70daed89835e9137ab2c0baa379e73f6eb38c17ae97c4297ecbb6a8cff60fa8e94a2c6bc3317c47eb882b87166c42a1c6566de13da0e8d0fcef8e39d4c2f3a4b26fcb7dd9113176d257b8795cd6fa8a5285d415b30818ece5ce5beb5adc158432c3c14e20d769c8c7d79506f1b49b67d88cbbcb0a3448a325a06e11e4c875abb68956cfe099e60bca2d7f210ed44e2770d01d5cea1e68c4824261465a7709f376282942c487a57583a53efa9ff4b74f162592584ef9f1496af0ade4a8e1bcae5776df4f1fa3e545d01437ce39d672a3e49be5c6525293df9754a405f60f02542bc0a670c7dd9e345c4599a375536e7d487cc845ae4babed503542b8fd74747d6c36c47f81862729fec314790febf9439eeef31fb3f18ec1ceec4addba530bb4e1547f36a4a56dfa30596db1990a92c8fc484b566bdb08acc4c77544aaccfa40fa2207ec5fdf08bb88ea17dcb87d4a710745a8031af6689e773b6954f19e44dda86441e583f428d2fff7a2d766da9232b89c29fcb40c72b0820938767b5a2a3f919d092268a6b9f9b5bdf763e47199c68a25288c5f1626150105d55e9b5cdbbc590930cf687f532922af173d5f35c6d7c04234ef5416c036a2c661251177a08a73e22c0ce89663a12aea044ac1f15e7ce634baaa4566c8f0d64b9cb7dc5485362fc61566572c03fad0ce630b337c888e1e99739323b4fe25d3722d860da3746ea38afc80c9ad1d3d231cd2ac6991e79237892d97a7c57330627a29aff6f0130a3f8cb23e02c2f1c10884a8bf078c46af06f6f03887455db1c53e6236ee828892713c79fda6e1746c1da5d90390ca9a093bab099cc68f74e1753a990552509e027eb51d41380309e25037f60ccdd9ddb390347cef7c481da79eb69f71cd75837b7ce507ec2e31545d39ad904ee2befcf196ff7e47c35177b5e843f7cc25d8164b3656a3019d908df96cb97e323496e72d422d1ee4d8816b39f87e9a711974b9f89a819055c7bede870e38cc53daacdf79162eae37403039884199fce812379d15053d049b442c71931e566cab8b2a7cf6074d220085c0f0863d3114bd823d70ffb747dc371ac82a81ca116ccc7bc5f38b9436e34b7abbf7872ed0017a8d26403f0816d94d3b8d0b4444994863866994f7a62553059195a18915ad899ecf0ae0716fad66b7152679baf75ee1d8895d00d10e3982274851cec5a25f5dd77705470640ff2b8b22eeb972a48ab4a9f14c933df072d5d032c6c5d8cf9b14b060d88dbf070f6a2195ea434e000b67387c603d7fc4c83b72c736dd1925aef13a1bddfef7139debde26cb0cffa00020af4a70491e91de59bef8052f0435d60d6fd079738f928313a2d801536a319a56004caba77194c37e44623a6e609147af48ae05eb7016205017def929ef4639fde05aabfd283b2dc963b16b417398f3b4080767e7d5ff381c8b7fd8ea1335546e74f249143141ec37304ddaffcc482c377d431b4f666ec142cbe2dd5c2172321ac36ceca22674c3c11fb4047de18fe05125b70b9fc3bebc8bab319490715778b8bd1b5798fe0be240896c144b4d2c24e5ef7cfecca45b0bba4cd5668ef2e2740bc7685f977e906e97d251961e1bedcd3aaa9a0556d3caa3b0d7932488ce5c775b1b3da68794b5f848f266f39c088c634256bb05f2afbc3dc5e2533ca3fabeffb18204b5e739a21d3ab26e9aac823a390672ffe873c7d3af2092c202e8803c2be3da49ae2d03c40e7390eaf6a9f120d00b2376cf2724569cafac76b697a80e21959207abf6816f9467136955af12323d0522b970f7337ede2f67f43f64ae2c1725e99eee9429021e1cf50dea12e292cfc688e8ab42aeb3d242ffee2c620d051580122a229466951df983fb1c669dbb6e1b2dfa0a01a864785e064b26979c37fc8cdc503301a711e1bc116b211acda26b363bfb8c565046e71a5a519696165e99f160b4708a61db3e563407cceebdc2e3ee99eda99e9f956abbd25f5cda63b43630c0142efcfdf81da8416c35ad9d7be6162a261d18f7411cb05d18dfad93676e3cccb4bcd600e93e650e332202455a1bd729874cbc2739cea85da1270d500ceee3f7be9326643aa880525888dab71b50db43b3d76e34132f2f087a2d44a9fd88098883b44eebec920e77e253cfbd56005cb16f06a2091f5b738ede76554f1252ed5093028e8812d89d286c234399853a87f662127e27ad16c0f5f66055437ce8d01234901dd7723117a5395d8df354b45e2e171693aa86e534d87c250bacd7b84f75d8f7323cd62ddb10718d993090ec049343380901e02d6c3bea55354f2211df29840fbd983c7e1868355163de429617357b03d6f9231e0a381164ee60efdda75b8690d01263568970d6dd3e6a44055be8ccb4f2bbb984c8d9d6fca7041633a33182be1c23da81a51c71642cdab84c5db8cb8060320ba38a3b74c214e4b965e340881fca4d95d0a0faf4bf42fa1e46997dfc1567f007eb801376e156372e776c18e93b6b232d5b2195fc1635d00d3fdec58d76630a29b27462b3864e8ebd08826167573f45265a0ee2288bf8908918c5ec3806ca6238326a5f2a55a37fc46815d0a49015423520a6aaeb9f527614880b47e15cb5747322dd8d5bd1059b15ea4665da0e98023feef99e2d2b383eeadddb08e5d02bb11b0695cf4fd53bc547b5d5a382d8610c1ffc237a26fc37c71fe899c8d5c6be706a7f7e0694975e68f3c3a8415710696b161ca106547702aace0a0aa1658739348ac15dd4966e797566d0e2ac1ccd5b039c759533fbf1ca4a704d6e9ebdd90f630bf4dcf7b3087a8b73aaac112855e13b7162d79207627fd7c8a8ffd0e927bf5fb751a3ff56cf22f6304f07aeacf9125f0db02dec49247ed21d45a192360132ad3fddb93a75a9aa9c3f490b928163764d488fc0a885b5cba8aa94320aad237e7913cfb7af0936db057f6c1083805f6a040bb885c3e8050cbfd0a0abc9a713c52971652820d82f4950fe1d118ffb3048a2068299c0e12b8f5c9c719bb66b7c17b75eb37cd814837b4b91d72d6e0a74593e89b92e02f2936fc100cfac38b501ff0f22e0f119db7b40b4aff0fbcd59f29e31a18124b764228bb31c52f2c058eabaf0514bf41e2c5f24d9621d7fe39998c40f6266d2ce612f9e09616b6426e425cf3b3109b17f893041ec5b5076f3ae7b714ce2235c114816e6bd228adf2815ff4f04597b9ae9f6f6c36fb46f048561b93922b640c27add943966fc8c37d3629eb5cbe4d68a03", 0x1000}, {&(0x7f0000000380)="9505c076235153250d2ee5fa2b9ea28363e99c02d713e29682f0d3ca356a9a9a850e8dd5bb29777014", 0x29}, {&(0x7f00000003c0)="ab6e4c30fa4b19e90d98e75072f08bccfca43e3c3b363db995041236f28593fb25370e005790dde39e055f3a71547be44c462fb94c641ed2030dabc23e126c95a5630c13046356c46575d5d79171f418595796123429169f51c8cb43352fc88bddb92df1543dbb37dd2a0e6711537f0f80886abea19e63b7cccff0edfadf4be9224a649e0eb63d2565b3c449e016f73522a49df5e6bf360ee6fe4631ee385483d77cc1f861d5f4194bba6debdccb602af1a9a77fda80cbcc37387e6b6521fb81ef61f8a09179bf106a", 0xc9}], 0x7, &(0x7f0000000540)=[{0x50, 0x100, 0x101, "54a1bea25141790a86f5b43a9ae2745f34fd61b730010bdcad33182ef70d95ae2b2cf51e07e4c865d298e971622e0e5ebee2e8d72866edb320"}], 0x50}}, {{&(0x7f00000005c0)=@pptp={0x18, 0x2, {0x2, @dev={0xac, 0x14, 0x14, 0x38}}}, 0x80, &(0x7f0000003f40)=[{&(0x7f0000000640)="c076cf3fcd70cee1ab3fa19b7064027cad830015236a0212d863e197287f268c25d60ec91b9edb3e11937074d944c5e0d9e249f6b8005e", 0x37}, {&(0x7f0000000680)="d5d4df47648df4b59a58e8630d037ef0724e4b330d72b06d93ec40f0ab17c65a1239192348e6a84cad5c23fda5c5af2fe5e3ac30da0d02d39945f928b5135ef5b56b6fc3e8fd5553ce2a6e5e53bc76a751d0c2723e589e8d5eef188f13355a9c2c738b2422f36fbdb11519ad4f85d203aff9a2a902d2aa502ab6e2768786606b0b9b041e7970f9d35af3f993b736a095ea58680daf6ead9a545e1c25c41ad65082edbdc32b7cfa78837fb25cc85b5926d23293bf781b0a8e68286891b5b4f83fee81262934bc762b34ad2161054ab8161af7fc2144bc44ee5cca6a6b13524594dca473", 0xe3}, {&(0x7f0000000780)="ff9e56ca4a8d049c98e7f1b65252f797a16f8ad7758aea0c395dac5a81722c1552ca6d15f35c3f9b9f8b208e6ae35a9a7f7a48957d1f710e5a0ece55ed519347e304e87839872065642b78e53d27cf0b25bab84201860ab9c91385a9492105b19e73c8b29f50bec847870b55bc378e2b33851b5907288c4511b36389aeec80a569f10c6d6fa0f9d1d6f8ffe33f5a1410ed4e089a376312ed", 0x98}, {&(0x7f0000000840)="d55f566e4bb2c04760d986137d6d20a219820365aa5f3227deca7554af97768a04a4227b9b4b78fa7f4fc6cc44f4571b4e24f64296e11b73046e135569edd3e5", 0x40}, {&(0x7f0000002c80)="5a66e0efa17d8150e8bf542f1e27d5c8e7d60db8a53e34161540e49a8b792cf982fbed46f938779e84414952298acf9f7964a0e366bc9de27776ffc6f54f75343bcebf075d3ef8ef1c2d6e82b174f0891c737376e7e52a138050f41f64f07f011b1a114fb915064c011c4efcaa3ebaefcd40cbe41a0ce23b99f8c945c2a16563b3f4e13383d4e1ddc51c4c3a875eed0f01df93e86a80b3fdb414ab1c5ceb9c20c583e1cddd04bd152b0a358402aebdbb5e3113fdde4d5d1ab8bf2be93219078841bc5c9baa2b98dd28c11c786cec063963711f4c0641888e9a7172228b12dd6a00bbfe2d5c963c1d32ca57e9474d76e37a1928a967130e63fb27e020caa77346e9b15492318cb2bd99276c9ccc888d9e7304b70aa683f308d7482b5fcb22464e38e1aa68ab9ed1eb4db6d6cff3f387db682f9542a4165e3cb85b92cb40e74efb1c73dc23621918653dd09cd1f8890eed50465c2830c5cfada3156d5c04d79d2545939ea7240947305d38660e176012c3be5f096d192481199e47b02aa01dc20088ccde22af6499e7d732e0bafc14f45cfb55636b0bf95fcce9fe79f99409d01a2454a901fd5dddf39953a0cbabc6cef6bb45fd29625b242e23861904daefff51034236fc7617d47d801ceaa4cf6f41d693677714ddacb2a296f2d4a122b60d0beb02e5e7fea5914756e1f87e7848496c953340198764bec963437eba73f53af788e40a3517d6b30735d220e0040a028856d7005c2d69f0c4ab2cb0ad722cdffbea26c5ff6a7f0a06854468ce794d26abf99713d2467514269be52c60d398150276b3a890c1f4dc2b80adb2ad1a64dd9091fd8f5028d12d6ecf2aa382b5952a68543035fea6b115b76df7448b84d99f85fc534b44e5581f5d7042d3f188435995beaba503a691c2065be799dab570bd3c6528b045de4c46115dd6f8d50a72492f2bbb5cc1aa04e87bfa57812b6d8592ed8d98ca91e628715d438d7204bc2ac8e911cd94b73f69a7254b7182c34394dfcd91ce27500858526e764a62ad4634d3f5ca759bfbe9bf8a78bee32c5c0010c50feb7eea4f68b2a3455b02fe556a14680eef77011e1e4579e9d399c8816931b099299ce1e88274f16cc761bb52fa0c924445b272ab88c5461986c7a51c997865426d0a73cb40f30da477f866f4e056b72766f7c57068839346f1f2ce73ae4a7b8f1b9f5d0fa3cf58d85260cd7d558daac742e590c0ddda8fc6953cc7700a42349d6d0b3bdb8299baec00995710aeca28d867a6bcf6e2b7446d134611c7e40f1fc1c454ed4a1905cd7b61edb3dac2036bd9af424b135ff7b284e1faa8f15e1860997588e48d8679b28c9067b485020baad8812c3fef9a2e59cf96a99c8a64ceee86491a3aaedbc182456cfc9c22e00695679a70f0d6b4a14029a056055fc13a91cf4a2ee1a7f4488b737738dcc166d02aea649580e8ad45a53c99fbceaa1b380b2453eda1647942739c70ec9da2706982b3dc5f9857ff56f27289b2068ac23be226abbcc750573a67dd0b5b68c7d3a784514552f27270d23a64857077de3c2ac24d5ba6114dd4264cf68a6fad4268e941047426d474e657d78daa7241d2875816019e4342be29cd9f3af345e93a9ce93e1ec4320aa65b8ca03f316867d05dd47521707a78026cf6dddf5240a7e460fa1196756ce4af3ef6304d28139bcd3ea094fdd73e9273e48c6582af857c5d868881b4caaa878a3e9c301f84d5f3385fa291a62bcc702547ba8bca11699b24cdbe63ac32ef1de13f9dc7dd2d06d751929e42fb8f4bb6cf22fbb39e00982b0fd10b69bc8aa6f08babddc485cbf8634a46f8beb7822f2766111ea2e8c90c008ad5e4221cf1e8a4e1cd2068bf0ef2b0e0374f37138103afa0b052c569bcec5f4cbf9630ad9b47b7b10fe1b226c038b869d898b770cf2fa15a241417966684c5e1f3a538b2c45cc42f924e10208f53f0167319826aa1550f56e9d7c39eee66c53bde199c5bb410eeca836fe72601996283b3022cab2937fe4b9969301838985c482714fbdc1936ebe086003dced221b4562edb8a2d35d27c877f96ce82aef591f05be967d7e368ff6f4e7353fbbe77f6869fba26efc006860924f88930b9dce5a103877bf84de7c353dc8c289f1122318033ec7f2801203937e60d1828cbe1e09955fe77f13ddb5e15c6d57f9598a88a8a2831a4df456f3476045d6a55ed807e6655f0d03fe4c11ec1956aed389266966459c36a6c372c967fa25066d5bbaa1591e6cdb6d18472da6342f17b65bfc14b218750657bdb7deeabf99b55295e9df91e3902821b054f184e9fca50b092342fe11affc98ca065c03e7106ea800d2df56180f5cc5eca39ad0faddc494c50f5f18777c14048177c614605eb4cf3826a60352b385371fd1ba96f1dd4cdb688b0779972e96256822a83bf07d2f7c73e7f631c3f70e0fe53094762de572379f4efc8184871ea051a2526283deead4640a8b19370ded9eb21cbace195c438ba9920ac437679a9eb73c5ea304aba6b7adfb807917a4583f595e5cf772d165a403c66af1f39e9fb4e30d04e42a12c572f1a15051012aae66f89ccf97213357dee2be0b8dd09e797fc0c54e7667c2035ffa22d8a6422bc709c5b540dd61d692e93dc92fba82f28c8461c3a41fc5ff58f7bfeebd01d2cf00df022cb089a88be212122c1e73f17f8ba044a2cb6296d42b21abc92bf04c53d1bbb7544468e5ed9c5f873bd0d2db1b7094e6279da5e6173450638b041b01ea86edc8fcf2d7027b8110d2b3ad339cee2a823a19f75ce83346a343b4e916a3eab9c26b3475a160d17f2871b2f96d736c1db81546360303aa2f612e0ba2ba732e5cc9f1608f0a9982515afdfa32c65969d8902221f16454ac6dc7153f669d3587155c2225ea6703187893d9c930f366d0472b8c8116d4f0dfc980836cd570a08a0c1deb72f409db6f42716a6119ba5cb3999a77510d51d6b9d6636ca1182bc6484dfe4e3d0a8c3f2a4c04622d3adbe51a2e571bd948bf3e33692f975bc2c51a6a61a06217b4f08d2de8b28248875f84fd1cf525f56420df8f2130fa1a0283d30e8389ec668ee4b945b7b458053f718c830a952e70cc4e9dec4ae81a3884ef4fa68888ec13cdd1d4fddd805c784d1c80183234a597e7a260c7de26faa24580d3b51fdae73b9ee1598d4e5fd696a2fac6908383c8c7385cc1cf89800b4109116cd0320a5bb01730e0d83ef4708d242a268722de41b774ff594e518971940d9579de90e871dcc8f331a187c6521ca8fdbbdbac8d7eda51ead43284fc7bd00b04ea64d03c6c10f744ca631768df8ffe69f7cf3a6db03dd587e8c643b68bf58a40c84a424ba7221f16be2a35800577754f8350d7052aace01f27e5e1f9fff29642803d4987a578c0cb90a3e77cf6024dc653aa1f54bd770bef135290ea63d299988a23540591f59c8564275e13eef5a7d3124c8e445f3adcf6b6cc95a1d720bb71ad539cd04a7f5e2e2530c588a149f307d1dc3aea5c803393c13df59d7f098a1fdb90e744516611803e52e9e043192646f05f55648db2ae35c574beea290286ff5e985c3ad81d301e4a5e2f10bbdc23e42ced651831e9660d481528928f74982604bd64ebdb348e877ada5f243d1ec79a73a460db027929b1268854db7b3b334ce875ae07b1f47bc2cc536b06af754d7e71082cf572a2240aeee9c44564823a618844892bde4f386f0a3a1131a0bebbd3aa90ea747da89673c31be15abf6c04bac6a8ad092b1503f327a079bbb330e5fd22d768c608cc4db1ab5a347ad9cb72ee406fc7fad7a170e74e65d3fb4b7d9cf64c23cdcb569f57733f3a9acac4f7216e2b504adc8159b71c1102c107cf120c908bdbaab8a9932e8c618e506cd4740f0d72438c9d020180c0b1b9e077d606691f0ce8961d39b596e10f6f83d40a559d095583e931cb1ca7677b7d2906ff58741382593d8abb945bce0a9546494930cb739aa576513bffcb3afb25a5751acc81284e46e21a73b2e6ff5f48f159d682afab4f938f4816a16a833e64e82b622e35f9ed7bf966defa413d9255d36657b886ba4ea30278a599d304d32dee34c288ac60f8bb22dad3433e81bd5bb392d5be5435b24b895c4146abc8155ae233675869c09663362be38cffd825bc9cf59bbe45d061f303c4e700110824c2c3140ad8356aad8add7838ad3969ad921c5ff0d5ce55309e7f64fd75b6059d74ba90424a36b4cf026575796178eef1f30cc0fa55649ccdc55350216a5ecf3058fb466f224a62b791a83a141df094135294444a7f9ef33260fe3802d64afb186d8362d9a238af55d3c8387ca8035e24111ef027aada21671f29780a09c2810ed01df7934c48ad4fc59fc2d16f838c78e0b3248e94ec6cb9258b43709543254239394462fcd9a00aa4f80d0ab4d72ff7ed5f112df92d849249b6d1841f188b9bb1668f328baca397b3cb44621b972b2a0bc06da96abeb11e6da6fe1f61daa96c1c8ff0a1ad48d7ea13268bd57af7c2506a265d6eaaa55246347ae8105f4fcc2b80c34c6ad93cc6d89ef886770b1afff1e90827963539bdbf36b6abc7611c4393ced3cd1eaca978f61b02ed1d83e979217ecf7a0c56f50d6d7c1b808a7d54a08f7bbec001e0528764268b6c1c6f2bfa1964c3d511d2009ac27f8c7feb94f54f09e75defc1d775eb26f03c54c76a498a35a3385869fb10540f90b0599223c42460f518de12343b55fd01d7d30b3896340f5f3cf27b9249caf0dc6291d4622045365968992af7a3f9455f42c50907865294c60d339a00062f23e3e6c329a21c429d10e45e79a21cafedcfc46265efdd1310e20abfcffdff37590e04f7342d469240cf80db3a3a82fcf800782ab0f65129f25d7656835148986b696b3d2d4ffe36373895988ba4a482ce4fab59e2619cd211fef71b04f1938b69eb07ae104a1ffe1dd01ddab032a62278e21189ff05f2d9af5751a97b62e25bb47f774433b95c0ed403b236c266279b709397ff1d8a558a5d2c615a8e57b0c47a67fb727c3d7750bcdc78dead574cbe15afe7c52d14fea2d116474eb5803ca679966539ca8d7fd6fef0437a92a0bfef66650629bb0b12b6276dc6133376c1092b5051f93d69f7c68d0aa59c14b604f15c990686afc5064397caadb308c9fae65a3387559b54029ec01838e6e5c2af5c02fc2c536b2d004053bc111bf943d373cf1747ce6c3860ebe33ed99dfc08ab4f0ce8d0e656c7b9cf7303e41f7026974c227353f8b0042b93532ba1e9535d01433d537665e1f46ff6239649b391a92936cc75112f68fafd3893788e3996a1a52b4f252f79b9a77539f9ee4dc7457ef3c4801fe020fbc9af6ee62f580346b44acc7eeb0b5ccf3b8bbc68fa6120d167c86dcfeb8bb85e5d46811b2078cc33bb1e895362fe627d872d7939c5041f03e7150bf4cc4bbf3639589271a4d365fb5ef922c17c8382bdb4069155ce6a4fc197ae1d5b71f590a71fbb9231d63dc7f395fe352fb6cc7e686954012b50efc77e2540d770d918e21ba504003af5aa6f9a8ea511e686885ebfd4de3841f860a2e20616befcc345be872f5171357c9a335034a9d08596ea5306f26c704b2031453045c39c1b7f8aa548871ce028eb9d1f07241fec9b65486d004656b069606f3be9698c2537141690080e470d1717e4b365ae59170690d7770f461e0e1a9e384e3795e8fe29441c53a6f039b5f98ab987f1d87bebd5084a91274cf3a1cc5c85db649f5ca625da18289ccd61c2e4fe82fcc575fa86ad6b356e19fb3f5880023b7dcdc73678646b010eb", 0x1000}, {&(0x7f0000003c80)="b5957afc451ba198dee06564ab52902f7e9c35e4ed8ddbaada248c0b74c19b2daa507f52cb5e9232ea0e361031b0caa08be9330bc2fb46a68ad2b2948bbefba00eda42f9d1ebae35677689e46070a57e51672345", 0x54}, {&(0x7f0000003d00)="52eb85bb052dc2fabdd288573034391e58d1402ecf0c999e578defb8fddaa213dc520d79027bcfec8e97ae0cc55fb3547102521f63a7a4ecaa4bac69ea5d9020a7a2022cad3b102d516c8a24754fe98b59f11537781cd184eaab93833ee073912182e4e6f43bf6021f14ce43c3456d2e4f5e", 0x72}, {&(0x7f0000003d80)="32b50cfbcc9ed9a39be9924ae6f28f10aa542e056dd6e35e93865e299f99c300a2cfcb395593eb22495eebcb70bbe8a9e590723d2d10e3bd22f62e275ad83e4cab621c78f39a72ee543457ea9adde2742146497f92731d6a503139a2998ad959ff2c7c62bd51628d6847e56f30a3cabcf60618db529376f64674e3dbddb9b8d96dfe958f3d5f1b3337423b6d822c317d47f6f9cc999f9e82fbee8f9f6ab3bee7e16d2c0f1ab92c", 0xa7}, {&(0x7f0000003e40)="1af40ff09939410752c175f1cc3736398566d7bfd55f891110ff44a5ab83a7b3c0cb7f94e0401df8e5ef5aa553629248e23f100b8717ab89f4b171f3945396b1547b2525711feb11e897417436b8422a10997bf08a166461bd06d217e396c7a2a6ef06561af82fa3840e8a856fca15dde75c013a785f140fbf349c74c9a2f42c48b29ae103c48087409caad4df227c2eef5b357e33589d467154e61194c736808611bc9b9e78bcaffd7c109e32f10c", 0xaf}, {&(0x7f0000003f00)="3a1e87f5e8f08065455ad1d3b446fb9cff3a0d62", 0x14}], 0xa}}, {{0x0, 0x0, &(0x7f0000005280)=[{&(0x7f0000004000)="2fe4c7f04f45e4f9ab5baafba0dc764a52d2badc6a228ec9a3a245524a25b75c604fd8db1a4ee790dcd0d8257869ce848b10d79969c4f7bf32a97d9ad660990bf7b2dce105034601cbe90ba8deaba8fc8f327ce00f388953601e85b11ed9879e7d6f56e92841097941b1c27637577eeb525e059bcdc4cc10b4d9a547c73ac823", 0x80}, {&(0x7f0000004080)}, {&(0x7f00000040c0)="54f57eb889687687fa71105a560763a7f4f205e650f054b5dedd434a1c13a94126b9c29c1b4ecfbaf370cd5a3584895e2de8b46f41612bbfc1e9188b80853ac8d2591f960472ec2f2d13c0950d5072401c726e4fa066852329d4da3465cfe4816043d02ec8abca1aea42cedb9e26d807c92e314917f6ed3b29b9645a126f9b36c33bb032f00f9e3f9ec8ca8ed093600b2e8edf3ccde729b0c0336c4900e2364360da7406bebd46e497a5b094a6c375f7315cb1231957b8ec8638d5bd4a7932f49d50be5f26df5828c327743f974b12a8cd03f8d101e7fb71219e42031658bdc8f163c05eb314ef7ef5bad6c0abc36b547386c137ab8f0fd6f500e740eea5058182b4f12205b56180671c6d79a6a91916558d37860b4bde675431a849dfbdde227d547c17f64f34fa606184f60be7933e2267d6ba810ba8750e5502163d759494e544933d64f3d31f541480cadffbab603af144307e9cb36065e555eaa6a6cc62cb33d7d00ca6399d06c09c7cda54d63a9b587273b2d6354f8ab457abc3fa271380294241084b926105cbae90a2c5097c3988bb38738db9731ec044f87e2cc9de3e872c26ad22ce3a45876aedcf129fd2e1d99624043bcee51789b28c87bbfd947e2645a2a37e9d12be5aec1bb8e6796d02007595a8d192fea8f20b3c2fe691f7a1785ea2cda2c372bc7470fddf807a4c92950605b1fd39a6da5609af9bc51253e55056995c24f8de5b8111bed95869fc40b55d6ebddc16fb8b5fce4a5bacac60182077432feaf78663e3642529eff56876dd7201c81529bc99ded0dbe033299db763189931b962266160b408b10a3960a59a1e39842b2d9b421da035d405b6ff56b8aace99f523add27540acf1094ec055d11927c0615b177a490ab8908396fcf35ef58ec1829128c0580f8d2f4c5855fc349884a2340a544b1e562e16dd8ddcd5591ec0aa5fbce686de565149f06de651add6cc8d3345f80e20bbcfbdb393ff15b2085ecfce55b827e56450b360c3c6c2b06f5c9991bac6cc22b4ff8a541d3da8b23366a4471030c67280dcd08ff2bf8581b52c8af75383a529bd71e015c4db27079bc5c3f7e1d04c8bebb07211bd43af977370f114107f17303e5b380b4d064cff14834e1505d922009e66956e54796310f2792a2a5c1825a6e67b7ee7b8e7cc363c2615b8931f766f9e7b9e4c889d24789ac428418f572748a0a3adb78bbc1497bc24efe6ab94b8b09747dfed1b0c8d8d3eb61a775c77df7bbf1f69d02ccb15d1e80f77f55cbc79ff4015a024c1b964ca18779a6af79f7ec26e4c02c4e13e9a8f72fd7776535f68cce83529c13dc7ce1a8a9d5c5ec022ccdcc9fcf815533819287de372c6d04bb8aa9c962493ee2f588826bb35041ee06d7e90274adb7343ef05f178a72bf3bf917ab357c494d057c563eaa6f35dba2ff10a6bfe08996e3047b2a7624e5831990b10178d847fe7a6b5be2b9f0092dcf959fe18726c6fa53c69f43a16ef8e27ced9034cf642b1784f07c294bc55e113adcb2e3ccd4d2765f6f2c2b3c01bee9c198c96a3c6fcf9344a7cd33cee234f5e6e75801f3a41b09f6ded7b11f7e8211febd8380779fb16b3cc717205790105e137f387faf3f38c4e342c05d06da011fec05a44a0e90f5f39a2a988d2b124a1b1f59a4ada2149cac1791d7c644a30fc9058ff32ca1f573c2587d8b8c8f728a512967c0902bc3be0c1937f78e823927f0c92970c88bb0546d6a80933503e45cddd4a95c3632c19bb90e18d4d17e83dc62cde387c0bc074a3306f78888994acb2803fdde7a8c9355170a6b0e4249505b044400e475bb4ef757fbfde1d7e3495935040b9c6e0d440177ffd58bd1dfa6e564a04debe4ecbd22f3668ecd951d3a8a954f4f18e03d64b60ee20013a2938036512d9204c0a0c5d3fe6eb77a7ee3db76e714242490884dbc0d45b51189800e6051faafa6031914bfff44f0560eb030cf9a0361c17943f84481c00cc86f5548e06de033792ed90614805b1441f7efb98fd29236641c01fd1c74605d9e5aee869b8c0286538c6796dd167e5f1b8418d8bc054b7a19fd577d6e3f8391e94dcb7ddd43aca461451e1aa56ec4f21be2f029aeff7ec0e572cf28b3212ec7af142c834a18a574ad6d80351db74f4aca6c4b1523465aba0a6c90e8556e1caffea86010a0011e80bc61dd28b72193ec03a8180f3c5d2101dd74354c942ae99e85b01f1fa66df09eb555c04672f46d7857f7852fe8c36b8826fe599a74672266dde51f8ff9b69e66ea4e6c86b1bb7b484ece11c96be9503e38b4b13a6cb702d9e1e0a3d95e9077c5359d78c03c366891a7cb89892c3fe79a912d29d01f03c5d443f77da9134c8793a680ed6f1fd9724c260434a35a1b3aa31745f3bb7c73ef874f8df99e93516b6b90a07bc180511c3d816d3d237c72735a98572082a0d3f546103b029aeabab2df0a819d18e8aaf6aac240eddbcbe0b2e514107456df98a1954f22ccf1399af5231af403b51c4d4bb744da26769e59724a124f721cd1254927110f0f5aee28d65dd6bc6204aaaddba83c8e2aea71c968ef10d8259b24c0699b7a95e140000586a1ca592499ba0eab7cc399a46bfd8b074cc4e8276c0f811d4259c67b5182b6a6e348e305a3dd7b6ebaff772fdab7fda46cd176e1b1adbc26899a882e7ccdafea34a3f403a88268b4e4b1d53a0d0e629c143332d17a382c0bf47377726eeddc7dd37f7dea5cc3858283695122084e628b9083e3f5937e01d995fec9947b0477bd4f73c81bd7a9eb3b6a0623597085b785800c18ee37ded6163db7116bad857722196da17bd071e5c44b54c06bc224ee2c74484e89e1aab8b7bf0a1799de49bc243c03fd1698d73aacf38d2edc4cd3dbc1593f1ce110397caaea123350b1f2a0efd5c679e64f334f8464ab29d7bb5029a2f05b3e39d0343e4fc4f5f7fbf82e2e7dda342ef2daf9f9c2857e6abf903f7ec66c149971e7bad8c65a90e01cee84930fb4ba552d35134ecbd7aea4db9ea7ed60b14fd9db5b01fa2b5d535f97cfdbd67e60cebe9f98e331a82a31b2875ac9feb1b7b8e930a7c37bf74aa4d0e4e06b0ef1516a0389547ea5a463ec08975b325964a4c1d9185eb3f5ec607878e11bbedcc975eee06aa75ef94a28640083005464b5e60424f2789eacc51d5aa9fcb8010d8cbb2d74d92a7e4767be0940aa97dd6d01b34687718ae437ca1842d2798f1eac81d2f535bd99bb2cf4ddc33ecae3e9846f3b7207a8830cc6c1ec7186cd7fae3f475209bade616145ba3c475f66dd34760b782cf70c87133895949fadb4b2760308ad81e857127b3ad90205d3d3c7e8e10391eaa875d263ab9f01b84b6bf92b2491d150184e8e3506801b24b766bb47f6dd11f42c71fe6a6c75ece6adffb9c78e3b476da1de75f8ed9257eb8e4a099944c59f48f449c4694ccd12c012f2876050907c10ed72faa67ee8bad4493ce27b725bc639916f88e58bf80e2a575a2a11d93cad87d77ce5da22a0ebd79853a9096339aaecc09208637572d4a0827d50a04e9959ea07cd84d1439176e284a70b2aad11bffe0eff11567a3beb257bbf98744b40812120e4450076cb336964dab7e1aa4d05b6fac92bab84c2e3a767a9df6ba6c3d2f38def526e3820c81fdaf7533723cf437af7e2ad378783715db2fcec44568f691998d77e7ce783ea64fb7fe9a0928750fc0bc9f1cb22f9e3199fa22d840d1d179f01315d1d10af1c3094883fd4ec8dd0ee3138880aefe0924e8579695c27dca39bea6ba54deec11106ce695fe36a7e9685a78212a448a2885fe7866828072ef9ce3bdf43ce2bd24b8d8fb3320626cca51592c53dc36cc979aae137b1857b27061b56d682d7b16396a305f60207829a7c8753328ed00580044b7f683f7f87c408698c69754a0bafb48737ed474f520652332aaf90f0d88e3657d775020a1bfe8bc377636dc6faee27e3ccd6e1e1d8e0125a498f984afcd733bc5a809984bb103be621921824f5bd26e42a680e34118cc7f7f6067e0f23557b721c930850b3defcb8441250e4af358cb1f85aca594609c5f09b23cbb636ffc6bcde7a8e9622658c86b9a5852eb000cd21e4839ba1e3488f2f47943e13df0d20a2fe04267f1c4e978bcca2a9cdb51c37e1b552addf57a009aa98618eddd38350cecb80df52fc17f07edcba0d4d8d4aa86c33af6f493ba91992441e32ff5d2d8a86e978de5698081ccd64210a345387fe31119c7fb8628d2b228d5530ff4d9e4a44a2cfbd9042da082e55d92b6c725d6b828588f17445170d0cb350c2c2172e6fd789cf4d97efde173fb615560fe993628f84c9e08465e2381d230048f9bf09188f4de6e8cb1e8677e9d72f69caebe8bedc0ff389fcce560cfc7839f58d97da5db9618b184cdd7b76cfc57ad7c190aa48002917bda56273ccfba76568db208a6af86180df0599c73af6d4d03432717a692b97966c28d3282c775fe55119e1a3a824cbb3ff3265c64c1d0e9a027644a72cfbaa413b4a4e5fb98f6e79da21412669faeea196f45ec0b9a28216ee7651cde85c3eb52161ea5d140c48de7530376054481e51337c6643381ad3912b53ae795e1f1f295dcae478e65df5ec3bea24f5c683aa7af8a7951629059e32932fb06ea508adf2b3280ed95fafa0788d640f0aad4308eda108a33ee548dc072efe9452abef8abbc5745494f3ba04e3e8c2d9534e43b7464f5bab6bfd9ef3b5d7fa5d55ac2e755ffe7b559b0dcb1c560f6f4af0242e344f7301c0d6bf9965fd73f13d5c5195a6a8da7a432fbe917f566bb05fd6f21f753b21d9a3ee37446f152c63b9487e27cf5362b7f5ac2174867d2b3109b526b3bc212b17491f1e5e09680a46c71887d29cc9f800cf3dbe32137ca925cbc019398ea2a1ff293b17fda1cf6e8966cde86245a8faed0e24b154d64dcd1566287ac6d6cd4b43d766e3cdb1cdfd3540f48248dbb9f326b4f5627faf11b4fa50cf2c5c2345a87a098bf4b2f09fa9e1066ce78be6585a50579eb0c1672d1066a3112d60897d55bf400f583c69bdb60abeb766e0f27836eca1bcd129571ef67c2c2ee9956869126d7c715257db0f283c4ad7945fe0370ea1e8c69e7ae424a52598a79a4eee32e031455db963a447c271cca682a9a725c3b828ddd372fa38bf9b2f9d23eb54f440ba586a5f64a6d5564543b25686e955bf87bbdc0b6a44b80eeb6cd1c7bc0eb81e713e6d95f8a3f0381729c88136b7361de97d560b96880ef5921114c1e96db516c58c360d73acfb3e49d013c032413c580462f636cf631a9a8f03c1c659e324be94a4392b86350a703e9fdf54125d32f62e7c03ee33a302d7eed8e9295e0ccafc68ecf1026119a197f9a17dcac6ad5e9fe6d9b30b632cdac0fb176057c62d7d4cb911014132d8559372349b7d6c25baef300c541ba10aeeedfd7b130f853225f4ad2fd9c7b4ca7272a4f57a3df8cec62406d662cf583416e94d32115b4edae8ee93b811dc2cbd775465943da03831a15aff1a950d69dc21bbd17c79e99b97582e66f70e16bf7a192753eddb8cbe972a78954f4c1464588fa83fa892061ddd28b15ae3a96b0f102cb25c4118f04d0bfd23741c4c38a25eb35f73074de6b5763a47eec03cef71840bf022fe72ba7892383f59f53ad77cda18ab8e10d223456d7305fbf2aa3aa5d49f7e53d781f985ad55dca440d5bdb1f3504b79f3b6930033785a3f3d8a51e7abad49aef760cbb627f4dbcb969b3325edb2d763c9cab759794f5db921e1b0bd228b5427c8ffd2ad7f186a5addc2661770a57b099aaf5", 0x1000}, {&(0x7f00000050c0)="0fec6a6e011cd6f08142ee20d5bdb4f355ca992924976c68f7cd36411d6614e67303d82db15cff7edf7efaa199d41972539363278d34359cdee0786b1ae39b587509b0e72d16717823c6a88e35aec03de34d013d8377dde70954372d760e517b987e516a193ff6370cbe3074ce1f644dbda9a2182244f33b5524af3db67ee7ffc3e68d1c5afdcfa11351c2989f79ddb49e270bca3afd", 0x96}, {&(0x7f0000005180)="72fc0225e0f7cd2f287b444af7e52206dff4077591c9b2cfac1c80e048f5de38aeb25af3e083dcbd71b11d6ce61a22b67654274ed4a364161c", 0x39}, {&(0x7f00000051c0)="0d9f6914f5ac3c95a297b4eca57f1941ed0212bfcb77789fd0885c143b0af58b113c7bd1a67f98f49b5d22dbd1e8409489b21e0e40ae8eeb1bf871f9f7aca8513c4c046e6fd180b6b58963b9e39aaa50363285e892e513ed873cfde5e09e09e3e42aab8e91f5001efbacee3de4a4773abbb98fd301292f41dc3f494c76cff1a13ec45f57fa77d88788d12087b64a9eb8cf1f", 0x92}], 0x6}}, {{0x0, 0x0, &(0x7f0000005340)=[{&(0x7f0000005300)="fab4bb", 0x3}], 0x1, &(0x7f0000008b80)=[{0x78, 0x102, 0x8abe, "8a413998fdaeb590ddf3f7c0ea5e2b18603258ef609a0e97ed36319f2c19784fb4cd0f529e57841d3c8b9080dfa500681468526354c77ee6b330d24ac004fcc0415fc4a05613fe3575a892d14f1ae6eb3392a63748e2031f474baa4d5f6c43dcd7e31ec61aa98b"}, {0xd0, 0x6, 0x20df, "bcd466ae9fe95b34610f1e9e314f70baed1fde441bb4beb6d6ad7b17beef527e15ecd051c7cbf6219f5ee5dd3c1935d61f724d4ddcaf1160fb242e9088841b31d877ffba14b50de0ee0a21f22bf5ed3293ebc1cad9b2c5103f6cac1e5484734e35b6e4d10d782e46a1461b4d963b7b26ea21e06f36253816d14899c94220ea6eb7933397db5f1b60e3c780791a412e20869b20b8f31089fb48fa19826edc920e075e9cbef46470e3b107b94d0ff396d3ad9c4b1b641319a881"}, {0x90, 0x10a, 0x40, "81c88c9ed6753733cca021fe6a9609f8230d9fe4b43976c046c3633da01a8f737734e4a1dc7f8aac705ad66feecd5a45e54e87d1694501b7daecf54224d044247731956cbfa84e2b76a87765d95546f695c793e31369127fb52b2d2b9f3c4b2a36d6742d2bd4caec6253699b8e41625f66350b164b9a7b80d4cd217c"}, {0x138, 0x110, 0x7, "ce6011e1306de36d8acc5031df866ea3037b2b56538bd1d350edfa98394df56c46e25f360d5a7dc655cc78f9cf87489db573c7d1021f9f350985cb30a569ab20a8b75b87517e1ecf4e569c167c050aa9f1d8c89f75c62f6b052a125b73ac9f5dfd712a5b5ead26df84d64f3dfcb9c4c8de29e041d6e0131d89f83a04eb83182b002d2db2c9bed445f102264ed3fce5946b7e1c9df300bfd71a2829716c801cadd1a93a5b604eb9effd7e4760769c24309c69ed1b8055d394471d3f6b8971079ab11c69501d768bd9a473b9f0e08a2b3132f59fcfbe5d597d9185c74b8174573533e1252c9e030decbf3d0e09f22d7ee448b646b6b9f309c189320e014c9f36c38ed566f36d07646578fcd99e527df161546552a5e5bae5230d5fce0c3b3cb1f8fc118f34"}], 0x310}}, {{0x0, 0x0, &(0x7f0000005a40)=[{&(0x7f0000008ac0)="58447119ce7e0e873362930fba3db2e29cd1f5e507db038be41268ff201d13110a79437a5f615bd4a456d796d5d310a18ecb70f54c8c86194055cb8fa355c8d61f0b3e2b6114e4ddfc85f15b185e677124ab366cbad58d0cacc5a24ff3227e9947ee76ac76cc1d9eca6b8c72040d49c407ca9d05d3910d73278592eea50cd565fe4305e7e1bf470a1241a880cb05b9878ccc0b5916332602047b1cfb9b5004ea38f6bea857d3a8e0b7c9a744d747e30b", 0xb0}, {&(0x7f0000005700)="464e10b0cb89e5f9b412cbf39463f9c257c6f5eb0e38bddfc9aa907ee0d1fc5c9569a85db52bff660ff976777c5206fe3e6a677129239aea7399f76fd3b42c8bd8249a01aeef5dc85cecf737de212146723be01d828110d48a68cead5642674bd0b58c7373f717139ac9074ca5786f7f9130223f17a58c93baa5e7e1339bf596ec6996dedc9c31f4ae0b0c07dd41b0cada8c5684aa26e0397fc819160f9a8348df46f0885c11e027cddba20bd8cbfb1a253a141b735b34960b95f5da59853c319b7cbaf095d060d84b1b5238c06d7e30775a1a88a23bba68a657b78b8a902c6fa5242cea7de1866ed35596f11cdbf667999a78928c3810", 0xf7}, {&(0x7f0000005800)="16d1d8b759735d34e60f87a188f51ae1a5a7f4ed9d1cdab4d8dc01fc686c675828597bac2bfc3e831d4877e00b0dccc442caccd53e423ef49fb5b832c8b5d9d6ca79961b8710830a9b0ddad44343a1cf2048edf1837be2753a1607b9984ea1248b6dfe0e8d2770859754ca21de0e46b4c32d5b7c21eb221ff2882c37c0f53c7b0bde2cb896f877cc350dc330d08cc1e757b1a007e1e6", 0x96}, {&(0x7f00000058c0)="6adac2319c72cba8ff079d19caf204fe4d9a36b62e86be43c96e530c9c165e5478bbbea5f0e10a8d85a7aac0e021003da0ff85c434b729a806e4d2c9b791fdd88f95eba8f6ad1f2bf3c78bde747d03e033c9f7074a0cfc208eab95cf58d0ba080ae603d2e28631bd0716c71262216f28843f52da5f868914b018c62e06e92a5284daf32dfbf9272a69afbf8ba3ef6cc14c04868f5611742d8d58bfb213defeca275ab8888cd9d27eca5698e19758711ba2ba344fc4512adb", 0xb8}, {&(0x7f0000005980)="da2f6757b27bc4a37b871ae9b32cb59ce8cac9f226069fecb24c616c1820d0f7d0e4ee6571a58c8700a7b8d733a3ff58d8b754ca7da8b32b9ecfeeb2f2883133b6d563df3d5e305d1a4426b8562a65cc93ba0a33146659388a8e896a02872129e38b06d32280ceaa0b4196556c9a0cd69fdc51a2d1c76fd2d240bae95632fd16295211434055468c197ed99f0a", 0x8d}], 0x5}}, {{&(0x7f0000005ac0)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e21, @multicast1}, 0xfffe, 0x4, 0x3, 0x3}}, 0x80, &(0x7f0000007d80)=[{&(0x7f0000005b40)="d311e1379c368a9be074e9e5f47b646d3655f8c983a31ae7543acb79164b5fead72ef002fe0af56388beef35aec900b71e842e58370ae84808e1275ce16fc49aa64dff7a32d104a8dacac6b65a67fcb36c0b0138644d663a1c4d999568bf91a71a53b9c37ea2cf270308581aa48ac593cdfcf30f670baee8859894cd6cfba1ff793d9a17acf47f35db7ce178a6b82c89a3b8443adffeed183373a1bc134701441be948752f45491b1ff1862cb215d80095ae5154119d28eca1acb951f55a82c8172ec1c1fc442bfdff30c70fbbc5c783eb940fa11e465103851619da653050aae383bf01c8d892b6765d635321aab92ea64e4248bdff2022c111d8b84556ef808434caf40df339fd24c1b70ca94baee34094f20338dad78a21a4a8a00e9d81483fff0c89c75b32b0d3fc317999413f2676b5a36e06df3dbe5b8f09fb31cf58ab4cedddfe124015ce4bdbc3ae8d9f77da62b9af21ea5b5643fab42a4c406e18147a9a11ea62b7d2412d4a4892bd93294067a6f7a92f40efd3ae925f698ed2181e538010d20d323209a10e256e9feac6f8985bd5f388c7963a692a4132a3816ddd177ee8ab929279b1bcaefbbba5c674b7e103b31268554be908d23ee898ca36a9f866933fb98343b474a254712828fe8120efe5168b79edde299effb5c2ae4df9b7a16972805ca58161a05a4093bc5ab677763dca35dd3febee01ebedbd2431da588ada481ce07feecdcc526f0db2f0fb5723111b97dfbba8d0f60172f5007dacfa69e6034778301d163a22814018792321a8b52db1a30f5f77b3533333c04b749dcc6ea4428f6a97688d161c2143ff80d92b9d7cbf54a53195767a81d7ca354aec43f14c5874f636b7e3991ec8a4dc4e6a7264948e7d9e267bf9c45ede1c7e016f58a8f5b324a478929dc80e338f8936a381d848dcf57a3beac96a07dd63856c4597d508c58d70710530e19b9a9f34d9e818b64df9f8cc95fe5544647b366e8f0a9ac632b4387d4ff260ece3735e5e03a5ec75fb4a686bc94d086fc06cca2878bfbb07920b0bafc85b0a16a66eee38f1b1fbdc49706d74d8f5025c6d879400769fc0ec6d0f7ef85edd752d9e029525c789a9deebe644cc219b861e47ca8f7a072a19e40d60c2ddbbd99806bd37bd836840090a044a987bb5342f1588b190c35ca6e0aa7d05435a85bcda0674ddeceef2c3e0142ca362b12ba940455c7210c483b5a31faa70f852c9f34c8224cc85ae75dede47292730ff17db6084a7bc49ec1b4e77fc2bf0c12d7223ac725da01e43f4b712c6aed4f1e3ff079c99fadd8b3ad624807fea88f2c3c617ae77f8a6553ee726f5b9c0631bd16a252f7d220ab2b4af74fa031904cc3af9e047e701f8a477d6350243f672a40c2be251ca7bb58b7db184b6be822d7d710dd772770fab33c2c0d394af8f5aa24618f39c3db927dbcc4f709aa76edbe91f3187f1bd0234fc4be17a52d255c25b6800311b5ec668383f1d2d1de9986e2af940c3eff8476fc9119af70f306f864da10759d94ec86c85b63a0aaa7b8b61ef19dd568e6fa8440c463bd3e4aadf5a442e4887a8c8c4990fc7477c9d28300c23517ff8fbb0520f630c1ba6c6bfb78a2ca122c0f5bf78244931a8dfc4e18ea1584d1552fde1c4c0356d0ec303a4adcfff20a52577dfa61deb92e1c026b7083d3e894b8d1eb8ba3ddd0c1401c1fc3f3f2e24583d922f4ec3db9f2a2b174212345951894ebf4e45c6e6001e22d88f9196a3f2b5f3a4a5c61e76a5e72eddf7f71b161c9fc9aa5ffe0a3fc220325cfe9b77a8b95cd64279547230a00758a99c741dca134b48d538d7595cb5b46826e8a167a77f1e86cc553839a28b567c4185878d3faa5a611effd125c73ce409a3183300daf3464933b065119742d056fea23b7b3516fc11707fbcb6a4776836e6f3ecf8d6c80fdfb2fcf73c4583e5fbc051ba5d53a30bbeb447ca5abed751f15b880f75d945ec0616427ae2896b36358bd41f7967e77abac6b3f635a8b272b2e9c92b261d0d814567869355849114ef6e81a9f02985dd802becbd920cdd55c1d5525a6bef6a328bd27b2acb0260c2b8216c6d3791f818a5bfb6fbd472517e0872406a4234712de9d3660a8eb3024f951e047f52c4151662650245e4616b5cfaf58ccce8fe16243b62a53c894515e7a0b247878d3b6ed00a4d3a1faab118c6fd1169008fee35397bc6f743890d0b2aae6b3fec6da1a15f656ece4eddb179c158c038f72b996b8dab2c99b55da278c09ac72545b172e7cbb8c0425b98d3581665058efcdec14e0a994f2aa79882f4e703dd54ced5180750009db530f48827fd38cd151415c654d4271d7baf0399db056edaf3f7396e1a08dcfe5db244f324624665fb5b6d1b6e4154088f1f7cece3bd1c2e752b1b40fa6410b510cba09bbf65f89a4ddcee1f720c8648ef85cd5a545af3ea065f7ebd6f622d3c258a8ed71e078978d8f799d9b3b90d6438db45061a3043ea01e2c2904ac32bca98273ffcc1c65339cbd37e73693b8d420c203177432c82b1feca0b714aa342f31de319965a16a99df186b6b193ac62399cfefb49db44dd3f249e59e17783f8c90bbd298a2c2e033efdd690605794040a34ecc48398a79f50b7530e483934370b2aa4f420c2ab1d99629dee6bcebd0d3215b58c38dbb0bf0279acc6f20c97dfd12683034e375c0eeb7ebc7655368d1c56d6eed380dea33ebd54a354c020b6f227eea077407de4a8860ef3d12db5643c8c636e4a86c47b61e8a17691831780b2d3c545c4f35419a30f1a6e01e44fda170cad4d102381bb254a54ab30922b30c1cd134a43a4ab45b57cf97b38c3aa757870b70714f90e53925d97525f81536e80c15b6e84f878cd1a0c162700d0118f2ab15eedacd110b034d4e3bcfd0450ea6679009e2d0ecc0401d50b6aba75a4d676be1ee9e57a581237160a2918afc9386b193571704cc8e4b71ea966d2ca0e60575fd49a712cdac24c08bd509aa576bafa0650184e30e0929d2c1ca052256c7497dd48b3e90907625e6520f0d95d3bd80b4852bf66a5ffd8c22902099afb2b875dd614b0910f78e6c84ed8ec5d17b59bfceba4b39f4c41376477b5803dbf4dcce28cdc4c42f00118acceccbf66b9f86d247ee7fc41a29d2980f0e47f37df8eb0d0dc7a5dc8b9db58f7f8def08608344f77cc3da1d53820b9893b5e6a718466524d3c7d16e31ea91a1fa87332ea53cc8673d522fbfb395c54b98eb8056dcec2a8770fe1d75a67b594fb8f383268fb3422453a7cfe896c37084a81b1d2db6f10d63256ffcdf98169bfee07358a2729d7d1129b48acc10482e18a100da402cb68d79da4f57a778b7c0bcfb8016bf61d8e392bef87139632f22dfc18db3bc304e004fc0627818f915c63439bf627119cc9af67b5c0624a4420b0004fecd6a26c099e11a8474d0942e9dd18e6c85cea127f245168943e3bbe3d7b24c524684cb4acb9a630d7693638f4e0871bcac4c876f485d80c30d06c049b1fb10e6cba2a347706a03a3474341d535d2cf99cab7144766d82f7607eac0015e94376b55445bc9651a54dbb1121b4dc5f77dedeb22a923a59793cdcf457600351a02d9c455f9fb70813d7446d82c0b4be3d5a044989854f757b3c55a5cbaf8159a415fd3916b7d54b2ff2878d210b275d529e2ce164069fd2a345a04271a5c71e3ce7836e4dd29f5041c9a35da5cf58153f22636c25563ae998f8127972ef589718e5e0023b08adb9eb89dd33e5a6e22702e0d5d93f13ee477efca554905c965e384f06b19cb5733f6d859ea5dda25658c60b7904866ca575b74619b799d127a0fcc14d9b27f973d6832502056a15818a83e115bf0ec36ea7c0f649269917cb910ca4bb1de935ea8c6220c01ada7367fa84d2ff4518660c834ff2fa9a1933f515862e0237a69dccd44496a7f28e24e7de371b62126cfb57923c4a015b5e63eb40d62c5e1c72785e1de656881fe45879af206ded02ff580ddc87fbd4860f1fea34ae21d93c2917361f51f69a1e5ea6077952820683414b074c176c945dc542c5b098b1099e66ca59ed0e205c83611bbfe6c7af1a6dc11959132664c59f97022411a3f827d03ae8feb1f879d06de127845427501848fd702af2f36787679f1daf2da8b3b2b04850ea219e7dca9fd6f91c84666ed92ddb748785dbb6325faa5f84e069d4af7bd0ef434219acc1904216dcf659fd2d43b8b5329ec60b3999385d437da25f1dd9c4efc76baee878d8b7f67a0f2d03cccdbab2e4524222820a5efb24684a70a9a1b221041e2b963f03dd03110efb4e8aed4926c21d3cd8d5e3b0cba00ba45c83aec718b5fdc214b338935343735ba1f1279267fd362a1627f42380772bbe8c281836765ead16bb6f08a3627c162e4bcd4b80a085b816b275471e74904bef07d74c40d89cad9ad27eb611a1a13c8f77633430a124d329eb15b3e4646d601464f57a0d78226ceb6ad1475f4bc0616ba742b156895d79ee4d1f9b1c6380296924892e00d2bb59e57bf4a972c77a02ccd59516b7e7238e663fbf3b449d18586ce9dc27007bc4c94f7f14d82f0274c303cc40d4d10ad8dc3b2b2633809baef4dc3aff694c656e1e28a43f1e3f1a84455e77385dedb3374668543d08354e54b35f33b569832df252d8e0c85fadb554eb73c3752f0d5796bc65444dd9d504a40dcf49eab1e6bcfd46423fde40f9325524edba1c927136c076f40c3a4c4f5fe4501817bfda5c7df36057eb3102688b7afbfebdd2407e43f9ae9f1156893c99780344318274e94d74c94fbea4036b0553c86652194347986ad9f79b2ddc19fde17869ed93d6ac8ebe0a29b20af90b5e148dcd0166f4d21a54a967bff0e0674a806e8345e46bc88da9ae70896b7e4224dcd2ac70a8cb79081fd3c67ad9b9eb387812b4d573fbe111d532afc3c321570483e00887579d41598eea2d141eabda531417bb2b9c7bbcd0bcd0560b98085b04efd544f483fdd977586285b00bdf3cef482df9102881aed7d4d5c332f3130252d2ba21386190dd0bb3cd090a4073bf3196bdbf223e451e519aaf6926d590f0b1fbfd0afd8ca267195bc3517cd8169d3cb0f8840a93e08139a16e5e6ce4f242c96e1254e4e5798d41cf3582d9f590fd8cf4c46ca75f846183612544df15338c4da77452cf1ecb9aab6ab1a225a155cf0c11f724ea00e15cfc962dedabd3c1305d713d1a5a14263daac5e82150a62e79838ad31af5199d6a30c76b65d6c89443e460afba5091650c4d45bf61e5d08af2d36fccd983bce9a316b5b9a54530ea5b8d75078a1709a39c05e4ff1dc476a885c4649844fd01651563c57955fe5c7ef79ab47fbffddcf305194aaa1d75a6b56bdb2d59face2383cf94d13dde7a597ea6b6f214028e26e069d1663b14836e38b01baa3fa4fd60620ba2d4024c1ee26f7533f4998900f61050f62dd6db8f5a552b9ea6d8370a66d908d5378368909b183122820e6fbc688193b8800ac29b751a40977dcd46094e68a77f94a7164b39a34551776787e2d76cdcf740c66a92b8ea38305b77bd3c81058897f1adf180659a872530feb1407c72171c728a3928f8222014ae8955d93571a3300a1cd353520ebaf37f8891ec3598e164df677dbb5f042dbbe7a5e13cc47ab28017957d05e93c8f469bd61ef3c603810ef0ad55d3224ae83d06def51dedb6325b100eb128bd82069a523299abf1d37f6a0d2c3846dec3c8780937c5a369a580aec8ba3489f3e9d947aed9c9a3999d8bef6798b7b73444b61fc8a6ea768a07f13e0315fed8a4c53d34fbb2", 0x1000}, {&(0x7f0000006b40)="a1bb9a8d01166bc9bcc2894bb0c4267bb3e00cc783e17497b55a1b73ebccba0740516038bd34736fd708794f7b1e983d1658678e433cb6ae776c13519e06a89a2c735a4d9eb156bef8d4dc0f3789c627f6bd77a7a9ed3f23a89c342d65744adee81ee35b4229c99602d7371db4094521feacb98ad0f71e1a3bec8e27026e3a53c2b272668df6c9e3509baeb8ec30f071971c4289234692efeb52", 0x9a}, {&(0x7f0000006c00)="74ff085f251d32b9ba1f5bb848a13dc0c01ed423ff173bde59289552a7597a20390a442a60f743325e57573705916d6c28b3495c0447d67203", 0x39}, {&(0x7f0000006c40)="a82927c388560975f2c66e29a00413e6bc4913885d858c3db441a90ddde8a28fd22b", 0x22}, {&(0x7f0000006c80)="f319260dd63d21d974802a89a2cc3fafc761b0048013e2ff73eac15776090baea11981cc2ab7e5f9882a039187746eb9f03ed7d5229e16378df2168dfa8e510a4578a7e7bfa2a2c7aaee5f921652f59c660aa6ce475d9abc94c6342bc975983780d778edea4d833947954f47430c6570db23e7be5667c3d3c4e2c72459468d7172c6b4b62cc34d6c6c385ad2695c6e0cbda2fb42471a7cd82f6c29a213153fce075c4d8f5c09f3b6ff7c271cae4ced75f50590f616ca233920bae3de79a0", 0xbe}, {&(0x7f0000006d40)="91ec3f72a17506514bb56756e3cff96f7be75b6b141785b166112b8519fe595e4b2ac0e3ae542d630508de8fce08ff4cd0bbf6095bec2f8a40a32c581f", 0x3d}, {&(0x7f0000006d80)="880d4ba4effee100328accd80a1c71aca94c811ee4ee4997f787c4dbd466eba19be01b12ad4c29dd36b23960aeceaf17469a3095e5eb6eec71044a3f613e11538dcac73dbb55cd6bd2a93556a178c7944d6ae5ebd4a07b6c6f2b948ec919f13607c5405c487305865188be77793abeb333b884b46e2ef8d1fcef6abb2ed920781c7547f6139b37429ceb4174d56525af881f1c447000031be3a56d24086216a6e916568fe5ccd397274105b14a9f06f5fe1ac43606f633d9a8195c4914c13754de23735159f4edd022911bfb2eaa34223c3da6ca439893208c38448e58520a4d312e5ac1f80ae1690101c0e3714aeecaf5686c4907f5e61c4f58dd0ec9420808abf6d828c3160c8a4389446a18e05050468825878249277652dae447f84426b5d70a43c5504346a0cefd183248fd1934fd9f28f284b14d0300dedb61243625b88c38609ebe86f081d32e4d5ec8bec39d90410c714b993d6ffba4d55ca95f6be1bb5b41230cae15fb97f9cd61ce79e153e70c46543f47e6f047a8ffc78327dbd83400e33c9967b722d48d77df29e8c95f50f198e50c4a29295829e5cfc5dfab9d5670debfe738abf27a76bcc019a4c8214cb85db32aa1609acb530a7b498120dd6deb0512ba3f3ec828ef5c68af849c5b3b9c7ada152cb9d09847eb61889f1cfad7f36a6a17af05cc7b5fa1a0fc650fac487475743ed1394d93a314d6233f524b1784c4763dbdf463446b062afb3f380d98a20da34bfc36c66d2102e459191de23d86fbc6fc899a732bb930c717f2b3a19c327557ddd5f5adb2f9823230a15b655ebd83d746b214530cde6ea96a2483f5738242bc8bee10312500866c9044e24cabdce6fc6f2c9970fac77de0791a0c152d3d79261156450c825bd5a2c7b91b7c33031ef3a168251da28109ae96323f21726495c828085428271fcdd81d3b3b5729182e533bdab6fbd38e7f87478d74f8083c5cb35f63a41a1d0f0585d90bdbd0e68c14a6273027b12389cb83b608345495f29f7340b2113ab793aa8b42d0fdb8d083938d754c6f55bbd9bbc0c6ae4fa519f338da6a1bcae971e983a902130bf9c39e035a401268608e99545f7529355065dcbbca6d70969c7da0b51aeb339316310bf4669739cd5958881c318e8d3c5a1fe3503e5f90a927ab7048891a2140e5d0f7f46d61be3ef6af72ddf37c1f6b50cdcb078acc2dce64ace9ed37ec732c2feb4cab05d3977853ba696a9f4de09429d5d063694597a2eb4ade0f75249fcfe3207103c96958f6140a9b8e1d9fe1ed181c5cf5a2a5ee6b26fc7ee22de5bbebcc5ad303544f188a2857747e9596e0d8cc99358979ed7949b1a0a8eb29e7b36f3054495f6861755e3c14eb70d3ffbb5ec2dd2de153ee0e206f5a22514eab91e06855782f39dbf7d5e6c82e72d4730c2f4daa69689fd79e76c77ea1a881a0724ca615f8b21f12150d455f2da99d4ecb3458b121522efca1ad34b499149ee09606a33b6aee750aab39be8cd909659f888ecfb3ace60993510965a143eaa5d1ab88134d8a4e68ed645c25864d1045ee2ace8859456b333f9b0cd29ac4480033ce6a83d592424547c19113cfb313e9762581c4d2f8eff7020a5ee675bd4ec3b96ac3d2afd09760f2e00acea57ba62668d8416c1595c9e09f5e06a90d8ccdbebefb464cd69f333c55b94278056b284d5269b15f4f9d8f8e426049af28dee10ed9792d84a87f32f8a686e944781d886443f3c89d6ecd6f71bea682e197e98e388c1a3792c6fb2182bc142cc3f064d1e880eab353cdea4157412f20fc0695078f0faf635865d8bca37a8e9a4956fe28f00f156a54e272ab1283b7302b5465b383a8299c1be4c6c7795e2452d0be7f1ccba615ea9c96dbde2f281ce6f05136644c359d405f5246395c5602a6c43e5c04b1532050a2078565b983b84dce0e09f71359fa2391275da0ac46a8fc9b6bef23be29681fd05f915cafb5dd5e0eb485cefe1c0a3cb2d0c65f8730cf63b66f92eedd51f5c5e2b6000ef7f09c07b63fee04c048a8bd126309032b9fde55b51bea7f4add2a4c1418dd29006a231eee61f2a215c07e989dabfaa36326bbb30319937d2eef6ea202550ce87790487234228893ad0413d6e80e7197d9cab5ba8c7c26072e197a3254eebc9ec670283a2841d392b6a46cb60d27d03f906fcb587871842b9e70e77bfd8eee52a91cc43f3bf241270fa37e45bf9d42da0c88e1f34517c438b33e07ec7949c51ab6877e93adf210cdc85c877e4015c515b927fe02ae1fc40ad85864ebebc8bbe611fbccca2565e7dea423a0c7669abaa577ce91fdadfcb7a745df8d52d5b3798b9d4df3dcb034808d0355300b5b3a4e06675bee9cebe8beea6e86abd9ef5fb6d0f3d8393404f95937bf88da09126d0468fc5c4dc18e034f33f3eb16311758cf3d42c6abb0ef7964eab31848ad21a65a2271c2fb37eda275db193a41426b969af1a56d84a129c167573699b24152d3ec6cdb579b1717afc9affb854680eb7ed7523638d05ec8184ae4c62960c709f322f9f380b3a03f936920e41f56cb06abb75f81f0b87b8056529305179e6c247dc0e7f8300608b8587ba56b036c1bb38c0db399b30ac38b2fa5fdc5cd769ab3756a48d6cab3418411c4f84eb310db4b2a561c57e948fb084426531987bcbd50c3855e609f961620248dd7edba8df4aad846cd282fffbc5213b03a4f6f7ba9369c7af3eac1a0c39a30514b341940cca237197d2f8341dfee214d0a200bc70a2c36981326f57ffd7361fe0a8be0d97c1097d2bdecb4aa1ccf98fa638ced0fa85874f87b83eac2471bde9c23141b38180db20309d84e200aeb737074f72376f41231f6222175d13a10bbaf44a82b5e95f752e1e45d775f515605b38af7a34358e3f58103f2148d857ab39894c2f07574dfe61d2263179ea10131367ee162b8f376004e1a853ca4bc9413d4808274b9a0c13065387841a23a2b40ec28aa7fd9552a2524e67d4e6e973fb136d4164000ca896f1430b8fe05dc8358a47a9dba6a1e021c6ae78b2341c06c8c70c4c40103b94b3f162f7b24ded108614b9d7b6cff4d92ecb353550a2345d3174b6378575bf4f2fcb6317a68554db6abfd19a8bb9780e1674cd3a52e86f0feb22c256284f6b3d3e71da90ef3c0a4625a3fa22d2ba73f17cb3c4a8c7db25818873f3f421a3fe45bd2ff96c876c7737b9b6ca078442793535cb96a65c7eb0cf2aa5edefba2fd6653c901e9fa5aaad53469f36fcd83357002fcbbde40ab38ed55a639a6750ed45ab0b233c4c99dc47dfedf9e4bad0b9e971b39098ee45f4f8c43770d4fb922a5238a11f1f48709dece7dfb6b0a1a35b50b73ae9d41901459bae9f4efe7aef0ffc5d302785a1e4dad37af8a96fcfd770709beab6808b16c9e4470ed79889af38670c9b97becd8449ec217be1f75db626e27360c270e5f822c962a8307b7a0e788b3d99f9f4c0760cdaf7479141130eef10e6a5c458dfb2eaada5f7aa34ccdb896e3ab3883a3bced298e34240646ac1e41477658467d49a409e1c9f0322d5dbb2051185e9864798c3a046bc8c28faebdc37681d6c5e957683a62a3cce6a0b9b810c9ca6dd9e9eea6a6da2d3fb47ee9c3ad299cebdd28df79581d3732747e4fa7ff4608d4b9a893ebc708854f09c59484b72dcea92db6ae8ce5e05c9a02b267e524ac491e43e2dd05693bffb4eb04722f16b855803313695843ee892d40143678caac5e5593fbb8ef65b0bf9d7ee78bf248e2bb55056a6facd227ea481e59ed73ebe7f0dccdcc1f4f0da076a66c5aeb52e7fc7017d300297d0033d6eb3fa2e9950330589c44a05001bc57d716acb1367a3cb2d9fe851d9a75f70d61aa4d2a5231b97a7e7e8dfd8c000a2e3204f5410737d699ff151f0ec7fead951ba5e9cb48afd88d868d88c2a228761243148ead995d08b23dcbb1ed6e9dd10e1bb72c3be60ab2b67337074052adb6f00da1e68f5c5038f23016407f177496a58d5a641603df768111b995eb1b9f1ebb7877d5a1aaf7e71711441f46264543e090c58f4ce0d3691300ce3ff62d7600607cc83a7bf68e7977080389a8a9c9115ce55d92e6a76f95698157692e6e142e78587c9c0e976ce9cda91a34d3a6f1ddbb57f944f4f5604cf895ee19cf083429d1078994cc648c0a0721fa6ab22b6fdb511783f5257c9076710e620c5b0a074b7e2f41f65ad79ea177def5ddd5b4a9bca64cc7fe5aa2353f10b55158a46a48ada797f7a74ba25a3b7726e6863f692b457a1bab8c8f348da79f527a01f85365c1c5543b1ac42eb6d70f9aae9ce745cfbea0954acc2e952110e251dd17b84e3c4c45872fc95d2ad8191c13b8c5036ffd87166ab0edb347f233e32ab3bafd6c4002cbca94a111354426edda5837df902480e7ababa4325ccb48ff75aaa999d2604aaea952543d09a349eae9c6b8975f67d8a32d6368f333075843e4e2ed774f50a33f9b99dc7ca9559932555f7f48a8c63265aaccfbecb596b2f1a262c2c7be6ef9630a61bed878ad8e1ba1c3a5c85ced14856b093bfcb28839542564dc48b795aadb06038868549348cbf1427575b44df6d4ac6f552dd2a24bffcd71f096c41a5a7b44caae894cea18fb65babbc7503d7097efb65195be8d412c53f3b2a68e77cbbc21870677e11c8a18b7257b2a75539897b193dd045a32e62facde4fece9012696b642fc02a9d2d4eae0d7fab22e4549aef0d55a1b8ee353979aa0b65204792bba1a5ff2f5eb1d8b32f949c282fb1ad51e70b35fe9c10ed2ad7a621bd9070636c3fc39593d8f657d86cb27981836a36e6665d58e3b48bc59bc22f1070b441557e54514f2c4446cf9895a256204ece5f5309a00b0df5b20d6abeceb4b9ae8c681aadc7f6ea6e39caec336c1a9e80d014e8a2899ad9eace2c08eeae1b9d23e5d4d914da685328b2b004257af0d8612c9f2903998ea30d8eafdca225b70e48ae2c54f51497eec99bc6ff41a01459787a1d5b17489bea4ea99e3ade97f8ac4fc7a0e77208482b521c8956226bea5de156ac9e34017ad8308578d997ac3818532c1d2c7d9a7edb5a3fba9c52589b40396a5a8735db59d9e38e9e2893c397c65fbdbece0a59720fc75ca5b797d21e0207d4af44766a7ee278393bddeadfa4215e7bddf2a598b788ea0991d6c5c164a60a8c6a7cc0ec968ee5fa047ce64e3dfe65483e9f6952f32b81461d86d74e7f57609cc2cc29633c839b77850233d1522ce45eeb1bfc53b12e524820db10424cadbbf68ae2d5681b1ca712c9c236ddf5a7c4957b0f8dd7dd7b742f5ccaa54a278193a17017bf4b69ab939e36ee52544265cd6b5088d2915149386721d5229a1a319aabc48701b4c3534834bad1257dcc904058105df123361375178b585718f48e7b111ff7a805c80353e5b1cbbc703075d74c045cfe6c980011650237fdbf03935d328957f372fd5c057eefb7737161f781df121ec3d0c3fea8951e44844f801cda26b73dc97f62cde8ab6f6af6d30c76e97480616cf6c1fd0430dab74042825b769805491bd378fd2c086c8c94bab033462cf5c5e0e0bcc11c0338a28a65e960e2b9d31d9ccf04ac19c68f8730d2a39f9f0358646228828b35743ab4a6dff971ee81b0d21732424d4f3f62f87131ffed1e2f62cab67afbe4030eeb2674a06f7901fb8bd16cd6bb81f739cb2ee9c5baebd2e92fc468fe67bde25336cc90a87491242cbe6a28ed9f470b45d1d0a3e743c8be02c6725ef8af219d0310fe4d301c5d606540b2d79bfd20e1912069f662a618744fea24d20068e0b603e9d746a", 0x1000}], 0x7, &(0x7f0000007e00)=[{0x28, 0xff, 0x3, "1b45da4cd4c3179977e6c8b61c6e7dc7e31578"}], 0x28}}, {{&(0x7f0000007e40)=@in={0x2, 0x4e22, @private=0xa010102}, 0x80, &(0x7f0000008040)=[{&(0x7f0000007ec0)="1aac4ea71f191d6d120fddd9612c472d7cef2728d0a7263885ae57783c482e38abec33cd694cee53ffaf9ad90a42ba13aca904fba3bdc66122c491ea177ed771ecedbf8bf7e27695ed4bb744e57ceded11afab4614215845af157fdbc84566ad", 0x60}, {&(0x7f0000007f40)="6d11628c9e5d7fa79789c33a74d09e1ee177bd174a2aec4c1409ae53450024cd814c0927d691d2b78a5b549279582032577657a9de2d558e01f38babdea1bf18f3c10e212e0850fcf48e5abda6a15563456c557dc32d7d0e2eb64ce9aa50771503e6bc5b42df449c9e457a9603babfc8efcf24c3b9903160cf2ff47a947d6480ca0a6645e67d667f7f60099333feea9fba2bd93bf14281b3281fd3b5cad73402a238f1705d10b56d0e462b63f0e14febaac4dae0207570849e1f301310ad7e06784b4f8216", 0xc5}], 0x2, &(0x7f0000008080)=[{0xd8, 0x29, 0x6, "e184047278cd8bfbf780c652963355dfeb01bf62ef66fc5df315ce9dcb777682a64fa75d5ce2004afb4b5a0ce2f2b9f28925816a677fff2f59039e3dbd724b36daae37a292e276f4e7d24540e25e526ba06375e03917ea45e27a448fc2c03579c01752108bc2ec10a1771aa20b777602c0c4a9764b3eaa0f15fed00375b30f234921412cda32f22039c16d65e28551f8d49f83bbbe9dc6eccd1a546370ebb2b6d558b7f09c722e9a8b097d7e99e5fb5b982f4a03a3732cb6d1835488ed18dde814a4b9230946ace6"}, {0xc8, 0x102, 0x8001, "188707344d4c749de54e14a9d8589bbf97f96cb1934b697eecb02a473945b5aa8e96eaee9e99e30a066b1a939129cfeb34d21af7f58336797ce90c05de5a01b11a93c02e926d7d767c19a055adb3d07b603618def154307aec7397909f1462b73a35442c9129c849340bc36018c1ab2fc2e0bb485e92ae8a708bdc98242daee63d6bedb9aefb7eef45dd020f3201863972232f681d5367314f4eb818f055059dc8cfa769fe8f88ca4e528c975a0674bff52606ef75c2e9"}, {0xd0, 0x3a, 0xbb, "b65aae920b83c3fd0e0f1fca6f08d3a67540121b7931f137bbddacea8aa826ce832c05629eb1f05b5205775ca092a567b862b02413a1e0d9eb0a43ad0a1ffed506a32b9972885d282647d3dbb9c5473e541df89decb2e934d1041a37df5b353fe64897062847dc7f4e0af2d5e70b5ec5de693216488ad17580d878a7356ab333238b288221193715e541cf9c826542b293e35c45b1791e5292c50ac485e86e7d4341e2357f6696377271c08ad23bd954753fa2d74650ac5612e32f32"}, {0x10, 0x10f, 0x3}], 0x280}}, {{&(0x7f0000008300)=@generic={0x5, "e53a744e14229bbced10f16476a06e81227eebf132a9c6d05f6798b3627fc81aa3b5589c6abc074415bddc70dc3ef55660f214ffa7f614189f20e68a11a34a66a488a0ee7469d52e9d7285000387f21989ef84a2dd3a676bf8d32fbd754c95376ffa47a76d1527f21c17afeda7de3cb47cb632b399c7b003230d4b6f873d"}, 0x80, &(0x7f0000008440)=[{&(0x7f0000008380)="907bf7da55fcc6cb8e9a568c330b6e71", 0x10}, {&(0x7f00000083c0)}, {&(0x7f0000008400)="2abc0bd4528acfcaf0c5", 0xa}], 0x3}}, {{&(0x7f0000008480)=@l2={0x1f, 0x63, @none, 0x5}, 0x80, &(0x7f0000008600)=[{&(0x7f0000008500)="7c169ab81ca84e99dceb0124937d86b50a6c76ffe058f92b008ec72aea60ca5b7f541f118fab61222f90de70b7266b196925c8f20e23acddb16a40e83cb21a6638cb3ae4fbff351d05db9832181edabab974f7f953b8ebca2ec2f06aa1e16dc4adb94c7377ae66dea540566f74ca4fee98c4f4accc7da2d0757f675dd6690c33bcfa3db4f2a19f6f32d3ac3dcccecdc77d900415a0078f33516be5619ef9bf7227b65b36dd57b5f22bf27f5b4ed8cc8545", 0xb1}, {&(0x7f00000085c0)="ff8311f5c0a2bf4d228c6ee2cde52b2a3fa0b67b7c8b23b30a8c0c43faf9c879bd5a1c143ff4e9651b903b966dfd01741e89eb8cff", 0x35}], 0x2, &(0x7f0000008640)=[{0xd8, 0x110, 0x401, "9069963d90d9f5881ec2f0764786d15ce53b53c4cdd39cbaaf511d3ee4b61bd6f6041149f76e374cfc48c193f87d44ac15345fcc45223f2691be3b67a896d3a8feafdee9638d0e76772e043125256c37af26eb1960e4e8851a6ceec50d7d204f541ac1d902b4a03ffd6c07db56986a65e98155b575656755322afc8e55ad2ecc75ddb3c72ffe9c8ac7ed39344ea4c3f27dcc924a8c08cfbd75ab72067093bc6e028791c9656df58191e5753f8aee1bb2ce0d59f653036f60e0a8d9d922cf895eb8fb52e6f4013b"}, {0xc8, 0x103, 0x80000000, "7d299368add723461d3e3e48ad8f952b439a959eaf8e609e5019abce86ea6d925cea1b94c2898686f1f8c16725f46a07f3ac738a9349328f084477c07aee8386aeec7d80d3c4d33fa6a9fb1f980de95e600f3d5adaccce60e54f753212b14c01d81486088ed830542f05538b1c11b53e8a8851f691b061892b2dbe36e1eb36c75b3e590769ae8cc666eee029cd9f69b010acfc96649bb5240b6e5b17fc3b553f54578969abac736ce83350c46af3b0ab3f153fc1e7aa52"}, {0x80, 0x1, 0x4, "ee9b1706b08fe04858fb82745dbeb5cffda66f0888b08f6d06a6b0c24a9ab9a9e74028aef588dec8f776b94975be77fbd7c0c71d192d1c508888ad2f9f0e6bc6b143efd310420b6531306c644e64628de635c624a815d838bfddae7a803cd2f712675d1c4093763e57a9df"}], 0x220}}], 0x9, 0x0) [ 2117.781893] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2117.789178] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2117.796452] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2117.803728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000012 [ 2117.811002] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:16:58 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x42, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:16:58 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0xe3, 0xf084, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:16:58 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r2, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYRESDEC=r2], 0x50}}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x60, 0x0) r4 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r4, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) fcntl$dupfd(r4, 0x0, r0) 07:16:58 executing program 4 (fault-call:10 fault-nth:19): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:16:58 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x4103, 0x0) ioctl$VIDIOC_S_HW_FREQ_SEEK(r2, 0x40305652, &(0x7f0000000080)={0x1, 0x5, 0x1ff, 0x40, 0x9, 0x4, 0x3}) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x60, 0x0) 07:16:58 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x240800, 0x0) getsockopt$netlink(r1, 0x10e, 0x5, &(0x7f00000000c0)=""/181, &(0x7f0000000180)=0xb5) ppoll(&(0x7f00000002c0)=[{r0, 0x40}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) [ 2120.340571] net_ratelimit: 20 callbacks suppressed [ 2120.340576] ip_tables: iptables: counters copy to user failed while replacing table [ 2120.365069] ip_tables: iptables: counters copy to user failed while replacing table [ 2120.365810] nla_parse: 7 callbacks suppressed [ 2120.365816] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2120.379393] ip_tables: iptables: counters copy to user failed while replacing table 07:16:58 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x0, 0xe3, 0xf084, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2120.411768] FAULT_INJECTION: forcing a failure. [ 2120.411768] name failslab, interval 1, probability 0, space 0, times 0 [ 2120.430863] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2120.440061] ip_tables: iptables: counters copy to user failed while replacing table [ 2120.492508] CPU: 0 PID: 6766 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2120.500348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2120.509707] Call Trace: [ 2120.512308] dump_stack+0x1b2/0x283 [ 2120.515952] should_fail.cold+0x10a/0x154 [ 2120.519191] ip_tables: iptables: counters copy to user failed while replacing table [ 2120.520111] should_failslab+0xd6/0x130 [ 2120.520125] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2120.520139] __kmalloc_node_track_caller+0x38/0x70 [ 2120.520151] __alloc_skb+0x96/0x510 [ 2120.520164] alloc_skb_with_frags+0x85/0x500 [ 2120.549965] sock_alloc_send_pskb+0x577/0x6d0 [ 2120.554469] ? SyS_sendmmsg+0x2f/0x50 [ 2120.558276] ? do_syscall_64+0x1d5/0x640 [ 2120.562346] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2120.563300] ip_tables: iptables: counters copy to user failed while replacing table [ 2120.567740] ? sock_kzfree_s+0x50/0x50 [ 2120.567750] ? netlbl_enabled+0x5/0x50 [ 2120.567759] ? __ip_dev_find+0x248/0x470 [ 2120.567773] ? lock_acquire+0x170/0x3f0 [ 2120.567786] __ip_append_data+0x11ec/0x1ff0 [ 2120.567798] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2120.567809] ? ip_do_fragment+0x1f50/0x1f50 [ 2120.567824] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2120.567833] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2120.567841] ? ip_setup_cork+0x6b0/0x6b0 [ 2120.567848] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2120.567855] ? ipv4_mtu+0x27e/0x370 [ 2120.567864] ? ip_do_fragment+0x1f50/0x1f50 [ 2120.567872] ip_make_skb+0x167/0x1b0 [ 2120.567884] ? ip_flush_pending_frames+0x20/0x20 07:16:58 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x0, 0xe3, 0xf084, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2120.567895] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2120.567904] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2120.567917] ? xfrm_lookup_route+0x43/0x1b0 [ 2120.567930] udp_sendmsg+0x156f/0x1c00 [ 2120.567942] ? ip_do_fragment+0x1f50/0x1f50 [ 2120.567955] ? udp_seq_next+0xa0/0xa0 [ 2120.668008] ? __might_fault+0x104/0x1b0 [ 2120.672075] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2120.676850] ? lock_acquire+0x170/0x3f0 [ 2120.680839] ? dup_iter+0x240/0x240 [ 2120.684486] ? kernel_recvmsg+0x210/0x210 [ 2120.688646] inet_sendmsg+0x11a/0x4e0 [ 2120.692454] ? security_socket_sendmsg+0x83/0xb0 [ 2120.697222] ? inet_recvmsg+0x4d0/0x4d0 [ 2120.701203] sock_sendmsg+0xb5/0x100 [ 2120.704922] ___sys_sendmsg+0x326/0x800 [ 2120.708901] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2120.713665] ? lock_downgrade+0x740/0x740 [ 2120.717824] ? trace_hardirqs_on+0x10/0x10 [ 2120.722069] ? up_read+0x17/0x30 [ 2120.722792] ip_tables: iptables: counters copy to user failed while replacing table [ 2120.725434] ? __do_page_fault+0x19a/0xb50 [ 2120.725446] ? retint_kernel+0x2d/0x2d 07:16:58 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) ioctl$KDFONTOP_COPY(0xffffffffffffffff, 0x4b72, &(0x7f0000000040)={0x3, 0x1, 0x1, 0x4, 0x1b1, &(0x7f0000000140)}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) r3 = socket$phonet(0x23, 0x2, 0x1) getsockopt$IP_SET_OP_GET_BYNAME(r3, 0x1, 0x53, &(0x7f0000000080)={0x6, 0x7, 'syz1\x00'}, &(0x7f0000000540)=0x28) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2120.725460] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2120.725472] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2120.725484] ? __might_fault+0x104/0x1b0 [ 2120.725494] ? lock_acquire+0x170/0x3f0 [ 2120.725513] __sys_sendmmsg+0x129/0x330 [ 2120.725523] ? SyS_sendmsg+0x40/0x40 [ 2120.725543] ? __mutex_unlock_slowpath+0x75/0x770 [ 2120.725552] ? wait_for_completion_io+0x10/0x10 [ 2120.725564] ? vfs_write+0x319/0x4d0 [ 2120.780061] ? fput+0xb/0x140 [ 2120.783175] ? SyS_write+0x14d/0x210 [ 2120.786910] ? SyS_read+0x210/0x210 [ 2120.790541] SyS_sendmmsg+0x2f/0x50 [ 2120.794174] ? __sys_sendmmsg+0x330/0x330 [ 2120.798326] do_syscall_64+0x1d5/0x640 [ 2120.802222] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2120.807411] RIP: 0033:0x45e179 [ 2120.810602] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2120.818313] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2120.825587] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2120.832863] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 07:16:58 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="50004efa3cc901030000667bca5f2f72f8b75531c300000000000000000000080003400000504850677ef1992d10ed74e8ceec3a"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2120.840143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013 [ 2120.847415] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:16:58 executing program 4 (fault-call:10 fault-nth:20): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2120.902753] ip_tables: iptables: counters copy to user failed while replacing table 07:16:59 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x0, 0xe3, 0xf084, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2120.959545] ip_tables: iptables: counters copy to user failed while replacing table [ 2120.989486] ip_tables: iptables: counters copy to user failed while replacing table [ 2120.998034] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2121.001237] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2121.028783] FAULT_INJECTION: forcing a failure. [ 2121.028783] name failslab, interval 1, probability 0, space 0, times 0 [ 2121.082389] CPU: 0 PID: 6800 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2121.090218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2121.099578] Call Trace: [ 2121.102177] dump_stack+0x1b2/0x283 [ 2121.105805] should_fail.cold+0x10a/0x154 [ 2121.109957] should_failslab+0xd6/0x130 [ 2121.113931] kmem_cache_alloc+0x40/0x3c0 [ 2121.117995] dst_alloc+0xed/0x6d0 [ 2121.121448] rt_dst_alloc+0x6b/0x430 [ 2121.125171] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2121.130462] ip_route_output_key_hash+0x195/0x2a0 [ 2121.135319] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2121.140860] ? udp_sendmsg+0xe45/0x1c00 [ 2121.144845] ? lock_acquire+0x170/0x3f0 [ 2121.148827] ? lock_downgrade+0x740/0x740 [ 2121.153005] ip_route_output_flow+0x22/0xb0 [ 2121.157334] udp_sendmsg+0x13b5/0x1c00 [ 2121.161251] ? ip_do_fragment+0x1f50/0x1f50 [ 2121.165600] ? udp_seq_next+0xa0/0xa0 [ 2121.169403] ? __might_fault+0x104/0x1b0 [ 2121.173464] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2121.178254] ? lock_acquire+0x170/0x3f0 [ 2121.182239] ? dup_iter+0x240/0x240 [ 2121.185882] ? kernel_recvmsg+0x210/0x210 [ 2121.190029] inet_sendmsg+0x11a/0x4e0 [ 2121.193828] ? security_socket_sendmsg+0x83/0xb0 [ 2121.198589] ? inet_recvmsg+0x4d0/0x4d0 [ 2121.202572] sock_sendmsg+0xb5/0x100 [ 2121.206320] ___sys_sendmsg+0x326/0x800 [ 2121.210299] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2121.215067] ? lock_downgrade+0x740/0x740 [ 2121.219219] ? trace_hardirqs_on+0x10/0x10 [ 2121.223454] ? up_read+0x17/0x30 [ 2121.226820] ? __do_page_fault+0x19a/0xb50 [ 2121.231055] ? retint_kernel+0x2d/0x2d [ 2121.234952] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2121.239979] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2121.244743] ? __might_fault+0x104/0x1b0 [ 2121.248811] ? lock_acquire+0x170/0x3f0 [ 2121.252784] __sys_sendmmsg+0x129/0x330 [ 2121.256749] ? SyS_sendmsg+0x40/0x40 [ 2121.260556] ? __mutex_unlock_slowpath+0x75/0x770 [ 2121.265400] ? wait_for_completion_io+0x10/0x10 [ 2121.270072] ? vfs_write+0x319/0x4d0 [ 2121.273809] ? fput+0xb/0x140 [ 2121.276911] ? SyS_write+0x14d/0x210 [ 2121.280688] ? SyS_read+0x210/0x210 [ 2121.284308] SyS_sendmmsg+0x2f/0x50 [ 2121.287948] ? __sys_sendmmsg+0x330/0x330 [ 2121.292095] do_syscall_64+0x1d5/0x640 [ 2121.295985] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2121.301161] RIP: 0033:0x45e179 [ 2121.304447] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2121.312273] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2121.319539] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2121.326810] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2121.334079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 2121.341342] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c [ 2121.381467] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. 07:17:01 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:01 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x368, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2d0, 0x1a8, 0x1a8, 0x2d0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev={[], 0x20}, 0x80, 0x5, [0x27, 0x3b, 0x32, 0x40, 0x0, 0x38, 0x1e, 0x26, 0x30, 0x1, 0x3, 0x3, 0x20, 0x17, 0x11, 0x7], 0x1, 0xfffff801, 0x762}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x0, 0x0) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180)='ethtool\x00') sendmsg$ETHTOOL_MSG_LINKINFO_SET(r3, &(0x7f0000001400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000013c0)={&(0x7f0000001240)={0x90, r4, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0xd0}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0xf4}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x7f}, @ETHTOOL_A_LINKINFO_HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x44, r4, 0x200, 0x70bd27, 0x25dfdbfe, {}, [@ETHTOOL_A_COALESCE_RX_USECS_LOW={0x8, 0xe, 0x87000000}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x80000001}, @ETHTOOL_A_COALESCE_RX_USECS_HIGH={0x8, 0x13, 0xce91}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_IRQ={0x8, 0x5, 0xfffffffd}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_RX={0x5, 0xb, 0x1}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x20044000) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000080)='wg0\x00', 0x4) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) sendmmsg(r5, &(0x7f0000007fc0), 0x60, 0x0) 07:17:01 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0xf084, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:01 executing program 4 (fault-call:10 fault-nth:21): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:01 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) getrusage(0xffffffffffffffff, &(0x7f00000000c0)) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) rt_sigtimedwait(&(0x7f0000000040)={[0x8]}, &(0x7f0000000180), &(0x7f0000000240)={r1, r2+60000000}, 0x8) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000300)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, r3, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x1}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0xf8}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400c011}, 0x4008814) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:17:01 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r1, 0x0, 0x0) setsockopt$packet_buf(r1, 0x107, 0x1, &(0x7f0000000080)="83853ad7acc88cc4aaa3d074e32bbbb0cbcf1a8d1d38e24f406f13c6fdca76a7803b78e795f3aff675592a642f866bc5bb7310f3e37f790b79bbe27fa2ad", 0x3e) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="50000000010401dd0d9754d00340000004000600064000020000050001000100"/46], 0x50}}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000000080), 0x0, 0x0) 07:17:01 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2123.398695] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2123.410874] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2123.424414] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2123.440120] FAULT_INJECTION: forcing a failure. [ 2123.440120] name failslab, interval 1, probability 0, space 0, times 0 [ 2123.486478] CPU: 1 PID: 6832 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2123.494308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2123.503665] Call Trace: [ 2123.506260] dump_stack+0x1b2/0x283 [ 2123.509899] should_fail.cold+0x10a/0x154 [ 2123.514055] should_failslab+0xd6/0x130 [ 2123.518035] kmem_cache_alloc_node+0x263/0x410 [ 2123.521676] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2123.522655] __alloc_skb+0x5c/0x510 07:17:01 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$inet_udp(0x2, 0x2, 0x0) fstat(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r2) r3 = socket$inet_udp(0x2, 0x2, 0x0) fstat(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r4) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r5, r2, r2) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRES32], 0x50}, 0x1, 0x0, 0x0, 0x4004}, 0x10044804) write$UHID_SET_REPORT_REPLY(0xffffffffffffffff, &(0x7f0000000040)={0xe, {0x2, 0x20, 0xff, 0x60, "47a8a80ef6fe2840db72edb55b9e4ffda63605cd1c4b31c9e3619b37ca5536c8fe3364d187ec9c5050bd5dd4a8b84d4b42bfbd9cb5e2d4b86f52be059ae03c001b01ada24f57321fa6b23840abebda6f868f0dfbce90c584ad325a3c0ccc0349"}}, 0x6c) r7 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r7, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r7, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r7, &(0x7f0000007fc0), 0x60, 0x0) 07:17:01 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x0, 0x40080) 07:17:01 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2123.522670] alloc_skb_with_frags+0x85/0x500 [ 2123.522690] sock_alloc_send_pskb+0x577/0x6d0 [ 2123.543765] ? SyS_sendmmsg+0x2f/0x50 [ 2123.547565] ? do_syscall_64+0x1d5/0x640 [ 2123.551635] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2123.557015] ? sock_kzfree_s+0x50/0x50 [ 2123.560905] ? netlbl_enabled+0x5/0x50 [ 2123.564828] ? __ip_dev_find+0x248/0x470 [ 2123.568898] ? lock_acquire+0x170/0x3f0 [ 2123.572883] __ip_append_data+0x11ec/0x1ff0 [ 2123.577208] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2123.582409] ? ip_do_fragment+0x1f50/0x1f50 [ 2123.586752] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2123.591777] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2123.596988] ? ip_setup_cork+0x6b0/0x6b0 [ 2123.601089] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2123.606283] ? ipv4_mtu+0x27e/0x370 [ 2123.609921] ? ip_do_fragment+0x1f50/0x1f50 [ 2123.614245] ip_make_skb+0x167/0x1b0 [ 2123.617980] ? ip_flush_pending_frames+0x20/0x20 [ 2123.622769] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2123.627790] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2123.633337] ? xfrm_lookup_route+0x43/0x1b0 [ 2123.637671] udp_sendmsg+0x156f/0x1c00 [ 2123.641606] ? ip_do_fragment+0x1f50/0x1f50 [ 2123.645943] ? udp_seq_next+0xa0/0xa0 [ 2123.649752] ? __might_fault+0x104/0x1b0 [ 2123.653816] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2123.658575] ? lock_acquire+0x170/0x3f0 [ 2123.662560] ? dup_iter+0x240/0x240 [ 2123.666201] ? kernel_recvmsg+0x210/0x210 [ 2123.670353] inet_sendmsg+0x11a/0x4e0 [ 2123.674149] ? security_socket_sendmsg+0x83/0xb0 [ 2123.678902] ? inet_recvmsg+0x4d0/0x4d0 [ 2123.682865] sock_sendmsg+0xb5/0x100 [ 2123.686563] ___sys_sendmsg+0x326/0x800 [ 2123.690529] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2123.695277] ? lock_downgrade+0x740/0x740 [ 2123.699419] ? trace_hardirqs_on+0x10/0x10 [ 2123.703661] ? up_read+0x17/0x30 [ 2123.707031] ? __do_page_fault+0x19a/0xb50 [ 2123.711259] ? retint_kernel+0x2d/0x2d [ 2123.715133] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2123.720146] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2123.724900] ? __might_fault+0x104/0x1b0 [ 2123.728957] ? lock_acquire+0x170/0x3f0 [ 2123.732930] __sys_sendmmsg+0x129/0x330 [ 2123.737061] ? SyS_sendmsg+0x40/0x40 [ 2123.740778] ? __mutex_unlock_slowpath+0x75/0x770 [ 2123.745738] ? wait_for_completion_io+0x10/0x10 [ 2123.750410] ? vfs_write+0x319/0x4d0 [ 2123.754110] ? fput+0xb/0x140 [ 2123.757266] ? SyS_write+0x14d/0x210 [ 2123.760962] ? SyS_read+0x210/0x210 [ 2123.764586] SyS_sendmmsg+0x2f/0x50 [ 2123.768202] ? __sys_sendmmsg+0x330/0x330 [ 2123.772337] do_syscall_64+0x1d5/0x640 [ 2123.776213] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2123.781490] RIP: 0033:0x45e179 [ 2123.784766] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2123.792456] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2123.799717] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2123.806978] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2123.814241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 2123.821608] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:01 executing program 4 (fault-call:10 fault-nth:22): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:02 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001", @ANYRES64=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRES64=r0, @ANYBLOB="e4a3d3ae287ec5"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2123.939664] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2124.001473] FAULT_INJECTION: forcing a failure. [ 2124.001473] name failslab, interval 1, probability 0, space 0, times 0 [ 2124.035885] CPU: 0 PID: 6870 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2124.043717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2124.053158] Call Trace: [ 2124.055750] dump_stack+0x1b2/0x283 [ 2124.059390] should_fail.cold+0x10a/0x154 [ 2124.063554] should_failslab+0xd6/0x130 [ 2124.067540] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2124.072668] __kmalloc_node_track_caller+0x38/0x70 [ 2124.077610] __alloc_skb+0x96/0x510 [ 2124.081254] alloc_skb_with_frags+0x85/0x500 [ 2124.085680] sock_alloc_send_pskb+0x577/0x6d0 [ 2124.090184] ? SyS_sendmmsg+0x2f/0x50 [ 2124.093989] ? do_syscall_64+0x1d5/0x640 [ 2124.098051] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2124.103425] ? sock_kzfree_s+0x50/0x50 [ 2124.107317] ? netlbl_enabled+0x5/0x50 [ 2124.111214] ? __ip_dev_find+0x248/0x470 [ 2124.115289] ? lock_acquire+0x170/0x3f0 [ 2124.119263] __ip_append_data+0x11ec/0x1ff0 [ 2124.123596] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2124.128805] ? ip_do_fragment+0x1f50/0x1f50 [ 2124.133143] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2124.138161] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2124.143359] ? ip_setup_cork+0x6b0/0x6b0 [ 2124.147425] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2124.152618] ? ipv4_mtu+0x27e/0x370 [ 2124.156253] ? ip_do_fragment+0x1f50/0x1f50 [ 2124.160575] ip_make_skb+0x167/0x1b0 [ 2124.164299] ? ip_flush_pending_frames+0x20/0x20 [ 2124.169065] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2124.174093] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2124.179642] ? xfrm_lookup_route+0x43/0x1b0 [ 2124.183977] udp_sendmsg+0x156f/0x1c00 [ 2124.187887] ? ip_do_fragment+0x1f50/0x1f50 [ 2124.192221] ? udp_seq_next+0xa0/0xa0 [ 2124.196030] ? __might_fault+0x104/0x1b0 [ 2124.200095] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2124.204859] ? lock_acquire+0x170/0x3f0 [ 2124.208835] ? dup_iter+0x240/0x240 [ 2124.212474] ? kernel_recvmsg+0x210/0x210 [ 2124.216627] inet_sendmsg+0x11a/0x4e0 [ 2124.220433] ? security_socket_sendmsg+0x83/0xb0 [ 2124.225201] ? inet_recvmsg+0x4d0/0x4d0 [ 2124.229171] sock_sendmsg+0xb5/0x100 [ 2124.232903] ___sys_sendmsg+0x326/0x800 [ 2124.236881] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2124.241688] ? lock_downgrade+0x740/0x740 [ 2124.245847] ? trace_hardirqs_on+0x10/0x10 [ 2124.250082] ? up_read+0x17/0x30 [ 2124.253451] ? __do_page_fault+0x19a/0xb50 [ 2124.257695] ? retint_kernel+0x2d/0x2d [ 2124.261596] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2124.266622] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2124.271391] ? __might_fault+0x104/0x1b0 [ 2124.275465] ? lock_acquire+0x170/0x3f0 [ 2124.279446] __sys_sendmmsg+0x129/0x330 [ 2124.283423] ? SyS_sendmsg+0x40/0x40 [ 2124.287155] ? __mutex_unlock_slowpath+0x75/0x770 [ 2124.292006] ? wait_for_completion_io+0x10/0x10 [ 2124.296685] ? vfs_write+0x319/0x4d0 [ 2124.300395] ? fput+0xb/0x140 [ 2124.303503] ? SyS_write+0x14d/0x210 [ 2124.307220] ? SyS_read+0x210/0x210 [ 2124.310854] SyS_sendmmsg+0x2f/0x50 [ 2124.314485] ? __sys_sendmmsg+0x330/0x330 [ 2124.318631] do_syscall_64+0x1d5/0x640 [ 2124.322526] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2124.327720] RIP: 0033:0x45e179 [ 2124.330908] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2124.338621] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2124.345920] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2124.353193] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2124.360464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000016 [ 2124.367743] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:04 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:04 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:04 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) syz_mount_image$minix(&(0x7f0000000080)='minix\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f00000001c0)=[{0x0, 0x0, 0x1a2}], 0x0, &(0x7f0000000200)) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000140)={0x0, 0xd1, "8b66c42364b20c8799081f94184d60e5b376573bcf9f2f297f8d41afc71bbb6b8bc96221d560c08bcc0a0540f1366e45a27767f912e5d45c8a5e92b4f469dd8d7c9852bf92cb4ab6049b6c5b500b7865111858afd3f65e947cde233ca8fefefa6c507ec75bc0a7ad690666810b2ce901b2565f6c37b471f88a6efa333549725783166b82aae5fe1bec8ff5e6e2c6da1b789566ce065ea4ba32ce187c350d5fa44eccbff5e93a060d6ec455ddbc433cffbc125655eabce933b75d4e24f7878816665edf12549dd0193029ae69314a69c7c7"}, &(0x7f0000000040)=0xd9) 07:17:04 executing program 4 (fault-call:10 fault-nth:23): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:04 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) sendmsg$SOCK_DESTROY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000300)={0x414, 0x15, 0x100, 0x70bd26, 0x25dfdbfe, {0x1d, 0x2}, [@INET_DIAG_REQ_BYTECODE={0x80, 0x1, "0f1ca1be0e993e41d44a5fc246f0f01c8a72ae0c496dabbef5121b4d5c5f3dd93277a312d836434580efee0e7a4c502173ccf7751cbe14111335b60f147f540cf471a782f2ff13bdb91f731fad073431374a056bf30135bfbcf6828b2b33e5221e5f05b5a45aff7d2f7e5a7cf8b5344346ba79a3ebd6060b8161b875"}, @INET_DIAG_REQ_BYTECODE={0xac, 0x1, "8f471136c9b889411f5dc8183d2376f03e49b628f35ce5f07e0bf11e00a7d9c84e7e4db59b96bcd3656feb417be4cc13ec86bc99611011834bf126e087ce856bec5fe32a1a5ebf9494e5fc253b631c2de57c760d4dd598259c8a3f4c3dec03e11f8589cf64d475f39e7f223332384a3cb7988f7f80dc0d84e0cd0fa2847129ab00eaeb714cb6b370fe69b8a488f0afe4198426b79543992b7ecfd1540d65468321b3ef616deaf23b"}, @INET_DIAG_REQ_BYTECODE={0x88, 0x1, "5c3d522965e9c9a6d278a4d5e443193121214ca374fad2fc356cf056252aa9f5cf37d41ba893006845f67c690ff6fea10cd342eb4123d0d659807e0461f30fbf364a3e440e83210a26e4b073abdd9bf89b14569ca5b46d96e5849e475a769f403cbd1c077086628081330f640566726a2ddcf1b461b55b1ce91374171feadbcd721956a5"}, @INET_DIAG_REQ_BYTECODE={0xc7, 0x1, "1b5706064cf91fabd23a8d5e4c25ade59883484c759684a8ad8e7b677e62519649eeed064c25e63b5f4f344445617b087ea0be8e4e7c65b7479500f99051c93c2686627d0c7590905c837e61533d1cdddae8e033064708dafa3a79b36654053eea15e61c7e6b528d373b5b14a6214c9d9a4d2cf523def20c2d76fc6d9d43a41b3db1876eab8ebfb76e95b36d818b372dbab873fe1c08aca01455648625fa706f1f51e984a6b81171f5e2b4e6d5d5b2a4b9c359ff138914badf8b59ece1c6e975cdda63"}, @INET_DIAG_REQ_BYTECODE={0x60, 0x1, "167b51c9a1fa14f22bc0fbff0ec59289725abac581cc9c93b3c7af8393b2e4400f0683441c9ff552bc6c3997aab43248e5b5977517136c9fa04b040dfa2d78cefaffe7d5193b9b3f130d3a4a92b3994fbd10936acd87655bebdf78bc"}, @INET_DIAG_REQ_BYTECODE={0xc9, 0x1, "452008a371f412072a29c3152584167727a12b51f91470bebf362744b436954b9c8f4d242eab12c7de62d9887c17191cdf7164c168cf01c967028bb3f53ade64941126e89923e73b227f9b983709ad49a8ea3e47e828da996ae227bf1192b64661411237439a60e4b9a6f6cb774ffd15344a8e0f18fac95af77046b4ad8affc6b13cd86a6ed9d7f57274569c2bf51c994a296e0030738a176665590c366dcfedc6d7d40271c67f161623287f8903c2ff44f79c1a9eead76eda2c202f1236fd6c2db6fbedbc"}, @INET_DIAG_REQ_BYTECODE={0x57, 0x1, "cb86ffe8a307ec89121b5e62b36bdba37df61e8908866ece97917000935bc444456bbddc7e21f2fbfeec0eebf1a833e5a60a35f4717d2a505125adb6627fb9f8735c1a604527c5a13bb3d5f9787994579f07d9"}]}, 0x414}, 0x1, 0x0, 0x0, 0x800}, 0x20814) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:17:04 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) arch_prctl$ARCH_GET_CPUID(0x1011) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000000104bbec000000000000000000000000080003400000000006000640000600000500050001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r3, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) write$binfmt_misc(r3, &(0x7f0000000080)={'syz1', "26fa214b841172ffaf1b9ea50adc1cd01f5a65aa8e"}, 0x19) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nvram\x00', 0x101881, 0x0) write$FUSE_NOTIFY_INVAL_INODE(r4, &(0x7f0000000180)={0x28, 0x2, 0x0, {0x1, 0x9, 0xaee0}}, 0x28) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x88f07258}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x5c, 0x0, 0x102, 0x70bd25, 0x25dfdbfe, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xb959}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x1000}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x120}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}]}, 0x5c}, 0x1, 0x0, 0x0, 0x9}, 0x40015) r5 = getpid() sched_setattr(r5, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000340)={{0x6, 0x2, 0x0, 0xd8d, '\x00', 0x10001}, 0x4, 0x400, 0x3, r5, 0x3, 0x2, 'syz0\x00', &(0x7f0000000300)=['\x00', ')\x00', '\x00'], 0x4, [], [0x20, 0x401, 0xff, 0x5]}) [ 2126.417039] net_ratelimit: 16 callbacks suppressed [ 2126.417044] ip_tables: iptables: counters copy to user failed while replacing table [ 2126.439185] ip_tables: iptables: counters copy to user failed while replacing table [ 2126.440109] nla_parse: 4 callbacks suppressed [ 2126.440115] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2126.447967] xt_HMARK: hash modulus can't be zero [ 2126.458735] FAULT_INJECTION: forcing a failure. [ 2126.458735] name failslab, interval 1, probability 0, space 0, times 0 [ 2126.467578] ip_tables: iptables: counters copy to user failed while replacing table [ 2126.494201] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2126.500227] CPU: 0 PID: 6896 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2126.510644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2126.520035] Call Trace: [ 2126.522629] dump_stack+0x1b2/0x283 [ 2126.526268] should_fail.cold+0x10a/0x154 [ 2126.530442] should_failslab+0xd6/0x130 [ 2126.534459] kmem_cache_alloc+0x40/0x3c0 [ 2126.538530] dst_alloc+0xed/0x6d0 [ 2126.539946] MINIX-fs: unable to read superblock [ 2126.541996] rt_dst_alloc+0x6b/0x430 [ 2126.542012] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2126.542028] ip_route_output_key_hash+0x195/0x2a0 [ 2126.542039] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2126.542049] ? udp_sendmsg+0xe45/0x1c00 [ 2126.542063] ? lock_acquire+0x170/0x3f0 [ 2126.574769] ? lock_downgrade+0x740/0x740 [ 2126.578920] ip_route_output_flow+0x22/0xb0 [ 2126.583249] udp_sendmsg+0x13b5/0x1c00 [ 2126.587150] ? ip_do_fragment+0x1f50/0x1f50 [ 2126.591485] ? udp_seq_next+0xa0/0xa0 [ 2126.595305] ? __might_fault+0x104/0x1b0 [ 2126.599472] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2126.604233] ? lock_acquire+0x170/0x3f0 [ 2126.608218] ? dup_iter+0x240/0x240 [ 2126.614635] ? kernel_recvmsg+0x210/0x210 [ 2126.618798] inet_sendmsg+0x11a/0x4e0 [ 2126.622605] ? security_socket_sendmsg+0x83/0xb0 [ 2126.627367] ? inet_recvmsg+0x4d0/0x4d0 [ 2126.631353] sock_sendmsg+0xb5/0x100 [ 2126.635072] ___sys_sendmsg+0x326/0x800 [ 2126.638015] ip_tables: iptables: counters copy to user failed while replacing table [ 2126.639056] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2126.639072] ? lock_downgrade+0x740/0x740 [ 2126.639085] ? trace_hardirqs_on+0x10/0x10 [ 2126.639095] ? up_read+0x17/0x30 [ 2126.639104] ? __do_page_fault+0x19a/0xb50 [ 2126.639116] ? retint_kernel+0x2d/0x2d [ 2126.671486] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2126.676511] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2126.681277] ? __might_fault+0x104/0x1b0 [ 2126.685349] ? lock_acquire+0x170/0x3f0 [ 2126.689340] __sys_sendmmsg+0x129/0x330 [ 2126.693323] ? SyS_sendmsg+0x40/0x40 [ 2126.697148] ? __mutex_unlock_slowpath+0x75/0x770 [ 2126.702003] ? wait_for_completion_io+0x10/0x10 [ 2126.706680] ? vfs_write+0x319/0x4d0 [ 2126.710397] ? fput+0xb/0x140 [ 2126.713501] ? SyS_write+0x14d/0x210 [ 2126.717248] ? SyS_read+0x210/0x210 [ 2126.720878] SyS_sendmmsg+0x2f/0x50 [ 2126.724522] ? __sys_sendmmsg+0x330/0x330 [ 2126.728674] do_syscall_64+0x1d5/0x640 [ 2126.732575] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2126.737767] RIP: 0033:0x45e179 [ 2126.740960] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2126.748672] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2126.755948] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 07:17:04 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={0xffffffffffffffff}, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:04 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2126.763232] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2126.770510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 2126.777785] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:04 executing program 4 (fault-call:10 fault-nth:24): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2126.821219] ip_tables: iptables: counters copy to user failed while replacing table [ 2126.830442] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2126.854833] ip_tables: iptables: counters copy to user failed while replacing table [ 2126.871303] MINIX-fs: unable to read superblock [ 2126.882670] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2126.912705] xt_HMARK: hash modulus can't be zero 07:17:05 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="50000000010401030089d9000000000000000000080003400000000006000640000200000500010001dee9794e9309ba7b5383facb4974fa0da45ef72441604386a15db2ddd124c4705c5df16bc1b9f1c1f4165878266ffe77260e"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2126.959901] ip_tables: iptables: counters copy to user failed while replacing table [ 2126.984606] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2127.000738] ip_tables: iptables: counters copy to user failed while replacing table 07:17:05 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2127.002054] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. 07:17:05 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="500000002104010300000070000000060006400002000005000100010800000000000000710b57b5a4dcb1f31238de91c3a0726e7b70b0e9ba96e8453e958dbfc802db68a0d7197959d9414c92ace8e0ce2cef73a3e2f6ff6e881dce683215cfde0a5b45ab50c91767d579c5378bc80c33a49ddbccfc15c78eb022e26e2840607df62ae285dc192971e59e934a491dee8900067e2257af564a08445a98cd970e5c"], 0x50}}, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x2449c1, 0x0) read$FUSE(r3, 0x0, 0x0) ioctl$SNAPSHOT_S2RAM(r3, 0x330b) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000040)=0xd, 0x4) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x60, 0x0) [ 2127.059371] FAULT_INJECTION: forcing a failure. [ 2127.059371] name failslab, interval 1, probability 0, space 0, times 0 [ 2127.104226] CPU: 0 PID: 6926 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2127.109179] xt_HMARK: hash modulus can't be zero [ 2127.112064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2127.112070] Call Trace: [ 2127.112088] dump_stack+0x1b2/0x283 [ 2127.112108] should_fail.cold+0x10a/0x154 [ 2127.136541] should_failslab+0xd6/0x130 [ 2127.140528] kmem_cache_alloc_node+0x263/0x410 [ 2127.145125] __alloc_skb+0x5c/0x510 [ 2127.148764] alloc_skb_with_frags+0x85/0x500 [ 2127.153188] sock_alloc_send_pskb+0x577/0x6d0 [ 2127.157705] ? __lock_acquire+0x5fc/0x3f20 [ 2127.161951] ? sock_kzfree_s+0x50/0x50 [ 2127.165844] ? netlbl_enabled+0x5/0x50 [ 2127.169739] ? __ip_dev_find+0x248/0x470 [ 2127.173811] ? trace_hardirqs_on+0x10/0x10 [ 2127.178047] ? lock_acquire+0x170/0x3f0 [ 2127.182027] __ip_append_data+0x11ec/0x1ff0 [ 2127.186370] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2127.191574] ? ip_do_fragment+0x1f50/0x1f50 [ 2127.195910] ? lock_downgrade+0x740/0x740 [ 2127.200063] ? ip_setup_cork+0x6b0/0x6b0 [ 2127.204133] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 2127.209245] ? ipv4_mtu+0x27e/0x370 [ 2127.212965] ? ip_do_fragment+0x1f50/0x1f50 [ 2127.217295] ip_make_skb+0x167/0x1b0 [ 2127.221042] ? ip_flush_pending_frames+0x20/0x20 [ 2127.225813] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2127.230840] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2127.232652] ip_tables: iptables: counters copy to user failed while replacing table [ 2127.236385] ? xfrm_lookup_route+0x43/0x1b0 [ 2127.236400] udp_sendmsg+0x156f/0x1c00 [ 2127.236415] ? ip_do_fragment+0x1f50/0x1f50 [ 2127.236426] ? udp_seq_next+0xa0/0xa0 [ 2127.236436] ? __might_fault+0x104/0x1b0 [ 2127.236445] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2127.236457] ? lock_acquire+0x170/0x3f0 [ 2127.236472] ? dup_iter+0x240/0x240 [ 2127.236487] ? kernel_recvmsg+0x210/0x210 [ 2127.281097] inet_sendmsg+0x11a/0x4e0 [ 2127.284904] ? security_socket_sendmsg+0x83/0xb0 [ 2127.289670] ? inet_recvmsg+0x4d0/0x4d0 [ 2127.293680] sock_sendmsg+0xb5/0x100 [ 2127.297395] ___sys_sendmsg+0x326/0x800 [ 2127.301375] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2127.306147] ? lock_downgrade+0x740/0x740 [ 2127.310346] ? trace_hardirqs_on+0x10/0x10 [ 2127.314594] ? up_read+0x17/0x30 [ 2127.317970] ? __do_page_fault+0x19a/0xb50 [ 2127.319246] ip_tables: iptables: counters copy to user failed while replacing table [ 2127.322207] ? retint_kernel+0x2d/0x2d [ 2127.322224] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2127.322235] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2127.322250] ? __might_fault+0x104/0x1b0 [ 2127.347716] ? lock_acquire+0x170/0x3f0 [ 2127.351707] __sys_sendmmsg+0x129/0x330 [ 2127.355690] ? SyS_sendmsg+0x40/0x40 [ 2127.359428] ? __mutex_unlock_slowpath+0x75/0x770 [ 2127.364282] ? wait_for_completion_io+0x10/0x10 [ 2127.368961] ? vfs_write+0x319/0x4d0 [ 2127.372687] ? fput+0xb/0x140 [ 2127.375801] ? SyS_write+0x14d/0x210 [ 2127.379518] ? SyS_read+0x210/0x210 [ 2127.383149] SyS_sendmmsg+0x2f/0x50 [ 2127.386779] ? __sys_sendmmsg+0x330/0x330 [ 2127.390933] do_syscall_64+0x1d5/0x640 [ 2127.394832] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2127.400034] RIP: 0033:0x45e179 [ 2127.403225] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2127.410944] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2127.418218] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2127.425512] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2127.432787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000018 [ 2127.440062] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c [ 2127.475285] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2127.570601] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. 07:17:07 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:07 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32=r8, @ANYBLOB="20f6b621050000000000000000", @ANYRES32=r8, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) r9 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r9, 0x0, 0x0) connect$nfc_raw(r9, &(0x7f0000000040)={0x27, 0x1, 0x2, 0x6}, 0x10) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) 07:17:07 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:07 executing program 4 (fault-call:10 fault-nth:25): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:07 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r1, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) flock(r1, 0x4) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:17:07 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRES16=r0], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2129.442282] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2129.464255] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2129.486491] FAULT_INJECTION: forcing a failure. 07:17:07 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2129.486491] name failslab, interval 1, probability 0, space 0, times 0 07:17:07 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) write$binfmt_script(r2, &(0x7f0000000140)={'#! ', './file0', [{0x20, '##.'}, {0x20, '$'}, {0x20, 'ERROR\x00'}, {0x20, 'macsec0\x00'}], 0xa, "4ce068742d234d640c5a8c5757017f5b49bde1e6d636c9737e4494eadd7308aa1f4245be65711db9df67986c069d6fd9f24b570992c2003d8ca83e143bac3b6b303eacb9bae648568e38c553f4ecad272cd2ae32b344278dca252e6962c02303cba0"}, 0x83) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2129.553712] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2129.560334] CPU: 0 PID: 6964 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2129.568159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2129.577691] Call Trace: [ 2129.580290] dump_stack+0x1b2/0x283 [ 2129.583930] should_fail.cold+0x10a/0x154 [ 2129.588117] should_failslab+0xd6/0x130 [ 2129.592105] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2129.597221] __kmalloc_node_track_caller+0x38/0x70 [ 2129.602170] __alloc_skb+0x96/0x510 [ 2129.605808] alloc_skb_with_frags+0x85/0x500 [ 2129.610231] sock_alloc_send_pskb+0x577/0x6d0 [ 2129.614736] ? SyS_sendmmsg+0x2f/0x50 [ 2129.618547] ? do_syscall_64+0x1d5/0x640 [ 2129.622614] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2129.627998] ? sock_kzfree_s+0x50/0x50 [ 2129.631891] ? netlbl_enabled+0x5/0x50 [ 2129.635541] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2129.635782] ? __ip_dev_find+0x248/0x470 [ 2129.645225] ? lock_acquire+0x170/0x3f0 [ 2129.649213] __ip_append_data+0x11ec/0x1ff0 [ 2129.653547] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2129.658747] ? ip_do_fragment+0x1f50/0x1f50 [ 2129.663111] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2129.668151] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2129.673353] ? ip_setup_cork+0x6b0/0x6b0 [ 2129.677420] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2129.682615] ? ipv4_mtu+0x27e/0x370 [ 2129.686252] ? ip_do_fragment+0x1f50/0x1f50 [ 2129.690602] ip_make_skb+0x167/0x1b0 [ 2129.694332] ? ip_flush_pending_frames+0x20/0x20 [ 2129.699101] ? ip_route_output_key_hash+0x1d6/0x2a0 07:17:07 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r2, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x50009401, &(0x7f0000000c80)={{r2}, "e565d66fe9008916e298faa1306e1caa3682f36cc73dd760e221cefc26ddfb284e6bdbe9444e71b4190e92ff3cc8b82b87c551ad2f7ec108f0dba03c6af73f55c540469373c00b2004742e38f3abe7adfed8fd418cfa5ad614c650010f2d1f857d0832aeaf737891ed12792941c8d2b8dfd716d1356324e329e2c47248fedec974e94746f9d9dc853a8c0cd5e26fdd89d5fd1062e0a2e82d93b8e5837f32da99d526072dba53a2ca1e01fe2db628c829da8ea409d9ccf8b6eae0fdc6673bb494b112073dda0855b31a1c77ecf508ceb1b3a1485d05e5f444c3ce222c93b15874122bc29346a7c553cca1ed221e2879a0c70b984c46a810bbdf2a304f72a104b5002101d9760081b0ccdc15eadaab1cefa8a324b2e33dd9a8a85cba16d1ec68febc462a4b83bf8c7ebd62d6db401ed00e5db732db7db56ed858f2113b750acd66b2160f14d2881cc8fdc8a0bfef54b47c65c3f8b94a7f1c3fa5ebcd2139c4223b9deedd0a922c6c0da0abcb2740f58bc5741668b6d8868f866b4e00671f662c4842d81fb76f924086ac48a9065fcd08ff4384f7b45acbb1e0c1332e4d93b4833b7d94fbdd9c160e004bdb9709ae1a6b65472f6147ac2de71dc7a0acca9dbee6a13651b1809fadc6c7b81f5e33966a78681862792e638361a0939f26c0e034f2d49b2ac8543bfa6104d4899eefa51af4cd1e143c6cf028a2ee28bb92c372a4e8a37ac6ed06518c7e436a2d221b5520c88aabda78451577946730a28c81251adb9ae06d4ff6da3430e2046a33e1aa25d4634217e3864bb72b68432166e6644b3c6785a9ed694501002b23981bf061c1fce19fbe4d203a88d718382287b78147ad99e13b33e2bad395ffd89f8dfe90566f58be905aa5476a8d4f2e6fa8f2043b1ed93050ffac054a3aa995fd4d3d2fd791b30d94864f35319a30624c8413fe9e23cd408a186b7466ebb555f06c22f97b6282137bd687d8f6ed22c69bdda736cea0e96d7ade11ba24bfd43040caed927076c6784d22e7e4c490f0aa7c91a6327433ec515fa9720740089c2ca075082fbdbec8d1ab8ca8f72328f5bcb90d1e2280b3c9f32542f7bf92f3c0ef27e948eb3acec2311fcfc7d24942692367f48a5609b57a9db218534d6b2aaf84a88f818af3cc8e3b29cb54dcce78f3b12697c7930299e68e05aa292e110bf7093044840fddec04731df6331156bce05553e78d926576fd03a197c420bc39a4f54e0d62639d37553c05ee1720947b3e5b93b55eebf8552c9fe8dcdd65d3e84ab2044ae911d44a7c90632b7c627322929ca638c347fd3e43c91da858d852f998f9020c7367b21b8891394463ea91a690a12312a6e71bb6ff70f18569b445038dce92c21d9dc19315ffd631b6974aab2a2330a7e954beb8b99f98049279244a3d385383f1743a7477714913043eb820cacf5bed08bdb3f83c5ccd8928be052373d154c3bb398de5fbf9556dee25a6b0ba619cf18606d2dc0413e39f6f749911fb88829b8af4cf72cedd16e07bd6af0bbe4faa686fb67cc867b8047e064f3ed34d7d50163de188cfb7fbcb719a52d00034b39bf3b629f78066ca612447bf9099260e786e3dae5bf021d87ce6ad3bb5246a4781cf327c3f3818c38cfcc94b507680a98e745f83bf5c9743826f2795903b2b6c18ebae354e3ccf257dcc717d629e452ab897998544dfdd02173ee3e1b06b31ba81ba8dbb144cfcc4c51bfe3680907f302e22a2fc56747590cb96cdd3419431fd7685c658bc9bc465fe823600d2f44028716ed7c1e571c64d25e839c31455ac8abd6781909808b5018ab4876a2a6e76bb3c7de68320350cb73355621fab28ea0faefbfa8ada765375d7672813e47be0fb2b8a83f67d98555236ca84330589bb771a28cdff28bbc42d8689e8bbde4b375ec4b3982c7544991245ad752977348f078a6e39bd9452c3dd3ec2302d4591ef5b9ce4dff1f7b9b2869928f69001f9bd8e0202c54763d68dd4f0cf34186664a812d703592648cd74418ee0d898c44327a7415508621da5ea9ceeac9d39a188445cb09dfa8c2152b0ed1bb1dec83943f49912462afffc42e27e9adb5e9f1b546080c8e31e2bf26a8902b3dc3b93b2bfec12e58d0d9b5183135e6ca8fba0bb8c47364860969ba2382c27917ae4aa226590e76134b5d4ff293be4f67dc08cbdac4faf9631ce34ab209aee45ed9f1911bb0f9acee265023a20a5fe3c9c09a72239f77dd2cb99bc1eef7529a78dfe72be0f9e10a215de41ae3737ee56c944a87e42c20efa0c9d08739f2d0d418ac7a1dca91b924ccc714b25b1a1679c6d6c7b4deb05e3ca46a8c6a3904b194a2ce8d6dd00f28b4d22ebb2cdfccd9625099d90a2fc823f2a8cf794b931b3a3b56ca5e32324b3527b46bad6eeb08578bf942f176b11c077be7e369132d4a1b50e89fe6e39d63be04f67c6f10d871d111163706e6260516c074ff485f01e1a5f64471714c3859ce24ffa5f5d630a2d15fe7c278b0933697a874511ccf7e9c796cd943e8bdce7f95f22f795e5d7725daaf403f847496890497ffabafab4dc2b5322d95e70f7ef67d06923ece380a8e55f0a442420a990eb3ebc71dfbb77afb070950a6f4b3c54376e0299235557e25574acdd8ed166ff370f7e7ad6c3b375855dd6908c58fe2acc7f757c9c351029a1b7c2c9f5f11053645810325091803268d4bcfe8c18a437fab3dfc4d0823df60522817240cc52bdfb1e15d019684b224e0361aa3ca2195d749d68f88b1f507e5f392d9e27842f5b82780614732f1b88c3ca2535bea74bfa184ae6f73bcbe3f6b1df783eb744ff2931d7c42f58beabc00eb73a08f472681fef536fcd97585b7ef20b2e985f7d796b9873e5a921a82ad84bbbf5d714ebcf31daaad090a82e72e285b5426bcde0132143a9fd1c83b638875f795bd3cb318b3e01a28fa9fab63c965bc62f807979c5576f2fb3884fdf4d09aa983b45d7d6e095a3d1cbc90c303f8a0d1d1990ab2bd8838a7fce9934c68d840ae7ee9088b136f7e79844344ed6edef597bda971c4a044dda63b144b04856aa17e7a462e206ad1fed323a75358bb12630a571c5a6af519cb5cd7e7880ee72b320adb080e5ffdcf0ce9e34f412c8a08311a5cca553bae5dc6c6fa90500ffbf7d8ba1c3f43f042d4bedce45775f99e1bdef5f3891b10b9250dde3918fbede5b2f10fb0c60159544f2b47ffab0e126bb785633c0d798966eea5f19e06661508a0f22a878d47c83a12dbe14ba9f800f59b0500b5025ee7ffd8fa999280721da031397933f40d907b64f029310c40e903e559971dccb412d92dcab09f2832fead457f5bf0d46953cff6239bf2913e5b3e97b1ea91462d1e10a49102b17dd9604190621dbb1581c8712d1e3ad76637e0c38eb2effeae6d8d119c6406693fe2f02b219437b55390814396b1d44879e2831f03b09212cc8828c97985da9a31a31ac3b6296c5b0e011e303890ab766a2ced8d1c827cc8a3e514cff14004d180ab7c63d25e0e73559fe51e5b15ce2ec463b102861344e6ab8e6505792a3fe019608e0cb4a92ab5ec5a955438d03bda76112fcd56152916e4c2d67524011ca4f13182d490a7bb7defd79b2f4e387c8116b86b1ceea484f469f58acde24a5c5282dcf9b981c7a75410ecc3a7a15da909063d204d1b4f310d2f685d930e827c7c36982b9504c0cd379d03daa4d81301ad689dc8a68c76324586dc30ea898d51f694bbc0f8b35361480294ea012e5f3e0bbbf0b09e79fbc63477f3830a9567be1c9fa1ab694986489d2b61863101b69cf0f8eb56c990edf72fcceb3ce6ca99bd1ccd67d753a9bd44467049f62213b6a2973b04a7037497fb0565b0be9668e08d9509a685c5cdbaf165d13ef8843e6ad448267e0a5b696a0bb7e51a3029ec0150d279c8e91bb3f49d9b04dbf936f44c5de733621ba06fbf003710475fbf1f85a8236285084aff50e0211534c0a5821de45be62dcb9b05aaf485d31b85e8e605331ce116a462f5a8b0c4386a486f8ccf2ea3c88c7b158877cb307f21a5f8a58f86b1f4f422e34e1b0ff70e78bc9cbe4672277a48f3e31a780cdab1266ac94ad9a108138da669a8a6fdbf8d5f0653b67ac8fbfe95b16c0db41873a6fa94c30bc7e1be7dd9a0e1d7f33fca42186ee80abe98ba5d88b580b2d09405514e4aa40bb245c533e798ac48fcdedb8910bb330a668c5e5b18a67f05944e8a738e6aaac3266810609b564775824310873e31eba4a3b7f3ccfa6a1478ada9afd35e5094f844c4143b16a93bef911f6f48766dd6ebc049cac4fcd7fcdc56175a233d9562ccdee68f8a4e35c1c9dc1a0e382e77884fcb0c1240400214dd7c19941629f4b1e586ef64f762919de9041e4a15b829e10eb433f77092292a863a9f5c52ad6fb189bcaf381456892fbea33da79b0485eec8e15a0cd314b179086731e4c9e4fde09dcafb73690d1d848ad5f5eca24c45a901c76ac7b08e9a950e2dab57b5181ce89e12cd5bd8f85f3323b51829506a923610a4c0f7fbae26bc3108f05f229fab6d6a772acf52792dca41801821193be322c70d5fbe62fc9e15127b3265a7ca0b34b05c5d210a2c1159c276ec412f6d9f98f9f13224012139c0333bb6cb141a48c75352b057a56863a3aab14ad511599f524b8535ccff91d03a19d6c0ec4a755d286098ed07329c4081aa10ac97a4196fb9196f6621943151aa59c4d18fbef6b4e078dd5005b8d605cfcfded1eac30ebe331cb9df05e301bdfaf7f4bc036455e215e25f86adb069bded2f13d5a4384be4640dd7a3d2aa2006e8eebeea4deeeac3a5647104bc81db6fa0d9f88847298a8a700e8226e1912498232f8f6bc8f838353bbe34d44bde64e1904dbef1e3c1fd7799a7ccc695d8440de7baeee5974b066337b5a766b5ec2e9164d730f00ed7ef3c69b3dc9e9518466c48324e5ac94774053e0c7805733c195636cc003acfb4ae2dc1af79585bc6bb881f1ddaea833bb4209b50dbbfaffdb21301b362f608d372f24385ec1d0de05af916843ec6ac135c0dab04815a79a4883e1936f8b24a0cf5a8578efce7482fd91b5615e8ab20260eb432df817fd6ccfa78c72cacd568bde0e2598430c12d0022fa7e7d797eb5491393a677e0ce0a1c8c4dad9c17540479c22cdde63c2a5b9a98568a33467df8e1ddbea132e4673e20dff1c0c508cd226c567303607083450c93e03d2ce39c9e711e4c6006edf71e4422b271374dc97181221943efe22c54ee079f67cadd1b448121bf01564704daec5173bc9ae89680abd0e52c191fb439da9da7a9cc0925c9e3d5dfda24bf4ff79235dae71e283b0d159d2d06f5673fc5f1d6ae54646767ffe7d196cbe47cc5314415eebbc436044afdcdea414011c3bb5e146e440aa3c228987ee06cbab0bb6f870e153aa69c6fdfd8068ed4a8643fbd6642ad4084796e5a14083a68b3ec1df1643122eddd0229ca8db597be3401a580f7f6babc02e367e97306b835bc4498669563d6953fc85e901ee875ef2bbdadbdabfcc667745d039e89d6fa9d76c3335ce7eb29f09adfee12124186d810a9060b6f727a5b95a6887c191146fbe0c0864c2b0263b00c0ede5fad2f415929d5f3da20022dba65e3413dd773380b93769fecbeabe4ce8ba08143906585bcd8fa29bf0af34a527b7526756b6f76599d2dcc46153a4e719254504f447e45de5c4ba0e11c2a68fa6689f123354ad8eb4bd9b31e2ae366ec13565b39fd5f6b4e88ab02ad75420d99aab9cd5f415105aff8a6d7afd9ff8945850ab2aa17c4d8a449594"}) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r3, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001", @ANYRES32=r3, @ANYBLOB="71dd0503a367ee3f470f6c6a4f9beb45af602f3dc46f2c97697818fb6bfae7bc5d31126cfddea7b70300e9bd46df3b113715797c5322e6a2c991bb6d7468b81bfd9ad0902d716f4d91771bd685f66161849d6b66d631aac1d38943230ad5a42e810865526589e83621276c312518a2915c4cbd5dca6350856a264eccd7ad2ef6297687fb93f7bff5b79337d55d734788cdfab4947df3c5e0efe9f766576e25f90be87e38ff91e4bf62239daadd64d0dbc4fd94c54aa395e2642723b612e13c738a928a33ad2b1de9d15474918d1a18f8b39d0fd695605dbf816e2eb31862e52b6253cd"], 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x18) sendmmsg(r4, &(0x7f0000007fc0), 0x60, 0x0) 07:17:07 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2129.704131] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2129.709689] ? xfrm_lookup_route+0x43/0x1b0 [ 2129.714034] udp_sendmsg+0x156f/0x1c00 [ 2129.717929] ? ip_do_fragment+0x1f50/0x1f50 [ 2129.722259] ? udp_seq_next+0xa0/0xa0 [ 2129.726068] ? __might_fault+0x104/0x1b0 [ 2129.730266] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2129.735035] ? lock_acquire+0x170/0x3f0 [ 2129.739022] ? dup_iter+0x240/0x240 [ 2129.742803] ? kernel_recvmsg+0x210/0x210 [ 2129.746959] inet_sendmsg+0x11a/0x4e0 [ 2129.750766] ? security_socket_sendmsg+0x83/0xb0 [ 2129.755522] ? inet_recvmsg+0x4d0/0x4d0 [ 2129.759492] sock_sendmsg+0xb5/0x100 [ 2129.763198] ___sys_sendmsg+0x326/0x800 [ 2129.767154] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2129.771894] ? lock_downgrade+0x740/0x740 [ 2129.776024] ? trace_hardirqs_on+0x10/0x10 [ 2129.780335] ? up_read+0x17/0x30 [ 2129.783680] ? __do_page_fault+0x19a/0xb50 [ 2129.787969] ? retint_kernel+0x2d/0x2d [ 2129.791840] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2129.796893] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2129.801688] ? __might_fault+0x104/0x1b0 [ 2129.805776] ? lock_acquire+0x170/0x3f0 [ 2129.809778] __sys_sendmmsg+0x129/0x330 [ 2129.813734] ? SyS_sendmsg+0x40/0x40 [ 2129.817436] ? __mutex_unlock_slowpath+0x75/0x770 [ 2129.822256] ? wait_for_completion_io+0x10/0x10 [ 2129.826910] ? vfs_write+0x319/0x4d0 [ 2129.830616] ? fput+0xb/0x140 [ 2129.833709] ? SyS_write+0x14d/0x210 [ 2129.837399] ? SyS_read+0x210/0x210 [ 2129.841005] SyS_sendmmsg+0x2f/0x50 [ 2129.844612] ? __sys_sendmmsg+0x330/0x330 [ 2129.848741] do_syscall_64+0x1d5/0x640 07:17:07 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2129.852616] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2129.857784] RIP: 0033:0x45e179 [ 2129.860951] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2129.868638] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2129.876236] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2129.883486] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2129.890735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000019 [ 2129.898000] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:08 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:10 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:10 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, 0x0, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:10 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000040)="ebe50e889e3b1a3331af87e2f08ec4b6c754a3e21d95278c18e8a5ac3f66461ec2c837a6086275245da05fd6036a70094322e798a6e0b632603413fe945f00420d6746659807fc2f5e839a7086b0f466d0b7adb2cb1ed8", 0x57}, {&(0x7f0000000140)="0e1398ab4177340c5c949f7e010667dafb9c1b9f7caf004411e37bdc23a7515262804f99963114f17c89140384a8efcc40f6b38a792dbee72d6ca2072cee2d16d80ee4e215a309eaae2b857fa2cbccc5369e513deab90383", 0x58}, {&(0x7f0000000c80)="83e9115ba5b31c92eaadc5bac50b1859d85fefef90ea882313a7920268d2ebface0b24d8199455ebac4967fe79f0d639950e81990da647fb40e7b4470e439f27c73d9427510edd0c8cf20e49f0dbe56b73d7bfa9ba82476cd02733368ff910a5daf1fc7a15ef321f13174ba5ce204eeed48e986d6c920f723c63c787af12bdea0339d94e32a9a66ce80bb18ce9ae265a85f7f9448e11e4203008dc9c884b8780f1177b9a0944c8a6054824d1541371fc52872ea35aac0a9881ac2fff92ff176e7b58c0d2cd52406d55871a1fa91b7e17b1aba15af05c0f7e31bbbb4a8272761a74b97bd094859a5e3b4c0b412da53a7406c9ddb4db5836a338e8ff0beea0812c03d99f731890183896dd2f58d5a223f6d54ed3d0a78e6d24a723b41e15939bbbf4c80e2395b7a1da8a6a5d896801a4c8bf2f5ec8bf32b99af0a1904b5c5fb59047a6d12728b40ee70e743c62d6c2003a58a9ecca96134442bf2bc705fdd86595954b2be083542de441c43d43918f847e20d890f40e6e40dd49b494993012b5e34b0fedcdd1e42225ceb1a19ad063dd9a61c0a5a1e5c8b59afd198fce2b87cee9d8d0c7bf499a9d5c7788f3c1ab11e9c39b25482b22ec34566bbc10797436300723dea0164907eb70dfa06ef83639087ae39fb56032a355abdd5fca3c0742c25fcde30bd66eeef06f7f73c82391e80b7e17a318ff6a040c4b53a11cc2eedf70584c6cba36c2eef0e2e5b01d0c678340ff2d09407a6eb5acb7b5461e00197ca0263228dd07bad938a58a9fa79f3f9cb8da648b6b2c53b82844b7d4a4abf54ccfb53e7685a8c7067a9f302824ec2f98e4bce02c380ea033c9254e639983246a05927db2a62ef085e58d1116313df5843abcca0b77418bd3c7a5157d8a538944b0aa886359ec26b0b30e89064b4af1cda8fb7419df630d82f9afdd6f8ba4d8f5e7f7b0c3d5418d0c627fa910f342c19879824190066e84aabe83babbb7c4b4979f5e1a540b476eb661de99c3250496bc4b0ca9587a28d4a6281d0af3230bb3bcede80ad90f3eb68eebb4eb2d9d4757c6289ae8520f21775b0f516e1869fc96933e214333ab1194787370d660dcc2e07b1014e2cc86728f15afaf0c7ff1bb58eedb0eccaf22023ecf658690e8d0cfabbbd7908342a70fc27524ba1701ba1b58bb6d4d60feeaa6785ef955eaf148aa74d300aa0d7519bd91c712693fb25427c5ce0bfc4cf865ceebcf8b9fc8715a6ed2f83bad20ebd74e52a4a3fa20add2260603a8cf736ce602abe85d2fa7ba454982e80c6fdc42fe498db7fc0f6e3e9692f1c3f4d1af8201edd749e5cf72dea9e44ec4c07e0af406946d541160580fa6888ded78fdd76e744833c1ed50123f3ad79c458badcc5a3154fc034f91f04fa6701483891df1cc7e48d97641f881e88e85cc595ed2b1bf740d57465c163cb91675181e85713486ae87a96a1cbb6257db0421dfbe600e788a16cea5f1e8a792591bcd3d6513fd0de5e814fad55a0e4f0eb1225aff61090c6cc852489db3b791457f74b127828b98b5a3237fd1bf70bbd8526c4a3d489421e8355a4a95172f09c399fe57ff6daed47aec80b2823106487ab1f9af1a15c843f658e67173eb721f6ed5fdf292288a4a2e99c84c11c2bede0c5adf983abad42d15044b653b96529d4be561eac55008562c38932ac52bd57fd5fee891a120a16e33320b62ce4f53573e30b123f61a52e223778a4d9b0cc8a943084eb0001bfa6603cd9c92c41c4cef141125475804af12d8983c99983ebd7ffd36d12f8bcbd2261f670c8c667bb4500e9586010119bac506272ffbd80e91a0c7013af4333168edd776191b909bc13dd9b519bff9cd2f838babcc0cfebcec8d3bb296f6120c3c1b18d90c20ae9148f659e7c160118e4cbdf79a659a9f64db5179978f95288292dc06cd0c1f1665fd92fe0cfd7edfb5bc05f848111d2a112743eb8f1f71e6151d5de0f9dd3b0a710d14152ad3fbeee97b4fd3df28b61d2fc203a2b17d0db5074c45622f53e3a4cd300b3e0b45861098b42918074df6da0e97fdabc0ff1f7b8c627196df8dbaf09437d1cccd63b77d70ac4036a58c7935c68a00772908ff769bbe4d03d04ab0539fb5971dafef515be9792a0ebd13e515ac28bccc570f6fd51001bf80172ece8b5c328f2e8038be06d4b0a298fd11f0da2b3c325b039b1b6f562b1b1e15cdb789c5878f7735768227f41fb80017b1f1b8d6276f0a34e66ebbfc1dc174da523d208246097e0830decf884d349d006792ed07f01ba7195bceb857ea63f9b0b0dbb2bdea4c85ff45163e939f4d3e5ea91041f5235ea07696144c84a7a5acffb111beaba3815fb9cd8585e4230346f5f4b29618c11bc53885d35cf7f5e8182627c669d4c107831662a49040a001e885af25a31588085daa5582cfa5ba9c5f7351e30d09175a96aa18ff8d2961dc5d179110ebf6ddb183c57d7dcc46b4a2981d160064a7e5f9d6751b9a2701e5ece7cb1c5c73127dc1f2fc48290b2f168e2f59234e7c674a74a22e41d5bfdd672df81342f4f961db088d1712d9dfa743e3d4a360e03f2e827a630c279235c1384f93a86269c4516eca97c6e5769e225b22859ca9750d04c63c80307b3f736b0ff559b074eb7bde0143404f37bba9a2ae6c9caa8dce0ea157ffb12d1b5ce8721df08b28ac89ea445eb14ec0f47948a68177c4587a3aac0233fd13ba368fe27c083251780bafceaa39df33f6afe091c1003bdc5316a244df0f1b0286999661a9b5ed827ec0c62a45253b9e13ac8b26231ca7cff4a5c68aa1a887145b2835388baab2e570907cf4354d03eab61bff14aa8741d63a529c82f90af3dc57c16c6748958882c1d4333027ab88aa5482d0a17446471c3bafc129a31dbbcc378259c1c0592f967c4ffd5d1364f534a14dbd62214efe0d86ce32893133a8d6f0ce8f4a8ce87a88611d95a6ca2ffaa36b0b9d2df30e3c1fdd59b50879e98b7a8618415f184d69df9982bf2136c09293909f514f742b8f0d887fff47ae6d30c4780e3e8f5944476aae9b68fa4ad4b3034d488ab3148e3b0659e0364e71d3d6e7c4431b6d675f818e764a3210d4723d31fa28f18cff3e7c0ca3b62c3114b3b8e763d47f68dff69d3c44e503a934fab7345e5551ee4c0daf9e335a73841491ab3be429eb1ec6705a067905e7bbaeff48feab7075b9df3056b296824e2897b7adbdb73ba1e438adcd37caede9b54314d02b622b1e645d30adaea9873e08f12e2f9f0df8121142762fcdcc6052d7b2ac7b6622ba51fe7c5cb8a2e75f5d07756dfb9f4da1dbe7c3feac159f96ba2866e3b66e536e9ad5fe2f81979f62823c8cc3066fbf05339e13e0f6073c39ccc7863adc88c3b0247176a77cc302e7fe276caa62c1d5665f2eb6a223a34f7d796023b6fa47d651eee6d33d19eaca8eda967dc437bf2adf7e4cec6321e468c2a488bd3c6b9dcd3be23ec989e41d38eb5837d710f26ead3a9c5d9bf5982d818f310a3358f3081f1e7d22174b9247c912f3a50134abe550bb3dc40c3d98d84abc44b7e3c6df6c2f5d71929f3d35b380b4b1eaefac1303343b52f1c11281cfbd4651f86177eaa36d97cd62e4738a204d6c31c8c45e1757c4f88dc71a4ab22c6f70b2832e2ccd424b981f352dea45247292ebf47f39c1d78f57f2dca82f412932635393557958b1bb4cb6866f05d4e6683b18b33359bf0e2fc0d6e36b87b1426cd392a9e8156e5af290a7a7e55bfd31b7fd6270e54207130a1c72e4caa63df9130044128b61df040f93c8817db5afa9718106aa93cc8ceb15669b7bce4dc67b085f34a5c67768a2cbc80d715b2882fe3d1dcb1d7149b7f2b50e9bfa8b33697da0f70d8ef86aa4830efe8910882b0220ad81d6df78631d6c175daed7675eb641e2320d3d79b437f92ddb6e51534843f2b8810ab58bb9ada4af4bcbd9f120ccacfdb3c5865c2ddd0e2c26c7512f3e1f2585e97866ac1a5f4e78ed00ad5982b0ce06511566c27b9375ac16e7dad5c9e8e586e2f4c714da67b16b37b7e5a688f0bf29594e9af3c8376c470411d20dffe1d8ac818ceb4a02360fec5c31ee343d3c9ed451f15cc7048521394e24341319355bcaaadb83d717b47b5204a1e91d1428c99209d4141c61a82ace5b1aee40834824587108b98086012ca6ea7a8c7f29ca4f402baa6d8d4a3ae05ab03c9aab4fe565dd8a9cc169cce627a7fe672052512fbe380ae551584dd17aa2d98012a108f66c659f1e7a395b2b79e96d2d40b2acce529e26e2fa9672aaf4be06448115814980cfbdc98a02b07361d8ac285ab5742cabb45d09c8f1f6567adf91899462d63e049855eb9c964e9b8b48c8836347c76ca0b4b7f4abbea0227e6df60f18f9ecca7ae1f9f7179a6e60e430eadaf3176ea233a2ca99d78df446960fddc95723dc3b7173db433d4607cb6ba89af5d2e48fcf9e1ffd7aee6335a6a4a7babf1562be5d8a0a0519b6bade5b491ac7153e7ec645a5cb7d2d0ab0a4590013713aced463399a5c7dfd544ede383781c038c31d82ac7b88ac045d32d838bd795c71ea925310328b58dfdec74d586aa03193a7215c925139703385d6d726d9b74ea64c7c4f82e6bc9b7acb936061dc9614bd4ab8df010a6daab1aadb18603a0cb2eeabf662553fd4a5d176c6225ebf5a598112cfdcfc51e004638f016a523f2ae61e838237736ac9807b7a11a9e90b897b8c14c7cc54defca6e4e3063ad2a989d2d80c8e4ae819228b976c0edc0c3adc1cce7676af2dadacee3770cbd2678ebf9f3c2d3b5b605ab4ac7f25903a98f5e1dab6ba78ef88392538619f6a2416f7916fec251104b4558897632608c2841f91a8671898128d64dc206cdc324e54086002a1ea0867abcb87bf4442e41756c537cb57e056c42362f4aa18f11c854b803c929346c3fe5b59fc14984f6069e82419aa4aa527cef2e4847cb5a6e24c6e92b8c565a7c057b85dfc14f40b9c8b5379dd5938c404000000000000002d3c8a2f37b102fecd0004597b75643131dd450625873f6ed5c0b1966b7e125fc00103b97096f42d62b442dadc7cc5cc5be892fa3e910770d5b2f6ab74afd1d4c8e3238be4098d2e1cbe38b97e1a201d3f32b4bc17b7138bb85c9c874004852ddfb9d0ca40209de3f8c030fc6a75793a213f34403be7faf1a2680715b8be75711be7b578876b6f1990b6f3208f10d5f8ee06af5fc015d233ed7da4690c7d4222c72b40f115a1c06005628c6e5ed337074a923285f23bf5b858aa9a4d952197d2362aae65a200227bbd9236963e37e85ef9e8f1f31a326577d5929d7a567603fb85070e8fdfd9c0ac638459fdea9d3270853e968959ce03e46d05fc83db291fa4b0f68b66eb17270d289a3f7692eee5fe7565740cf0707420817a7b8c0680d2970a699abf629671d1c2e5f33cef4a5ddaac196ba3ea033e158af5057b4b10019ca482c14949e4de83c05899b246ef7b653429bfbaa0a254450d1ec8a6642fc5fb369f6dc16f056209ed0e9c702c127a4c503e792b24c2326dbff5111000ce047aa4737e5e26596b7d2916d3d1953339871b04f23ff4137f37e6e495efc674f4db32c0af38319821617dd597c6f5a3e951ffd3651c0ee3183710320f385d964303d9b221f2242f683114b9054ffa1546280dcf20904059bb9a6a45cc5bcfa0d7538210e082620657767c8ae72611ba9d0bbd0926a03747f258bff1e9351d577a64bed947f68bfab80b4b18d183431f6c03bc07bbc23242f87ed14bfd3321aae00183c0e6b09f83b6371fdcd378a19ecf330000000000", 0xffc}, {&(0x7f00000001c0)="b469ad3b99a0b4ca77b9a4f040271bac246850aafe6c425201903f1b9e27f7fb9fa282a959f76ca3a0224611774488fa6ff1a407ef3f713b4d53f7e9c218ef952111d0ee8dc6f76063366ebcf02dc9402f1fc148816707016a3e90d74881429cf51f9e140ae692330de77dc6f04524fcbd1a5dd8cb7ad1c90b", 0x79}, {&(0x7f0000000280)="3cacc710f7402f7aaed6d064420df25cda1e200b9a1bcebd0e7087620fc248a8fcaf734b515e665c6ca498c559316fa098353a45f420f4f4a354dd6437fefb3b41f8a8f7bb4c5f4709555ec4f7f15e3a3181b311b6e66666a4daf2a22d6b6d5ec354beb51107e23b6a0909d9e974b300e205fb8ccabc562aeea59a543a0f816d8e2a5a9f1ef9b2b415eb14767fbea506f26c34170468c52d2bafe4cc94b25ee6b7ca8fd1d967", 0xa6}, {&(0x7f0000000440)="28f5fb0e15cc4968e1c3219cc19e7ec4ee606b60733a0829ba7f361dbddc93514d191e55b9f6e2ed002d798a277d1bfe8f623fe32580b7a1ceb18a98c8d20837fdcd3c2b2af9307a9cc74fbabec50243d0e2c8d37ba8eccc534e11e8598a89ea45c7210784fac3686f19860509503048b25175d8c06c18b6", 0x78}], 0x6, &(0x7f0000000640)=[{0x18, 0x3a, 0x2, "023c"}, {0xe0, 0x112, 0x80000000, "86096aa139ba96b81b8ce7e9988da6dc389c1b091e5a2fb82aca84bddd4c59377619e383699ab3c8cabb36617ceb02ff724efcadb77eef28fbdd63b1db415d8ce9c9f716073a7c7717b2e368e58cb0585e60afb9b580831990072fd00b8f50d24fc6b43001ab777f30d5ec094d97b2a0d44f759029af49611cd79a70aa582a79bbf4c66bcc1f19e2fe7039401d9421615eef28a4b6655320ebe8359537428d413901de5f3397ff9abbdc280d5a1a2d8a37dec4233a4a0dd964055216ffbda56ffb852165d31abf0d613203"}, {0xc0, 0x115, 0xfffffff9, "86bdc3f0e7575a9bf1b25d783e65f04e38266a5447c4ae01e6b2b4bd2e66973c91e3403ae00b41ae39e5e7655a69fe12057ab43214ee6ff5a971c7abe39f549a28e5b7e95b71e05db6cf1005721a9e9d4a804cb80cffdf07d1cb67af0402810a54bc3fe7c23d96c57beec91be740b404ca3ff5b8b485c7ce8944c25dcbcfff34758cda2853e7854dd39b3eb1c7cf2b11272f7e8237ac1a78a9d68d20b2c7e27ad6ce6be25bbd09d18f6106f1f66c592a"}, {0x80, 0x88, 0xffffff7f, "bcdb58043a88d6f7ddf6e313b4ac477d5c468085cb69e3b66ecbf84962e1f7d94abdfe18dc79cefb581462948eb203d05ae65d9454d27864b3646956b1acd64358b6e56a27f859453294adb19b456976bda289a64ee4987844d1034d11c2baf6f85d2bca40866139cf567407b6be"}], 0x238}}], 0x1, 0x1000) 07:17:10 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="50000000010401030000000000000000a72daafc00000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) fstat(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r4) write$P9_RSTATu(r2, &(0x7f0000000040)={0x5d, 0x7d, 0x2, {{0x0, 0x48, 0xffff, 0x200, {0x40, 0x4, 0x5}, 0x54010000, 0x20, 0xfa01, 0x6, 0x4, '}_]&', 0x4, 'raw\x00', 0x4, 'raw\x00', 0x9, '\x06){\'#--:@'}, 0x0, '', r4, 0xffffffffffffffff}}, 0x5d) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r5, &(0x7f0000007fc0), 0x60, 0x0) 07:17:10 executing program 4 (fault-call:10 fault-nth:26): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:10 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/keycreate\x00', 0x2, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f00000000c0)={0x0, 0x1, 0x4, 0x4b}) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x800) r2 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x9, 0x2) readv(r2, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4088, 0xff8}], 0x1) [ 2132.469233] net_ratelimit: 17 callbacks suppressed [ 2132.469237] ip_tables: iptables: counters copy to user failed while replacing table [ 2132.492494] ip_tables: iptables: counters copy to user failed while replacing table [ 2132.493944] nla_parse: 10 callbacks suppressed [ 2132.493949] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2132.501914] ip_tables: iptables: counters copy to user failed while replacing table [ 2132.518973] FAULT_INJECTION: forcing a failure. [ 2132.518973] name failslab, interval 1, probability 0, space 0, times 0 [ 2132.539168] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2132.545896] CPU: 1 PID: 7028 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2132.548607] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2132.555574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2132.555579] Call Trace: [ 2132.555601] dump_stack+0x1b2/0x283 [ 2132.555618] should_fail.cold+0x10a/0x154 [ 2132.555634] should_failslab+0xd6/0x130 [ 2132.555643] kmem_cache_alloc+0x40/0x3c0 [ 2132.555655] dst_alloc+0xed/0x6d0 [ 2132.555671] rt_dst_alloc+0x6b/0x430 [ 2132.555682] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2132.555699] ip_route_output_key_hash+0x195/0x2a0 [ 2132.555710] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2132.555718] ? udp_sendmsg+0xe45/0x1c00 [ 2132.555736] ? lock_acquire+0x170/0x3f0 [ 2132.579109] ip_tables: iptables: counters copy to user failed while replacing table [ 2132.579853] ? lock_downgrade+0x740/0x740 [ 2132.579870] ip_route_output_flow+0x22/0xb0 [ 2132.579883] udp_sendmsg+0x13b5/0x1c00 [ 2132.579897] ? ip_do_fragment+0x1f50/0x1f50 [ 2132.579909] ? udp_seq_next+0xa0/0xa0 [ 2132.579923] ? __might_fault+0x104/0x1b0 [ 2132.597470] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2132.599311] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2132.599327] ? lock_acquire+0x170/0x3f0 [ 2132.599344] ? dup_iter+0x240/0x240 [ 2132.599361] ? kernel_recvmsg+0x210/0x210 [ 2132.599372] inet_sendmsg+0x11a/0x4e0 [ 2132.599384] ? security_socket_sendmsg+0x83/0xb0 [ 2132.605482] ip_tables: iptables: counters copy to user failed while replacing table [ 2132.609489] ? inet_recvmsg+0x4d0/0x4d0 [ 2132.609501] sock_sendmsg+0xb5/0x100 [ 2132.609512] ___sys_sendmsg+0x326/0x800 [ 2132.609524] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2132.609539] ? lock_downgrade+0x740/0x740 [ 2132.609548] ? trace_hardirqs_on+0x10/0x10 [ 2132.609560] ? up_read+0x17/0x30 [ 2132.658069] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2132.663877] ? __do_page_fault+0x19a/0xb50 [ 2132.663888] ? retint_kernel+0x2d/0x2d [ 2132.663902] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2132.663913] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2132.663926] ? __might_fault+0x104/0x1b0 [ 2132.663936] ? lock_acquire+0x170/0x3f0 [ 2132.663953] __sys_sendmmsg+0x129/0x330 [ 2132.663962] ? SyS_sendmsg+0x40/0x40 [ 2132.663984] ? __mutex_unlock_slowpath+0x75/0x770 [ 2132.663999] ? wait_for_completion_io+0x10/0x10 [ 2132.664011] ? vfs_write+0x319/0x4d0 [ 2132.780469] ? fput+0xb/0x140 [ 2132.783580] ? SyS_write+0x14d/0x210 [ 2132.787302] ? SyS_read+0x210/0x210 [ 2132.790933] SyS_sendmmsg+0x2f/0x50 [ 2132.794561] ? __sys_sendmmsg+0x330/0x330 [ 2132.798715] do_syscall_64+0x1d5/0x640 [ 2132.802610] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2132.807800] RIP: 0033:0x45e179 [ 2132.810991] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 07:17:10 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000000104010300000023000000000a000000080001400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x852000, 0x0) write(r4, &(0x7f0000000140)="5f97a988b45262c8609d5df1b8e787773d08f052ee0c91bb8660894dc2fab693e3ca172ae20c1d958458abb78370e65927c8157e9e85c5cb7b5a6faa36fd59243da4813952f4d1c0e62626eed748db726a12bfb3510154308b7978e458d3ad5a7c03f0414fd1403e57d4d5ebedd2d777928e2ea1b3478398af9b3c6808eafc49332a848c420d7f7c2ee14039a35cae08ac94ce065830544187aaeaced284dee8d8466b0015aec17d597d1fe7707b43bfb6d95879a864b9447945d7bb3e", 0xbd) read$FUSE(r3, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x38, 0x1403, 0x400, 0x70bd2b, 0x25dfdbfe, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wg2\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000085}, 0x40000) ioctl$DRM_IOCTL_SG_ALLOC(r3, 0xc0106438, &(0x7f0000000040)={0xbae}) 07:17:10 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, 0x0, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:10 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0xa8, 0xe, 0xa, 0x101, 0x70bd2c, 0x25dfdbff, {0x1, 0x0, 0x2}, [@generic="e7e0daef8a58eb6fdfbb11b226ef2a372b38bfda25af236a6e74a94b339aa85f7a3acc0940ce5bf08d6f165823389c003b64910b2258f55423b4d7acca15f3bca38d6b", @generic="109ae35bd59e50396838d16e23e653ebab110730faad40fb6ea692ae069e1f9ce4efb26ee1174b8add394e200a0ed6caac7940ff5da4637504cc09f54729278071f99acfd1da0ec8ac88093d", @nested={0x4, 0x35}]}, 0xa8}, 0x1, 0x0, 0x0, 0x80000}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2132.818701] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2132.825974] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2132.833267] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2132.840534] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a [ 2132.847805] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c [ 2132.871084] ip_tables: iptables: counters copy to user failed while replacing table [ 2132.897225] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2132.908121] ip_tables: iptables: counters copy to user failed while replacing table 07:17:11 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, 0x0, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2132.931358] ip_tables: iptables: counters copy to user failed while replacing table [ 2132.955689] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2132.967773] netlink: 148 bytes leftover after parsing attributes in process `syz-executor.5'. 07:17:11 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2132.986842] ip_tables: iptables: counters copy to user failed while replacing table [ 2133.000419] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. 07:17:11 executing program 4 (fault-call:10 fault-nth:27): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2133.062308] ip_tables: iptables: counters copy to user failed while replacing table [ 2133.086333] netlink: 148 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2133.222161] FAULT_INJECTION: forcing a failure. [ 2133.222161] name failslab, interval 1, probability 0, space 0, times 0 [ 2133.246433] CPU: 1 PID: 7074 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2133.254256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2133.263613] Call Trace: [ 2133.266207] dump_stack+0x1b2/0x283 [ 2133.269843] should_fail.cold+0x10a/0x154 [ 2133.274002] should_failslab+0xd6/0x130 [ 2133.277979] kmem_cache_alloc_node+0x263/0x410 [ 2133.282553] __alloc_skb+0x5c/0x510 [ 2133.286161] alloc_skb_with_frags+0x85/0x500 [ 2133.290553] sock_alloc_send_pskb+0x577/0x6d0 [ 2133.295026] ? SyS_sendmmsg+0x2f/0x50 [ 2133.298803] ? do_syscall_64+0x1d5/0x640 [ 2133.302848] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2133.308195] ? sock_kzfree_s+0x50/0x50 [ 2133.312070] ? netlbl_enabled+0x5/0x50 [ 2133.315967] ? __ip_dev_find+0x248/0x470 [ 2133.320011] ? lock_acquire+0x170/0x3f0 [ 2133.323967] __ip_append_data+0x11ec/0x1ff0 [ 2133.328286] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2133.333484] ? ip_do_fragment+0x1f50/0x1f50 [ 2133.337794] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2133.342795] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2133.347989] ? ip_setup_cork+0x6b0/0x6b0 [ 2133.352027] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2133.357194] ? ipv4_mtu+0x27e/0x370 [ 2133.360800] ? ip_do_fragment+0x1f50/0x1f50 [ 2133.365110] ip_make_skb+0x167/0x1b0 [ 2133.368813] ? ip_flush_pending_frames+0x20/0x20 [ 2133.373564] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2133.378557] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2133.384094] ? xfrm_lookup_route+0x43/0x1b0 [ 2133.388404] udp_sendmsg+0x156f/0x1c00 [ 2133.392318] ? ip_do_fragment+0x1f50/0x1f50 [ 2133.396623] ? udp_seq_next+0xa0/0xa0 [ 2133.400403] ? __might_fault+0x104/0x1b0 [ 2133.404446] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2133.409182] ? lock_acquire+0x170/0x3f0 [ 2133.413138] ? dup_iter+0x240/0x240 [ 2133.416747] ? kernel_recvmsg+0x210/0x210 [ 2133.420872] inet_sendmsg+0x11a/0x4e0 [ 2133.424672] ? security_socket_sendmsg+0x83/0xb0 [ 2133.429413] ? inet_recvmsg+0x4d0/0x4d0 [ 2133.433389] sock_sendmsg+0xb5/0x100 [ 2133.437088] ___sys_sendmsg+0x326/0x800 [ 2133.441039] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2133.445787] ? lock_downgrade+0x740/0x740 [ 2133.449935] ? trace_hardirqs_on+0x10/0x10 [ 2133.454157] ? up_read+0x17/0x30 [ 2133.457556] ? __do_page_fault+0x19a/0xb50 [ 2133.461770] ? retint_kernel+0x2d/0x2d [ 2133.465640] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2133.470642] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2133.475379] ? __might_fault+0x104/0x1b0 [ 2133.479423] ? lock_acquire+0x170/0x3f0 [ 2133.483403] __sys_sendmmsg+0x129/0x330 [ 2133.487371] ? SyS_sendmsg+0x40/0x40 [ 2133.491086] ? __mutex_unlock_slowpath+0x75/0x770 [ 2133.495913] ? wait_for_completion_io+0x10/0x10 [ 2133.500560] ? vfs_write+0x319/0x4d0 [ 2133.504250] ? fput+0xb/0x140 [ 2133.507334] ? SyS_write+0x14d/0x210 [ 2133.511030] ? SyS_read+0x210/0x210 [ 2133.514644] SyS_sendmmsg+0x2f/0x50 [ 2133.518245] ? __sys_sendmmsg+0x330/0x330 [ 2133.522372] do_syscall_64+0x1d5/0x640 [ 2133.526256] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2133.531432] RIP: 0033:0x45e179 [ 2133.534605] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2133.542302] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2133.549587] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2133.556845] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2133.564120] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001b [ 2133.571371] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:13 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:13 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:13 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x1c, &(0x7f0000000140)=""/200, &(0x7f0000000040)=0xc8) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 07:17:13 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000da94fc2b4bc3e0010800034000000000060006400002000005000101003f6bf5ee7c7564874d3f4664264ed913221e2f24a10500461d92ac9d3798204e71f0c8d8de16b9eb057b5d70db1fb7134ea1c0b40291a2157dac9e3f13938fc8e9aa"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r3, 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x12) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000000180), 0x0, 0x20000000) r4 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r4, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) ioctl$BTRFS_IOC_QGROUP_LIMIT(r4, 0x8030942b, &(0x7f0000000080)={0xe46f, {0xf, 0xff, 0x7, 0x4, 0x2}}) 07:17:13 executing program 2: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000040)=')\x00') r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r2, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r3, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) r4 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r4, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) ppoll(&(0x7f0000000280)=[{r1, 0x4048}, {r2, 0x1fc67979bbff492b}, {r1, 0x400}, {r2, 0x102}, {r3, 0x400}, {r0, 0x24}, {r4, 0x2200}], 0x7, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000000)) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x302, 0x0) write$binfmt_script(r5, &(0x7f0000000300)={'#! ', './file0', [], 0xa, "57bf0ddf7c357bfb5a86c2786dc171c27b331d56f194a0f2ce63ed6f2422245854a9afdb3f3707e7dd8cd8fe6b31aa6164596e937aa519f6cb826b57e339b9c53d46c110417790a837f5ad394a43de9f3f7e8f04c3a092e65c19e28b4c6c12141446c4c83222631d50fe8601bbb8797282cbd2dd54d62581198ed2899d0b5c3bfb4d29b3bd6151a92e1f2af8c46c3572242d2d4c18d4a74da00c53f9339f6a"}, 0xaa) readv(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/67, 0x43}, {&(0x7f0000000140)=""/129, 0x81}], 0x2) 07:17:13 executing program 4 (fault-call:10 fault-nth:28): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:13 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2135.510066] FAULT_INJECTION: forcing a failure. [ 2135.510066] name failslab, interval 1, probability 0, space 0, times 0 07:17:13 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="500000000104010300000000000000000000000008000340000000000600064000020000050001000152257a203534a4f3976c4dc03ea59ef6e1c873b25483995d4f979ae4ee1b82b95cd974c12f40a111046dc60bc8e687c5a685f76c76699bffdb80775a834c1ab77fd92418bfe84c4acf6d54aed8282865983a3fc0821ffd792a5fe6f4ffd28173af3f596b87b00b93a83166a1f61b10ae9d7938"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2135.595617] CPU: 1 PID: 7089 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2135.603565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2135.612920] Call Trace: [ 2135.615521] dump_stack+0x1b2/0x283 [ 2135.619157] should_fail.cold+0x10a/0x154 [ 2135.623312] should_failslab+0xd6/0x130 [ 2135.627291] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2135.632401] __kmalloc_node_track_caller+0x38/0x70 [ 2135.637340] __alloc_skb+0x96/0x510 [ 2135.640967] alloc_skb_with_frags+0x85/0x500 [ 2135.645385] sock_alloc_send_pskb+0x577/0x6d0 [ 2135.649881] ? SyS_sendmmsg+0x2f/0x50 [ 2135.653684] ? do_syscall_64+0x1d5/0x640 [ 2135.657744] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2135.663116] ? sock_kzfree_s+0x50/0x50 [ 2135.667007] ? netlbl_enabled+0x5/0x50 [ 2135.670897] ? __ip_dev_find+0x248/0x470 [ 2135.674965] ? lock_acquire+0x170/0x3f0 [ 2135.678946] __ip_append_data+0x11ec/0x1ff0 [ 2135.683273] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2135.688470] ? ip_do_fragment+0x1f50/0x1f50 07:17:13 executing program 5: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x228, 0xb0, 0x0, 0xb0, 0xb0, 0xb0, 0x190, 0x1a8, 0x1a8, 0x190, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0x0, 0x0, 'vlan0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x70, 0xe0}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x288) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000000104010300000000000000000000000008000340000000000600d765d3f428b36121064000"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:13 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2135.692836] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2135.697858] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2135.703054] ? ip_setup_cork+0x6b0/0x6b0 [ 2135.707122] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2135.712316] ? ipv4_mtu+0x27e/0x370 [ 2135.715986] ? ip_do_fragment+0x1f50/0x1f50 [ 2135.720322] ip_make_skb+0x167/0x1b0 [ 2135.724047] ? ip_flush_pending_frames+0x20/0x20 [ 2135.728810] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2135.733831] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2135.739379] ? xfrm_lookup_route+0x43/0x1b0 [ 2135.743712] udp_sendmsg+0x156f/0x1c00 [ 2135.747636] ? ip_do_fragment+0x1f50/0x1f50 [ 2135.751967] ? udp_seq_next+0xa0/0xa0 [ 2135.755772] ? __might_fault+0x104/0x1b0 [ 2135.759929] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2135.764829] ? lock_acquire+0x170/0x3f0 [ 2135.768817] ? dup_iter+0x240/0x240 [ 2135.772458] ? kernel_recvmsg+0x210/0x210 [ 2135.776611] inet_sendmsg+0x11a/0x4e0 [ 2135.780405] ? security_socket_sendmsg+0x83/0xb0 [ 2135.785162] ? inet_recvmsg+0x4d0/0x4d0 [ 2135.789138] sock_sendmsg+0xb5/0x100 07:17:13 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:13 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001e3020000000000000000000000000003400008000006000640000500000000001a17e7be"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2135.792885] ___sys_sendmsg+0x326/0x800 [ 2135.796861] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2135.801708] ? lock_downgrade+0x740/0x740 [ 2135.805860] ? trace_hardirqs_on+0x10/0x10 [ 2135.810092] ? up_read+0x17/0x30 [ 2135.813460] ? __do_page_fault+0x19a/0xb50 [ 2135.817695] ? retint_kernel+0x2d/0x2d [ 2135.821583] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2135.826601] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2135.831361] ? __might_fault+0x104/0x1b0 [ 2135.835427] ? lock_acquire+0x170/0x3f0 [ 2135.839417] __sys_sendmmsg+0x129/0x330 [ 2135.843395] ? SyS_sendmsg+0x40/0x40 [ 2135.847126] ? __mutex_unlock_slowpath+0x75/0x770 [ 2135.851974] ? wait_for_completion_io+0x10/0x10 [ 2135.856646] ? vfs_write+0x319/0x4d0 [ 2135.860365] ? fput+0xb/0x140 [ 2135.863473] ? SyS_write+0x14d/0x210 [ 2135.867179] ? SyS_read+0x210/0x210 [ 2135.870802] SyS_sendmmsg+0x2f/0x50 [ 2135.874429] ? __sys_sendmmsg+0x330/0x330 [ 2135.878581] do_syscall_64+0x1d5/0x640 [ 2135.882481] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2135.887665] RIP: 0033:0x45e179 [ 2135.890849] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2135.898561] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2135.905833] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2135.913106] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2135.920384] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001c [ 2135.927653] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:16 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5000000201040000000000000000cbcb554b662b5e660000000008000340000000000600064000020000050001000165b0f5921c27057e5f359a7a121767ff70bab5383352b5d060cd21de6050a0cd406560d257463c0cd45cc0f1de9d53e7b9a099f0cca883b4eb50d37011bc756649b9a942df9bb7cd7da92db790f3cf336fab9924b605b10bb1239471476b014d88d62686f49f788d9fb3f23e556458d8afe40522b89e21735547d21ae71caf7e8b5cbf3f6ec65955c7f0462b0d"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:16 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:16 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:16 executing program 4 (fault-call:10 fault-nth:29): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:16 executing program 2: r0 = accept4$rose(0xffffffffffffffff, &(0x7f0000000040)=@full={0xb, @dev, @default, 0x0, [@remote, @default, @bcast, @default, @null]}, &(0x7f00000000c0)=0x40, 0x80800) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000140)={0xffffffffffffffff, r0, 0x1f, 0x24, &(0x7f0000000100)="851cde7841396581785d3545503cb19ea3bf760d52a3aea32a016ddb07f51206df625bcb", 0x81, 0x2, 0x81, 0x0, 0x3, 0x1, 0xa15, 'syz0\x00'}) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r1}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000000)) readv(r1, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:17:16 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000000104010340000000060000ca81a95e10000000000000"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r3, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) ioctl$int_in(r3, 0x5421, &(0x7f0000000040)=0x9) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:16 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2138.546230] net_ratelimit: 16 callbacks suppressed [ 2138.546235] ip_tables: iptables: counters copy to user failed while replacing table [ 2138.559939] ip_tables: iptables: counters copy to user failed while replacing table [ 2138.577783] ip_tables: iptables: counters copy to user failed while replacing table [ 2138.601908] ip_tables: iptables: counters copy to user failed while replacing table [ 2138.618801] nla_parse: 11 callbacks suppressed [ 2138.618807] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2138.620195] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2138.639509] ip_tables: iptables: counters copy to user failed while replacing table [ 2138.655784] FAULT_INJECTION: forcing a failure. [ 2138.655784] name failslab, interval 1, probability 0, space 0, times 0 [ 2138.693026] CPU: 1 PID: 7139 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2138.700856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2138.713122] ip_tables: iptables: counters copy to user failed while replacing table [ 2138.713278] Call Trace: [ 2138.723660] dump_stack+0x1b2/0x283 [ 2138.724366] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2138.727291] should_fail.cold+0x10a/0x154 [ 2138.727306] should_failslab+0xd6/0x130 [ 2138.727318] kmem_cache_alloc+0x40/0x3c0 [ 2138.748054] dst_alloc+0xed/0x6d0 [ 2138.751950] rt_dst_alloc+0x6b/0x430 07:17:16 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x60, 0x0) [ 2138.755674] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2138.760966] ip_route_output_key_hash+0x195/0x2a0 [ 2138.761110] ip_tables: iptables: counters copy to user failed while replacing table [ 2138.765811] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2138.765821] ? udp_sendmsg+0xe45/0x1c00 [ 2138.765835] ? lock_acquire+0x170/0x3f0 [ 2138.765844] ? lock_downgrade+0x740/0x740 [ 2138.765854] ip_route_output_flow+0x22/0xb0 [ 2138.765863] udp_sendmsg+0x13b5/0x1c00 [ 2138.765874] ? ip_do_fragment+0x1f50/0x1f50 [ 2138.765889] ? udp_seq_next+0xa0/0xa0 [ 2138.807530] ? __might_fault+0x104/0x1b0 [ 2138.811592] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2138.816354] ? lock_acquire+0x170/0x3f0 [ 2138.820340] ? dup_iter+0x240/0x240 [ 2138.823976] ? kernel_recvmsg+0x210/0x210 [ 2138.828125] inet_sendmsg+0x11a/0x4e0 [ 2138.831928] ? security_socket_sendmsg+0x83/0xb0 [ 2138.836406] ip_tables: iptables: counters copy to user failed while replacing table [ 2138.836682] ? inet_recvmsg+0x4d0/0x4d0 [ 2138.848523] sock_sendmsg+0xb5/0x100 [ 2138.852242] ___sys_sendmsg+0x326/0x800 07:17:16 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x60, 0x0) [ 2138.856228] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2138.861037] ? lock_downgrade+0x740/0x740 [ 2138.865203] ? trace_hardirqs_on+0x10/0x10 [ 2138.869449] ? up_read+0x17/0x30 [ 2138.872846] ? __do_page_fault+0x19a/0xb50 [ 2138.877172] ? retint_kernel+0x2d/0x2d [ 2138.881065] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2138.886091] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2138.890855] ? __might_fault+0x104/0x1b0 [ 2138.894925] ? lock_acquire+0x170/0x3f0 [ 2138.898912] __sys_sendmmsg+0x129/0x330 [ 2138.902890] ? SyS_sendmsg+0x40/0x40 07:17:17 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x60, 0x0) [ 2138.906620] ? __mutex_unlock_slowpath+0x75/0x770 [ 2138.911469] ? wait_for_completion_io+0x10/0x10 [ 2138.916144] ? vfs_write+0x319/0x4d0 [ 2138.919863] ? fput+0xb/0x140 [ 2138.922405] ip_tables: iptables: counters copy to user failed while replacing table [ 2138.922971] ? SyS_write+0x14d/0x210 [ 2138.922980] ? SyS_read+0x210/0x210 [ 2138.922992] SyS_sendmmsg+0x2f/0x50 [ 2138.923003] ? __sys_sendmmsg+0x330/0x330 [ 2138.945876] do_syscall_64+0x1d5/0x640 [ 2138.949776] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2138.955228] RIP: 0033:0x45e179 [ 2138.958416] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2138.966127] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2138.973528] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2138.980802] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2138.988074] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001d [ 2138.993137] ip_tables: iptables: counters copy to user failed while replacing table 07:17:17 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r1, 0x0, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000500)=0x6, &(0x7f0000000540)=0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="50000000010401030000000000000000e0ffffff080003400000000006000640000200000500010001"], 0x50}}, 0x0) ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0xae71, &(0x7f0000000040)) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r2, 0x8982, &(0x7f00000004c0)) sendmmsg(r3, &(0x7f0000007fc0), 0x60, 0x0) getresuid(&(0x7f0000000340), &(0x7f0000000380)=0x0, &(0x7f00000003c0)) syz_mount_image$udf(&(0x7f0000000080)='udf\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000300)=[{&(0x7f0000000180)="ad906a21953e1844c214b36c20c59f2969e702d163d8bed4c2e9c594933eb80188571834ef334246c5d63b02312f16727cd6d41c0bf34a5c71cd460d88d347bc41747b9d4554a8597c360eabff940eeedb14c9a27c006490bd5aade10ca3446514f17028ca0333199791213d3a765702afd379202ea170458d1e37f94c06dcbc314fb57d3acc55343da6b37891f31cae52a79fe91d4efb6f91ffbe3610388440a37ca6b698edcd4041ccfba7722727a3882fb9b1f6c2d6a3fec9cb197726d4d991107a6ff88166dcbba6ca", 0xcb, 0x9}, {&(0x7f0000000280)="227eb4df8d0e5443e408630ca628bd99102f2970f9503ff2f09dc39d8b794d2490edaff2da42c9fb30fd56c570af28ba5fc825a3a8e2a6c6f32741d330e46d32a1c82005dc790cec6094f0f1d9b078", 0x4f, 0x9}], 0x2, &(0x7f0000000400)={[{@iocharset={'iocharset', 0x3d, 'cp862'}}, {@partition={'partition', 0x3d, 0x8}}, {@uid_ignore='uid=ignore'}, {@noadinicb='noadinicb'}, {@unhide='unhide'}, {@volume={'volume', 0x3d, 0xc5}}, {@gid={'gid', 0x3d, 0xee00}}], [{@euid_eq={'euid', 0x3d, r4}}, {@permit_directio='permit_directio'}]}) 07:17:17 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000140)={'tunl0\x00', &(0x7f0000000040)={'gretap0\x00', 0x0, 0xa0, 0x8, 0xa4, 0x0, {{0x11, 0x4, 0x0, 0x4, 0x44, 0x66, 0x0, 0x7, 0x2f, 0x0, @rand_addr=0x64010100, @rand_addr=0x64010102, {[@timestamp={0x44, 0x18, 0xbe, 0x0, 0x0, [0x0, 0x2, 0x7, 0x1, 0x1]}, @noop, @timestamp_addr={0x44, 0x14, 0xeb, 0x1, 0x4, [{@empty, 0x401}, {@loopback, 0x7ec}]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(0xffffffffffffffff, 0x89fb, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'syztnl2\x00', r1, 0x4, 0xff, 0x8, 0x9, 0x20, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00', 0x20, 0x7800, 0x1, 0x1}}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, &(0x7f0000000280)) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f0000000240)=0x1, 0x4) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x60, 0x0) 07:17:17 executing program 4 (fault-call:10 fault-nth:30): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2138.995344] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c [ 2139.129907] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2139.143386] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2139.144114] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2139.170113] FAULT_INJECTION: forcing a failure. [ 2139.170113] name failslab, interval 1, probability 0, space 0, times 0 [ 2139.198385] UDF-fs: bad mount option "partition=00000000000000000008" or missing value [ 2139.219961] CPU: 0 PID: 7177 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2139.227358] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2139.227785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2139.247881] Call Trace: [ 2139.250571] dump_stack+0x1b2/0x283 [ 2139.254207] should_fail.cold+0x10a/0x154 [ 2139.258367] should_failslab+0xd6/0x130 [ 2139.262350] kmem_cache_alloc_node+0x263/0x410 [ 2139.266971] __alloc_skb+0x5c/0x510 [ 2139.270598] alloc_skb_with_frags+0x85/0x500 [ 2139.275015] sock_alloc_send_pskb+0x577/0x6d0 [ 2139.279512] ? SyS_sendmmsg+0x2f/0x50 [ 2139.283317] ? do_syscall_64+0x1d5/0x640 [ 2139.287381] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2139.292755] ? sock_kzfree_s+0x50/0x50 [ 2139.296650] ? netlbl_enabled+0x5/0x50 [ 2139.300542] ? __ip_dev_find+0x248/0x470 [ 2139.304608] ? lock_acquire+0x170/0x3f0 [ 2139.308587] __ip_append_data+0x11ec/0x1ff0 [ 2139.312913] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2139.318108] ? ip_do_fragment+0x1f50/0x1f50 [ 2139.322425] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2139.327544] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2139.332725] ? ip_setup_cork+0x6b0/0x6b0 [ 2139.336767] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2139.341940] ? ipv4_mtu+0x27e/0x370 [ 2139.345561] ? ip_do_fragment+0x1f50/0x1f50 [ 2139.349885] ip_make_skb+0x167/0x1b0 [ 2139.353607] ? ip_flush_pending_frames+0x20/0x20 [ 2139.358377] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2139.363401] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2139.368946] ? xfrm_lookup_route+0x43/0x1b0 [ 2139.373284] udp_sendmsg+0x156f/0x1c00 [ 2139.377178] ? ip_do_fragment+0x1f50/0x1f50 [ 2139.381503] ? udp_seq_next+0xa0/0xa0 [ 2139.385307] ? __might_fault+0x104/0x1b0 [ 2139.389369] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2139.394126] ? lock_acquire+0x170/0x3f0 [ 2139.398806] ? dup_iter+0x240/0x240 [ 2139.402442] ? kernel_recvmsg+0x210/0x210 [ 2139.406592] inet_sendmsg+0x11a/0x4e0 [ 2139.410391] ? security_socket_sendmsg+0x83/0xb0 [ 2139.415141] ? inet_recvmsg+0x4d0/0x4d0 [ 2139.419166] sock_sendmsg+0xb5/0x100 [ 2139.422880] ___sys_sendmsg+0x326/0x800 [ 2139.426848] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2139.431593] ? lock_downgrade+0x740/0x740 [ 2139.435724] ? trace_hardirqs_on+0x10/0x10 [ 2139.439938] ? up_read+0x17/0x30 [ 2139.443297] ? __do_page_fault+0x19a/0xb50 [ 2139.447524] ? retint_kernel+0x2d/0x2d [ 2139.451399] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2139.456398] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2139.461139] ? __might_fault+0x104/0x1b0 [ 2139.465194] ? lock_acquire+0x170/0x3f0 [ 2139.469171] __sys_sendmmsg+0x129/0x330 [ 2139.473134] ? SyS_sendmsg+0x40/0x40 [ 2139.476855] ? __mutex_unlock_slowpath+0x75/0x770 [ 2139.481682] ? wait_for_completion_io+0x10/0x10 [ 2139.486347] ? vfs_write+0x319/0x4d0 [ 2139.490058] ? fput+0xb/0x140 [ 2139.493146] ? SyS_write+0x14d/0x210 [ 2139.496843] ? SyS_read+0x210/0x210 [ 2139.500466] SyS_sendmmsg+0x2f/0x50 [ 2139.504077] ? __sys_sendmmsg+0x330/0x330 [ 2139.508221] do_syscall_64+0x1d5/0x640 [ 2139.512114] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2139.517291] RIP: 0033:0x45e179 [ 2139.520466] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2139.528160] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2139.535421] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2139.542676] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2139.549932] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001e [ 2139.557221] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c [ 2139.616512] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2139.630939] UDF-fs: bad mount option "partition=00000000000000000008" or missing value 07:17:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:19 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, 0x0, 0x0, 0x0) 07:17:19 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040)=0xffff7fff) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:17:19 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) ioctl$TIOCGRS485(r0, 0x542e, &(0x7f0000000040)) 07:17:19 executing program 4 (fault-call:10 fault-nth:31): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:19 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) fstat(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r1) read$FUSE(0xffffffffffffffff, &(0x7f0000000c80)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$hfs(&(0x7f0000000040)='hfs\x00', &(0x7f0000000080)='./file0\x00', 0x9, 0x1, &(0x7f0000000200)=[{&(0x7f0000000140)="8d0aa695b3da2d557bc9ad533df845868d171f86a7bd1a8b74dae1059cc1ebc423c57b21c4aac7e45179c4f937f9bdf9c4bcddd086ae7d5b16b6d61f880766710c4359d0bb212dcebea9c05d51efd9a28de6601f610448c2689249e0a146cfc8c1236d4966f5fb66ba75087193a3de6e99613a0c2ec891e545b795038f54f88c105fb40209b45451027dad12b9eb4824081335342f661a845755a0e7cd4a9a", 0x9f, 0x10001}], 0x2082000, &(0x7f0000000240)={[{@dir_umask={'dir_umask', 0x3d, 0x4}}], [{@euid_eq={'euid', 0x3d, r1}}, {@obj_user={'obj_user', 0x3d, '}\xff'}}, {@fowner_lt={'fowner<', r2}}]}) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200200500010001"], 0x50}}, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r5, &(0x7f0000007fc0), 0x60, 0x0) [ 2141.576289] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2141.582466] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. 07:17:19 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, 0x0, 0x0, 0x0) [ 2141.617432] FAULT_INJECTION: forcing a failure. [ 2141.617432] name failslab, interval 1, probability 0, space 0, times 0 [ 2141.674348] CPU: 0 PID: 7212 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2141.682186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2141.691684] Call Trace: [ 2141.694285] dump_stack+0x1b2/0x283 [ 2141.697927] should_fail.cold+0x10a/0x154 [ 2141.702088] should_failslab+0xd6/0x130 [ 2141.706070] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2141.711183] __kmalloc_node_track_caller+0x38/0x70 [ 2141.716126] __alloc_skb+0x96/0x510 [ 2141.719759] alloc_skb_with_frags+0x85/0x500 07:17:19 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="5000000001040103000000000000000000f9ff00080003400000000006000640000200000500010001756462eef3fac6a99ce5723524f24fc47b0691ba7f347331b5513fa3224354e9eda176a1ec04017a8a700a3e03949ecb86e851573d6e3a90a102d1e30311579bd955f803b8d71aa7fbfd3f6cf0827c3966a3e3efd37c5181bcb0baa936e3d30362cbb677785ba67847a856c0eb50c832c84eaa36f459d1ae832c8948e8e5f1fcf40d5fab670c08177ff9c86a6134c74df4e4bde54749bbfb0a15f45f3b46cbcae61323ed87d5ee7bac3d74d96a6212"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) poll(&(0x7f0000000040)=[{r1, 0x2690}], 0x1, 0x1) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2141.724177] sock_alloc_send_pskb+0x577/0x6d0 [ 2141.728678] ? SyS_sendmmsg+0x2f/0x50 [ 2141.732479] ? do_syscall_64+0x1d5/0x640 [ 2141.736542] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2141.741915] ? sock_kzfree_s+0x50/0x50 [ 2141.745812] ? netlbl_enabled+0x5/0x50 [ 2141.749708] ? __ip_dev_find+0x248/0x470 [ 2141.753785] ? lock_acquire+0x170/0x3f0 [ 2141.757860] __ip_append_data+0x11ec/0x1ff0 [ 2141.762338] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2141.767542] ? ip_do_fragment+0x1f50/0x1f50 [ 2141.771993] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2141.777016] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2141.782222] ? ip_setup_cork+0x6b0/0x6b0 [ 2141.786290] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2141.791488] ? ipv4_mtu+0x27e/0x370 [ 2141.795126] ? ip_do_fragment+0x1f50/0x1f50 [ 2141.799456] ip_make_skb+0x167/0x1b0 [ 2141.803181] ? ip_flush_pending_frames+0x20/0x20 [ 2141.807934] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2141.812955] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2141.818506] ? xfrm_lookup_route+0x43/0x1b0 07:17:19 executing program 3: fcntl$notify(0xffffffffffffffff, 0x402, 0x7) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2141.822840] udp_sendmsg+0x156f/0x1c00 [ 2141.826732] ? ip_do_fragment+0x1f50/0x1f50 [ 2141.831067] ? udp_seq_next+0xa0/0xa0 [ 2141.834874] ? __might_fault+0x104/0x1b0 [ 2141.838942] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2141.843709] ? lock_acquire+0x170/0x3f0 [ 2141.847685] ? dup_iter+0x240/0x240 [ 2141.851320] ? kernel_recvmsg+0x210/0x210 [ 2141.855475] inet_sendmsg+0x11a/0x4e0 [ 2141.859288] ? security_socket_sendmsg+0x83/0xb0 [ 2141.864042] ? inet_recvmsg+0x4d0/0x4d0 [ 2141.868022] sock_sendmsg+0xb5/0x100 [ 2141.871739] ___sys_sendmsg+0x326/0x800 [ 2141.875718] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2141.880481] ? lock_downgrade+0x740/0x740 [ 2141.884644] ? trace_hardirqs_on+0x10/0x10 [ 2141.888887] ? up_read+0x17/0x30 [ 2141.892260] ? __do_page_fault+0x19a/0xb50 [ 2141.896508] ? retint_kernel+0x2d/0x2d [ 2141.900401] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2141.905769] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2141.910532] ? __might_fault+0x104/0x1b0 [ 2141.914599] ? lock_acquire+0x170/0x3f0 [ 2141.918587] __sys_sendmmsg+0x129/0x330 [ 2141.922568] ? SyS_sendmsg+0x40/0x40 [ 2141.926295] ? __mutex_unlock_slowpath+0x75/0x770 [ 2141.931148] ? wait_for_completion_io+0x10/0x10 [ 2141.935823] ? vfs_write+0x319/0x4d0 [ 2141.939537] ? fput+0xb/0x140 [ 2141.942643] ? SyS_write+0x14d/0x210 [ 2141.946357] ? SyS_read+0x210/0x210 [ 2141.949989] SyS_sendmmsg+0x2f/0x50 [ 2141.953618] ? __sys_sendmmsg+0x330/0x330 [ 2141.957761] do_syscall_64+0x1d5/0x640 [ 2141.961693] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2141.966881] RIP: 0033:0x45e179 07:17:20 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x54, 0x8002) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000f06000640000900000500010001"], 0x50}}, 0x4004080) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:20 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, 0x0, 0x0, 0x0) 07:17:20 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2141.970065] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2141.977797] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2141.985065] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2141.992334] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2141.999619] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001f [ 2142.006893] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:22 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:22 executing program 4 (fault-call:10 fault-nth:32): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:22 executing program 1: fcntl$notify(0xffffffffffffffff, 0x402, 0x7) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:22 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) accept4$unix(0xffffffffffffffff, 0x0, &(0x7f0000000200), 0x800) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x50, 0x0, 0x9, 0x301, 0x0, 0x0, {0x7, 0x0, 0x5}, [@NFCTH_STATUS={0x8}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x9}}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x44000}, 0x18) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:22 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32=r8, @ANYBLOB="20f6b621050000000000000000", @ANYRES32=r8, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) r9 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r9, 0x0, 0x0) connect$nfc_raw(r9, &(0x7f0000000040)={0x27, 0x1, 0x2, 0x6}, 0x10) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) 07:17:22 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r1, 0x10c, 0x7, &(0x7f0000000040)=0x4004, 0x4) ppoll(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f00000000c0)={'macvlan1\x00', {0x2, 0x0, @remote}}) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) [ 2144.602647] net_ratelimit: 18 callbacks suppressed [ 2144.602651] ip_tables: iptables: counters copy to user failed while replacing table [ 2144.619779] ip_tables: iptables: counters copy to user failed while replacing table [ 2144.641853] nla_parse: 6 callbacks suppressed [ 2144.641859] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2144.643210] ip_tables: iptables: counters copy to user failed while replacing table [ 2144.660958] FAULT_INJECTION: forcing a failure. [ 2144.660958] name failslab, interval 1, probability 0, space 0, times 0 [ 2144.665670] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2144.688280] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2144.694267] ip_tables: iptables: counters copy to user failed while replacing table [ 2144.697339] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2144.726222] CPU: 1 PID: 7269 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2144.734049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2144.743404] Call Trace: [ 2144.746001] dump_stack+0x1b2/0x283 [ 2144.749657] should_fail.cold+0x10a/0x154 [ 2144.753814] should_failslab+0xd6/0x130 [ 2144.757806] kmem_cache_alloc+0x40/0x3c0 [ 2144.760968] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2144.761872] dst_alloc+0xed/0x6d0 [ 2144.761887] rt_dst_alloc+0x6b/0x430 [ 2144.761908] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2144.782815] ip_route_output_key_hash+0x195/0x2a0 [ 2144.787672] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2144.793218] ? udp_sendmsg+0xe45/0x1c00 [ 2144.797201] ? lock_acquire+0x170/0x3f0 [ 2144.801181] ? lock_downgrade+0x740/0x740 [ 2144.805333] ip_route_output_flow+0x22/0xb0 [ 2144.809660] udp_sendmsg+0x13b5/0x1c00 [ 2144.813551] ? ip_do_fragment+0x1f50/0x1f50 [ 2144.817875] ? udp_seq_next+0xa0/0xa0 [ 2144.821448] ip_tables: iptables: counters copy to user failed while replacing table [ 2144.821681] ? __might_fault+0x104/0x1b0 [ 2144.833510] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2144.838268] ? lock_acquire+0x170/0x3f0 [ 2144.842247] ? dup_iter+0x240/0x240 [ 2144.845878] ? kernel_recvmsg+0x210/0x210 [ 2144.850027] inet_sendmsg+0x11a/0x4e0 [ 2144.850616] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2144.853818] ? security_socket_sendmsg+0x83/0xb0 [ 2144.853829] ? inet_recvmsg+0x4d0/0x4d0 [ 2144.853842] sock_sendmsg+0xb5/0x100 [ 2144.853851] ___sys_sendmsg+0x326/0x800 [ 2144.853860] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2144.853872] ? lock_downgrade+0x740/0x740 [ 2144.853882] ? trace_hardirqs_on+0x10/0x10 [ 2144.853891] ? up_read+0x17/0x30 [ 2144.853907] ? __do_page_fault+0x19a/0xb50 [ 2144.853916] ? retint_kernel+0x2d/0x2d 07:17:22 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:22 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32=r8, @ANYBLOB="20f6b621050000000000000000", @ANYRES32=r8, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) r9 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r9, 0x0, 0x0) connect$nfc_raw(r9, &(0x7f0000000040)={0x27, 0x1, 0x2, 0x6}, 0x10) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) [ 2144.853926] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2144.853937] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2144.853949] ? __might_fault+0x104/0x1b0 [ 2144.853960] ? lock_acquire+0x170/0x3f0 [ 2144.853976] __sys_sendmmsg+0x129/0x330 [ 2144.925142] ? SyS_sendmsg+0x40/0x40 [ 2144.928875] ? __mutex_unlock_slowpath+0x75/0x770 [ 2144.933759] ? wait_for_completion_io+0x10/0x10 [ 2144.938435] ? vfs_write+0x319/0x4d0 [ 2144.942152] ? fput+0xb/0x140 [ 2144.945259] ? SyS_write+0x14d/0x210 [ 2144.948977] ? SyS_read+0x210/0x210 [ 2144.952609] SyS_sendmmsg+0x2f/0x50 [ 2144.956278] ? __sys_sendmmsg+0x330/0x330 [ 2144.960435] do_syscall_64+0x1d5/0x640 [ 2144.964333] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2144.969520] RIP: 0033:0x45e179 [ 2144.972709] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2144.980419] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2144.987691] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2144.994964] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 07:17:23 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0xb0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x500000, 0x0) ioctl$CHAR_RAW_HDIO_GETGEO(r2, 0x301, &(0x7f0000000140)) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) rt_sigaction(0x20, &(0x7f0000000240)={&(0x7f00000001c0)="2e47bf2bc800002e65446fda4eb8c4e1f971e1a5f245adc4a11571d065f30f1eff66440f3a0a01778fe820959d8bb700000b66400f745600", 0x40000004, &(0x7f0000000200)="470f3426dd7c1b0bf2440f59150d000000c4630538b3e6900000c8c4e2410ad2f081287600000064f347aa6542d9fcc443bd5f5c3c534b6736f36f", {[0x7ff]}}, &(0x7f0000000340)={&(0x7f0000000280)="2e6541d9ff652e460f162d08000000470fdcdcc4c2e0f24e958f8808cd4b7900c4e1fd7097fd5b00004dc4816c55112e74fec46391798bbc69000000c40399cf6349f6", 0x0, &(0x7f0000000300)="42020a8fe878c0f1eaf247ad0f00a700000080c401e9d8e6f0460fb316c4a255ac39f20f2db500000080f3400fa7e02ede82feefffff"}, 0x8, &(0x7f0000000380)) setsockopt$llc_int(r3, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) ioctl$BTRFS_IOC_SET_FEATURES(r3, 0x40309439, &(0x7f0000000180)={0x1, 0x1, 0x21}) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r5, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_FREE(r5, 0x40206435, &(0x7f0000000040)) sendmmsg(r4, &(0x7f0000007fc0), 0x60, 0x0) 07:17:23 executing program 1: fcntl$notify(0xffffffffffffffff, 0x402, 0x7) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2145.002237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000020 [ 2145.009537] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:23 executing program 4 (fault-call:10 fault-nth:33): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2145.111483] ip_tables: iptables: counters copy to user failed while replacing table [ 2145.127834] ip_tables: iptables: counters copy to user failed while replacing table [ 2145.147998] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2145.161413] ip_tables: iptables: counters copy to user failed while replacing table [ 2145.174143] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2145.183792] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2145.192981] ip_tables: iptables: counters copy to user failed while replacing table [ 2145.197753] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 07:17:23 executing program 1: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040)=0xffff7fff) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:17:23 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32=r8, @ANYBLOB="20f6b621050000000000000000", @ANYRES32=r8, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) r9 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r9, 0x0, 0x0) connect$nfc_raw(r9, &(0x7f0000000040)={0x27, 0x1, 0x2, 0x6}, 0x10) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) [ 2145.268574] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2145.275392] ip_tables: iptables: counters copy to user failed while replacing table [ 2145.276773] FAULT_INJECTION: forcing a failure. [ 2145.276773] name failslab, interval 1, probability 0, space 0, times 0 [ 2145.373242] CPU: 1 PID: 7303 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2145.381108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2145.390464] Call Trace: [ 2145.393059] dump_stack+0x1b2/0x283 [ 2145.396685] should_fail.cold+0x10a/0x154 [ 2145.400834] should_failslab+0xd6/0x130 [ 2145.404815] kmem_cache_alloc+0x40/0x3c0 [ 2145.408883] dst_alloc+0xed/0x6d0 [ 2145.412342] rt_dst_alloc+0x6b/0x430 [ 2145.416055] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2145.421342] ip_route_output_key_hash+0x195/0x2a0 [ 2145.426190] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2145.431736] ? udp_sendmsg+0xe45/0x1c00 [ 2145.435724] ? lock_acquire+0x170/0x3f0 [ 2145.439719] ? lock_downgrade+0x740/0x740 [ 2145.443453] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2145.443867] ip_route_output_flow+0x22/0xb0 [ 2145.443882] udp_sendmsg+0x13b5/0x1c00 [ 2145.443895] ? ip_do_fragment+0x1f50/0x1f50 [ 2145.443908] ? udp_seq_next+0xa0/0xa0 [ 2145.465562] ? __might_fault+0x104/0x1b0 [ 2145.469622] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2145.474386] ? lock_acquire+0x170/0x3f0 [ 2145.478377] ? dup_iter+0x240/0x240 [ 2145.482009] ? kernel_recvmsg+0x210/0x210 [ 2145.486162] inet_sendmsg+0x11a/0x4e0 [ 2145.489963] ? security_socket_sendmsg+0x83/0xb0 [ 2145.494725] ? inet_recvmsg+0x4d0/0x4d0 [ 2145.498702] sock_sendmsg+0xb5/0x100 [ 2145.502423] ___sys_sendmsg+0x326/0x800 [ 2145.506395] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2145.511152] ? lock_downgrade+0x740/0x740 [ 2145.515304] ? trace_hardirqs_on+0x10/0x10 [ 2145.519542] ? up_read+0x17/0x30 [ 2145.522911] ? __do_page_fault+0x19a/0xb50 [ 2145.527150] ? retint_kernel+0x2d/0x2d [ 2145.531043] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2145.536070] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2145.540841] ? __might_fault+0x104/0x1b0 [ 2145.544928] ? lock_acquire+0x170/0x3f0 [ 2145.548916] __sys_sendmmsg+0x129/0x330 [ 2145.552901] ? SyS_sendmsg+0x40/0x40 [ 2145.556625] ? __mutex_unlock_slowpath+0x75/0x770 [ 2145.561475] ? wait_for_completion_io+0x10/0x10 [ 2145.566148] ? vfs_write+0x319/0x4d0 [ 2145.569871] ? fput+0xb/0x140 [ 2145.572984] ? SyS_write+0x14d/0x210 [ 2145.576704] ? SyS_read+0x210/0x210 [ 2145.580334] SyS_sendmmsg+0x2f/0x50 [ 2145.584232] ? __sys_sendmmsg+0x330/0x330 [ 2145.588390] do_syscall_64+0x1d5/0x640 [ 2145.592289] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2145.597509] RIP: 0033:0x45e179 [ 2145.600693] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2145.608404] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2145.615675] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 07:17:23 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) ioctl$sock_ipv6_tunnel_SIOCADDPRL(0xffffffffffffffff, 0x89f5, &(0x7f0000000040)={'syztnl1\x00', &(0x7f00000000c0)={'syztnl2\x00', 0x0, 0x2f, 0x0, 0x4, 0x4, 0x6a, @mcast1, @empty, 0x8, 0x20, 0x2}}) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f0000000140)={@mcast2, r1}, 0x14) 07:17:23 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32=r7, @ANYBLOB="20f6b621050000000000000000", @ANYRES32=r7, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) r8 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r8, 0x0, 0x0) connect$nfc_raw(r8, &(0x7f0000000040)={0x27, 0x1, 0x2, 0x6}, 0x10) 07:17:23 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x280c40, 0x0) ioctl$IMCTRLREQ(r2, 0x80044945, &(0x7f0000000080)={0x80, 0x5, 0x8, 0x1}) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x60, 0x0) [ 2145.622946] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2145.630227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000021 [ 2145.637500] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:23 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32=r7, @ANYBLOB="20f6b621050000000000000000", @ANYRES32=r7, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) r8 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r8, 0x0, 0x0) [ 2145.707971] PF_BRIDGE: br_mdb_parse() with invalid attr 07:17:23 executing program 4 (fault-call:10 fault-nth:34): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2145.878176] FAULT_INJECTION: forcing a failure. [ 2145.878176] name failslab, interval 1, probability 0, space 0, times 0 [ 2145.904284] CPU: 0 PID: 7347 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2145.912114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2145.916753] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2145.921466] Call Trace: [ 2145.921486] dump_stack+0x1b2/0x283 [ 2145.921503] should_fail.cold+0x10a/0x154 [ 2145.937186] should_failslab+0xd6/0x130 [ 2145.941165] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2145.946290] __kmalloc_node_track_caller+0x38/0x70 [ 2145.951291] __alloc_skb+0x96/0x510 [ 2145.954898] alloc_skb_with_frags+0x85/0x500 [ 2145.959337] sock_alloc_send_pskb+0x577/0x6d0 [ 2145.963853] ? SyS_sendmmsg+0x2f/0x50 [ 2145.967636] ? do_syscall_64+0x1d5/0x640 [ 2145.971679] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2145.977030] ? sock_kzfree_s+0x50/0x50 [ 2145.981047] ? netlbl_enabled+0x5/0x50 [ 2145.984930] ? __ip_dev_find+0x248/0x470 [ 2145.988980] ? lock_acquire+0x170/0x3f0 [ 2145.992954] __ip_append_data+0x11ec/0x1ff0 [ 2145.997261] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2146.002497] ? ip_do_fragment+0x1f50/0x1f50 [ 2146.006844] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2146.011847] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2146.017020] ? ip_setup_cork+0x6b0/0x6b0 [ 2146.021059] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2146.026227] ? ipv4_mtu+0x27e/0x370 [ 2146.029833] ? ip_do_fragment+0x1f50/0x1f50 [ 2146.034133] ip_make_skb+0x167/0x1b0 [ 2146.037825] ? ip_flush_pending_frames+0x20/0x20 [ 2146.042610] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2146.047605] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2146.053150] ? xfrm_lookup_route+0x43/0x1b0 [ 2146.057470] udp_sendmsg+0x156f/0x1c00 [ 2146.061347] ? ip_do_fragment+0x1f50/0x1f50 [ 2146.065652] ? udp_seq_next+0xa0/0xa0 [ 2146.069441] ? __might_fault+0x104/0x1b0 [ 2146.073482] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2146.078217] ? lock_acquire+0x170/0x3f0 [ 2146.082175] ? dup_iter+0x240/0x240 [ 2146.085782] ? kernel_recvmsg+0x210/0x210 [ 2146.089922] inet_sendmsg+0x11a/0x4e0 [ 2146.093711] ? security_socket_sendmsg+0x83/0xb0 [ 2146.098454] ? inet_recvmsg+0x4d0/0x4d0 [ 2146.102420] sock_sendmsg+0xb5/0x100 [ 2146.106124] ___sys_sendmsg+0x326/0x800 [ 2146.110108] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2146.114864] ? lock_downgrade+0x740/0x740 [ 2146.119017] ? trace_hardirqs_on+0x10/0x10 [ 2146.123231] ? up_read+0x17/0x30 [ 2146.126578] ? __do_page_fault+0x19a/0xb50 [ 2146.130797] ? retint_kernel+0x2d/0x2d [ 2146.134663] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2146.139655] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2146.144389] ? __might_fault+0x104/0x1b0 [ 2146.148429] ? lock_acquire+0x170/0x3f0 [ 2146.152386] __sys_sendmmsg+0x129/0x330 [ 2146.156338] ? SyS_sendmsg+0x40/0x40 [ 2146.160056] ? __mutex_unlock_slowpath+0x75/0x770 [ 2146.164878] ? wait_for_completion_io+0x10/0x10 [ 2146.169541] ? vfs_write+0x319/0x4d0 [ 2146.173238] ? fput+0xb/0x140 [ 2146.176331] ? SyS_write+0x14d/0x210 [ 2146.180022] ? SyS_read+0x210/0x210 [ 2146.183626] SyS_sendmmsg+0x2f/0x50 [ 2146.187229] ? __sys_sendmmsg+0x330/0x330 [ 2146.191366] do_syscall_64+0x1d5/0x640 [ 2146.195249] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2146.200457] RIP: 0033:0x45e179 [ 2146.203629] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2146.211318] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2146.218573] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2146.225839] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2146.233093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000022 [ 2146.240349] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, &(0x7f0000000140)}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:25 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) ioctl$KVM_DEASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x4040ae72, &(0x7f0000000040)={0x5, 0x3, 0x9, 0x2, 0x802}) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:25 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32=r7, @ANYBLOB="20f6b621050000000000000000", @ANYRES32=r7, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) 07:17:25 executing program 4 (fault-call:10 fault-nth:35): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:25 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0xf084, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:25 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x40, 0x282) r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r2, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) ppoll(&(0x7f00000000c0)=[{r1, 0x6a}, {r2, 0x9688}, {r1, 0x8}], 0x3, 0x0, 0x0, 0x0) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)=0x3) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r3, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140)="739f0ee4a203ca0743ba74c11584b6496eaf1615e3cb6fa7db1f2c4b75a50f65a6f0652162ddb913ad4307afd7838cf5833ee496e5176f7deaa0696ebaf5df5d89d8837ff39c55d44a876f3c56ed342d248c8e66d8380a26c8b5905425d6bae2e7b1c56bf8a83915236ded960134dc76b47a5cda3d869ab2660084d8da32ec5e32d5ac23c8de1d8cbfd55c5a1c81bbbe0db51b705b32f64aba0eba6ffb8d6b7caa0be012acbc4e052f777c94c4148c445683e31f5491147be75f0543b2b0f96a3fb1675cc1989da94cb575939d28ff4d5c985fbfb63d5c", 0xd7) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r4, 0x0, 0x0) ioctl$IOC_PR_RELEASE(r4, 0x401070ca, &(0x7f0000000100)={0x4, 0x20, 0x1}) [ 2147.937266] FAULT_INJECTION: forcing a failure. [ 2147.937266] name failslab, interval 1, probability 0, space 0, times 0 [ 2147.965108] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2147.982570] CPU: 0 PID: 7373 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2147.990396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2147.999751] Call Trace: [ 2148.002351] dump_stack+0x1b2/0x283 [ 2148.005993] should_fail.cold+0x10a/0x154 [ 2148.010149] should_failslab+0xd6/0x130 [ 2148.014131] kmem_cache_alloc+0x40/0x3c0 [ 2148.018202] dst_alloc+0xed/0x6d0 [ 2148.021664] rt_dst_alloc+0x6b/0x430 [ 2148.025383] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2148.030662] ip_route_output_key_hash+0x195/0x2a0 07:17:26 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x181942, 0x0) setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000200)=0x9, 0x4) ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, &(0x7f0000000140)={0x0, @ctrl}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000040)={0x4, 0x0, 0x1, 0x7fa, 0x8}, 0xc) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x60, 0x0) 07:17:26 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x4103, 0x0) ioctl$VIDIOC_S_HW_FREQ_SEEK(r2, 0x40305652, &(0x7f0000000080)={0x1, 0x5, 0x1ff, 0x40, 0x9, 0x4, 0x3}) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x60, 0x0) [ 2148.035506] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2148.041056] ? udp_sendmsg+0xe45/0x1c00 [ 2148.045039] ? lock_acquire+0x170/0x3f0 [ 2148.049020] ? lock_downgrade+0x740/0x740 [ 2148.053173] ip_route_output_flow+0x22/0xb0 [ 2148.057501] udp_sendmsg+0x13b5/0x1c00 [ 2148.061394] ? ip_do_fragment+0x1f50/0x1f50 [ 2148.065725] ? udp_seq_next+0xa0/0xa0 [ 2148.069529] ? __might_fault+0x104/0x1b0 [ 2148.073685] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2148.078447] ? lock_acquire+0x170/0x3f0 [ 2148.082426] ? dup_iter+0x240/0x240 [ 2148.086056] ? kernel_recvmsg+0x210/0x210 [ 2148.090212] inet_sendmsg+0x11a/0x4e0 [ 2148.094010] ? security_socket_sendmsg+0x83/0xb0 [ 2148.098769] ? inet_recvmsg+0x4d0/0x4d0 [ 2148.102749] sock_sendmsg+0xb5/0x100 [ 2148.106469] ___sys_sendmsg+0x326/0x800 [ 2148.110452] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2148.115217] ? lock_downgrade+0x740/0x740 [ 2148.119372] ? trace_hardirqs_on+0x10/0x10 [ 2148.123662] ? up_read+0x17/0x30 [ 2148.127045] ? __do_page_fault+0x19a/0xb50 [ 2148.131284] ? retint_kernel+0x2d/0x2d [ 2148.135181] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2148.140204] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2148.144973] ? __might_fault+0x104/0x1b0 [ 2148.149043] ? lock_acquire+0x170/0x3f0 [ 2148.153034] __sys_sendmmsg+0x129/0x330 [ 2148.157001] ? SyS_sendmsg+0x40/0x40 [ 2148.160727] ? __mutex_unlock_slowpath+0x75/0x770 [ 2148.165578] ? wait_for_completion_io+0x10/0x10 [ 2148.170252] ? vfs_write+0x319/0x4d0 [ 2148.173977] ? fput+0xb/0x140 [ 2148.177125] ? SyS_write+0x14d/0x210 [ 2148.180841] ? SyS_read+0x210/0x210 [ 2148.184469] SyS_sendmmsg+0x2f/0x50 [ 2148.188096] ? __sys_sendmmsg+0x330/0x330 [ 2148.192248] do_syscall_64+0x1d5/0x640 [ 2148.196145] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2148.201331] RIP: 0033:0x45e179 [ 2148.204513] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2148.212220] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2148.219489] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2148.227716] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 07:17:26 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32=r7, @ANYBLOB="20f6b621050000000000000000", @ANYRES32=r7, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:26 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) open(&(0x7f0000000040)='./file0\x00', 0xa4840, 0x62) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2148.234988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000023 [ 2148.242260] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:26 executing program 4 (fault-call:10 fault-nth:36): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:26 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r3, 0x0, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r3, 0xc0905664, &(0x7f0000000140)={0x0, 0x0, [], @bt={0x0, 0x5, 0x8001, 0xae, 0x40, 0x8, 0x10, 0x3}}) [ 2148.408842] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2148.418478] audit: type=1800 audit(8043607046.465:448): pid=7398 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=16488 res=0 [ 2148.456805] FAULT_INJECTION: forcing a failure. [ 2148.456805] name failslab, interval 1, probability 0, space 0, times 0 [ 2148.497657] CPU: 0 PID: 7404 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2148.505481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2148.514841] Call Trace: [ 2148.517439] dump_stack+0x1b2/0x283 [ 2148.521084] should_fail.cold+0x10a/0x154 [ 2148.525241] should_failslab+0xd6/0x130 [ 2148.529221] kmem_cache_alloc+0x40/0x3c0 [ 2148.533287] dst_alloc+0xed/0x6d0 [ 2148.536745] rt_dst_alloc+0x6b/0x430 [ 2148.540464] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2148.545755] ip_route_output_key_hash+0x195/0x2a0 [ 2148.550606] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2148.556151] ? udp_sendmsg+0xe45/0x1c00 [ 2148.560138] ? lock_acquire+0x170/0x3f0 [ 2148.564114] ? lock_downgrade+0x740/0x740 [ 2148.568253] ip_route_output_flow+0x22/0xb0 [ 2148.572589] udp_sendmsg+0x13b5/0x1c00 [ 2148.576480] ? ip_do_fragment+0x1f50/0x1f50 [ 2148.580800] ? udp_seq_next+0xa0/0xa0 [ 2148.584583] ? __might_fault+0x104/0x1b0 [ 2148.588642] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2148.593382] ? lock_acquire+0x170/0x3f0 [ 2148.597341] ? dup_iter+0x240/0x240 [ 2148.600965] ? kernel_recvmsg+0x210/0x210 [ 2148.605095] inet_sendmsg+0x11a/0x4e0 [ 2148.608880] ? security_socket_sendmsg+0x83/0xb0 [ 2148.613627] ? inet_recvmsg+0x4d0/0x4d0 [ 2148.617636] sock_sendmsg+0xb5/0x100 [ 2148.621338] ___sys_sendmsg+0x326/0x800 [ 2148.625298] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2148.630036] ? lock_downgrade+0x740/0x740 [ 2148.634194] ? trace_hardirqs_on+0x10/0x10 [ 2148.638458] ? up_read+0x17/0x30 [ 2148.641824] ? __do_page_fault+0x19a/0xb50 [ 2148.646049] ? retint_kernel+0x2d/0x2d [ 2148.649921] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2148.654925] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2148.659664] ? __might_fault+0x104/0x1b0 [ 2148.663708] ? lock_acquire+0x170/0x3f0 [ 2148.667751] __sys_sendmmsg+0x129/0x330 [ 2148.671706] ? SyS_sendmsg+0x40/0x40 [ 2148.675430] ? __mutex_unlock_slowpath+0x75/0x770 [ 2148.680257] ? wait_for_completion_io+0x10/0x10 [ 2148.684929] ? vfs_write+0x319/0x4d0 [ 2148.688622] ? fput+0xb/0x140 [ 2148.691726] ? SyS_write+0x14d/0x210 [ 2148.695418] ? SyS_read+0x210/0x210 [ 2148.699040] SyS_sendmmsg+0x2f/0x50 [ 2148.702644] ? __sys_sendmmsg+0x330/0x330 [ 2148.706770] do_syscall_64+0x1d5/0x640 [ 2148.710641] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2148.715809] RIP: 0033:0x45e179 [ 2148.718974] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2148.726669] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2148.733921] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2148.741171] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2148.748434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000024 [ 2148.755698] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, &(0x7f0000000140)}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:28 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r3, 0x0, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x28, 0x3, 0x3, 0x201, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x7}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffb, 0xffffffff}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x20000004) 07:17:28 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32=r6, @ANYBLOB="20f6b621050000000000000000", @ANYRES32=r6, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:28 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4081, 0xff1}], 0x1) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000140)={&(0x7f0000000100)=[0x6e, 0x1, 0x5, 0x10ca525a], 0x4, 0x800, 0x0, 0xffffffffffffffff}) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000180)=0x7, 0x4) ioctl$USBDEVFS_CLEAR_HALT(r2, 0x80045515, &(0x7f00000001c0)={0x1, 0x1}) ioctl$FS_IOC_GETVERSION(r1, 0x80087601, &(0x7f00000000c0)) socket$inet_icmp_raw(0x2, 0x3, 0x1) 07:17:28 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="50fcffff000401030000000000d43d06000640000200000500010001000000000000008c00000000007340297624560e78ab09c4277f3f4eb8ef164c51913c3a6d67c7947c93d53bb844d86e756191e17ddeb15a0816d16ba0f9cd3013ae38ca7076d5f4550b928b62f3a5902306855e73d05f4ec198e257f7b6ec60025cedc5835e51cda685e5169b"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram\x00', 0x800, 0x0) ioctl$SNDRV_PCM_IOCTL_XRUN(r3, 0x4148, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:28 executing program 4 (fault-call:10 fault-nth:37): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2150.941217] net_ratelimit: 19 callbacks suppressed [ 2150.941223] ip_tables: iptables: counters copy to user failed while replacing table [ 2150.957852] ip_tables: iptables: counters copy to user failed while replacing table [ 2150.968573] ip_tables: iptables: counters copy to user failed while replacing table [ 2150.970124] nla_parse: 31 callbacks suppressed [ 2150.970130] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2150.996226] ip_tables: iptables: counters copy to user failed while replacing table [ 2151.004357] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2151.024453] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2151.025426] ip_tables: iptables: counters copy to user failed while replacing table 07:17:29 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r3, 0x0, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r3, 0xc0905664, &(0x7f0000000140)={0x0, 0x0, [], @bt={0x0, 0x5, 0x8001, 0xae, 0x40, 0x8, 0x10, 0x3}}) [ 2151.051523] PF_BRIDGE: br_mdb_parse() with unknown ifindex [ 2151.057895] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2151.070580] FAULT_INJECTION: forcing a failure. [ 2151.070580] name failslab, interval 1, probability 0, space 0, times 0 [ 2151.103705] CPU: 1 PID: 7427 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2151.111538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2151.120908] Call Trace: [ 2151.123511] dump_stack+0x1b2/0x283 [ 2151.127158] should_fail.cold+0x10a/0x154 [ 2151.131322] should_failslab+0xd6/0x130 [ 2151.135306] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2151.140426] __kmalloc_node_track_caller+0x38/0x70 [ 2151.145366] __alloc_skb+0x96/0x510 [ 2151.149000] alloc_skb_with_frags+0x85/0x500 [ 2151.153427] sock_alloc_send_pskb+0x577/0x6d0 [ 2151.157926] ? SyS_sendmmsg+0x2f/0x50 [ 2151.161738] ? do_syscall_64+0x1d5/0x640 [ 2151.165806] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2151.171210] ? sock_kzfree_s+0x50/0x50 [ 2151.175102] ? netlbl_enabled+0x5/0x50 [ 2151.178996] ? __ip_dev_find+0x248/0x470 [ 2151.179632] ip_tables: iptables: counters copy to user failed while replacing table [ 2151.183059] ? lock_acquire+0x170/0x3f0 [ 2151.183075] __ip_append_data+0x11ec/0x1ff0 [ 2151.183087] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2151.183097] ? ip_do_fragment+0x1f50/0x1f50 [ 2151.183110] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2151.183121] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2151.208874] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2151.213721] ? ip_setup_cork+0x6b0/0x6b0 [ 2151.213732] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2151.213741] ? ipv4_mtu+0x27e/0x370 [ 2151.213752] ? ip_do_fragment+0x1f50/0x1f50 [ 2151.213760] ip_make_skb+0x167/0x1b0 [ 2151.213773] ? ip_flush_pending_frames+0x20/0x20 [ 2151.213785] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2151.258138] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2151.263696] ? xfrm_lookup_route+0x43/0x1b0 [ 2151.268027] udp_sendmsg+0x156f/0x1c00 [ 2151.271936] ? ip_do_fragment+0x1f50/0x1f50 [ 2151.276279] ? udp_seq_next+0xa0/0xa0 [ 2151.280086] ? __might_fault+0x104/0x1b0 [ 2151.284148] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2151.288912] ? lock_acquire+0x170/0x3f0 [ 2151.292896] ? dup_iter+0x240/0x240 [ 2151.296533] ? kernel_recvmsg+0x210/0x210 [ 2151.300679] inet_sendmsg+0x11a/0x4e0 [ 2151.304480] ? security_socket_sendmsg+0x83/0xb0 [ 2151.309237] ? inet_recvmsg+0x4d0/0x4d0 [ 2151.313217] sock_sendmsg+0xb5/0x100 [ 2151.316936] ___sys_sendmsg+0x326/0x800 [ 2151.320914] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2151.325682] ? lock_downgrade+0x740/0x740 [ 2151.329839] ? trace_hardirqs_on+0x10/0x10 [ 2151.334081] ? up_read+0x17/0x30 [ 2151.337455] ? __do_page_fault+0x19a/0xb50 [ 2151.341697] ? retint_kernel+0x2d/0x2d [ 2151.345589] ? trace_hardirqs_on_caller+0x3a8/0x580 07:17:29 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) r3 = accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @broadcast}, &(0x7f0000000080)=0x10, 0x800) getsockopt$inet_int(r3, 0x0, 0x12, &(0x7f0000000140), &(0x7f0000000180)=0x4) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:29 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32=r6, @ANYBLOB="20f6b621050000000000000000", @ANYRES32=r6, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2151.350611] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2151.355372] ? __might_fault+0x104/0x1b0 [ 2151.359446] ? lock_acquire+0x170/0x3f0 [ 2151.363182] ip_tables: iptables: counters copy to user failed while replacing table [ 2151.363428] __sys_sendmmsg+0x129/0x330 [ 2151.375180] ? SyS_sendmsg+0x40/0x40 [ 2151.377170] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2151.378911] ? __mutex_unlock_slowpath+0x75/0x770 [ 2151.378925] ? wait_for_completion_io+0x10/0x10 [ 2151.378936] ? vfs_write+0x319/0x4d0 [ 2151.378947] ? fput+0xb/0x140 [ 2151.391383] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2151.392352] ? SyS_write+0x14d/0x210 [ 2151.392363] ? SyS_read+0x210/0x210 [ 2151.392376] SyS_sendmmsg+0x2f/0x50 [ 2151.392388] ? __sys_sendmmsg+0x330/0x330 [ 2151.392400] do_syscall_64+0x1d5/0x640 [ 2151.392414] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2151.392421] RIP: 0033:0x45e179 [ 2151.392426] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2151.403067] PF_BRIDGE: br_mdb_parse() with unknown ifindex 07:17:29 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="500000000104010300000000456b440000000000000000080003400000000006000640000200001005af3a08e1d90500010001db6e031c281b31f7e2a6e311d6f96141c24b8b7a0d4db7a4590cff484bc097bf61b5", @ANYRES16, @ANYRES32], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$VIDIOC_SUBDEV_G_EDID(0xffffffffffffffff, 0xc0285628, &(0x7f0000000140)={0x0, 0x7, 0x2, [], &(0x7f0000000100)=0x3}) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) r4 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x14, r4, 0x0, 0x0, 0x0, {0xf}}, 0x14}}, 0x0) sendmsg$TIPC_NL_LINK_GET(r3, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)={0x15c, r4, 0x8, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NODE={0x138, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x800}, @TIPC_NLA_NODE_ID={0xc9, 0x3, "e4013ed6339ea54c9cb03a5694a2ecc7a227cca866f2c159c4b88e540ace83aab54c2b2e36879727f53f484a7ad2473964c4e3a7c2b9ca7458d22166098b9754f3cee079af5e3975ec695246e154be58e369e89fc1bf30336355bbf86c2e54d8ddc15bf8bce0c1bc8e921b249c2821da2096c7da9185c5325508768702fb596b6d83d1eda3093108c6cd0de691ecd6c64b384bb6b9b3ebdc51931315d1a0012b5105c31ce7b109fd282002b52ae419d7780cf53b68286034887228cd71d60a6970023581d2"}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "8894d43905ce81d9380fdf2b045d651c4191d551"}}, @TIPC_NLA_NODE_ID={0x17, 0x3, "97aa3af2eee720ec3d5908c443e5044404d33a"}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xffffffff}]}]}, 0x15c}, 0x1, 0x0, 0x0, 0x40050}, 0x8000) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:29 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32=r6, @ANYBLOB="20f6b621050000000000000000", @ANYRES32=r6, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2151.403907] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2151.403913] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2151.403918] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2151.403924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000025 [ 2151.403929] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c [ 2151.439718] ip_tables: iptables: counters copy to user failed while replacing table [ 2151.538011] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.5'. 07:17:29 executing program 4 (fault-call:10 fault-nth:38): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2151.633733] ip_tables: iptables: counters copy to user failed while replacing table [ 2151.667468] ip_tables: iptables: counters copy to user failed while replacing table [ 2151.685452] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2151.709286] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2151.729327] FAULT_INJECTION: forcing a failure. [ 2151.729327] name failslab, interval 1, probability 0, space 0, times 0 [ 2151.769064] PF_BRIDGE: br_mdb_parse() with unknown ifindex [ 2151.788622] CPU: 1 PID: 7463 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2151.796540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2151.805895] Call Trace: [ 2151.808495] dump_stack+0x1b2/0x283 [ 2151.812136] should_fail.cold+0x10a/0x154 [ 2151.816322] should_failslab+0xd6/0x130 [ 2151.820302] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2151.825424] __kmalloc_node_track_caller+0x38/0x70 [ 2151.830363] __alloc_skb+0x96/0x510 [ 2151.833996] alloc_skb_with_frags+0x85/0x500 [ 2151.838415] sock_alloc_send_pskb+0x577/0x6d0 [ 2151.842913] ? SyS_sendmmsg+0x2f/0x50 [ 2151.846723] ? do_syscall_64+0x1d5/0x640 [ 2151.850788] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2151.856166] ? sock_kzfree_s+0x50/0x50 [ 2151.860061] ? netlbl_enabled+0x5/0x50 [ 2151.863958] ? __ip_dev_find+0x248/0x470 [ 2151.868026] ? lock_acquire+0x170/0x3f0 [ 2151.872007] __ip_append_data+0x11ec/0x1ff0 [ 2151.876338] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2151.881628] ? ip_do_fragment+0x1f50/0x1f50 [ 2151.885955] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2151.890973] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2151.896167] ? ip_setup_cork+0x6b0/0x6b0 [ 2151.900226] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2151.905435] ? ipv4_mtu+0x27e/0x370 [ 2151.909067] ? ip_do_fragment+0x1f50/0x1f50 [ 2151.913401] ip_make_skb+0x167/0x1b0 [ 2151.917126] ? ip_flush_pending_frames+0x20/0x20 [ 2151.921889] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2151.926906] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2151.932443] ? xfrm_lookup_route+0x43/0x1b0 [ 2151.936765] udp_sendmsg+0x156f/0x1c00 [ 2151.940651] ? ip_do_fragment+0x1f50/0x1f50 [ 2151.944968] ? udp_seq_next+0xa0/0xa0 [ 2151.948755] ? __might_fault+0x104/0x1b0 [ 2151.952799] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2151.957541] ? lock_acquire+0x170/0x3f0 [ 2151.961501] ? dup_iter+0x240/0x240 [ 2151.965121] ? kernel_recvmsg+0x210/0x210 [ 2151.969260] inet_sendmsg+0x11a/0x4e0 [ 2151.973072] ? security_socket_sendmsg+0x83/0xb0 [ 2151.977812] ? inet_recvmsg+0x4d0/0x4d0 [ 2151.981767] sock_sendmsg+0xb5/0x100 [ 2151.985480] ___sys_sendmsg+0x326/0x800 [ 2151.989438] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2151.994176] ? lock_downgrade+0x740/0x740 [ 2151.998309] ? trace_hardirqs_on+0x10/0x10 [ 2152.002525] ? up_read+0x17/0x30 [ 2152.005870] ? __do_page_fault+0x19a/0xb50 [ 2152.010085] ? retint_kernel+0x2d/0x2d [ 2152.013953] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2152.018952] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2152.023803] ? __might_fault+0x104/0x1b0 [ 2152.027862] ? lock_acquire+0x170/0x3f0 [ 2152.031844] __sys_sendmmsg+0x129/0x330 [ 2152.035810] ? SyS_sendmsg+0x40/0x40 [ 2152.039545] ? __mutex_unlock_slowpath+0x75/0x770 [ 2152.044377] ? wait_for_completion_io+0x10/0x10 [ 2152.049049] ? vfs_write+0x319/0x4d0 [ 2152.052745] ? fput+0xb/0x140 [ 2152.055831] ? SyS_write+0x14d/0x210 [ 2152.059531] ? SyS_read+0x210/0x210 [ 2152.063165] SyS_sendmmsg+0x2f/0x50 [ 2152.066792] ? __sys_sendmmsg+0x330/0x330 [ 2152.070926] do_syscall_64+0x1d5/0x640 [ 2152.074797] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2152.079994] RIP: 0033:0x45e179 [ 2152.083164] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2152.090850] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2152.098104] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2152.105360] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2152.112613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000026 [ 2152.119971] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:31 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) ppoll(&(0x7f00000002c0)=[{r1}], 0x44, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600), 0x0) setsockopt$CAN_RAW_FD_FRAMES(0xffffffffffffffff, 0x65, 0x5, &(0x7f00000000c0), 0x4) 07:17:32 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, &(0x7f0000000140)}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:32 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000040)={0x0, 0x3, 0x9, 0x0, 0xffffffffffffffff}) r3 = accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000380), &(0x7f0000000400)=0x60) getsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000440), &(0x7f0000000480)=0x4) getsockopt$sock_buf(r0, 0x1, 0x3d, &(0x7f0000000080)=""/24, &(0x7f0000000340)=0x18) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000140)) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f0000000500)=0x80000000, 0x4) setsockopt$llc_int(r5, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) fcntl$F_GET_RW_HINT(r5, 0x40b, &(0x7f00000004c0)) write$RDMA_USER_CM_CMD_GET_EVENT(0xffffffffffffffff, &(0x7f0000000140)={0xc, 0x8, 0xfa00, {0x0}}, 0x10) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @mcast1}}}, 0x48) write$RDMA_USER_CM_CMD_NOTIFY(0xffffffffffffffff, &(0x7f0000000540)={0xf, 0x8, 0xfa00, {0xffffffffffffffff, 0x13}}, 0x10) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x60, 0x0) 07:17:32 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xff000000}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev={0xac, 0x14, 0x14, 0x34}, [0xffffffff, 0xff000000, 0xffffff00], 0x4e21, 0x4e24, 0x4e20, 0x4e23, 0xe3, 0xf084, 0xfffffa6a, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x60, 0x0) 07:17:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:32 executing program 4 (fault-call:10 fault-nth:39): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2154.004830] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2154.023104] FAULT_INJECTION: forcing a failure. [ 2154.023104] name failslab, interval 1, probability 0, space 0, times 0 [ 2154.048793] CPU: 0 PID: 7487 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2154.056609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2154.065967] Call Trace: [ 2154.068560] dump_stack+0x1b2/0x283 [ 2154.072200] should_fail.cold+0x10a/0x154 [ 2154.076351] should_failslab+0xd6/0x130 [ 2154.080325] kmem_cache_alloc_node+0x263/0x410 [ 2154.084910] __alloc_skb+0x5c/0x510 [ 2154.088547] alloc_skb_with_frags+0x85/0x500 [ 2154.092970] sock_alloc_send_pskb+0x577/0x6d0 [ 2154.097470] ? SyS_sendmmsg+0x2f/0x50 [ 2154.101276] ? do_syscall_64+0x1d5/0x640 07:17:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2154.105339] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2154.110714] ? sock_kzfree_s+0x50/0x50 [ 2154.114602] ? netlbl_enabled+0x5/0x50 [ 2154.118492] ? __ip_dev_find+0x248/0x470 [ 2154.122557] ? lock_acquire+0x170/0x3f0 [ 2154.126526] __ip_append_data+0x11ec/0x1ff0 [ 2154.130850] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2154.136049] ? ip_do_fragment+0x1f50/0x1f50 [ 2154.140380] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2154.145399] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2154.150590] ? ip_setup_cork+0x6b0/0x6b0 [ 2154.154646] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2154.160008] ? ipv4_mtu+0x27e/0x370 [ 2154.163624] ? ip_do_fragment+0x1f50/0x1f50 [ 2154.167937] ip_make_skb+0x167/0x1b0 [ 2154.171649] ? ip_flush_pending_frames+0x20/0x20 [ 2154.176392] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2154.181391] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2154.186926] ? xfrm_lookup_route+0x43/0x1b0 [ 2154.191238] udp_sendmsg+0x156f/0x1c00 [ 2154.195118] ? ip_do_fragment+0x1f50/0x1f50 [ 2154.199445] ? udp_seq_next+0xa0/0xa0 [ 2154.203264] ? __might_fault+0x104/0x1b0 [ 2154.207316] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2154.212070] ? lock_acquire+0x170/0x3f0 [ 2154.216048] ? dup_iter+0x240/0x240 [ 2154.219706] ? kernel_recvmsg+0x210/0x210 [ 2154.223844] inet_sendmsg+0x11a/0x4e0 [ 2154.227637] ? security_socket_sendmsg+0x83/0xb0 [ 2154.232410] ? inet_recvmsg+0x4d0/0x4d0 [ 2154.236381] sock_sendmsg+0xb5/0x100 [ 2154.240432] ___sys_sendmsg+0x326/0x800 [ 2154.244436] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2154.249186] ? lock_downgrade+0x740/0x740 [ 2154.253322] ? trace_hardirqs_on+0x10/0x10 [ 2154.257573] ? up_read+0x17/0x30 [ 2154.260950] ? __do_page_fault+0x19a/0xb50 [ 2154.265173] ? retint_kernel+0x2d/0x2d [ 2154.269108] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2154.274113] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2154.278858] ? __might_fault+0x104/0x1b0 [ 2154.282909] ? lock_acquire+0x170/0x3f0 [ 2154.286886] __sys_sendmmsg+0x129/0x330 [ 2154.290845] ? SyS_sendmsg+0x40/0x40 [ 2154.294561] ? __mutex_unlock_slowpath+0x75/0x770 [ 2154.299421] ? wait_for_completion_io+0x10/0x10 [ 2154.304101] ? vfs_write+0x319/0x4d0 [ 2154.307808] ? fput+0xb/0x140 [ 2154.310899] ? SyS_write+0x14d/0x210 [ 2154.314598] ? SyS_read+0x210/0x210 [ 2154.318212] SyS_sendmmsg+0x2f/0x50 [ 2154.321822] ? __sys_sendmmsg+0x330/0x330 [ 2154.325980] do_syscall_64+0x1d5/0x640 [ 2154.329859] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2154.335032] RIP: 0033:0x45e179 [ 2154.338206] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2154.345897] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 07:17:32 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) r3 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r3, 0x8982, &(0x7f0000000040)={0x8, 'veth0\x00', {'veth0_to_hsr\x00'}, 0xfffe}) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:32 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000010401030000000000000000000000000800034000000000060006400002000005000100019908f2f9e5b02572efd0be5d28d87cf945898864961b0bb40d5c3356bf8b6f929f5302634652667dbb145358922673037b24f6dcaa43bbe0abadf9ddbb1f13a1310958f05df145dec82da9421736eba28d1a7d01c420125b593380ff770c00000000"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) r4 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r4, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) ioctl$EXT4_IOC_SWAP_BOOT(r4, 0x6611) read$FUSE(r3, 0x0, 0x0) ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x10001, 0x0, &(0x7f0000ffd000/0x1000)=nil}) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) ioctl$SIOCX25SSUBSCRIP(r3, 0x89e1, &(0x7f00000003c0)={'syzkaller1\x00', 0x1, 0x80}) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000080), &(0x7f0000000200)=0x4) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000500)=ANY=[@ANYRES32=0x0, @ANYBLOB="37000000df1f5641af16d8b7cf73abfbf5082c6ebf9d63b996a2f53251221e691d74772414f54d611cb97694e68156e57ffd1fcdfd7cf6e117606c"], &(0x7f0000000580)=0x3f) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cgroup.controllers\x00', 0x0, 0x0) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r5, 0x29, 0xd2, &(0x7f0000000280)={{0xa, 0x4e24, 0x80, @dev={0xfe, 0x80, [], 0x2f}, 0x400}, {0xa, 0x4e24, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x8}, 0x2561, [0x3, 0x5, 0xe4ac, 0x8, 0x10001, 0xaf0a, 0x79d0, 0x6]}, 0x5c) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) write$P9_RREAD(0xffffffffffffffff, &(0x7f00000005c0)=ANY=[@ANYBLOB="8d000000750100820000005f0cc594ae362f4826629a6a2aea0cc8df2109fc0566c24156015bf1c505bd5061b3eda168342496cdea414e4c7613604db704625c7c78bc5b89e8ded357831beb5089948b5c42f1710992a51082ff2cf3ae72189fd1c04bd0a89400fa0371be638f522e61b6c1eba69c2a70928c86c3b1e1c5edc780a46f29945675b47eae77b7c20000000000d64e372b3b34ab644ea26d2cec5a41657e011f061184feda3e9e847377d6184a4954530f0bcafa08b657cd1f20d5121997f45958045175"], 0x8d) 07:17:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2154.353161] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2154.360439] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2154.367694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000027 [ 2154.374957] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c [ 2154.382548] PF_BRIDGE: br_mdb_parse() with invalid attr 07:17:32 executing program 4 (fault-call:10 fault-nth:40): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2154.559741] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2154.581965] FAULT_INJECTION: forcing a failure. [ 2154.581965] name failslab, interval 1, probability 0, space 0, times 0 [ 2154.629527] CPU: 0 PID: 7513 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2154.637359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2154.646740] Call Trace: [ 2154.649339] dump_stack+0x1b2/0x283 [ 2154.653012] should_fail.cold+0x10a/0x154 [ 2154.657171] should_failslab+0xd6/0x130 [ 2154.661153] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2154.666266] __kmalloc_node_track_caller+0x38/0x70 [ 2154.671205] __alloc_skb+0x96/0x510 [ 2154.674843] alloc_skb_with_frags+0x85/0x500 [ 2154.679261] sock_alloc_send_pskb+0x577/0x6d0 [ 2154.683762] ? SyS_sendmmsg+0x2f/0x50 [ 2154.687568] ? do_syscall_64+0x1d5/0x640 [ 2154.691628] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2154.697003] ? sock_kzfree_s+0x50/0x50 [ 2154.700894] ? netlbl_enabled+0x5/0x50 [ 2154.704782] ? __ip_dev_find+0x248/0x470 [ 2154.708845] ? lock_acquire+0x170/0x3f0 [ 2154.712825] __ip_append_data+0x11ec/0x1ff0 [ 2154.717148] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2154.722339] ? ip_do_fragment+0x1f50/0x1f50 [ 2154.726675] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2154.731923] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2154.737116] ? ip_setup_cork+0x6b0/0x6b0 [ 2154.741181] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2154.746382] ? ipv4_mtu+0x27e/0x370 [ 2154.750018] ? ip_do_fragment+0x1f50/0x1f50 [ 2154.754342] ip_make_skb+0x167/0x1b0 [ 2154.758075] ? ip_flush_pending_frames+0x20/0x20 [ 2154.764497] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2154.767112] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2154.769524] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2154.769542] ? xfrm_lookup_route+0x43/0x1b0 [ 2154.769558] udp_sendmsg+0x156f/0x1c00 [ 2154.788677] ? ip_do_fragment+0x1f50/0x1f50 [ 2154.793009] ? udp_seq_next+0xa0/0xa0 [ 2154.796819] ? __might_fault+0x104/0x1b0 [ 2154.800878] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2154.805637] ? lock_acquire+0x170/0x3f0 [ 2154.809622] ? dup_iter+0x240/0x240 [ 2154.813256] ? kernel_recvmsg+0x210/0x210 [ 2154.817406] inet_sendmsg+0x11a/0x4e0 [ 2154.821202] ? security_socket_sendmsg+0x83/0xb0 [ 2154.825953] ? inet_recvmsg+0x4d0/0x4d0 [ 2154.829918] sock_sendmsg+0xb5/0x100 [ 2154.833633] ___sys_sendmsg+0x326/0x800 [ 2154.837605] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2154.842364] ? lock_downgrade+0x740/0x740 [ 2154.846516] ? trace_hardirqs_on+0x10/0x10 [ 2154.850746] ? up_read+0x17/0x30 [ 2154.854112] ? __do_page_fault+0x19a/0xb50 [ 2154.858345] ? retint_kernel+0x2d/0x2d [ 2154.862237] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2154.867258] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2154.872022] ? __might_fault+0x104/0x1b0 [ 2154.876078] ? lock_acquire+0x170/0x3f0 [ 2154.880057] __sys_sendmmsg+0x129/0x330 [ 2154.884033] ? SyS_sendmsg+0x40/0x40 [ 2154.887763] ? __mutex_unlock_slowpath+0x75/0x770 [ 2154.892614] ? wait_for_completion_io+0x10/0x10 [ 2154.897276] ? vfs_write+0x319/0x4d0 [ 2154.900988] ? fput+0xb/0x140 [ 2154.904092] ? SyS_write+0x14d/0x210 [ 2154.907796] ? SyS_read+0x210/0x210 [ 2154.911406] SyS_sendmmsg+0x2f/0x50 [ 2154.915016] ? __sys_sendmmsg+0x330/0x330 [ 2154.919151] do_syscall_64+0x1d5/0x640 [ 2154.923035] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2154.928285] RIP: 0033:0x45e179 [ 2154.931475] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2154.939214] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2154.946470] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2154.953727] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2154.961050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000028 [ 2154.968309] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:33 executing program 5 (fault-call:5 fault-nth:0): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:33 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2155.098430] xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables [ 2155.119703] FAULT_INJECTION: forcing a failure. [ 2155.119703] name failslab, interval 1, probability 0, space 0, times 0 [ 2155.145477] CPU: 1 PID: 7533 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2155.153314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2155.162669] Call Trace: [ 2155.165302] dump_stack+0x1b2/0x283 [ 2155.168943] should_fail.cold+0x10a/0x154 [ 2155.173099] should_failslab+0xd6/0x130 [ 2155.177079] kmem_cache_alloc+0x40/0x3c0 [ 2155.181126] dst_alloc+0xed/0x6d0 [ 2155.184571] rt_dst_alloc+0x6b/0x430 [ 2155.188270] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2155.193539] ip_route_output_key_hash+0x195/0x2a0 [ 2155.198537] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2155.204083] ? udp_sendmsg+0xe45/0x1c00 [ 2155.208045] ? lock_acquire+0x170/0x3f0 [ 2155.212015] ? lock_downgrade+0x740/0x740 [ 2155.216144] ip_route_output_flow+0x22/0xb0 [ 2155.220446] udp_sendmsg+0x13b5/0x1c00 [ 2155.224314] ? ip_do_fragment+0x1f50/0x1f50 [ 2155.228626] ? udp_seq_next+0xa0/0xa0 [ 2155.232411] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2155.237163] ? dup_iter+0x240/0x240 [ 2155.240773] ? copy_user_generic_unrolled+0x86/0xc0 [ 2155.245774] ? kernel_recvmsg+0x210/0x210 [ 2155.249911] inet_sendmsg+0x11a/0x4e0 [ 2155.253691] ? security_socket_sendmsg+0x83/0xb0 [ 2155.258432] ? inet_recvmsg+0x4d0/0x4d0 [ 2155.262386] sock_sendmsg+0xb5/0x100 [ 2155.266096] ___sys_sendmsg+0x326/0x800 [ 2155.270051] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2155.274806] ? trace_hardirqs_on+0x10/0x10 [ 2155.279022] ? _parse_integer+0xe4/0x130 [ 2155.283083] ? _kstrtoull+0x134/0x350 [ 2155.286872] ? _parse_integer+0x130/0x130 [ 2155.291004] ? __fget+0x1fe/0x360 [ 2155.294458] ? lock_acquire+0x170/0x3f0 [ 2155.298412] ? lock_downgrade+0x740/0x740 [ 2155.302648] ? __fget+0x225/0x360 [ 2155.306109] ? __fdget+0x196/0x1f0 [ 2155.309638] ? sockfd_lookup_light+0xb2/0x160 [ 2155.314133] __sys_sendmmsg+0x129/0x330 [ 2155.318092] ? SyS_sendmsg+0x40/0x40 [ 2155.321796] ? __mutex_unlock_slowpath+0x75/0x770 [ 2155.326623] ? wait_for_completion_io+0x10/0x10 [ 2155.331291] ? vfs_write+0x319/0x4d0 [ 2155.335003] ? fput+0xb/0x140 [ 2155.338092] ? SyS_write+0x14d/0x210 [ 2155.341804] ? SyS_read+0x210/0x210 [ 2155.345414] SyS_sendmmsg+0x2f/0x50 [ 2155.349018] ? __sys_sendmmsg+0x330/0x330 [ 2155.353150] do_syscall_64+0x1d5/0x640 [ 2155.357021] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2155.362211] RIP: 0033:0x45e179 [ 2155.365380] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2155.373082] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2155.380351] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2155.387619] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2155.394880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2155.402133] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:17:35 executing program 4 (fault-call:10 fault-nth:41): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:35 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x21, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a0008"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:35 executing program 1 (fault-call:14 fault-nth:0): prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:35 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r2, @ANYBLOB=' \x00\x00\x00\x00\x00\x00\x00\a\x00\'\x00\x00\x00\x00\x00'], 0x28}}, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={0x0, @empty, @loopback}, &(0x7f0000000100)=0xc) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'vxcan1\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7}, [@IFLA_PROTO_DOWN={0x5}]}, 0x28}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r10}, [@IFLA_PROTO_DOWN={0x5}]}, 0x28}}, 0x0) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)={0x1a0, 0x0, 0x800, 0x70bd29, 0x25dfdbfe, {}, [{{0x8, 0x1, r2}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x5}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r3}, {0x140, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x5}, {0x8, 0x4, 0x200}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x5}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}]}}]}, 0x1a0}}, 0x1) r11 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r11}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r11, 0xc004500a, &(0x7f0000000000)) readv(r11, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:17:35 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:35 executing program 5 (fault-call:5 fault-nth:1): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2156.998423] net_ratelimit: 12 callbacks suppressed [ 2156.998429] ip_tables: iptables: counters copy to user failed while replacing table [ 2157.020497] ip_tables: iptables: counters copy to user failed while replacing table [ 2157.021829] nla_parse: 19 callbacks suppressed [ 2157.021835] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2157.050384] ip_tables: iptables: counters copy to user failed while replacing table [ 2157.056625] FAULT_INJECTION: forcing a failure. [ 2157.056625] name failslab, interval 1, probability 0, space 0, times 0 [ 2157.072003] FAULT_INJECTION: forcing a failure. [ 2157.072003] name failslab, interval 1, probability 0, space 0, times 0 [ 2157.081788] CPU: 0 PID: 7547 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2157.090999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2157.100377] Call Trace: [ 2157.102965] dump_stack+0x1b2/0x283 [ 2157.106584] should_fail.cold+0x10a/0x154 [ 2157.110720] should_failslab+0xd6/0x130 [ 2157.114681] kmem_cache_alloc+0x40/0x3c0 [ 2157.118740] dst_alloc+0xed/0x6d0 [ 2157.122191] rt_dst_alloc+0x6b/0x430 [ 2157.125895] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2157.131162] ip_route_output_key_hash+0x195/0x2a0 [ 2157.135997] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2157.141527] ? udp_sendmsg+0xe45/0x1c00 [ 2157.145505] ? lock_acquire+0x170/0x3f0 [ 2157.149474] ? lock_downgrade+0x740/0x740 [ 2157.153621] ip_route_output_flow+0x22/0xb0 [ 2157.157940] udp_sendmsg+0x13b5/0x1c00 [ 2157.161821] ? ip_do_fragment+0x1f50/0x1f50 [ 2157.166134] ? udp_seq_next+0xa0/0xa0 [ 2157.167541] ptrace attach of "/root/syz-executor.0"[7559] was attempted by "/root/syz-executor.0"[7560] [ 2157.169929] ? __might_fault+0x104/0x1b0 [ 2157.169939] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2157.169951] ? lock_acquire+0x170/0x3f0 [ 2157.192207] ? dup_iter+0x240/0x240 [ 2157.195838] ? kernel_recvmsg+0x210/0x210 [ 2157.199983] inet_sendmsg+0x11a/0x4e0 [ 2157.203783] ? security_socket_sendmsg+0x83/0xb0 [ 2157.208529] ? inet_recvmsg+0x4d0/0x4d0 [ 2157.212502] sock_sendmsg+0xb5/0x100 [ 2157.216210] ___sys_sendmsg+0x326/0x800 [ 2157.220180] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2157.224929] ? lock_downgrade+0x740/0x740 [ 2157.229069] ? trace_hardirqs_on+0x10/0x10 [ 2157.233287] ? up_read+0x17/0x30 [ 2157.236986] ? __do_page_fault+0x19a/0xb50 [ 2157.241205] ? retint_kernel+0x2d/0x2d [ 2157.245079] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2157.250085] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2157.254830] ? __might_fault+0x104/0x1b0 [ 2157.258898] ? lock_acquire+0x170/0x3f0 [ 2157.262866] __sys_sendmmsg+0x129/0x330 [ 2157.266837] ? SyS_sendmsg+0x40/0x40 [ 2157.270562] ? __mutex_unlock_slowpath+0x75/0x770 [ 2157.275394] ? wait_for_completion_io+0x10/0x10 [ 2157.280050] ? vfs_write+0x319/0x4d0 [ 2157.283765] ? fput+0xb/0x140 [ 2157.286866] ? SyS_write+0x14d/0x210 [ 2157.290568] ? SyS_read+0x210/0x210 [ 2157.292129] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2157.294187] SyS_sendmmsg+0x2f/0x50 [ 2157.294195] ? __sys_sendmmsg+0x330/0x330 [ 2157.294209] do_syscall_64+0x1d5/0x640 [ 2157.314403] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2157.319589] RIP: 0033:0x45e179 [ 2157.322776] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2157.330478] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2157.337832] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2157.345100] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2157.352356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000029 [ 2157.359610] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c [ 2157.370269] CPU: 1 PID: 7556 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2157.378257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2157.387611] Call Trace: [ 2157.390202] dump_stack+0x1b2/0x283 [ 2157.393835] should_fail.cold+0x10a/0x154 [ 2157.397991] should_failslab+0xd6/0x130 [ 2157.401961] kmem_cache_alloc_node+0x263/0x410 [ 2157.406546] __alloc_skb+0x5c/0x510 [ 2157.410178] alloc_skb_with_frags+0x85/0x500 [ 2157.414597] sock_alloc_send_pskb+0x577/0x6d0 [ 2157.419095] ? SyS_sendmmsg+0x2f/0x50 [ 2157.422896] ? do_syscall_64+0x1d5/0x640 [ 2157.426970] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2157.431530] ip_tables: iptables: counters copy to user failed while replacing table [ 2157.432336] ? sock_kzfree_s+0x50/0x50 [ 2157.432350] ? __ip_dev_find+0x248/0x470 [ 2157.432364] ? lock_acquire+0x170/0x3f0 [ 2157.432378] __ip_append_data+0x11ec/0x1ff0 [ 2157.432389] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2157.432403] ? ip_do_fragment+0x1f50/0x1f50 [ 2157.449874] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2157.452074] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2157.452086] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2157.452096] ? ip_setup_cork+0x6b0/0x6b0 [ 2157.452104] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2157.452113] ? ipv4_mtu+0x27e/0x370 [ 2157.452124] ? ip_do_fragment+0x1f50/0x1f50 [ 2157.452133] ip_make_skb+0x167/0x1b0 [ 2157.452145] ? ip_flush_pending_frames+0x20/0x20 [ 2157.452157] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2157.452165] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2157.452179] ? xfrm_lookup_route+0x43/0x1b0 [ 2157.504432] ip_tables: iptables: counters copy to user failed while replacing table [ 2157.505549] udp_sendmsg+0x156f/0x1c00 [ 2157.505567] ? ip_do_fragment+0x1f50/0x1f50 [ 2157.505581] ? udp_seq_next+0xa0/0xa0 [ 2157.505595] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2157.505617] ? dup_iter+0x240/0x240 [ 2157.515247] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2157.515364] ? copy_user_generic_unrolled+0x86/0xc0 [ 2157.524089] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2157.525228] ? kernel_recvmsg+0x210/0x210 [ 2157.525243] inet_sendmsg+0x11a/0x4e0 [ 2157.525253] ? security_socket_sendmsg+0x83/0xb0 [ 2157.525263] ? inet_recvmsg+0x4d0/0x4d0 [ 2157.525274] sock_sendmsg+0xb5/0x100 [ 2157.525283] ___sys_sendmsg+0x326/0x800 07:17:35 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x21, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a0008"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:35 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:35 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r2) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:35 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r2) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:35 executing program 4 (fault-call:10 fault-nth:42): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2157.525296] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2157.533656] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2157.536983] ? trace_hardirqs_on+0x10/0x10 [ 2157.536994] ? _parse_integer+0xe4/0x130 [ 2157.537006] ? _kstrtoull+0x134/0x350 [ 2157.537015] ? _parse_integer+0x130/0x130 [ 2157.537027] ? __fget+0x1fe/0x360 [ 2157.537039] ? lock_acquire+0x170/0x3f0 [ 2157.537049] ? lock_downgrade+0x740/0x740 [ 2157.537061] ? __fget+0x225/0x360 [ 2157.613997] ip_tables: iptables: counters copy to user failed while replacing table [ 2157.614488] ? __fdget+0x196/0x1f0 [ 2157.614502] ? sockfd_lookup_light+0xb2/0x160 [ 2157.614513] __sys_sendmmsg+0x129/0x330 [ 2157.629644] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2157.629929] ? SyS_sendmsg+0x40/0x40 [ 2157.637291] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2157.638038] ? __mutex_unlock_slowpath+0x75/0x770 [ 2157.638052] ? wait_for_completion_io+0x10/0x10 [ 2157.638063] ? vfs_write+0x319/0x4d0 [ 2157.638073] ? fput+0xb/0x140 [ 2157.638080] ? SyS_write+0x14d/0x210 [ 2157.638090] ? SyS_read+0x210/0x210 [ 2157.646412] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2157.649343] SyS_sendmmsg+0x2f/0x50 [ 2157.649354] ? __sys_sendmmsg+0x330/0x330 [ 2157.649367] do_syscall_64+0x1d5/0x640 [ 2157.649384] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2157.649392] RIP: 0033:0x45e179 [ 2157.649398] RSP: 002b:00007fb075f5cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2157.649408] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2157.649416] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2157.654824] ip_tables: iptables: counters copy to user failed while replacing table [ 2157.657421] RBP: 00007fb075f5cca0 R08: 0000000000000000 R09: 0000000000000000 [ 2157.657427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2157.657433] R13: 00007ffec7e3704f R14: 00007fb075f5d9c0 R15: 000000000118cff4 07:17:35 executing program 5 (fault-call:5 fault-nth:2): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2157.797176] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2157.820992] FAULT_INJECTION: forcing a failure. [ 2157.820992] name failslab, interval 1, probability 0, space 0, times 0 [ 2157.840847] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7552 comm=syz-executor.2 [ 2157.867380] CPU: 0 PID: 7574 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2157.875200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2157.884555] Call Trace: [ 2157.887153] dump_stack+0x1b2/0x283 [ 2157.890793] should_fail.cold+0x10a/0x154 [ 2157.894953] should_failslab+0xd6/0x130 [ 2157.898935] kmem_cache_alloc_node+0x263/0x410 [ 2157.903529] __alloc_skb+0x5c/0x510 [ 2157.905776] ip_tables: iptables: counters copy to user failed while replacing table [ 2157.907158] alloc_skb_with_frags+0x85/0x500 [ 2157.907177] sock_alloc_send_pskb+0x577/0x6d0 [ 2157.907188] ? SyS_sendmmsg+0x2f/0x50 [ 2157.921421] FAULT_INJECTION: forcing a failure. [ 2157.921421] name failslab, interval 1, probability 0, space 0, times 0 [ 2157.924293] ? do_syscall_64+0x1d5/0x640 [ 2157.924302] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2157.924319] ? sock_kzfree_s+0x50/0x50 [ 2157.924327] ? netlbl_enabled+0x5/0x50 [ 2157.924336] ? __ip_dev_find+0x248/0x470 [ 2157.924351] ? lock_acquire+0x170/0x3f0 [ 2157.924365] __ip_append_data+0x11ec/0x1ff0 [ 2157.924376] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2157.924387] ? ip_do_fragment+0x1f50/0x1f50 [ 2157.924400] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2157.924408] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2157.924416] ? ip_setup_cork+0x6b0/0x6b0 [ 2157.924423] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2157.924431] ? ipv4_mtu+0x27e/0x370 [ 2157.924440] ? ip_do_fragment+0x1f50/0x1f50 [ 2157.924451] ip_make_skb+0x167/0x1b0 [ 2158.009312] ? ip_flush_pending_frames+0x20/0x20 [ 2158.014068] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2158.019100] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2158.024645] ? xfrm_lookup_route+0x43/0x1b0 [ 2158.028964] udp_sendmsg+0x156f/0x1c00 [ 2158.032847] ? ip_do_fragment+0x1f50/0x1f50 [ 2158.037161] ? udp_seq_next+0xa0/0xa0 [ 2158.040950] ? __might_fault+0x104/0x1b0 [ 2158.045001] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2158.049754] ? lock_acquire+0x170/0x3f0 [ 2158.053731] ? dup_iter+0x240/0x240 [ 2158.057353] ? kernel_recvmsg+0x210/0x210 [ 2158.061489] inet_sendmsg+0x11a/0x4e0 [ 2158.065283] ? security_socket_sendmsg+0x83/0xb0 [ 2158.070029] ? inet_recvmsg+0x4d0/0x4d0 [ 2158.074001] sock_sendmsg+0xb5/0x100 [ 2158.077708] ___sys_sendmsg+0x326/0x800 [ 2158.081676] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2158.086435] ? lock_downgrade+0x740/0x740 [ 2158.090576] ? trace_hardirqs_on+0x10/0x10 [ 2158.094810] ? up_read+0x17/0x30 [ 2158.098170] ? __do_page_fault+0x19a/0xb50 [ 2158.102393] ? retint_kernel+0x2d/0x2d [ 2158.106273] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2158.111281] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2158.116029] ? __might_fault+0x104/0x1b0 [ 2158.120082] ? lock_acquire+0x170/0x3f0 [ 2158.124058] __sys_sendmmsg+0x129/0x330 [ 2158.128028] ? SyS_sendmsg+0x40/0x40 [ 2158.131750] ? __mutex_unlock_slowpath+0x75/0x770 [ 2158.136597] ? wait_for_completion_io+0x10/0x10 [ 2158.141256] ? vfs_write+0x319/0x4d0 [ 2158.144960] ? fput+0xb/0x140 [ 2158.148054] ? SyS_write+0x14d/0x210 [ 2158.152103] ? SyS_read+0x210/0x210 [ 2158.155719] SyS_sendmmsg+0x2f/0x50 [ 2158.159328] ? __sys_sendmmsg+0x330/0x330 [ 2158.163473] do_syscall_64+0x1d5/0x640 [ 2158.167359] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2158.172540] RIP: 0033:0x45e179 [ 2158.175720] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2158.183438] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2158.190708] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2158.197991] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2158.205257] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002a [ 2158.212531] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c [ 2158.220761] CPU: 1 PID: 7585 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2158.228573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2158.237927] Call Trace: [ 2158.240520] dump_stack+0x1b2/0x283 [ 2158.244162] should_fail.cold+0x10a/0x154 [ 2158.248321] should_failslab+0xd6/0x130 [ 2158.249672] ip_tables: iptables: counters copy to user failed while replacing table [ 2158.252300] kmem_cache_alloc_node_trace+0x25a/0x400 07:17:36 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r2) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:36 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2158.252314] __kmalloc_node_track_caller+0x38/0x70 [ 2158.252326] __alloc_skb+0x96/0x510 [ 2158.252341] alloc_skb_with_frags+0x85/0x500 [ 2158.262334] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2158.265283] sock_alloc_send_pskb+0x577/0x6d0 [ 2158.265291] ? SyS_sendmmsg+0x2f/0x50 [ 2158.265304] ? do_syscall_64+0x1d5/0x640 [ 2158.272386] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2158.273859] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2158.273878] ? sock_kzfree_s+0x50/0x50 [ 2158.273889] ? __ip_dev_find+0x248/0x470 [ 2158.278611] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2158.286851] ? lock_acquire+0x170/0x3f0 [ 2158.286866] __ip_append_data+0x11ec/0x1ff0 [ 2158.286877] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2158.286888] ? ip_do_fragment+0x1f50/0x1f50 [ 2158.286900] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2158.286907] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2158.286919] ? ip_setup_cork+0x6b0/0x6b0 [ 2158.331558] ip_tables: iptables: counters copy to user failed while replacing table [ 2158.334702] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2158.334712] ? ipv4_mtu+0x27e/0x370 [ 2158.334724] ? ip_do_fragment+0x1f50/0x1f50 [ 2158.342743] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2158.344231] ip_make_skb+0x167/0x1b0 [ 2158.344248] ? ip_flush_pending_frames+0x20/0x20 [ 2158.393133] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2158.398158] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2158.403708] ? xfrm_lookup_route+0x43/0x1b0 [ 2158.408041] udp_sendmsg+0x156f/0x1c00 [ 2158.411940] ? ip_do_fragment+0x1f50/0x1f50 [ 2158.416272] ? udp_seq_next+0xa0/0xa0 [ 2158.420078] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2158.424877] ? dup_iter+0x240/0x240 [ 2158.428509] ? copy_user_generic_unrolled+0x86/0xc0 [ 2158.433535] ? kernel_recvmsg+0x210/0x210 [ 2158.437692] inet_sendmsg+0x11a/0x4e0 [ 2158.441492] ? security_socket_sendmsg+0x83/0xb0 [ 2158.446247] ? inet_recvmsg+0x4d0/0x4d0 [ 2158.450303] sock_sendmsg+0xb5/0x100 [ 2158.455216] ___sys_sendmsg+0x326/0x800 [ 2158.459212] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2158.463949] ? trace_hardirqs_on+0x10/0x10 [ 2158.468162] ? _parse_integer+0xe4/0x130 [ 2158.472207] ? _kstrtoull+0x134/0x350 [ 2158.475986] ? _parse_integer+0x130/0x130 [ 2158.480167] ? __fget+0x1fe/0x360 [ 2158.483608] ? lock_acquire+0x170/0x3f0 [ 2158.487562] ? lock_downgrade+0x740/0x740 [ 2158.491693] ? __fget+0x225/0x360 [ 2158.495130] ? __fdget+0x196/0x1f0 [ 2158.498652] ? sockfd_lookup_light+0xb2/0x160 [ 2158.503146] __sys_sendmmsg+0x129/0x330 [ 2158.507103] ? SyS_sendmsg+0x40/0x40 [ 2158.510813] ? __mutex_unlock_slowpath+0x75/0x770 [ 2158.515638] ? wait_for_completion_io+0x10/0x10 [ 2158.520308] ? vfs_write+0x319/0x4d0 [ 2158.524003] ? fput+0xb/0x140 [ 2158.527087] ? SyS_write+0x14d/0x210 [ 2158.530777] ? SyS_read+0x210/0x210 [ 2158.534391] SyS_sendmmsg+0x2f/0x50 [ 2158.538015] ? __sys_sendmmsg+0x330/0x330 [ 2158.542148] do_syscall_64+0x1d5/0x640 [ 2158.546038] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2158.551207] RIP: 0033:0x45e179 [ 2158.554377] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2158.562111] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2158.569385] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2158.576649] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2158.583945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2158.591197] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:17:36 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2158.692581] PF_BRIDGE: br_mdb_parse() with invalid attr 07:17:38 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/input/mice\x00', 0x100) setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(r1, 0x111, 0x2, 0x1, 0x4) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x8) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:38 executing program 4 (fault-call:10 fault-nth:43): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:38 executing program 5 (fault-call:5 fault-nth:3): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2159.988202] FAULT_INJECTION: forcing a failure. [ 2159.988202] name failslab, interval 1, probability 0, space 0, times 0 [ 2159.999968] CPU: 0 PID: 7605 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2160.007805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2160.017162] Call Trace: [ 2160.019764] dump_stack+0x1b2/0x283 [ 2160.023405] should_fail.cold+0x10a/0x154 [ 2160.027566] should_failslab+0xd6/0x130 [ 2160.031552] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2160.036669] __kmalloc_node_track_caller+0x38/0x70 [ 2160.041612] __alloc_skb+0x96/0x510 [ 2160.045250] alloc_skb_with_frags+0x85/0x500 [ 2160.048346] FAULT_INJECTION: forcing a failure. [ 2160.048346] name failslab, interval 1, probability 0, space 0, times 0 [ 2160.049672] sock_alloc_send_pskb+0x577/0x6d0 [ 2160.049681] ? SyS_sendmmsg+0x2f/0x50 [ 2160.049699] ? do_syscall_64+0x1d5/0x640 [ 2160.073284] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2160.078638] ? sock_kzfree_s+0x50/0x50 [ 2160.082522] ? netlbl_enabled+0x5/0x50 [ 2160.086389] ? __ip_dev_find+0x248/0x470 [ 2160.090433] ? lock_acquire+0x170/0x3f0 [ 2160.094389] __ip_append_data+0x11ec/0x1ff0 [ 2160.098694] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2160.103865] ? ip_do_fragment+0x1f50/0x1f50 [ 2160.108185] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2160.113180] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2160.118350] ? ip_setup_cork+0x6b0/0x6b0 [ 2160.122392] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2160.127561] ? ipv4_mtu+0x27e/0x370 [ 2160.131171] ? ip_do_fragment+0x1f50/0x1f50 [ 2160.135484] ip_make_skb+0x167/0x1b0 [ 2160.139178] ? ip_flush_pending_frames+0x20/0x20 [ 2160.143919] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2160.148923] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2160.154459] ? xfrm_lookup_route+0x43/0x1b0 [ 2160.158773] udp_sendmsg+0x156f/0x1c00 [ 2160.162653] ? ip_do_fragment+0x1f50/0x1f50 [ 2160.166954] ? udp_seq_next+0xa0/0xa0 [ 2160.170734] ? __might_fault+0x104/0x1b0 [ 2160.174776] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2160.179511] ? lock_acquire+0x170/0x3f0 [ 2160.183480] ? dup_iter+0x240/0x240 [ 2160.187111] ? kernel_recvmsg+0x210/0x210 [ 2160.191241] inet_sendmsg+0x11a/0x4e0 [ 2160.195026] ? security_socket_sendmsg+0x83/0xb0 [ 2160.199773] ? inet_recvmsg+0x4d0/0x4d0 [ 2160.203740] sock_sendmsg+0xb5/0x100 [ 2160.207434] ___sys_sendmsg+0x326/0x800 [ 2160.211389] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2160.216140] ? lock_downgrade+0x740/0x740 [ 2160.220268] ? trace_hardirqs_on+0x10/0x10 [ 2160.224499] ? up_read+0x17/0x30 [ 2160.227847] ? __do_page_fault+0x19a/0xb50 [ 2160.232060] ? retint_kernel+0x2d/0x2d [ 2160.235928] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2160.240926] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2160.245671] ? __might_fault+0x104/0x1b0 [ 2160.249713] ? lock_acquire+0x170/0x3f0 [ 2160.253673] __sys_sendmmsg+0x129/0x330 [ 2160.257628] ? SyS_sendmsg+0x40/0x40 [ 2160.261331] ? __mutex_unlock_slowpath+0x75/0x770 [ 2160.266168] ? wait_for_completion_io+0x10/0x10 [ 2160.270833] ? vfs_write+0x319/0x4d0 [ 2160.274545] ? fput+0xb/0x140 [ 2160.277641] ? SyS_write+0x14d/0x210 [ 2160.281333] ? SyS_read+0x210/0x210 [ 2160.284938] SyS_sendmmsg+0x2f/0x50 [ 2160.288556] ? __sys_sendmmsg+0x330/0x330 [ 2160.292687] do_syscall_64+0x1d5/0x640 [ 2160.296559] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2160.302510] RIP: 0033:0x45e179 [ 2160.305678] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2160.313365] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2160.320616] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2160.327866] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2160.335131] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002b [ 2160.342380] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c [ 2160.349659] CPU: 1 PID: 7606 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2160.357470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2160.366824] Call Trace: [ 2160.369417] dump_stack+0x1b2/0x283 [ 2160.373049] should_fail.cold+0x10a/0x154 [ 2160.377201] should_failslab+0xd6/0x130 [ 2160.381184] kmem_cache_alloc+0x40/0x3c0 [ 2160.385251] hashlimit_mt_common+0x6aa/0x1b70 07:17:38 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x21, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a0008"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:38 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r1, 0x0, 0x0) ioctl$VIDIOC_G_PRIORITY(r1, 0x80045643, 0x1) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x5) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600), 0x0) 07:17:38 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:38 executing program 4 (fault-call:10 fault-nth:44): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2160.389753] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 2160.394774] ? hashlimit_mt_check_v1+0x350/0x350 [ 2160.399539] ? __alloc_skb+0x3dc/0x510 [ 2160.403434] hashlimit_mt_v2+0x2a1/0x380 [ 2160.407499] ? hashlimit_mt+0x80/0x80 [ 2160.411308] ? check_preemption_disabled+0x35/0x240 [ 2160.416339] ipt_do_table+0x87b/0x16f0 [ 2160.420235] ? skb_put+0x124/0x170 [ 2160.423778] ? __ip_append_data+0xc02/0x1ff0 [ 2160.428175] ? check_preemption_disabled+0x35/0x240 [ 2160.433186] ? ipt_alloc_initial_table+0x630/0x630 [ 2160.438122] ? rcu_lockdep_current_cpu_online+0xc0/0x140 [ 2160.443572] ? __ip_make_skb+0xdde/0x16f0 [ 2160.447715] iptable_raw_hook+0x172/0x1e0 [ 2160.451850] nf_hook_slow+0xb0/0x1a0 [ 2160.455551] __ip_local_out+0x398/0x730 [ 2160.459509] ? __ip_flush_pending_frames.constprop.0+0x2c0/0x2c0 [ 2160.465666] ? ip_make_skb+0xf2/0x1b0 [ 2160.469453] ? ip_forward_options.cold+0x1f/0x1f [ 2160.474193] ip_local_out+0x25/0x170 [ 2160.477893] ip_send_skb+0x3a/0xc0 [ 2160.481416] udp_send_skb+0x516/0xb70 [ 2160.485223] udp_sendmsg+0x15a3/0x1c00 [ 2160.489095] ? ip_do_fragment+0x1f50/0x1f50 [ 2160.493510] ? udp_seq_next+0xa0/0xa0 [ 2160.497294] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2160.502047] ? dup_iter+0x240/0x240 [ 2160.505657] ? copy_user_generic_unrolled+0x86/0xc0 [ 2160.510666] ? kernel_recvmsg+0x210/0x210 [ 2160.514798] inet_sendmsg+0x11a/0x4e0 [ 2160.518579] ? security_socket_sendmsg+0x83/0xb0 [ 2160.523318] ? inet_recvmsg+0x4d0/0x4d0 [ 2160.527287] sock_sendmsg+0xb5/0x100 [ 2160.530987] ___sys_sendmsg+0x326/0x800 [ 2160.534948] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2160.539692] ? trace_hardirqs_on+0x10/0x10 [ 2160.543925] ? _parse_integer+0xe4/0x130 [ 2160.547988] ? _kstrtoull+0x134/0x350 [ 2160.551799] ? _parse_integer+0x130/0x130 [ 2160.555933] ? __fget+0x1fe/0x360 [ 2160.559389] ? lock_acquire+0x170/0x3f0 [ 2160.563361] ? lock_downgrade+0x740/0x740 [ 2160.567503] ? __fget+0x225/0x360 [ 2160.570941] ? __fdget+0x196/0x1f0 [ 2160.574469] ? sockfd_lookup_light+0xb2/0x160 [ 2160.578953] __sys_sendmmsg+0x129/0x330 [ 2160.582927] ? SyS_sendmsg+0x40/0x40 [ 2160.586645] ? __mutex_unlock_slowpath+0x75/0x770 [ 2160.591919] ? wait_for_completion_io+0x10/0x10 [ 2160.596581] ? vfs_write+0x319/0x4d0 [ 2160.600286] ? fput+0xb/0x140 [ 2160.603379] ? SyS_write+0x14d/0x210 [ 2160.607075] ? SyS_read+0x210/0x210 [ 2160.610710] SyS_sendmmsg+0x2f/0x50 [ 2160.614317] ? __sys_sendmmsg+0x330/0x330 [ 2160.618455] do_syscall_64+0x1d5/0x640 [ 2160.622335] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2160.627504] RIP: 0033:0x45e179 [ 2160.630671] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2160.638358] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2160.645610] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2160.652871] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2160.660139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 2160.667394] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:17:38 executing program 5 (fault-call:5 fault-nth:4): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:38 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2160.753996] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2160.787548] FAULT_INJECTION: forcing a failure. [ 2160.787548] name failslab, interval 1, probability 0, space 0, times 0 [ 2160.844091] FAULT_INJECTION: forcing a failure. [ 2160.844091] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2160.854839] CPU: 0 PID: 7628 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2160.863796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2160.873149] Call Trace: [ 2160.875551] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2160.875737] dump_stack+0x1b2/0x283 [ 2160.875753] should_fail.cold+0x10a/0x154 [ 2160.888857] should_failslab+0xd6/0x130 [ 2160.892832] kmem_cache_alloc+0x40/0x3c0 [ 2160.896895] dst_alloc+0xed/0x6d0 [ 2160.900356] rt_dst_alloc+0x6b/0x430 [ 2160.904076] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2160.909366] ip_route_output_key_hash+0x195/0x2a0 [ 2160.914221] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2160.919759] ? udp_sendmsg+0xe45/0x1c00 [ 2160.923739] ? lock_acquire+0x170/0x3f0 [ 2160.927727] ? lock_downgrade+0x740/0x740 [ 2160.931874] ip_route_output_flow+0x22/0xb0 [ 2160.936188] udp_sendmsg+0x13b5/0x1c00 [ 2160.940068] ? ip_do_fragment+0x1f50/0x1f50 [ 2160.944383] ? udp_seq_next+0xa0/0xa0 [ 2160.948192] ? __might_fault+0x104/0x1b0 [ 2160.952242] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2160.956998] ? lock_acquire+0x170/0x3f0 [ 2160.960992] ? dup_iter+0x240/0x240 [ 2160.964628] ? kernel_recvmsg+0x210/0x210 [ 2160.968778] inet_sendmsg+0x11a/0x4e0 [ 2160.972575] ? security_socket_sendmsg+0x83/0xb0 [ 2160.977501] ? inet_recvmsg+0x4d0/0x4d0 [ 2160.981545] sock_sendmsg+0xb5/0x100 [ 2160.985260] ___sys_sendmsg+0x326/0x800 [ 2160.989233] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2160.993992] ? lock_downgrade+0x740/0x740 [ 2160.998148] ? trace_hardirqs_on+0x10/0x10 [ 2161.002386] ? up_read+0x17/0x30 [ 2161.005752] ? __do_page_fault+0x19a/0xb50 [ 2161.009974] ? retint_kernel+0x2d/0x2d [ 2161.013861] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2161.018885] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2161.023649] ? __might_fault+0x104/0x1b0 [ 2161.027712] ? lock_acquire+0x170/0x3f0 [ 2161.031696] __sys_sendmmsg+0x129/0x330 [ 2161.035676] ? SyS_sendmsg+0x40/0x40 [ 2161.039400] ? __mutex_unlock_slowpath+0x75/0x770 07:17:39 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2161.044243] ? wait_for_completion_io+0x10/0x10 [ 2161.048906] ? vfs_write+0x319/0x4d0 [ 2161.052641] ? fput+0xb/0x140 [ 2161.055731] ? SyS_write+0x14d/0x210 [ 2161.059434] ? SyS_read+0x210/0x210 [ 2161.063065] SyS_sendmmsg+0x2f/0x50 [ 2161.066682] ? __sys_sendmmsg+0x330/0x330 [ 2161.070819] do_syscall_64+0x1d5/0x640 [ 2161.074697] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2161.079868] RIP: 0033:0x45e179 [ 2161.083042] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2161.090759] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2161.098015] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2161.105281] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2161.112572] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002c [ 2161.115176] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2161.119838] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c [ 2161.141626] CPU: 1 PID: 7634 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2161.149444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2161.158826] Call Trace: [ 2161.161420] dump_stack+0x1b2/0x283 [ 2161.165057] should_fail.cold+0x10a/0x154 [ 2161.169216] __alloc_pages_nodemask+0x22c/0x2720 [ 2161.173985] ? ip_finish_output+0x103/0xc30 [ 2161.178311] ? ip_output+0x1d5/0x510 [ 2161.182033] ? ip_mc_output+0xcb0/0xcb0 [ 2161.186009] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2161.190848] ? ip_fragment.constprop.0+0x200/0x200 [ 2161.195771] ? __lock_acquire+0x5fc/0x3f20 [ 2161.200100] alloc_pages_vma+0xd2/0x6d0 [ 2161.204061] wp_page_copy+0xfcf/0x1ba0 [ 2161.207932] ? _vm_normal_page+0x162/0x3b0 [ 2161.212147] ? tlb_flush_mmu_free+0x1a0/0x1a0 [ 2161.216623] ? __lock_acquire+0x5fc/0x3f20 [ 2161.220842] do_wp_page+0x245/0x1db0 [ 2161.224540] ? __handle_mm_fault+0x129c/0x4620 [ 2161.229111] ? finish_mkwrite_fault+0x5e0/0x5e0 [ 2161.233770] __handle_mm_fault+0x234f/0x4620 [ 2161.238237] ? vm_insert_page+0x7c0/0x7c0 [ 2161.242526] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2161.248059] handle_mm_fault+0x306/0x7a0 [ 2161.252117] __do_page_fault+0x578/0xb50 [ 2161.256172] ? spurious_fault+0x640/0x640 [ 2161.260333] ? do_page_fault+0x60/0x4f2 [ 2161.264405] page_fault+0x25/0x50 [ 2161.267880] RIP: 0010:__put_user_4+0x1c/0x30 [ 2161.272421] RSP: 0018:ffff888212de7ce0 EFLAGS: 00010293 [ 2161.277795] RAX: 0000000000000000 RBX: 00007fffffffeffd RCX: 0000000020007ff8 [ 2161.285072] RDX: 000000000000082e RSI: ffffffff850d1f5b RDI: 0000000000000286 [ 2161.292331] RBP: 0000000000040000 R08: ffffffff8a080448 R09: 0000000000000000 [ 2161.299602] R10: 0000000000000000 R11: ffff888056716500 R12: 0000000000000000 [ 2161.306927] R13: 0000000020007fc0 R14: 0000000020007fc0 R15: ffff888029618040 [ 2161.314264] ? __sys_sendmmsg+0x14b/0x330 [ 2161.318415] __sys_sendmmsg+0x15c/0x330 [ 2161.322403] ? SyS_sendmsg+0x40/0x40 [ 2161.326121] ? __mutex_unlock_slowpath+0x75/0x770 [ 2161.330964] ? wait_for_completion_io+0x10/0x10 [ 2161.335636] ? vfs_write+0x319/0x4d0 [ 2161.339350] ? fput+0xb/0x140 [ 2161.342498] ? SyS_write+0x14d/0x210 [ 2161.346202] ? SyS_read+0x210/0x210 [ 2161.349823] SyS_sendmmsg+0x2f/0x50 [ 2161.353462] ? __sys_sendmmsg+0x330/0x330 [ 2161.357655] do_syscall_64+0x1d5/0x640 [ 2161.361534] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2161.366729] RIP: 0033:0x45e179 [ 2161.369918] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2161.377620] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2161.384916] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 07:17:39 executing program 4 (fault-call:10 fault-nth:45): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:39 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2161.392198] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2161.399472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 2161.406748] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c [ 2161.510538] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2161.585061] FAULT_INJECTION: forcing a failure. [ 2161.585061] name failslab, interval 1, probability 0, space 0, times 0 [ 2161.615361] CPU: 0 PID: 7649 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2161.623200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2161.632569] Call Trace: [ 2161.635167] dump_stack+0x1b2/0x283 [ 2161.638803] should_fail.cold+0x10a/0x154 [ 2161.642963] should_failslab+0xd6/0x130 [ 2161.646949] kmem_cache_alloc+0x40/0x3c0 [ 2161.651018] dst_alloc+0xed/0x6d0 [ 2161.654480] rt_dst_alloc+0x6b/0x430 [ 2161.658201] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2161.663490] ip_route_output_key_hash+0x195/0x2a0 [ 2161.668365] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2161.673904] ? udp_sendmsg+0xe45/0x1c00 [ 2161.677886] ? lock_acquire+0x170/0x3f0 [ 2161.681867] ? lock_downgrade+0x740/0x740 [ 2161.686097] ip_route_output_flow+0x22/0xb0 [ 2161.690407] udp_sendmsg+0x13b5/0x1c00 [ 2161.694281] ? ip_do_fragment+0x1f50/0x1f50 [ 2161.698585] ? udp_seq_next+0xa0/0xa0 [ 2161.702378] ? __might_fault+0x104/0x1b0 [ 2161.706537] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2161.711310] ? lock_acquire+0x170/0x3f0 [ 2161.715281] ? dup_iter+0x240/0x240 [ 2161.718899] ? kernel_recvmsg+0x210/0x210 [ 2161.723040] inet_sendmsg+0x11a/0x4e0 [ 2161.726839] ? security_socket_sendmsg+0x83/0xb0 [ 2161.731598] ? inet_recvmsg+0x4d0/0x4d0 [ 2161.735572] sock_sendmsg+0xb5/0x100 [ 2161.739267] ___sys_sendmsg+0x326/0x800 [ 2161.743851] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2161.748608] ? lock_downgrade+0x740/0x740 [ 2161.752755] ? trace_hardirqs_on+0x10/0x10 [ 2161.756975] ? up_read+0x17/0x30 [ 2161.760324] ? __do_page_fault+0x19a/0xb50 [ 2161.764556] ? retint_kernel+0x2d/0x2d [ 2161.768445] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2161.773798] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2161.778547] ? __might_fault+0x104/0x1b0 [ 2161.782609] ? lock_acquire+0x170/0x3f0 [ 2161.786578] __sys_sendmmsg+0x129/0x330 [ 2161.790531] ? SyS_sendmsg+0x40/0x40 [ 2161.794235] ? __mutex_unlock_slowpath+0x75/0x770 [ 2161.799061] ? wait_for_completion_io+0x10/0x10 [ 2161.803717] ? vfs_write+0x319/0x4d0 [ 2161.807418] ? fput+0xb/0x140 [ 2161.810525] ? SyS_write+0x14d/0x210 [ 2161.814230] ? SyS_read+0x210/0x210 [ 2161.817854] SyS_sendmmsg+0x2f/0x50 [ 2161.821483] ? __sys_sendmmsg+0x330/0x330 [ 2161.825623] do_syscall_64+0x1d5/0x640 [ 2161.829498] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2161.834674] RIP: 0033:0x45e179 [ 2161.837861] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2161.845552] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2161.852816] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 2161.860066] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2161.867334] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002d [ 2161.874589] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:41 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) syz_extract_tcp_res$synack(&(0x7f00000001c0), 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:41 executing program 5 (fault-call:5 fault-nth:5): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:41 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2163.032365] net_ratelimit: 10 callbacks suppressed [ 2163.032369] ip_tables: iptables: counters copy to user failed while replacing table [ 2163.047896] ip_tables: iptables: counters copy to user failed while replacing table [ 2163.063477] nla_parse: 15 callbacks suppressed [ 2163.063483] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2163.073845] FAULT_INJECTION: forcing a failure. [ 2163.073845] name failslab, interval 1, probability 0, space 0, times 0 [ 2163.090232] CPU: 1 PID: 7669 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2163.095313] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2163.098069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2163.098074] Call Trace: [ 2163.098091] dump_stack+0x1b2/0x283 [ 2163.098108] should_fail.cold+0x10a/0x154 [ 2163.124408] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2163.126353] should_failslab+0xd6/0x130 [ 2163.126365] kmem_cache_alloc+0x40/0x3c0 [ 2163.139732] dst_alloc+0xed/0x6d0 [ 2163.143191] rt_dst_alloc+0x6b/0x430 [ 2163.146907] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2163.152188] ip_route_output_key_hash+0x195/0x2a0 [ 2163.157039] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2163.162577] ? udp_sendmsg+0xe45/0x1c00 [ 2163.166558] ? lock_acquire+0x170/0x3f0 [ 2163.170530] ? lock_downgrade+0x740/0x740 [ 2163.174681] ip_route_output_flow+0x22/0xb0 [ 2163.178996] udp_sendmsg+0x13b5/0x1c00 [ 2163.182881] ? ip_do_fragment+0x1f50/0x1f50 [ 2163.187288] ? udp_seq_next+0xa0/0xa0 [ 2163.191067] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2163.195822] ? dup_iter+0x240/0x240 [ 2163.199466] ? copy_user_generic_unrolled+0x86/0xc0 [ 2163.204503] ? kernel_recvmsg+0x210/0x210 [ 2163.208638] inet_sendmsg+0x11a/0x4e0 [ 2163.212426] ? security_socket_sendmsg+0x83/0xb0 [ 2163.217178] ? inet_recvmsg+0x4d0/0x4d0 [ 2163.221144] sock_sendmsg+0xb5/0x100 [ 2163.224844] ___sys_sendmsg+0x326/0x800 [ 2163.228805] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2163.233553] ? lock_downgrade+0x740/0x740 [ 2163.237698] ? up_read+0x17/0x30 [ 2163.241051] ? __do_page_fault+0x19a/0xb50 [ 2163.245279] ? retint_kernel+0x2d/0x2d [ 2163.249165] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2163.254177] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2163.258996] ? retint_kernel+0x2d/0x2d [ 2163.262880] __sys_sendmmsg+0x129/0x330 [ 2163.266851] ? SyS_sendmsg+0x40/0x40 [ 2163.270559] ? __mutex_unlock_slowpath+0x75/0x770 [ 2163.275393] ? wait_for_completion_io+0x10/0x10 [ 2163.280048] ? vfs_write+0x319/0x4d0 [ 2163.283745] ? fput+0xb/0x140 [ 2163.286840] ? SyS_write+0x14d/0x210 [ 2163.290538] ? SyS_read+0x210/0x210 [ 2163.294173] SyS_sendmmsg+0x2f/0x50 [ 2163.297792] ? __sys_sendmmsg+0x330/0x330 [ 2163.301937] do_syscall_64+0x1d5/0x640 [ 2163.305827] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2163.311086] RIP: 0033:0x45e179 [ 2163.314262] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2163.321963] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2163.329221] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2163.336474] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2163.343737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 2163.351067] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:17:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x32, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad00000000000000"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:41 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x45) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000000040)=[{&(0x7f0000002640)=""/4109, 0x100d}], 0x1) 07:17:41 executing program 4 (fault-call:10 fault-nth:46): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:41 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:41 executing program 5 (fault-call:5 fault-nth:6): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2163.735070] ip_tables: iptables: counters copy to user failed while replacing table [ 2163.745905] ip_tables: iptables: counters copy to user failed while replacing table [ 2163.760237] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2163.762395] ip_tables: iptables: counters copy to user failed while replacing table [ 2163.778197] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2163.788455] FAULT_INJECTION: forcing a failure. [ 2163.788455] name failslab, interval 1, probability 0, space 0, times 0 [ 2163.797817] FAULT_INJECTION: forcing a failure. [ 2163.797817] name failslab, interval 1, probability 0, space 0, times 0 [ 2163.813724] CPU: 0 PID: 7685 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2163.821561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2163.830913] Call Trace: [ 2163.833498] dump_stack+0x1b2/0x283 [ 2163.837124] should_fail.cold+0x10a/0x154 [ 2163.841261] should_failslab+0xd6/0x130 [ 2163.845230] kmem_cache_alloc_node+0x263/0x410 [ 2163.849807] __alloc_skb+0x5c/0x510 [ 2163.853429] alloc_skb_with_frags+0x85/0x500 [ 2163.857840] sock_alloc_send_pskb+0x577/0x6d0 [ 2163.862319] ? SyS_sendmmsg+0x2f/0x50 [ 2163.866103] ? do_syscall_64+0x1d5/0x640 [ 2163.870148] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2163.875503] ? sock_kzfree_s+0x50/0x50 [ 2163.879376] ? __ip_dev_find+0x248/0x470 [ 2163.883427] ? lock_acquire+0x170/0x3f0 [ 2163.887393] __ip_append_data+0x11ec/0x1ff0 [ 2163.891706] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2163.896889] ? ip_do_fragment+0x1f50/0x1f50 [ 2163.901198] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2163.906201] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2163.911371] ? ip_setup_cork+0x6b0/0x6b0 [ 2163.915414] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2163.920622] ? ipv4_mtu+0x27e/0x370 [ 2163.924247] ? ip_do_fragment+0x1f50/0x1f50 [ 2163.928564] ip_make_skb+0x167/0x1b0 [ 2163.932274] ? ip_flush_pending_frames+0x20/0x20 [ 2163.937028] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2163.942494] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2163.948022] ? xfrm_lookup_route+0x43/0x1b0 [ 2163.952355] udp_sendmsg+0x156f/0x1c00 [ 2163.956255] ? ip_do_fragment+0x1f50/0x1f50 [ 2163.960573] ? __schedule+0x893/0x1de0 [ 2163.964465] ? udp_seq_next+0xa0/0xa0 [ 2163.968248] ? retint_kernel+0x2d/0x2d [ 2163.972125] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2163.976864] ? retint_kernel+0x2d/0x2d [ 2163.980751] inet_sendmsg+0x11a/0x4e0 [ 2163.984541] ? security_socket_sendmsg+0x83/0xb0 [ 2163.989275] ? inet_recvmsg+0x4d0/0x4d0 [ 2163.993238] sock_sendmsg+0xb5/0x100 [ 2163.996935] ___sys_sendmsg+0x326/0x800 [ 2164.000894] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2164.005637] ? lock_downgrade+0x740/0x740 [ 2164.009773] ? up_read+0x17/0x30 [ 2164.013121] ? __do_page_fault+0x19a/0xb50 [ 2164.017355] ? retint_kernel+0x2d/0x2d [ 2164.021226] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2164.026230] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2164.030988] ? retint_kernel+0x2d/0x2d [ 2164.034879] __sys_sendmmsg+0x129/0x330 [ 2164.038836] ? SyS_sendmsg+0x40/0x40 [ 2164.042567] ? __mutex_unlock_slowpath+0x75/0x770 [ 2164.047419] ? wait_for_completion_io+0x10/0x10 [ 2164.052071] ? vfs_write+0x319/0x4d0 [ 2164.055772] ? fput+0xb/0x140 [ 2164.058863] ? SyS_write+0x14d/0x210 [ 2164.062561] ? SyS_read+0x210/0x210 [ 2164.066198] SyS_sendmmsg+0x2f/0x50 [ 2164.069807] ? __sys_sendmmsg+0x330/0x330 [ 2164.073943] do_syscall_64+0x1d5/0x640 [ 2164.077819] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2164.082990] RIP: 0033:0x45e179 [ 2164.086159] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2164.093851] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2164.101130] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2164.108387] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2164.115637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 2164.122891] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c [ 2164.130161] CPU: 1 PID: 7683 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2164.138221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2164.147572] Call Trace: [ 2164.150158] dump_stack+0x1b2/0x283 [ 2164.153796] should_fail.cold+0x10a/0x154 [ 2164.157956] should_failslab+0xd6/0x130 [ 2164.161932] kmem_cache_alloc_node+0x263/0x410 [ 2164.166520] __alloc_skb+0x5c/0x510 [ 2164.170159] alloc_skb_with_frags+0x85/0x500 [ 2164.174578] sock_alloc_send_pskb+0x577/0x6d0 [ 2164.179073] ? SyS_sendmmsg+0x2f/0x50 [ 2164.182873] ? do_syscall_64+0x1d5/0x640 [ 2164.186935] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2164.192311] ? sock_kzfree_s+0x50/0x50 [ 2164.196201] ? netlbl_enabled+0x5/0x50 [ 2164.200087] ? __ip_dev_find+0x248/0x470 [ 2164.204151] ? lock_acquire+0x170/0x3f0 [ 2164.204820] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2164.208123] __ip_append_data+0x11ec/0x1ff0 [ 2164.208137] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2164.208147] ? ip_do_fragment+0x1f50/0x1f50 [ 2164.208161] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2164.235519] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2164.237249] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2164.240703] ? ip_setup_cork+0x6b0/0x6b0 [ 2164.240713] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2164.240721] ? ipv4_mtu+0x27e/0x370 [ 2164.240733] ? ip_do_fragment+0x1f50/0x1f50 [ 2164.263236] ip_make_skb+0x167/0x1b0 [ 2164.266958] ? ip_flush_pending_frames+0x20/0x20 [ 2164.271718] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2164.276736] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2164.282278] ? xfrm_lookup_route+0x43/0x1b0 [ 2164.286603] udp_sendmsg+0x156f/0x1c00 [ 2164.290501] ? ip_do_fragment+0x1f50/0x1f50 [ 2164.294829] ? udp_seq_next+0xa0/0xa0 [ 2164.298634] ? __might_fault+0x104/0x1b0 [ 2164.302699] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2164.307468] ? lock_acquire+0x170/0x3f0 [ 2164.311455] ? dup_iter+0x240/0x240 [ 2164.315083] ? kernel_recvmsg+0x210/0x210 [ 2164.319233] inet_sendmsg+0x11a/0x4e0 [ 2164.323040] ? security_socket_sendmsg+0x83/0xb0 [ 2164.327802] ? inet_recvmsg+0x4d0/0x4d0 [ 2164.331795] sock_sendmsg+0xb5/0x100 [ 2164.335505] ___sys_sendmsg+0x326/0x800 [ 2164.339474] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2164.344236] ? lock_downgrade+0x740/0x740 [ 2164.348274] ip_tables: iptables: counters copy to user failed while replacing table [ 2164.348383] ? trace_hardirqs_on+0x10/0x10 [ 2164.360391] ? up_read+0x17/0x30 [ 2164.363754] ? __do_page_fault+0x19a/0xb50 [ 2164.367991] ? retint_kernel+0x2d/0x2d [ 2164.371881] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2164.373457] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2164.376896] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2164.376911] ? __might_fault+0x104/0x1b0 [ 2164.376926] ? lock_acquire+0x170/0x3f0 [ 2164.398248] __sys_sendmmsg+0x129/0x330 [ 2164.402220] ? SyS_sendmsg+0x40/0x40 [ 2164.403250] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2164.405944] ? __mutex_unlock_slowpath+0x75/0x770 [ 2164.419336] ? wait_for_completion_io+0x10/0x10 [ 2164.424006] ? vfs_write+0x319/0x4d0 [ 2164.427715] ? fput+0xb/0x140 [ 2164.429499] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2164.430807] ? SyS_write+0x14d/0x210 [ 2164.430818] ? SyS_read+0x210/0x210 [ 2164.430831] SyS_sendmmsg+0x2f/0x50 [ 2164.430841] ? __sys_sendmmsg+0x330/0x330 [ 2164.451251] do_syscall_64+0x1d5/0x640 [ 2164.455151] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2164.460335] RIP: 0033:0x45e179 [ 2164.463517] RSP: 002b:00007ff2f746fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2164.471222] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2164.478489] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000005 07:17:42 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:42 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25110000000800bd0001010500050029000c0000e0050019000100000006828a68f4ae001201dc0400000500190000000000efad0bb706834c0fa98ea4ec9e85ae7e010daee1b2c416885695356942a18a0220e6a17604b492b41cd8012d927a906a3f25ad18e30a7d5cd7c365cac7bb1305309981d8514e0714c47de0bb977bbf5b99511797d98c63079b8376e7f649073319f9d5"], 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x6004804) socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:42 executing program 5 (fault-call:5 fault-nth:7): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2164.485764] RBP: 00007ff2f746fca0 R08: 0000000000000000 R09: 0000000000000000 [ 2164.493039] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002e [ 2164.500311] R13: 00007fff66e6d33f R14: 00007ff2f74709c0 R15: 000000000118cf4c 07:17:42 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000092000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2164.537727] ip_tables: iptables: counters copy to user failed while replacing table [ 2164.569040] ip_tables: iptables: counters copy to user failed while replacing table [ 2164.597265] FAULT_INJECTION: forcing a failure. [ 2164.597265] name failslab, interval 1, probability 0, space 0, times 0 [ 2164.608765] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2164.628380] CPU: 0 PID: 7708 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2164.636204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2164.639518] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2164.645554] Call Trace: [ 2164.645577] dump_stack+0x1b2/0x283 [ 2164.645595] should_fail.cold+0x10a/0x154 [ 2164.645611] should_failslab+0xd6/0x130 [ 2164.645621] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2164.645680] __kmalloc_node_track_caller+0x38/0x70 [ 2164.645693] __alloc_skb+0x96/0x510 [ 2164.645705] alloc_skb_with_frags+0x85/0x500 [ 2164.645723] sock_alloc_send_pskb+0x577/0x6d0 [ 2164.645730] ? SyS_sendmmsg+0x2f/0x50 [ 2164.645738] ? do_syscall_64+0x1d5/0x640 [ 2164.645747] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2164.645763] ? sock_kzfree_s+0x50/0x50 [ 2164.645775] ? __ip_dev_find+0x248/0x470 [ 2164.645789] ? lock_acquire+0x170/0x3f0 [ 2164.645802] __ip_append_data+0x11ec/0x1ff0 [ 2164.645815] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2164.645828] ? ip_do_fragment+0x1f50/0x1f50 [ 2164.645844] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2164.645854] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2164.645864] ? ip_setup_cork+0x6b0/0x6b0 [ 2164.645872] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2164.645881] ? ipv4_mtu+0x27e/0x370 [ 2164.645893] ? ip_do_fragment+0x1f50/0x1f50 [ 2164.645902] ip_make_skb+0x167/0x1b0 [ 2164.645917] ? ip_flush_pending_frames+0x20/0x20 [ 2164.645930] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2164.645941] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2164.645956] ? xfrm_lookup_route+0x43/0x1b0 [ 2164.645970] udp_sendmsg+0x156f/0x1c00 [ 2164.645984] ? ip_do_fragment+0x1f50/0x1f50 [ 2164.645997] ? udp_seq_next+0xa0/0xa0 [ 2164.646010] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2164.646029] ? dup_iter+0x240/0x240 [ 2164.646038] ? copy_user_generic_unrolled+0x86/0xc0 [ 2164.646054] ? kernel_recvmsg+0x210/0x210 [ 2164.646065] inet_sendmsg+0x11a/0x4e0 [ 2164.646074] ? security_socket_sendmsg+0x83/0xb0 [ 2164.646083] ? inet_recvmsg+0x4d0/0x4d0 [ 2164.646094] sock_sendmsg+0xb5/0x100 [ 2164.646103] ___sys_sendmsg+0x326/0x800 [ 2164.646114] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2164.646125] ? lock_downgrade+0x740/0x740 [ 2164.646137] ? up_read+0x17/0x30 [ 2164.646149] ? __do_page_fault+0x19a/0xb50 [ 2164.746507] ip_tables: iptables: counters copy to user failed while replacing table [ 2164.746654] ? retint_kernel+0x2d/0x2d [ 2164.753469] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2164.754586] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2164.754599] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2164.754613] ? retint_kernel+0x2d/0x2d [ 2164.774401] ip_tables: iptables: counters copy to user failed while replacing table [ 2164.777901] __sys_sendmmsg+0x129/0x330 [ 2164.777913] ? SyS_sendmsg+0x40/0x40 [ 2164.777935] ? __mutex_unlock_slowpath+0x75/0x770 [ 2164.777946] ? wait_for_completion_io+0x10/0x10 [ 2164.777955] ? vfs_write+0x319/0x4d0 [ 2164.777964] ? fput+0xb/0x140 [ 2164.777972] ? SyS_write+0x14d/0x210 [ 2164.777981] ? SyS_read+0x210/0x210 [ 2164.777991] SyS_sendmmsg+0x2f/0x50 [ 2164.777998] ? __sys_sendmmsg+0x330/0x330 [ 2164.778009] do_syscall_64+0x1d5/0x640 [ 2164.778023] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2164.778034] RIP: 0033:0x45e179 [ 2164.782951] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2164.786225] RSP: 002b:00007fb075f5cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2164.786236] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2164.786241] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2164.786247] RBP: 00007fb075f5cca0 R08: 0000000000000000 R09: 0000000000000000 [ 2164.786252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 2164.786257] R13: 00007ffec7e3704f R14: 00007fb075f5d9c0 R15: 000000000118cff4 07:17:44 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ubi_ctrl\x00', 0x44800, 0x0) sendmsg$SOCK_DIAG_BY_FAMILY(r1, &(0x7f0000000640)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x380, 0x14, 0x400, 0x70bd26, 0x25dfdbfe, {0x25, 0x6}, [@INET_DIAG_REQ_BYTECODE={0x28, 0x1, "c94d0f9e90eee12396ff5ee29ed891d19854abaf3d1baab98d3cdb82768b5673475de0ce"}, @INET_DIAG_REQ_BYTECODE={0xd1, 0x1, "e03d94e9d13d2c2f856685e2584633b23cca009f9eacf7ab5981d4db704f79310733cc7ace22b7fbbc1598cb944eb77cf51fe391e735ba397a38dc8e14c6165e7ff6b128b106b15646f9c1c2b8e77d87a89817a981933b0e439897a54159636f08f86deb3ea71d4517dd1333468cb1c51d6087f522305ed9a77d41574ba2f9709a1c4d04be7f99376ecc213c48846ecf975973f772ff742b7cdf653a5664f3b7783dec1cdb43deeff745782c69a6632be214f6cb91fb63bf96090be95952696f4e019f90ee1a014f21d537b252"}, @INET_DIAG_REQ_BYTECODE={0xe6, 0x1, "b9c95df7969bd24b6c8e4b1b769d7d344b549d345c496097c9653ca14b1e5a687471e23556125d14715d1a1fd853ba53e7c2b9ea875d91dc3fd8b5d0efa16335f037faed2604b3761445a5e5f8983ff7b37fe9f7b7bcd69988ce6e285f0b696de6bcf71091e0bd583b053f6b32d8e7d1cc7ab0c6d9eae53fcb8040d2feb98c04d6870491bc523b16f2597f7b2821ec20433a2b8d1f840b65d42c4c2cef5c8e35b2ba5a0d0a57e6f297db9a40576c29bd262c541994b75f5534a3a174f10cb0ca39992501faf1ed8705de6210a55921ae1be3732160c5df529d44ff3b8e2c2cbbb59d"}, @INET_DIAG_REQ_BYTECODE={0xce, 0x1, "8f153990f249ec61df7704c6b4fbb2ab3df4d78a37a58e15e60e8e3ba6b4c444ababff75692e1f3ea04af46976721a1daa886fd61dba696e36607152aba8964fdbd61abd69cfe2c08ac112a850dc66cbc453947c38f8829159fbc59993bd6b6d22f7e4a5b8a3eb5d6f25f1d6d017fa756978ee90ad01a13b3dd7483607564cc47bac646e8641a942feb7554bbc401dd803f5927b47b54e73283fc10ea6a8d2243f0f640eb23b4e76d513b3341623d71d6e388d32b8f3228bbfef31d6e7a159e7d524a67e3322290903d5"}, @INET_DIAG_REQ_BYTECODE={0xb5, 0x1, "87e59216367650bba55ce78d94cc93ed6afbbafff4e7bdd87c404a7c48f4b3b03fed5be9b83e71cb30af1e8265f95d8594f6a86e43879a18f95dbb14eb6acd9d111bc7feae52d1e28310d6de6d313d09f7e0ee482554f293d365a7c5aa72d6008c2f1acf0dc3a116b1a0be20e555d854730e7c274f5ba7864a793e614af020c2b98239459f7ec5ae528524d23e5ae7502517bc04cb3997137f74fc14bb68f51dc077391ad44786a426cd1c8771a2626704"}]}, 0x380}, 0x1, 0x0, 0x0, 0x84}, 0x4000) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:44 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) socket(0x4, 0x6, 0x8fb) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$peekuser(0x3, r1, 0x8) 07:17:44 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2166.048038] PF_BRIDGE: br_mdb_parse() with invalid attr 07:17:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x32, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad00000000000000"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:44 executing program 5 (fault-call:5 fault-nth:8): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:44 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="50000000010401030000000000000000000000000800034000000000eb000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @private=0xa010102}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:44 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2166.761069] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2166.761969] FAULT_INJECTION: forcing a failure. [ 2166.761969] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2166.793650] CPU: 1 PID: 7744 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2166.801474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2166.810829] Call Trace: [ 2166.813423] dump_stack+0x1b2/0x283 [ 2166.817060] should_fail.cold+0x10a/0x154 [ 2166.821233] __alloc_pages_nodemask+0x22c/0x2720 [ 2166.826005] ? ip_finish_output+0x103/0xc30 [ 2166.830341] ? ip_output+0x1d5/0x510 [ 2166.834055] ? ip_mc_output+0xcb0/0xcb0 [ 2166.838029] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2166.842877] ? ip_fragment.constprop.0+0x200/0x200 [ 2166.847822] ? __lock_acquire+0x5fc/0x3f20 [ 2166.852066] alloc_pages_vma+0xd2/0x6d0 [ 2166.856051] wp_page_copy+0xfcf/0x1ba0 [ 2166.859949] ? _vm_normal_page+0x162/0x3b0 [ 2166.864187] ? tlb_flush_mmu_free+0x1a0/0x1a0 [ 2166.868685] ? __lock_acquire+0x5fc/0x3f20 [ 2166.872934] do_wp_page+0x245/0x1db0 [ 2166.873228] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2166.876738] ? __handle_mm_fault+0x129c/0x4620 [ 2166.876749] ? finish_mkwrite_fault+0x5e0/0x5e0 [ 2166.876765] __handle_mm_fault+0x234f/0x4620 [ 2166.876776] ? vm_insert_page+0x7c0/0x7c0 [ 2166.876787] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2166.905633] handle_mm_fault+0x306/0x7a0 [ 2166.909703] __do_page_fault+0x578/0xb50 [ 2166.913770] ? spurious_fault+0x640/0x640 [ 2166.917928] ? do_page_fault+0x60/0x4f2 [ 2166.921910] page_fault+0x25/0x50 [ 2166.925363] RIP: 0010:__put_user_4+0x1c/0x30 [ 2166.929759] RSP: 0018:ffff888211c17ce0 EFLAGS: 00010293 [ 2166.935119] RAX: 0000000000000000 RBX: 00007fffffffeffd RCX: 0000000020008038 [ 2166.942389] RDX: 0000000000001485 RSI: ffffffff850d1f5b RDI: 0000000000000286 [ 2166.949657] RBP: 0000000000040000 R08: ffffffff8a080448 R09: 0000000000000000 [ 2166.953545] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2166.956955] R10: 0000000000000000 R11: ffff88809256c080 R12: 0000000000000001 [ 2166.956962] R13: 0000000020008000 R14: 0000000020007fc0 R15: ffff88804ee90940 [ 2166.956984] ? __sys_sendmmsg+0x14b/0x330 [ 2166.956997] __sys_sendmmsg+0x15c/0x330 [ 2166.957007] ? SyS_sendmsg+0x40/0x40 [ 2166.957030] ? __mutex_unlock_slowpath+0x75/0x770 [ 2166.993530] ? wait_for_completion_io+0x10/0x10 [ 2166.998205] ? vfs_write+0x319/0x4d0 [ 2167.001921] ? fput+0xb/0x140 [ 2167.005029] ? SyS_write+0x14d/0x210 [ 2167.008742] ? SyS_read+0x210/0x210 [ 2167.012371] SyS_sendmmsg+0x2f/0x50 [ 2167.015996] ? __sys_sendmmsg+0x330/0x330 [ 2167.020143] do_syscall_64+0x1d5/0x640 [ 2167.024038] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2167.029227] RIP: 0033:0x45e179 [ 2167.032410] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2167.040121] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2167.040557] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2167.047389] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 07:17:44 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:44 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:45 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:45 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 2167.047395] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2167.047399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 2167.047404] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:17:45 executing program 5 (fault-call:5 fault-nth:9): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2167.219037] FAULT_INJECTION: forcing a failure. [ 2167.219037] name failslab, interval 1, probability 0, space 0, times 0 [ 2167.245279] CPU: 1 PID: 7774 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2167.253105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2167.262466] Call Trace: [ 2167.265060] dump_stack+0x1b2/0x283 [ 2167.268694] should_fail.cold+0x10a/0x154 [ 2167.273023] should_failslab+0xd6/0x130 [ 2167.277002] kmem_cache_alloc+0x40/0x3c0 [ 2167.281066] dst_alloc+0xed/0x6d0 [ 2167.284524] rt_dst_alloc+0x6b/0x430 [ 2167.288251] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2167.293541] ip_route_output_key_hash+0x195/0x2a0 [ 2167.298394] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2167.303939] ? udp_sendmsg+0xe45/0x1c00 [ 2167.307923] ? lock_acquire+0x170/0x3f0 [ 2167.311906] ? lock_downgrade+0x740/0x740 [ 2167.316059] ip_route_output_flow+0x22/0xb0 [ 2167.320410] udp_sendmsg+0x13b5/0x1c00 [ 2167.324374] ? ip_do_fragment+0x1f50/0x1f50 [ 2167.328817] ? udp_seq_next+0xa0/0xa0 [ 2167.332661] ? __might_fault+0x104/0x1b0 [ 2167.336710] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2167.341457] ? lock_acquire+0x170/0x3f0 [ 2167.345435] ? dup_iter+0x240/0x240 [ 2167.349055] ? kernel_recvmsg+0x210/0x210 [ 2167.353190] inet_sendmsg+0x11a/0x4e0 [ 2167.356985] ? security_socket_sendmsg+0x83/0xb0 [ 2167.361748] ? inet_recvmsg+0x4d0/0x4d0 [ 2167.365713] sock_sendmsg+0xb5/0x100 [ 2167.369435] ___sys_sendmsg+0x326/0x800 [ 2167.373393] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2167.378151] ? lock_downgrade+0x740/0x740 [ 2167.382303] ? up_read+0x17/0x30 [ 2167.385651] ? __do_page_fault+0x19a/0xb50 [ 2167.389869] ? retint_kernel+0x2d/0x2d [ 2167.393755] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2167.398795] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2167.403542] ? retint_kernel+0x2d/0x2d [ 2167.407418] __sys_sendmmsg+0x129/0x330 [ 2167.411438] ? SyS_sendmsg+0x40/0x40 [ 2167.415198] ? __mutex_unlock_slowpath+0x75/0x770 [ 2167.420035] ? wait_for_completion_io+0x10/0x10 [ 2167.424695] ? vfs_write+0x319/0x4d0 [ 2167.428387] ? fput+0xb/0x140 [ 2167.431470] ? SyS_write+0x14d/0x210 [ 2167.435163] ? SyS_read+0x210/0x210 [ 2167.438771] SyS_sendmmsg+0x2f/0x50 [ 2167.442379] ? __sys_sendmmsg+0x330/0x330 [ 2167.446577] do_syscall_64+0x1d5/0x640 [ 2167.450449] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2167.455618] RIP: 0033:0x45e179 [ 2167.458786] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2167.466477] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2167.473733] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2167.480987] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2167.488475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 2167.495738] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:17:47 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f00000001c0)={0x5, [0x7ff, 0x2], 0x7f}, 0x10) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f00000002c0)={0x1, 0x3, 0x1000, 0x10, &(0x7f0000000200)="c5fbe6033788782cb6c651c5ef1e481d", 0x22, 0x0, &(0x7f0000000240)="c1777a0b5f6eaaceb8b880eb945f81d107cf830aa509bf69840ba45fb4055b3c3e07"}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:47 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:47 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) [ 2169.077069] nla_parse: 7 callbacks suppressed [ 2169.077076] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2169.091260] PF_BRIDGE: br_mdb_parse() with invalid attr 07:17:47 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x32, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad00000000000000"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:47 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x160, 0x0, 0x20, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x80000000}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x60ae}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK={0xd0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xebe}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x649b}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd59}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}]}, @TIPC_NLA_MEDIA={0x40, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x83e1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}]}]}, 0x160}, 0x1, 0x0, 0x0, 0x4}, 0x4000800) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x1ff) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r5, 0x0, 0x0) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_GET_REMOTE_MNG(r5, &(0x7f0000000540)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)={0x1c, r6, 0x400, 0x70bd26, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040050}, 0x0) recvmsg$can_raw(r1, &(0x7f0000000500)={&(0x7f0000000400)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, &(0x7f0000000480), 0x0, &(0x7f00000004c0)=""/58, 0x3a}, 0x3) bind$inet(r7, &(0x7f0000000300)={0x2, 0x0, @multicast2}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:47 executing program 5 (fault-call:5 fault-nth:10): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:47 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2169.778384] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2169.785264] net_ratelimit: 8 callbacks suppressed [ 2169.785269] ip_tables: iptables: counters copy to user failed while replacing table [ 2169.787762] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2169.793508] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2169.803974] ip_tables: iptables: counters copy to user failed while replacing table [ 2169.826551] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2169.833507] FAULT_INJECTION: forcing a failure. [ 2169.833507] name failslab, interval 1, probability 0, space 0, times 0 [ 2169.851960] ip_tables: iptables: counters copy to user failed while replacing table [ 2169.855862] CPU: 1 PID: 7808 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2169.867578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2169.877060] Call Trace: [ 2169.880090] dump_stack+0x1b2/0x283 [ 2169.883729] should_fail.cold+0x10a/0x154 [ 2169.887887] should_failslab+0xd6/0x130 [ 2169.891869] kmem_cache_alloc_node+0x263/0x410 [ 2169.896460] __alloc_skb+0x5c/0x510 [ 2169.900090] alloc_skb_with_frags+0x85/0x500 [ 2169.904509] sock_alloc_send_pskb+0x577/0x6d0 [ 2169.904951] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2169.908999] ? SyS_sendmmsg+0x2f/0x50 [ 2169.909011] ? do_syscall_64+0x1d5/0x640 [ 2169.909021] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2169.909036] ? sock_kzfree_s+0x50/0x50 [ 2169.909050] ? __ip_dev_find+0x248/0x470 [ 2169.930959] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2169.934677] ? lock_acquire+0x170/0x3f0 [ 2169.934693] __ip_append_data+0x11ec/0x1ff0 [ 2169.934706] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2169.934717] ? ip_do_fragment+0x1f50/0x1f50 [ 2169.947084] ip_tables: iptables: counters copy to user failed while replacing table [ 2169.948088] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2169.948100] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2169.948110] ? ip_setup_cork+0x6b0/0x6b0 [ 2169.948121] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2169.961242] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2169.961997] ? ipv4_mtu+0x27e/0x370 [ 2169.962011] ? ip_do_fragment+0x1f50/0x1f50 [ 2169.962022] ip_make_skb+0x167/0x1b0 [ 2169.962035] ? ip_flush_pending_frames+0x20/0x20 [ 2169.962046] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2170.003461] ip_tables: iptables: counters copy to user failed while replacing table [ 2170.005710] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2170.005728] ? xfrm_lookup_route+0x43/0x1b0 [ 2170.005742] udp_sendmsg+0x156f/0x1c00 [ 2170.005756] ? ip_do_fragment+0x1f50/0x1f50 [ 2170.010065] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2170.014206] ? udp_seq_next+0xa0/0xa0 [ 2170.014221] ? __might_fault+0x104/0x1b0 [ 2170.014230] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2170.014242] ? lock_acquire+0x170/0x3f0 [ 2170.014257] ? dup_iter+0x240/0x240 [ 2170.014271] ? kernel_recvmsg+0x210/0x210 [ 2170.014284] inet_sendmsg+0x11a/0x4e0 [ 2170.022543] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2170.027069] ? security_socket_sendmsg+0x83/0xb0 [ 2170.027083] ? inet_recvmsg+0x4d0/0x4d0 [ 2170.027095] sock_sendmsg+0xb5/0x100 [ 2170.027105] ___sys_sendmsg+0x326/0x800 [ 2170.027115] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2170.027130] ? lock_downgrade+0x740/0x740 [ 2170.033148] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2170.036965] ? up_read+0x17/0x30 [ 2170.036978] ? __do_page_fault+0x19a/0xb50 07:17:47 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:47 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) syz_emit_ethernet(0x125, &(0x7f0000000140)=ANY=[@ANYBLOB="000000000000bbbbbbbbbbbb9100290081001d00884700000c0000000000004ee7010700670000092190787f000001ac1414aa4424ea13ac14142500000003ac1414bb00000001e0000002000000090a010101000000024e244e24045190789c070487c0f7a635af1724bb2452a8b43efa4548f9cc1735a84d30bfac924c05d0ed730ff5dad0c1e15fb391657d50745f906be085963b7e5488da896eb480b30a5f4683ab1e55a5310ee55e7cd6281b5cf7139de1f8aeb3eaed7865ff9689290d28f381f8975c0be8c010f5ddcd8495ebac1cecf111adf9062155f891b9d7ed792c0b4d15a1e063ffe28ff3e29c458b33ca5f956dd1337eb8b2b21a88bc0ef01ebe1ce8fd390909f2cf7a4d6e5ad9124b3f84f5870a6a6c365ab46dff0ad7f65bba7099d481"], &(0x7f0000000040)={0x1, 0x3, [0x284, 0x637, 0x495, 0x285]}) 07:17:48 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:48 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:48 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2170.036988] ? retint_kernel+0x2d/0x2d [ 2170.037000] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2170.037010] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2170.037021] ? retint_kernel+0x2d/0x2d [ 2170.096575] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2170.099108] __sys_sendmmsg+0x129/0x330 [ 2170.099121] ? SyS_sendmsg+0x40/0x40 [ 2170.099147] ? __mutex_unlock_slowpath+0x75/0x770 [ 2170.106371] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2170.106845] ? wait_for_completion_io+0x10/0x10 [ 2170.106859] ? vfs_write+0x319/0x4d0 [ 2170.122749] ip_tables: iptables: counters copy to user failed while replacing table [ 2170.124464] ? fput+0xb/0x140 [ 2170.124475] ? SyS_write+0x14d/0x210 [ 2170.124484] ? SyS_read+0x210/0x210 [ 2170.124497] SyS_sendmmsg+0x2f/0x50 [ 2170.124504] ? __sys_sendmmsg+0x330/0x330 [ 2170.124517] do_syscall_64+0x1d5/0x640 [ 2170.134050] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2170.137627] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2170.137637] RIP: 0033:0x45e179 [ 2170.137642] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2170.137653] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2170.137657] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2170.137664] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2170.164619] ip_tables: iptables: counters copy to user failed while replacing table [ 2170.167331] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 2170.167338] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:17:50 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) ptrace$cont(0x20, 0x0, 0x100, 0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) write$snapshot(r2, &(0x7f00000002c0), 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) symlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) setsockopt$netrom_NETROM_T2(r1, 0x103, 0x2, &(0x7f0000000300)=0x6f, 0x4) 07:17:50 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:50 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) r1 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r1, 0x8982, &(0x7f0000000040)={0x1, 'team_slave_0\x00', {}, 0x3}) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) [ 2172.118472] PF_BRIDGE: br_mdb_parse() with invalid attr 07:17:50 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x3a, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa618"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:50 executing program 5 (fault-call:5 fault-nth:11): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:50 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003401300000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = syz_open_pts(0xffffffffffffffff, 0x301800) ioctl$TIOCMBIC(r3, 0x5417, &(0x7f0000000040)=0x1f) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:50 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:50 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2172.785157] ip_tables: iptables: counters copy to user failed while replacing table [ 2172.794581] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2172.795499] ip_tables: iptables: counters copy to user failed while replacing table [ 2172.831179] FAULT_INJECTION: forcing a failure. [ 2172.831179] name failslab, interval 1, probability 0, space 0, times 0 [ 2172.862569] CPU: 0 PID: 7863 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2172.870402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2172.879871] Call Trace: [ 2172.882274] ip_tables: iptables: counters copy to user failed while replacing table [ 2172.882480] dump_stack+0x1b2/0x283 [ 2172.893885] should_fail.cold+0x10a/0x154 [ 2172.898040] should_failslab+0xd6/0x130 [ 2172.899833] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2172.902017] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2172.902032] __kmalloc_node_track_caller+0x38/0x70 [ 2172.902046] __alloc_skb+0x96/0x510 [ 2172.902056] alloc_skb_with_frags+0x85/0x500 [ 2172.902070] sock_alloc_send_pskb+0x577/0x6d0 [ 2172.902088] ? __lock_acquire+0x5fc/0x3f20 [ 2172.934172] ? sock_kzfree_s+0x50/0x50 [ 2172.938415] ? __ip_dev_find+0x248/0x470 [ 2172.942498] ? trace_hardirqs_on+0x10/0x10 [ 2172.946742] ? lock_acquire+0x170/0x3f0 [ 2172.950725] __ip_append_data+0x11ec/0x1ff0 [ 2172.955059] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2172.960257] ? ip_do_fragment+0x1f50/0x1f50 [ 2172.964588] ? lock_downgrade+0x740/0x740 [ 2172.968740] ? ip_setup_cork+0x6b0/0x6b0 [ 2172.972812] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 2172.977923] ? ipv4_mtu+0x27e/0x370 07:17:51 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1\x00', 0x100, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:17:51 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2172.981572] ? ip_do_fragment+0x1f50/0x1f50 [ 2172.985894] ip_make_skb+0x167/0x1b0 [ 2172.989613] ? ip_flush_pending_frames+0x20/0x20 [ 2172.994383] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2172.999405] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2173.004948] ? xfrm_lookup_route+0x43/0x1b0 [ 2173.009271] udp_sendmsg+0x156f/0x1c00 [ 2173.013160] ? ip_do_fragment+0x1f50/0x1f50 [ 2173.017490] ? udp_seq_next+0xa0/0xa0 [ 2173.021299] ? __might_fault+0x104/0x1b0 [ 2173.025361] ? rw_copy_check_uvector+0x1dd/0x2b0 07:17:51 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2173.030124] ? lock_acquire+0x170/0x3f0 [ 2173.032309] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2173.034107] ? dup_iter+0x240/0x240 [ 2173.034127] ? kernel_recvmsg+0x210/0x210 [ 2173.034138] inet_sendmsg+0x11a/0x4e0 [ 2173.034150] ? security_socket_sendmsg+0x83/0xb0 [ 2173.055800] ? inet_recvmsg+0x4d0/0x4d0 [ 2173.059782] sock_sendmsg+0xb5/0x100 [ 2173.063498] ___sys_sendmsg+0x326/0x800 [ 2173.067485] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2173.072248] ? lock_downgrade+0x740/0x740 [ 2173.076406] ? up_read+0x17/0x30 07:17:51 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) [ 2173.079777] ? __do_page_fault+0x19a/0xb50 [ 2173.084018] ? retint_kernel+0x2d/0x2d [ 2173.087920] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2173.092944] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2173.097711] ? retint_kernel+0x2d/0x2d [ 2173.101616] __sys_sendmmsg+0x129/0x330 [ 2173.105592] ? SyS_sendmsg+0x40/0x40 [ 2173.109323] ? __mutex_unlock_slowpath+0x75/0x770 [ 2173.114172] ? wait_for_completion_io+0x10/0x10 [ 2173.118846] ? vfs_write+0x319/0x4d0 [ 2173.122568] ? fput+0xb/0x140 [ 2173.125675] ? SyS_write+0x14d/0x210 [ 2173.129395] ? SyS_read+0x210/0x210 [ 2173.133028] SyS_sendmmsg+0x2f/0x50 [ 2173.136653] ? __sys_sendmmsg+0x330/0x330 [ 2173.140806] do_syscall_64+0x1d5/0x640 [ 2173.144705] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2173.149898] RIP: 0033:0x45e179 [ 2173.153083] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2173.160791] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2173.168671] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2173.175941] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2173.183210] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000b [ 2173.190481] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:17:53 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x17, 0x0, 0x0, @time={0x0, 0x7}, {0x0, 0x4}, {0x0, 0xfc}, @note={0x20, 0x81, 0x20, 0x0, 0x7}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r4, 0x0, 0x0) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r4, 0x84, 0x1e, &(0x7f0000000140)=0x6, 0x4) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:53 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32, @ANYBLOB="0000fbfffc02000000000000000000000000000086dd0000"], 0x38}}, 0x0) 07:17:53 executing program 4: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000640)=@raw={'raw\x00', 0x9, 0x3, 0x250, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x1b8, 0x1a8, 0x1a8, 0x1b8, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0xffffff00, 0x0, '\x00', '\x00', {}, {0xff}, 0x84}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x98, 0x108, 0x0, {}, [@common=@ttl={{0x28, 'ttl\x00'}, {0x3, 0xff}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x2b0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r1, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x6, 0x200) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, &(0x7f0000000900)={0x0, @in6={{0xa, 0x4e21, 0x4, @ipv4={[], [], @rand_addr=0x64010102}, 0x93a}}}, 0x75) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x201}, 0x8) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000580)=0xf) r5 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r6, 0x0, 0x0) ioctl$PIO_FONTX(r6, 0x4b6c, &(0x7f0000000040)={0x48, 0xc, &(0x7f0000000140)="733bac6dfc88bb736d6cb020038ae611d9ca0ff740fa31395ae7815bd3652bede3e5ee97307db60eedb79f50d9b2c95689d3f6d256b4373c10218a033bace44ab987d9b4e879fbeaf8cad988a176a4efe3abe5f315ce31759b0633dc746c92d113a00e5ee3866aa024f1d60872d8e2070bf91cb4f424a13565df2d368ca13deeac74780aa6cdf193808db23f723449d0499203d0f3652da1429efe180e59eb408d33e4e7a89975960187eb712b92b95933fcd01201dd41f35482a967245c3768ed0e30151430bcae38f467a09db739c256bab69d10cb4bb0694bb8f771b6267117461226f128d7b31e74455fd8d62f8119d9b6d9bc2349329ee288fe1b2cad9aa6c035470decf7346a9ec6cdff56511d176568a768906ee02ef6bd2a33354e0aa6a04a2598df5fcd328c3c7eedeaf6cee528bf3f377952932e83407b15279cb023a18850f926123dd2d0edb844289ac6ae46bdaaff90e940c0fe7bfcb267dccc5a27a28a06dfce0b5180740a89710b000d6adb21757977cadab0515734d1129e08c4c9aa505242d94178131f901eb8dfebfa612a2f8bbdc02895e9082dc0cb1126ff65dc401fe5a80692b51d58cb1fcb0cda6451a625422b3b6a5fcb84024dfd5f7e3414a55aa5f2adc984ecbaed6136355a25052f562ad554743969fadefcb190074fae92ee040b25094887cd9daf51344cf35e8f2e5e601be5952ebf34f53d8a941b111475488c48f0298ee42b36b39c852ae86c8c48035ba615a32b52638fdc430386aad91879464576b4f5e2625236f3d2843c1cc871bcc7f7498e7d023fa20cb486b484f42d174261010fc8c488c47d2d3034bb0d1a4f8bb9631c9ed70e015ab4b932ba0357ac701e7f869979b5976a1fe284371929f3d2db4870b45feee5fc010b9e2c8864817a002b09fd279b72ff961f5e888e53fbcb7c4fcc74687266c5ae4aa32a75b58b021e8b7ed2afafbc0bf27baa729480ae3a6f2989eb9c336b1b3847d810c6671c1273d2a4670959f77c322938468f0ad2daff118df7dc0eaaae64cbd220eaab6307b4ab9d43af454493d84214c08f47aa242256e1b9de3c8518339cf705c460e70656c0c1788e29395ba61dee56699d0ef2574eeb1b9423c1cc9b3e19293b80f8c346b35b6415ba4992e11351f58a82c5ff3de86a1c537998491ac3ad14d0e7e50226d01fbdff1b1858e570aafeb793109f407d2ebc636a49fac53b1d2bef77b91559b9b96dbcef746a021d49a19b324e6a9b51b4d5a31f56e18fb8c2e3054bb53051c93267834417a43b3984f0bfb6e7c2f51652a6ae4b3dfb4f8f4671c66024e884c077663b17b9246faeda8d6a36b306fed0f25b9f0ad75e96f85b787ee6002345f89b94eba99d463caec14fdba0176e69a7a3b606121dc026837b7b20d183e5fa902f45d6c7080bd994578fe112414d0fe16b6954d5"}) connect$inet(r2, &(0x7f0000000600)={0x2, 0x4e23, @private=0xa010101}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:53 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x3a, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa618"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:53 executing program 5 (fault-call:5 fault-nth:12): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:53 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x600040, 0x0) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f00000000c0)=0x308) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r1, 0x0, 0x0) ioctl$SNDCTL_DSP_NONBLOCK(r1, 0x500e, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(0xffffffffffffffff, &(0x7f0000000100), 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$SNDRV_PCM_IOCTL_RESUME(r2, 0x4147, 0x0) 07:17:53 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x3, @multicast1}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:53 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) [ 2175.796777] ip_tables: iptables: counters copy to user failed while replacing table [ 2175.824165] ip_tables: iptables: counters copy to user failed while replacing table [ 2175.840192] FAULT_INJECTION: forcing a failure. [ 2175.840192] name failslab, interval 1, probability 0, space 0, times 0 [ 2175.845132] nla_parse: 6 callbacks suppressed [ 2175.845138] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2175.863556] CPU: 0 PID: 7926 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2175.872360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2175.881716] Call Trace: [ 2175.884325] dump_stack+0x1b2/0x283 [ 2175.887975] should_fail.cold+0x10a/0x154 [ 2175.892135] should_failslab+0xd6/0x130 [ 2175.896103] kmem_cache_alloc+0x40/0x3c0 [ 2175.897170] ip_tables: iptables: counters copy to user failed while replacing table [ 2175.900157] dst_alloc+0xed/0x6d0 [ 2175.900172] rt_dst_alloc+0x6b/0x430 [ 2175.900184] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2175.900198] ip_route_output_key_hash+0x195/0x2a0 [ 2175.908897] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2175.911424] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2175.911436] ? udp_sendmsg+0xe45/0x1c00 [ 2175.911449] ? lock_acquire+0x170/0x3f0 [ 2175.911457] ? lock_downgrade+0x740/0x740 [ 2175.911467] ip_route_output_flow+0x22/0xb0 [ 2175.911477] udp_sendmsg+0x13b5/0x1c00 [ 2175.911489] ? ip_do_fragment+0x1f50/0x1f50 [ 2175.911500] ? udp_seq_next+0xa0/0xa0 [ 2175.911510] ? __might_fault+0x104/0x1b0 [ 2175.911519] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2175.911531] ? lock_acquire+0x170/0x3f0 [ 2175.980594] ? dup_iter+0x240/0x240 [ 2175.984231] ? kernel_recvmsg+0x210/0x210 [ 2175.988424] inet_sendmsg+0x11a/0x4e0 [ 2175.992207] ? security_socket_sendmsg+0x83/0xb0 [ 2175.996942] ? inet_recvmsg+0x4d0/0x4d0 [ 2176.000905] sock_sendmsg+0xb5/0x100 [ 2176.004617] ___sys_sendmsg+0x326/0x800 [ 2176.008654] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2176.013395] ? lock_downgrade+0x740/0x740 [ 2176.017523] ? trace_hardirqs_on+0x10/0x10 [ 2176.021747] ? up_read+0x17/0x30 [ 2176.025106] ? __do_page_fault+0x19a/0xb50 [ 2176.029329] ? retint_kernel+0x2d/0x2d [ 2176.033201] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2176.038279] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2176.043043] ? __might_fault+0x104/0x1b0 [ 2176.047094] ? lock_acquire+0x170/0x3f0 [ 2176.051065] __sys_sendmmsg+0x129/0x330 [ 2176.055027] ? SyS_sendmsg+0x40/0x40 [ 2176.058736] ? __mutex_unlock_slowpath+0x75/0x770 [ 2176.063575] ? wait_for_completion_io+0x10/0x10 [ 2176.068398] ? vfs_write+0x319/0x4d0 [ 2176.072125] ? fput+0xb/0x140 [ 2176.075223] ? SyS_write+0x14d/0x210 [ 2176.078933] ? SyS_read+0x210/0x210 [ 2176.082553] SyS_sendmmsg+0x2f/0x50 [ 2176.086172] ? __sys_sendmmsg+0x330/0x330 [ 2176.090424] do_syscall_64+0x1d5/0x640 07:17:54 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) 07:17:54 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2176.094317] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2176.099496] RIP: 0033:0x45e179 [ 2176.102669] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2176.110383] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2176.117636] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2176.124897] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2176.132155] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c [ 2176.139407] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:17:54 executing program 5 (fault-call:5 fault-nth:13): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:54 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) [ 2176.208542] ip_tables: iptables: counters copy to user failed while replacing table [ 2176.243392] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2176.269929] ip_tables: iptables: counters copy to user failed while replacing table [ 2176.279677] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2176.308451] ip_tables: iptables: counters copy to user failed while replacing table [ 2176.344132] FAULT_INJECTION: forcing a failure. [ 2176.344132] name failslab, interval 1, probability 0, space 0, times 0 [ 2176.381247] CPU: 0 PID: 7946 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2176.389080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2176.398437] Call Trace: [ 2176.401037] dump_stack+0x1b2/0x283 [ 2176.404672] should_fail.cold+0x10a/0x154 [ 2176.408834] should_failslab+0xd6/0x130 [ 2176.412813] kmem_cache_alloc_node+0x263/0x410 [ 2176.417395] __alloc_skb+0x5c/0x510 [ 2176.421016] alloc_skb_with_frags+0x85/0x500 [ 2176.425417] sock_alloc_send_pskb+0x577/0x6d0 [ 2176.429915] ? SyS_sendmmsg+0x2f/0x50 [ 2176.433705] ? do_syscall_64+0x1d5/0x640 [ 2176.437766] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2176.443117] ? sock_kzfree_s+0x50/0x50 [ 2176.446985] ? netlbl_enabled+0x5/0x50 [ 2176.450866] ? __ip_dev_find+0x248/0x470 [ 2176.454922] ? lock_acquire+0x170/0x3f0 [ 2176.458885] __ip_append_data+0x11ec/0x1ff0 [ 2176.463280] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2176.468499] ? ip_do_fragment+0x1f50/0x1f50 [ 2176.473596] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2176.478601] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2176.483776] ? ip_setup_cork+0x6b0/0x6b0 [ 2176.487832] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2176.493013] ? ipv4_mtu+0x27e/0x370 [ 2176.496644] ? ip_do_fragment+0x1f50/0x1f50 [ 2176.500956] ip_make_skb+0x167/0x1b0 [ 2176.504662] ? ip_flush_pending_frames+0x20/0x20 [ 2176.509402] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2176.514425] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2176.520003] ? xfrm_lookup_route+0x43/0x1b0 [ 2176.524364] udp_sendmsg+0x156f/0x1c00 [ 2176.528245] ? ip_do_fragment+0x1f50/0x1f50 [ 2176.532564] ? udp_seq_next+0xa0/0xa0 [ 2176.536391] ? __might_fault+0x104/0x1b0 [ 2176.540438] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2176.545183] ? lock_acquire+0x170/0x3f0 [ 2176.549280] ? dup_iter+0x240/0x240 [ 2176.552938] ? kernel_recvmsg+0x210/0x210 [ 2176.557111] inet_sendmsg+0x11a/0x4e0 [ 2176.560906] ? security_socket_sendmsg+0x83/0xb0 [ 2176.565675] ? inet_recvmsg+0x4d0/0x4d0 [ 2176.569638] sock_sendmsg+0xb5/0x100 [ 2176.573348] ___sys_sendmsg+0x326/0x800 [ 2176.577321] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2176.582072] ? lock_downgrade+0x740/0x740 [ 2176.586231] ? trace_hardirqs_on+0x10/0x10 [ 2176.590474] ? up_read+0x17/0x30 [ 2176.593837] ? __do_page_fault+0x19a/0xb50 [ 2176.598092] ? retint_kernel+0x2d/0x2d [ 2176.601978] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2176.606998] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2176.611776] ? __might_fault+0x104/0x1b0 [ 2176.615841] ? lock_acquire+0x170/0x3f0 [ 2176.619805] __sys_sendmmsg+0x129/0x330 [ 2176.623769] ? SyS_sendmsg+0x40/0x40 [ 2176.627480] ? __mutex_unlock_slowpath+0x75/0x770 [ 2176.632328] ? wait_for_completion_io+0x10/0x10 [ 2176.637023] ? vfs_write+0x319/0x4d0 [ 2176.640786] ? fput+0xb/0x140 [ 2176.643896] ? SyS_write+0x14d/0x210 [ 2176.647597] ? SyS_read+0x210/0x210 [ 2176.651222] SyS_sendmmsg+0x2f/0x50 [ 2176.654894] ? __sys_sendmmsg+0x330/0x330 [ 2176.659035] do_syscall_64+0x1d5/0x640 [ 2176.662934] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2176.668146] RIP: 0033:0x45e179 [ 2176.671364] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2176.679068] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2176.686349] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2176.693606] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2176.700873] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000d [ 2176.708147] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:17:56 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) vmsplice(r1, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {0x8}, {0xfe}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:56 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) 07:17:56 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200200500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r3, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) arch_prctl$ARCH_SET_GS(0x1001, &(0x7f0000000140)) r4 = epoll_create(0x8) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x50500, 0x0) r6 = fcntl$dupfd(r5, 0x406, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2178.179797] ip_tables: iptables: counters copy to user failed while replacing table [ 2178.204280] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2178.229450] ip_tables: iptables: counters copy to user failed while replacing table [ 2178.238171] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. 07:17:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x3a, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa618"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:56 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f00000000c0)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) getresuid(&(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000140)) 07:17:56 executing program 5 (fault-call:5 fault-nth:14): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:56 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) 07:17:56 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="50200000010401030000000000000000000000000800064000020000050001000100000000000000005950774675420f22ba353ebee814aced5df31ab67071b63a88e3db30fe030b961ae15d74e3eb4d6c31e1686595eaee43facff76783f0ba568980932caf29b8e0dd344f0dec034ff7bead62e6b91ea286140852566b0f0d5967bbb3ee5658e2e7be6f803cdb4b94072fccc1d88f0508b25d076f0451f663bf4e9dbc531000fdc75d89806efa4c00004d00bedb68f6f9e55c0d15578885064e409724cb6164610d615cc9027ad522c9c26172fbf6234a2fff851e4235fa7dec8797afc9aa40d43f49aa03884fdafd8284c6b89dfad09a3568e19ba02965e69e40b03795354268347be58fc8247b62215f1aa95dd15f2c9102af8ff7c29b8562a1e6e1e0d3b95d6bf58cd4ed7beaab07a3768ee3d27eea476f8f491d5a6b1145d32ca5cfe2c6e6838be6f649e2eed9c5e6c0c4faa3e1320bcf6e8964946518b250bef1cc6ff6f5db238f85a4"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:17:56 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) [ 2178.836364] ip_tables: iptables: counters copy to user failed while replacing table [ 2178.845459] ip_tables: iptables: counters copy to user failed while replacing table [ 2178.870488] FAULT_INJECTION: forcing a failure. [ 2178.870488] name failslab, interval 1, probability 0, space 0, times 0 [ 2178.895323] CPU: 1 PID: 7991 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2178.903162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2178.912521] Call Trace: [ 2178.915118] dump_stack+0x1b2/0x283 [ 2178.918759] should_fail.cold+0x10a/0x154 [ 2178.922921] should_failslab+0xd6/0x130 [ 2178.926903] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2178.932064] __kmalloc_node_track_caller+0x38/0x70 [ 2178.937007] __alloc_skb+0x96/0x510 [ 2178.940642] alloc_skb_with_frags+0x85/0x500 07:17:57 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x38}}, 0x0) 07:17:57 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x38}}, 0x0) [ 2178.945075] sock_alloc_send_pskb+0x577/0x6d0 [ 2178.949588] ? SyS_sendmmsg+0x2f/0x50 [ 2178.953405] ? do_syscall_64+0x1d5/0x640 [ 2178.957485] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2178.962862] ? sock_kzfree_s+0x50/0x50 [ 2178.966752] ? netlbl_enabled+0x5/0x50 [ 2178.970692] ? __ip_dev_find+0x248/0x470 [ 2178.974762] ? lock_acquire+0x170/0x3f0 [ 2178.978748] __ip_append_data+0x11ec/0x1ff0 [ 2178.983080] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2178.988282] ? ip_do_fragment+0x1f50/0x1f50 07:17:57 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x38}}, 0x0) [ 2178.992614] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2178.997631] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2179.002835] ? ip_setup_cork+0x6b0/0x6b0 [ 2179.006904] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2179.012100] ? ipv4_mtu+0x27e/0x370 [ 2179.015732] ? ip_do_fragment+0x1f50/0x1f50 [ 2179.020059] ip_make_skb+0x167/0x1b0 [ 2179.023781] ? ip_flush_pending_frames+0x20/0x20 [ 2179.028545] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2179.033600] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2179.039150] ? xfrm_lookup_route+0x43/0x1b0 [ 2179.043483] udp_sendmsg+0x156f/0x1c00 [ 2179.047381] ? ip_do_fragment+0x1f50/0x1f50 [ 2179.051717] ? udp_seq_next+0xa0/0xa0 [ 2179.055526] ? __might_fault+0x104/0x1b0 [ 2179.059591] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2179.064350] ? lock_acquire+0x170/0x3f0 [ 2179.068335] ? dup_iter+0x240/0x240 [ 2179.071969] ? kernel_recvmsg+0x210/0x210 [ 2179.076125] inet_sendmsg+0x11a/0x4e0 [ 2179.079930] ? security_socket_sendmsg+0x83/0xb0 [ 2179.084702] ? inet_recvmsg+0x4d0/0x4d0 [ 2179.088683] sock_sendmsg+0xb5/0x100 [ 2179.092401] ___sys_sendmsg+0x326/0x800 [ 2179.096381] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2179.101146] ? lock_downgrade+0x740/0x740 [ 2179.105306] ? trace_hardirqs_on+0x10/0x10 [ 2179.109555] ? up_read+0x17/0x30 [ 2179.112920] ? __do_page_fault+0x19a/0xb50 [ 2179.117137] ? retint_kernel+0x2d/0x2d [ 2179.121008] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2179.126160] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2179.130904] ? __might_fault+0x104/0x1b0 [ 2179.134951] ? lock_acquire+0x170/0x3f0 [ 2179.139045] __sys_sendmmsg+0x129/0x330 [ 2179.143021] ? SyS_sendmsg+0x40/0x40 [ 2179.146735] ? __mutex_unlock_slowpath+0x75/0x770 [ 2179.151653] ? wait_for_completion_io+0x10/0x10 [ 2179.156308] ? vfs_write+0x319/0x4d0 [ 2179.160005] ? fput+0xb/0x140 [ 2179.163092] ? SyS_write+0x14d/0x210 [ 2179.166864] ? SyS_read+0x210/0x210 [ 2179.170519] SyS_sendmmsg+0x2f/0x50 [ 2179.174141] ? __sys_sendmmsg+0x330/0x330 [ 2179.178280] do_syscall_64+0x1d5/0x640 [ 2179.182160] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2179.187340] RIP: 0033:0x45e179 [ 2179.190607] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2179.198426] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2179.205706] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2179.212973] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2179.220230] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000e [ 2179.227486] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:17:59 executing program 1: r0 = openat$mice(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/input/mice\x00', 0x200000) ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5387, &(0x7f0000000200)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) ioprio_set$pid(0x3, r1, 0x4000) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$cont(0x7, r1, 0x820000000000000, 0xfffffffffffffffc) 07:17:59 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32], 0x38}}, 0x0) 07:17:59 executing program 4: ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000040)=@ethtool_coalesce={0xe, 0x5, 0x5c4, 0x10000, 0xfffffff9, 0x20, 0x9, 0x9, 0x2, 0x7f, 0x6, 0x3, 0x3, 0x20, 0x1, 0x4, 0x1, 0x9, 0x200, 0x193, 0x3ff, 0x34d80795, 0x2}}) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2181.190332] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2181.199616] net_ratelimit: 1 callbacks suppressed [ 2181.199620] ip_tables: iptables: counters copy to user failed while replacing table [ 2181.221621] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2181.247519] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2181.290833] ip_tables: iptables: counters copy to user failed while replacing table [ 2181.299423] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. 07:17:59 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x3e, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa61861652248"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:59 executing program 5 (fault-call:5 fault-nth:15): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:17:59 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) ioctl$VIDIOC_S_STD(0xffffffffffffffff, 0x40085618, &(0x7f0000000040)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:17:59 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f00000001c0)=0x7ff, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:17:59 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000", @ANYRES32], 0x38}}, 0x0) 07:17:59 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x0, 0x0) [ 2181.863757] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2181.866575] ip_tables: iptables: counters copy to user failed while replacing table [ 2181.876781] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2181.888709] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2181.891201] ip_tables: iptables: counters copy to user failed while replacing table [ 2181.912201] FAULT_INJECTION: forcing a failure. [ 2181.912201] name failslab, interval 1, probability 0, space 0, times 0 [ 2181.919520] ip_tables: iptables: counters copy to user failed while replacing table [ 2181.932828] CPU: 1 PID: 8055 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2181.940652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2181.950009] Call Trace: [ 2181.951766] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. 07:18:00 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2181.952599] dump_stack+0x1b2/0x283 [ 2181.952620] should_fail.cold+0x10a/0x154 [ 2181.969118] should_failslab+0xd6/0x130 [ 2181.973102] kmem_cache_alloc+0x40/0x3c0 [ 2181.977167] dst_alloc+0xed/0x6d0 [ 2181.980621] rt_dst_alloc+0x6b/0x430 [ 2181.984336] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2181.989621] ip_route_output_key_hash+0x195/0x2a0 [ 2181.994466] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2182.000004] ? udp_sendmsg+0xe45/0x1c00 [ 2182.003986] ? lock_acquire+0x170/0x3f0 [ 2182.007966] ? lock_downgrade+0x740/0x740 [ 2182.012121] ip_route_output_flow+0x22/0xb0 [ 2182.016452] udp_sendmsg+0x13b5/0x1c00 [ 2182.020346] ? ip_do_fragment+0x1f50/0x1f50 [ 2182.022969] ip_tables: iptables: counters copy to user failed while replacing table [ 2182.024696] ? udp_seq_next+0xa0/0xa0 [ 2182.024710] ? __might_fault+0x104/0x1b0 [ 2182.024722] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2182.045117] ? lock_acquire+0x170/0x3f0 [ 2182.049108] ? dup_iter+0x240/0x240 [ 2182.052749] ? kernel_recvmsg+0x210/0x210 [ 2182.055645] ip_tables: iptables: counters copy to user failed while replacing table 07:18:00 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="500000000104011f000000000000000000000000080003400000000006000640000200000500010001788279f63708c3f4f31fb20426e6682ea14bcb9c79c025920918658bb7b738023b0da64e905c4de123b6daffcd20bf0fd09307a3190a4807b68841636a2b976f1b57b4fc2675d7eb835a1cbab209ede1118a18823acfcf4f45526a04c7b49a0500000000000060be0b0dbc1d152c59f6be4bf0c2b3bb7fb6cbd88df1f721109b3bc6bb540e96c32d4c97578610bfed987dae8913"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2182.056931] inet_sendmsg+0x11a/0x4e0 [ 2182.056943] ? security_socket_sendmsg+0x83/0xb0 [ 2182.056950] ? inet_recvmsg+0x4d0/0x4d0 [ 2182.056963] sock_sendmsg+0xb5/0x100 [ 2182.080942] ___sys_sendmsg+0x326/0x800 [ 2182.084926] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2182.089698] ? lock_downgrade+0x740/0x740 [ 2182.093854] ? trace_hardirqs_on+0x10/0x10 [ 2182.098101] ? up_read+0x17/0x30 [ 2182.101467] ? __do_page_fault+0x19a/0xb50 [ 2182.105702] ? retint_kernel+0x2d/0x2d [ 2182.109595] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2182.114619] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2182.119382] ? __might_fault+0x104/0x1b0 [ 2182.123456] ? lock_acquire+0x170/0x3f0 [ 2182.127445] __sys_sendmmsg+0x129/0x330 [ 2182.131432] ? SyS_sendmsg+0x40/0x40 [ 2182.134832] ip_tables: iptables: counters copy to user failed while replacing table [ 2182.135160] ? __mutex_unlock_slowpath+0x75/0x770 [ 2182.135174] ? wait_for_completion_io+0x10/0x10 [ 2182.144709] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2182.147813] ? vfs_write+0x319/0x4d0 07:18:00 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32, @ANYBLOB="20f6b621050000000000000000"], 0x38}}, 0x0) [ 2182.147824] ? fput+0xb/0x140 [ 2182.147831] ? SyS_write+0x14d/0x210 [ 2182.147841] ? SyS_read+0x210/0x210 [ 2182.173954] ip_tables: iptables: counters copy to user failed while replacing table [ 2182.175239] SyS_sendmmsg+0x2f/0x50 [ 2182.175249] ? __sys_sendmmsg+0x330/0x330 [ 2182.175260] do_syscall_64+0x1d5/0x640 [ 2182.175275] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2182.183999] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2182.186671] RIP: 0033:0x45e179 07:18:00 executing program 5 (fault-call:5 fault-nth:16): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2182.186676] RSP: 002b:00007fb075f5cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2182.186687] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2182.186693] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2182.186697] RBP: 00007fb075f5cca0 R08: 0000000000000000 R09: 0000000000000000 [ 2182.186702] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000f [ 2182.186706] R13: 00007ffec7e3704f R14: 00007fb075f5d9c0 R15: 000000000118cff4 [ 2182.290573] ip_tables: iptables: counters copy to user failed while replacing table [ 2182.300111] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2182.321336] FAULT_INJECTION: forcing a failure. [ 2182.321336] name failslab, interval 1, probability 0, space 0, times 0 [ 2182.329693] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2182.333777] CPU: 0 PID: 8080 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2182.345813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2182.355202] Call Trace: [ 2182.357797] dump_stack+0x1b2/0x283 [ 2182.361438] should_fail.cold+0x10a/0x154 [ 2182.365596] should_failslab+0xd6/0x130 [ 2182.369580] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2182.374692] __kmalloc_node_track_caller+0x38/0x70 [ 2182.379660] __alloc_skb+0x96/0x510 [ 2182.383296] alloc_skb_with_frags+0x85/0x500 [ 2182.387717] sock_alloc_send_pskb+0x577/0x6d0 [ 2182.392217] ? SyS_sendmmsg+0x2f/0x50 [ 2182.396025] ? do_syscall_64+0x1d5/0x640 [ 2182.400094] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2182.405470] ? sock_kzfree_s+0x50/0x50 [ 2182.409356] ? netlbl_enabled+0x5/0x50 [ 2182.413247] ? __ip_dev_find+0x248/0x470 [ 2182.417320] ? lock_acquire+0x170/0x3f0 [ 2182.421305] __ip_append_data+0x11ec/0x1ff0 [ 2182.425635] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2182.430836] ? ip_do_fragment+0x1f50/0x1f50 [ 2182.435169] ? trace_hardirqs_on_caller+0x3a8/0x580 07:18:00 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x248, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x1b0, 0x1a8, 0x1a8, 0x1b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0x0, 0x0, '\x00', '\x00', {}, {}, 0x0, 0x1}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}, {0xa}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x3, 0x6, 0x2, 0x1f, 'netbios-ns\x00', 'syz1\x00', {0x4}}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="50000000010401030000000000000000000000000827766ca900000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x406, r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) r5 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000040)={0x21, @dev={0xac, 0x14, 0x14, 0x1c}, 0x4e23, 0x4, 'lblcr\x00', 0x3, 0xbbb, 0x4b}, 0x2c) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2182.440195] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2182.445392] ? ip_setup_cork+0x6b0/0x6b0 [ 2182.449504] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2182.454705] ? ipv4_mtu+0x27e/0x370 [ 2182.458344] ? ip_do_fragment+0x1f50/0x1f50 [ 2182.462678] ip_make_skb+0x167/0x1b0 [ 2182.466405] ? ip_flush_pending_frames+0x20/0x20 [ 2182.471173] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2182.476209] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2182.481762] ? xfrm_lookup_route+0x43/0x1b0 [ 2182.486126] udp_sendmsg+0x156f/0x1c00 07:18:00 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000", @ANYRES32], 0x38}}, 0x0) [ 2182.490028] ? ip_do_fragment+0x1f50/0x1f50 [ 2182.494361] ? udp_seq_next+0xa0/0xa0 [ 2182.498172] ? __might_fault+0x104/0x1b0 [ 2182.502239] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2182.507002] ? lock_acquire+0x170/0x3f0 [ 2182.510987] ? dup_iter+0x240/0x240 [ 2182.514627] ? kernel_recvmsg+0x210/0x210 [ 2182.518785] inet_sendmsg+0x11a/0x4e0 [ 2182.520289] x_tables: ip_tables: rpfilter match: used from hooks PREROUTING/OUTPUT, but only valid from PREROUTING [ 2182.522589] ? security_socket_sendmsg+0x83/0xb0 [ 2182.522599] ? inet_recvmsg+0x4d0/0x4d0 [ 2182.522610] sock_sendmsg+0xb5/0x100 [ 2182.522620] ___sys_sendmsg+0x326/0x800 [ 2182.522633] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2182.522647] ? lock_downgrade+0x740/0x740 [ 2182.522659] ? trace_hardirqs_on+0x10/0x10 [ 2182.522667] ? up_read+0x17/0x30 [ 2182.522676] ? __do_page_fault+0x19a/0xb50 [ 2182.522684] ? retint_kernel+0x2d/0x2d [ 2182.522695] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2182.522705] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2182.522716] ? __might_fault+0x104/0x1b0 [ 2182.522727] ? lock_acquire+0x170/0x3f0 [ 2182.522743] __sys_sendmmsg+0x129/0x330 [ 2182.539425] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2182.541972] ? SyS_sendmsg+0x40/0x40 [ 2182.542000] ? __mutex_unlock_slowpath+0x75/0x770 [ 2182.542010] ? wait_for_completion_io+0x10/0x10 [ 2182.542019] ? vfs_write+0x319/0x4d0 [ 2182.542028] ? fput+0xb/0x140 [ 2182.542035] ? SyS_write+0x14d/0x210 [ 2182.542043] ? SyS_read+0x210/0x210 [ 2182.542053] SyS_sendmmsg+0x2f/0x50 [ 2182.542060] ? __sys_sendmmsg+0x330/0x330 [ 2182.542070] do_syscall_64+0x1d5/0x640 [ 2182.542083] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2182.542090] RIP: 0033:0x45e179 [ 2182.542098] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 [ 2182.569446] IPVS: set_ctl: invalid protocol: 33 172.20.20.28:20003 [ 2182.570459] ORIG_RAX: 0000000000000133 [ 2182.570472] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2182.570479] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2182.570485] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2182.570491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000010 [ 2182.570496] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c [ 2182.594968] PF_BRIDGE: br_mdb_parse() with invalid attr [ 2182.725311] x_tables: ip_tables: rpfilter match: used from hooks PREROUTING/OUTPUT, but only valid from PREROUTING [ 2182.761353] IPVS: set_ctl: invalid protocol: 33 172.20.20.28:20003 07:18:02 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x3e, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa61861652248"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:02 executing program 5 (fault-call:5 fault-nth:17): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:02 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) r1 = syz_mount_image$ubifs(&(0x7f0000000040)='ubifs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x5, &(0x7f0000000400)=[{&(0x7f0000000100)="2b8bc0b78fde9bc747ea", 0xa, 0x7}, {&(0x7f0000000140)="341ce197ddfe5ce939b1d829e2c8b339a20d1ce4ef2d6839fe20bd11beccf41271f169209249355d2cb1e3e521a44966ae1f0ce962400d96bca1c3f3d5a7ddddc1df0ebe5186c138d785bfe2667f9fe39d0570ea14c8f9928a261a5ee025af4a83bbed726f1ad3cd2fb7a08d29cfb3714d2979385d352773e65ec861f51ba10a336d20a878d86fa7cf3239e8b7df3faad4baa8233a63f28c8db6ba0d4d82ec06a8", 0xa1, 0x7ff}, {&(0x7f0000000200)="7443007e10e5a3d37c69aac6e8bec4e077f0d2491a0fb2fd12548b1d2e44b237b0bd0be25943263c44697f7fbf7429dcf877b515524f1eedb8a8294a867f71b2bbfe82191d119406cefd7bbefaa1aebfba6ef261b5a64f7a6b3e10df4287312f35abbcb4232bd99057b5bec86f351a019406", 0x72, 0xc6b0}, {&(0x7f0000000300)="2349dbf4ad4a831863f81bb3b57c238009167cc9f3d7f931624547103ddcf9e6369f6c377858584d3acbb911b6fe870867a8bea15120113fc59661c2fc79d5cd8e475377ae0c953cfa16521301f5641a25b040fbb5af5ebb354995a02ca6d5a650371dee6012b3140b44492e7fc8ebedaf75114e6f50d039d56bf81000f9b0278df187d9b87f2def82763182ba8f97a5df3a1e09309bffc32f969e3c400d80d75b1e7da6351c5aa4d71643781fbf80d108dc755e727727a1aa838af7401bf53079956f17a7e08c2d35f5e0ba3385a48b4e327863e960aba17fa71eda14165d16d5b1269a08c1f0", 0xe7, 0xfff}, {&(0x7f0000002640)="ae29031c735bebeca91fbe245ee5c0d7a997fe343aa9297cc6a7935ef69efb240832355f49ddd681a74394f1ed18a98ea9402f9d1c2ae224bd22fdd7efd9a340d18ee3a68ee8d3f98157ad50eeb55b71421980e88419d44be1d2b246b129e10fcbaf0465367b01a7adec8072a54b2ac247d694251d59f8c56955557f026cb36c63f2fa10c407ef90d5eb530780058924c43434f4b4eff0b4d7dbdce325c9f243b1b30be6b9de2f77733d64a4f2d46365d596dbab33004e71105810d69a7535f4bebae7df9c51bd65d84436ecf1f82f28a13b155e1651b6d275642bad32a30d82be2f507c6429cd92d6a2581d84f42d8b86c0a7bb636771904553248784dafe1cdab629166c52dbff00103cb77dbbe8d3c7e5dac02855b52e13e56428a3dda43400868f75e950fb799ab45f3c8741247a95bbed33e162fae716ad12926cab124b3d69fa9d907ee08974378e3be7ce1b2a7201c48e63420cffd312ae620eb725918c43ad86de0105dff7b39f67b753100559a6a4b2afb99364a0c9a035eec9cb34d9c4a087fd168b5a0ab165935bfc53ea0bcf2973691c552a5b8efc0906070df0cc83d68614c52eb64a389dd95dfb96818a052bb9f24f1a298ec550669a57ef88151592905b91bb83baa6f93d7c701c862bdba848f24f66c9a92173b5b4dde5de9db38985afe78b8c3d6e752ca7e2cb9a73450908fc91194f09072512ad1c9a0dc6a4cad756632ba026e38f649505b15a3b585c5f32c7f7b31544895b76fe8cf0af3c444c3850f65fb29ddda443990e1dca6f9d3755767e316e7b6e93c22bcd73ad0d1ed7948d047a8f348726a8cac2e8fd6303035e80ccf3b3d7292cf576e3c954751e37ea4e2fb51e91360d47cf8ecf288a77e72f077dcc868b119605b27819378e06ed8f863b3aa835bb8d4d985775740861bdb2df3a487d0788556cfe3d2579ee76b75c3c16d78208dfeabf62794f094c6b5a9fe8110f89fc7e4f023e0b61308e6b6135f3f7c8160e38f6b1c419375faa3aafea545625d91025fca930dc7f7826ec6d50e2e03cb4fc29f3ba3d02aa13d1a73d749f9b62671a529af599257c4e7e2cc3e72b098c8d6dac17e610816fa4a150fed7a5d43bf837b92adacbfa6f142337f8b0f02ccff84b307a53a6262e2cc59b5a9eee226cc3de4b1048501ccd4d1beb0261220954d3c698f288efb7533454c9823e051d49cdb4bc0c00a7e69d9e267970553a80cd03f08ea6e7de49aaae2e36468d9f7d429b83badaebec038e55b8ff61382b811880e6c799d82a2d0dd425c2e8508a6d51e8bac7273960e494de6fa5f23b9269ae800c4370238729af263d7ddafa683be9e9316beda1e4f30593b7d24a5ca5c708c3296435a313436408d5411a1bc8589892b64426bf7df9f2fbff3137c575af61d73ea380f8fd1ae74fa29a5589a60c3ccbb00630fbc72ece2ee957bb03a256e59a05f3af968c1bb08279381e1302559851ded3466fd69997843632ab8f93288fe1f274369af651254bbd6b2a4817b9d6f16b00e4583985c3e1b54a4a41297b60db390bf2f313eb8f135723e7947a72125cf8d9460e22fd7ef7fe2c20e66aa6432c5d185112b20122f5fb85ac374ced95118d4c05a574cef8e7f37b6f9684fe30e07927fd73f90acefdf3ef55d7b75cef94ee7a89c4a59dda1bf3fd56755404fd8670e06ff2fb49e1f7e272047208861c85a93839e607517e25447567292a1e5a7b203eb3bc30b31c8f0a9f0252da714e94d4bf6ae81b2d7bf30ec3d1a1560300cd4d4392bf16f26dfb5dbde31700bd2d686094107f352294d6c55af692a07d8e45aa9bc6927417381b9a44f7a414b2dfe21955f6eda1ed4c3eeddb6d110aca6ba689d4850b890df941bfe61cffe6b9019f07ee1e677675ca4c382abb0c29536ed31a5fbb225ae4989489f3beeadd8be37b2dd4008c1990390e3f1a0b139d06ff800810c0579091a11f47fc03c5bba59f7be687f31c0c2216452df4369c641ce5e14207a0abcba3fabe824d195eb9f0c20f2b8a704e90c657e9e9f55078e00b2fb62de102797cf8d12fe5763c5c929dd1b1427ce117d998e7077152c83ef2d68a0d1450201730b100ad5c8b0207a66dbadd35fa29a0c0be09d58f6bd72dd3f2f1355b6d9794152902a1b5f6135b0fa8ecbb94757df3a3abd1dca14ff87681ae3d39abd0b797a9e448d1549f545fce8a67bfb1973daa857aaaefede4a09d6c1d7508464ff90a3105f6218008f6366aa25d21ebb09302047c09f972f7ab91af4890404288e61b825ec46ce78eb46119651e1fd94a5a8251281382ec45f76140c226e96edc6a8da7c912b3475d2d0d683558dd544f7f96f02716d851f38c97ee4a8791f01d21e96e326dd4b0573c4d563b0d50e2275fd9308e84b008cd8f43d919cbfb1a1e7d84391fd9ae0dd189cbeaf367288f73f02477faf0d05b055da602d6ca2eca948f9319fb8ee38c1d8a152c88e8175919f595e52999f328cb218706d74d3305336e22aa8fbbfdc4e4438e8ac386e0afe5323d32f045f69e0c6c67600c2f5c9c0467783c85a3b34fa5c201fd9e34e772e4b7bfe9270a8d47bcc87e7e290587fe65546d5ea209b48ef0367a0ebbb24ac8b0381437adf905e452a94c3a6b70aa657d70a9f5727766b6560eab4edcb0f0d452071c3d16358ac6dd2055dfa7abc9ba9fddcf9a8a43adc6e4e90b1420a5403e65ca0b7bf408008eb46f38d8d3dce2b1d95b09a4ea69d6be6ef37351f0e98e7f0e84985f397fa5ff6c6366a1c40e28b09d49babec9230ea3c7b76ccebc95f9d01baa9615732e18c918e427d1e97370384fca81b6181a38cd5fca184ba151b0b6bdb19bb53040bcd7c2b9ef3111692a1ff9c5c038e0e71b414229db77c9e679bd7681fee90278a5f3155c249aba79b3c2b25faf3604202a6dda68fe0432bd71d97d1c4111248c140517e4b4d787ab493892fce770e9d4661849c36feb38063b822705142b68779920661e096c00f00db860454d3e3a4eaefbf7adb8f526260420e2701455c64f18b6afcd8f5a8c165cc18ceab10086e7892a1b3defdf47675c60f84a624945793191678155298929eb8f376ffc117115890884ebd9db35f5c89244dc5f85ade3dbcd6affa2bbe1312c17662a06f724a56633b3cd7cccc0e4e7730b209be2d14c0f539a28f82ff5a503d63aa8526028267576f7264c5d29c7c7bfb8e6bba8cdf16c2b5af7b962d33242cdd8a71fce2304f01313100f2a3f624c517ed3f54fbd91efe8d08502f543c501973afbba1ec3b186767de0471701e20927b3d6d7aa26d57c30ca816bd4ce6088056811353ca0071931902c113dbf9e04622d28e1110addfd313ad0ca47396b0c6ef04aafa4e7663b7d63f5a8ccf3e1a0f3ea9e773e8430edba675f0ec52482c309885bad99f8799ebe78b0ca2d8f738841794cd4d80b142e45f29abb19e4ce66c1b565a90453f90822c8e18f10dbd4f19cc74ca7a90a76fadbb2d125454be05b4503eed1d2fc149932dc164e7e6cd2057e1f82681c2cae6c445408ad2477899f8750daba25267f12f43ca63c19d435e468a04623466828b52ae52ffe203a0b78a11ac18aa511a3afda1fcd48a94b62b250517006584dc9035d777ab1d4386812e99b3891bf72cb35b7a03d54bf8a3d951c41d1102d4cdc7a9f5ba4b2318b721b59f1348df0c55fa2dcfbe2cd0c267f1746b604c7657d5cdedbeb7f5e22a6eabdfd28ee60c2f8251e405b1648932db22982efee33b11c8d5951da888f6346a7a352539ad47c5fae9ec82366644083955c4125c96dd1250c7fb6a32d8852d9d8ab1b3d60bdbdad712d78086285f31f1f508dc7ca91127bec1a6f40d24e9001e98c52e1158be1f8b972f2886ac64b6c50003eb61743982115ca48ff6c71da94c9949269d083ef04b5d8888144e7f48cd4ea97d2b324ff9e5810797592d0c642c0c51cd79d58955cf1313915bf0a3416029ebd7e7a463889ed711adac1892ada7779187b58682afeb3fdb72af44671b820db1d09361b630b821fcfe0996d49658d13cfc594323854c25271c5a802dcf85331d43faddd5ae1318bfdd3b444a03f684cefedd6d2eb6a6e6ff2ebfba99e85f33c3cd01e3e1e53e80eefc55d0b8c582e49647daa0cf762a203d632219f91454fce56292a44fa51dbdf68498e3a33a10b9bc4535b050dd83e3e0fe3b46a48f0dd3bd9431f72c79baaa36849d3a9bf5f2c8e41d8766e7978b76a7e64e99e4171a2dd77f059540f12e674da52972feace2f5a889963b03b11bfd343f9ca9a004e1d0a0ddf3da98e0333facb223d5dccc3f2969ffd7bb778f9a77ad95b05a3ac9a345d8d687f47620b57cce30b3b0556147147a1ac504c434c22204d302840f6fde0f6989ae37494d96bf751bfd818bdfa57a72bf8c45b42e21e765c761db2427f49f6b416e8da9b6109ed38a1c4c93ce771f54c95ca53effe910caacb1c5d9003f1b99e60f32f1fb46dcbe76c9dd0e10697dcd77562ddb0ea889faf2c191d95c9ed4b8b368ed859d3dd425f7be4532b0361a8c08bb61b095af4b7da4a179b61b2b85152c91ac0826ab71a298e41d71132aedb63c8a4e26aecb9ebfe7e9266d77188af7e2f0b288b07d1094506f44ce5e915f53111c4d6b3beb0ae9740b6d7b2802a7180510735d64890767771811c73d9fa38486e9cfb56ff31ac032ea8317dec13805d698f8d33651416bbaba995a59627873fa2f3603f1c7e4a554dd18771a614affeb9f0e86e58176b20b9a103d5bf917360691dd37949b2f37996a7cca591e4ef7adf1dc4fa9af398ebee47e3f5024465ce516e7d378c924302f7abf8df3e862f73c6dc02dcdc6fabe66b544738087c0a34f6c81e2ed3b124f6dbb20e8801e1b5e60d91c6e83309587f489a638223dcbd101f68c72c1c254e07077dc04b7e3535e86d6811fc3be5f18b8f8fb8dbc9ffa73e299b052bf0daa9062538df5c046eebac8106c33652fba8b05b891ebf05baec2c283c038b2e0ba83b67a6859234b76c1e5c56bf278f9d18f8257be979be1cefc4db57150e1586a0592bdbca0d5015d37c68e0639601a299f5d6d76790a97a5458d3d80906ebcf937ba449eb0647739e7798f703732690589ced7dbb56a1019c4962692cf92e2c5a65ea53a252f2ca9f529e12acd7ac447e16b6f4748f982784ecf69695bea115ccf3f092f37e2960d1ce4d98d1898e59754e3efc020c518628dbc313204efffdbddb0fac4a4418ff15a5186b5cf799ca03e4cef47009e0a90daeab69d3a806a965cf9cfbdce2cb1990d3f8f9032835095eefcbd0baa8bc7381cbb2c0580f8d488fbca8ed20bbcd839e083258bbba98bbc115a4f51ae5f4e146610e5fb7adbef2aad5ca781ee8ad504522bb0095d668706a231fbad189f3dd77f7d57760191c47786310c1dc9b310f6eb8de9cda7fc530b02f9b02edfdbc2b789c214a4b5050eca018883daed81958f98464fc6310d7f414996ff12fd41b3da5b03c6fabc123d5279852c4303c811281ee519740748aa4a4cce707c77b4c2b120dee9a69ab085848acbee77160a31984ee7c84cafad2b8d0779d863789a5b09f74c2aed8ed07d8afc31fc56ea9200084e1ccab8179656a1d767c12810ad68c607ec2ebe5a6a98d439a8c9a9902eed023eccb6f636e9c9e95541680f0df2731e8e241763190bb790c569bc3b0f82fece747a8b49c357f382efb11ef252938d7b795d050868e6cbdb29cc8b27e1cc7a9c853f2d547eab71772f36f2efb42c46a61658b822cb1fcb77771a1e00550be29c5e560e6739cff0e", 0x1000, 0xffffffffffff7fff}], 0x10080, &(0x7f0000000480)={[{@chk_data_crc='chk_data_crc'}, {@auth_hash_name={'auth_hash_name', 0x3d, 'sha1'}}, {@auth_hash_name={'auth_hash_name', 0x3d, 'md5'}}, {@compr_none='compr=none'}], [{@euid_eq={'euid'}}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@seclabel='seclabel'}, {@subj_role={'subj_role', 0x3d, '#.'}}, {@context={'context', 0x3d, 'user_u'}}, {@obj_type={'obj_type'}}]}) ioctl$BTRFS_IOC_DEV_REPLACE(r1, 0xca289435, &(0x7f0000000540)={0x1, 0x8, @start={0x0, 0x0, "d0a8b114179020a87aed52316b4ea24e1f8426781bdbf87158c6858ab5ca653375c1888c7ffd4328386cc521ff7d5f749c40db1b0faabd4ae64bf8a5afa6c0d008ca1e6474d475defe916fc391eb27a3fa8e002a322972bc1a83602e0584689286e60aff1a3ff9ff367b1200bfea30c74a529ed0017e57c7aa5bc8039b323c133da85c333e284e7cd0002d4720596fa2809138bc5fc6d55873bdc67d4e931ce60fef4b11c65b553e595f8eaa62bb5aa643425b88c2c340f578a5b8f600e48eca7bf41383692939e280f1109f60861b84dbcb826053d4b208e65959923f90f6ce6875c08fa905d9294122563ef00185a34e36117e7741047f30786716b383d7a0de0ff0d76ffdc729b5f81fe66b86ac5a98d395aed14309bcc9c438a28158efbad65c32ff9274d47cd654299661a9dfffa267f05da8bca2f465a7188745d4a5f8c76171179c212bab9b7e8c6d30534a8cb70f919ab0a0e682cd99fa1bcbea33d462e2ff61cd4bae61399e4d5b00be55df2f0c1e94a4cade6ec1e45300079799f4e610c147f10203399456dc4169064fb390502a6609ca88cc3fbce5d3f1ae9c092f1b2b3aaa2feac123e3213419ed2970fd8fdf2a38f8443880d0901e65dbc7b04207f254b8aeab879d2d42ed7539138adc6b1a3dbb41e1ceb2d0789e0b1d38b74c8d4a9e28fd9c06fbbca143495602ea3d9670025414663eb4c34f083ba779f7452f3c623da107e9df17ec0315c156df94a6ac9672494c5f7e9ac0ea3fdabd82c21332881a781b045eae45d7ee7af5ec5c7d58e79298faf63d3edcbbb1e1d85b3f98eb54ea3018a4fa613e53e682a2f30c02a05f700df887f10125e2695b501a356924a92bd14861701fca66696d395258895a1b3dc6bd0727be28032566f1caa0b8999d92e8f316da8706537e670c3635c22cd0f1af4cea848cfb8be72ad7577eafb59e3a7ea9875eae7f77be1952979730455d641dec0445841126b98280af57088ef96a32f77ab393d04f0996a31103e0d7f3d30f7655e26530dd1fb24d5032389f596509beb1cfdf1898f77ac0b949854aa964fd550fc3c139f0d7653d12d989a7375ea952c09d436eb2c3954ebc3aa1b7fe267d967f8f970dece7a38cd2d4a82916bfac2bcc508e3920715b5f984e4574855ccc81025eb8408467e5485e611c0c02ed6bc13b18947cccbc3785279151166296efaf491c6177f2d6be238102fdda0f5d3737ad8011e8916815b6e9edca17f5ed348d1226a9c24cbe58280faf8a88ed8f1142945c51548aac046694329115425935dc58bdf30e4c272460d398a6dac9f21c5be76911fa2bde31b68e66104a663f2101772159c94b62f2edb479979113a9137e25a292df12e40e61afbc759c33c448a0b95f0793d8e7a28b8a21c427c9f5d6490aabbfa699e46f65dda15c9ea924eed6fd6eb4b30a479484efd4", "d84ebe79f2e4f653de00d63ba1b9b4e02fa2e1d2912d62d38e8a4690c32cf570add10533acd1858226fa2e683defe5e557a07ade9dc92c443eaa13ac2698e39c82f8d27cbefffc89da6acf86f4d21f601653a976fe689cb873352fca56cdb454039dd88f6008648cb42d9db727ae944d59a997b54741fb286c269779fc1f53326d0838ecc06b80b1c6b444848d08721a858a0880d2380c066b855fa62c1de5007272d9d7b9fc46f5cfca176dd638054ad6eaa44ce98ef363872f4cebf78bb9753787827197ecbf33b89b44453dd4b3ced9671aa6e4ca960478d6d9026755122e1bb75e7b41655a1140f3d9c04c4d95197841c0cd97a64a8ec3bbc6e48d56fbd928cd7635acee2c7224992b1c201ad12412c55203fd040bafd55eb02d4330b21e12271d9565627c6b6a319c4a719b1fc97f2426e898ddafa434734b60a0dd484aef155249beb66224bfff635c3171414899d808963df8f0d3ef187ca90f9c097e0a681447b96c1a604ec1f2696c0ecbdad2991d68276df54c3040ff725f51c453f98575e84481616d83cbbfe6be70a5afffef0b96a400efe8960f12a6a19a0a5f8647c520144f05c93ef0adf0f8437f7bef22bbf53831ee1db3f24b1a6bb14862820e98255dd21f5c793d193ab60f80a7a9c499a81b59387e8ce1abf3d0c5c142e01cfb76f739544309df6a0b937d976c63f80f1c6e4fb28135a1c7726627168736d32929df91d229c07a4a2df4d7bc3afb2945978e76398f64114da5b4b22d7b3790eaf596dc16f0bd370d6ca2df637766b3e17c9cf83a640df5bbbd0f9964159fc82fd2a73e7793149a51edbc3f866c39c513c1fe71c1a9b944ef38d0f1651a975851fa7b344cced4c5531e62c37d3921ec3ba5741b40a8ea9452b695627e79abd7cdc939acf01c465fa93d6145361cf4746313b171c5a0179678e67ea20d27a8d26bc996a089ca5266950778c1fb20b330bdc488b10778ff6ebb03bdac978319c8b11bfe9dbea24a51aa72c9fffea20b1ac4df6759fa8b8311b7155a0942eeafe2b15a139b0bff33d16539fc43e046cde89dcdaf0340c0c868859728797d0ade3dcfc918b545814c4d0e9dab6c71ed72db2013b7d2f559590c6641b9ae4cf3c17d9bdc834ea9f22aa9578b79678007e25136cfbf2de18fc6963a75c1b50e7e2ec52f22e2f60a7b58e7b5080ba4b2dd575f96c679f2cd3a4fda7ede43b819ae3aaffabfaf2be4e542e5600f52a21578e0e95c4efe86e3222c84f3964e15e290613e81a007f186abd986dfc351b52bfe9dd2c065a6e951258f92bf4a1aa990253247bd21c91395859f7bf2aa57c0eba600b068a9c2877478e2cf10a4a4823f0589c7777731a211553af1d727128986691d3630d889f4eaefe34ac30ac38e52f82781020861c8c77d5742f77686ffb941ddbb79565a0383a10e467707d306a2678e"}, [0x3, 0xd50c, 0x10001, 0x4, 0x128, 0x0, 0xeec, 0x9, 0x1ff, 0x9, 0x2eed, 0xc4, 0xfffffffffffffffa, 0x7, 0x2271, 0xff, 0x96, 0x80, 0x5, 0x6, 0xffffffffffffff74, 0x4, 0x5, 0x2, 0x0, 0x100000000, 0x0, 0x6, 0x9, 0x8a, 0x10000, 0x0, 0x7fffffff, 0x9, 0x9, 0x1, 0x20, 0x0, 0x0, 0xffff, 0x3, 0x800, 0x9, 0x8000, 0x867, 0x6, 0x6, 0xffffffffffffff24, 0x2, 0x2, 0x6, 0x800, 0x6ff, 0xb236, 0x8001, 0xfc8f, 0x7, 0x1a, 0x1f, 0x0, 0x1, 0x1, 0x80000000, 0xffffffff]}) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, &(0x7f0000000280)={'ah\x00'}, &(0x7f0000000f80)=0x1e) 07:18:02 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000"], 0x38}}, 0x0) 07:18:02 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000c80)=@raw={'raw\x00', 0x9, 0x3, 0x380, 0x0, 0x0, 0xb0, 0xb8, 0xb0, 0x2e8, 0x1a8, 0x1a8, 0x2e8, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0x0, 0xffffff00, '\x00', '\x00', {}, {}, 0x6}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@ttl={{0x28, 'ttl\x00'}, {0x0, 0x3}}]}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x44}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3e0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x400, 0x0) mbind(&(0x7f0000ba4000/0x1000)=nil, 0x1000, 0x1, 0x0, 0x0, 0x0) mbind(&(0x7f0000ba3000/0x2000)=nil, 0x2000, 0x1, &(0x7f0000000000)=0xc5ab, 0x100000000001e, 0x4) read$FUSE(r2, 0x0, 0x0) connect$unix(r2, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000340)='/dev/nvram\x00', 0x2182, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vhost-net\x00', 0x2, 0x0) read$FUSE(r3, 0x0, 0x0) setsockopt$netrom_NETROM_N2(0xffffffffffffffff, 0x103, 0x3, &(0x7f00000003c0)=0x2, 0x4) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r3, 0x800442d2, &(0x7f0000000300)={0x1, &(0x7f0000000100)=[{0x0, 0x0, 0x0, @link_local}]}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)="94c67b1d2494460f7f7fbf2775752a45bb1e9b8e55a831a64dcbc98a966d32ee2b43c3b971a05cf90718fc0e55999834580526c2b83fcfaeee9ffb45a1af535e5086f7ff0d61", 0x46}, {&(0x7f0000000140)="69ac924d9f7245b1ff0378841c7327ed2ec3f050bbd9d78c11020a3c829a3d498fda2c4a42f3eef2e4ce89dea626748561ce29535a8f4bc87ce0e1447fc72e44223af6d561cde1d6db3ccc9e3995d382bcf42bf8f2a95999da60630e22e5ec1e12cbac21c953dd5452750a063b472d371a917b9488a03710fae67c309b4d93e4ba7b873654ab5ede0eb8b49aa6486f97840680935e", 0x95}], 0x2, &(0x7f0000001e00)=ANY=[@ANYRESHEX], 0x1140}}], 0x1, 0x8094) 07:18:02 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) rt_tgsigqueueinfo(r0, r4, 0x31, &(0x7f00000001c0)={0x33, 0x5, 0x8}) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2184.898841] xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables [ 2184.905766] PF_BRIDGE: br_mdb_parse() with invalid ifindex [ 2184.921675] FAULT_INJECTION: forcing a failure. [ 2184.921675] name failslab, interval 1, probability 0, space 0, times 0 07:18:03 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000"], 0x38}}, 0x0) [ 2184.960164] CPU: 1 PID: 8112 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2184.968000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2184.977363] Call Trace: [ 2184.979965] dump_stack+0x1b2/0x283 [ 2184.983695] should_fail.cold+0x10a/0x154 [ 2184.987863] should_failslab+0xd6/0x130 [ 2184.991854] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2184.996964] __kmalloc_node_track_caller+0x38/0x70 [ 2185.001903] __alloc_skb+0x96/0x510 [ 2185.005541] alloc_skb_with_frags+0x85/0x500 [ 2185.009965] sock_alloc_send_pskb+0x577/0x6d0 [ 2185.014467] ? SyS_sendmmsg+0x2f/0x50 [ 2185.018276] ? do_syscall_64+0x1d5/0x640 [ 2185.022345] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2185.027721] ? sock_kzfree_s+0x50/0x50 [ 2185.031612] ? netlbl_enabled+0x5/0x50 [ 2185.035461] PF_BRIDGE: br_mdb_parse() with invalid ifindex [ 2185.035499] ? __ip_dev_find+0x248/0x470 [ 2185.045173] ? lock_acquire+0x170/0x3f0 [ 2185.049189] __ip_append_data+0x11ec/0x1ff0 [ 2185.053517] ? rt_set_nexthop.constprop.0+0x4af/0xd20 07:18:03 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3800000054000100000000000000000007000000"], 0x38}}, 0x0) [ 2185.058712] ? ip_do_fragment+0x1f50/0x1f50 [ 2185.063045] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2185.068069] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2185.073269] ? ip_setup_cork+0x6b0/0x6b0 [ 2185.077339] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2185.082540] ? ipv4_mtu+0x27e/0x370 [ 2185.086176] ? ip_do_fragment+0x1f50/0x1f50 [ 2185.090508] ip_make_skb+0x167/0x1b0 [ 2185.094238] ? ip_flush_pending_frames+0x20/0x20 [ 2185.097997] PF_BRIDGE: br_mdb_parse() with invalid ifindex [ 2185.099002] ? ip_route_output_key_hash+0x1d6/0x2a0 07:18:03 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYRES32], 0x38}}, 0x0) [ 2185.099014] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2185.099030] ? xfrm_lookup_route+0x43/0x1b0 [ 2185.099043] udp_sendmsg+0x156f/0x1c00 [ 2185.099056] ? ip_do_fragment+0x1f50/0x1f50 [ 2185.127723] ? udp_seq_next+0xa0/0xa0 [ 2185.131535] ? __might_fault+0x104/0x1b0 [ 2185.135642] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2185.140518] ? lock_acquire+0x170/0x3f0 [ 2185.144505] ? dup_iter+0x240/0x240 [ 2185.148143] ? kernel_recvmsg+0x210/0x210 [ 2185.152300] inet_sendmsg+0x11a/0x4e0 [ 2185.156103] ? security_socket_sendmsg+0x83/0xb0 [ 2185.160864] ? inet_recvmsg+0x4d0/0x4d0 [ 2185.164850] sock_sendmsg+0xb5/0x100 [ 2185.168571] ___sys_sendmsg+0x326/0x800 [ 2185.172557] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2185.177323] ? lock_downgrade+0x740/0x740 [ 2185.181482] ? trace_hardirqs_on+0x10/0x10 [ 2185.185724] ? up_read+0x17/0x30 [ 2185.189090] ? __do_page_fault+0x19a/0xb50 [ 2185.193311] ? retint_kernel+0x2d/0x2d [ 2185.197195] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2185.202207] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2185.206952] ? __might_fault+0x104/0x1b0 [ 2185.211080] ? lock_acquire+0x170/0x3f0 [ 2185.215045] __sys_sendmmsg+0x129/0x330 [ 2185.219015] ? SyS_sendmsg+0x40/0x40 [ 2185.222751] ? __mutex_unlock_slowpath+0x75/0x770 [ 2185.227707] ? wait_for_completion_io+0x10/0x10 [ 2185.232365] ? vfs_write+0x319/0x4d0 [ 2185.236063] ? fput+0xb/0x140 [ 2185.239152] ? SyS_write+0x14d/0x210 [ 2185.242854] ? SyS_read+0x210/0x210 [ 2185.246478] SyS_sendmmsg+0x2f/0x50 [ 2185.250121] ? __sys_sendmmsg+0x330/0x330 [ 2185.254272] do_syscall_64+0x1d5/0x640 [ 2185.258151] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2185.263323] RIP: 0033:0x45e179 [ 2185.266564] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2185.274272] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2185.281558] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2185.288882] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2185.296164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000011 [ 2185.303492] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:03 executing program 5 (fault-call:5 fault-nth:18): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:03 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r5, 0x0, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_MPATH(r5, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='C', @ANYRES16=r6, @ANYBLOB="000329bd7000fcdbdf25180000000c009900ff0100000300000008000100010000000a000600080211000001000008000300", @ANYRES32=r7, @ANYBLOB="0a000600080211000001000008000300", @ANYRES32=0x0, @ANYBLOB], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x4) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:03 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYRES32], 0x38}}, 0x0) [ 2185.417399] FAULT_INJECTION: forcing a failure. [ 2185.417399] name failslab, interval 1, probability 0, space 0, times 0 [ 2185.476265] CPU: 0 PID: 8153 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2185.484099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2185.493455] Call Trace: [ 2185.496052] dump_stack+0x1b2/0x283 [ 2185.499689] should_fail.cold+0x10a/0x154 [ 2185.503857] should_failslab+0xd6/0x130 [ 2185.507829] kmem_cache_alloc+0x40/0x3c0 [ 2185.511897] dst_alloc+0xed/0x6d0 [ 2185.515337] rt_dst_alloc+0x6b/0x430 [ 2185.519039] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2185.524341] ip_route_output_key_hash+0x195/0x2a0 [ 2185.529181] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2185.534709] ? udp_sendmsg+0xe45/0x1c00 [ 2185.538932] ? lock_acquire+0x170/0x3f0 [ 2185.542891] ? lock_downgrade+0x740/0x740 [ 2185.547103] ip_route_output_flow+0x22/0xb0 [ 2185.551411] udp_sendmsg+0x13b5/0x1c00 [ 2185.555283] ? ip_do_fragment+0x1f50/0x1f50 [ 2185.559750] ? udp_seq_next+0xa0/0xa0 [ 2185.563538] ? __might_fault+0x104/0x1b0 [ 2185.567581] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2185.572320] ? lock_acquire+0x170/0x3f0 [ 2185.576285] ? dup_iter+0x240/0x240 [ 2185.579899] ? kernel_recvmsg+0x210/0x210 [ 2185.584041] inet_sendmsg+0x11a/0x4e0 [ 2185.587827] ? security_socket_sendmsg+0x83/0xb0 [ 2185.592571] ? inet_recvmsg+0x4d0/0x4d0 [ 2185.596584] sock_sendmsg+0xb5/0x100 [ 2185.600287] ___sys_sendmsg+0x326/0x800 [ 2185.604263] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2185.609008] ? lock_downgrade+0x740/0x740 [ 2185.613195] ? trace_hardirqs_on+0x10/0x10 [ 2185.617411] ? up_read+0x17/0x30 [ 2185.620772] ? __do_page_fault+0x19a/0xb50 [ 2185.625002] ? retint_kernel+0x2d/0x2d [ 2185.628931] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2185.633934] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2185.638678] ? __might_fault+0x104/0x1b0 [ 2185.642726] ? lock_acquire+0x170/0x3f0 [ 2185.646686] __sys_sendmmsg+0x129/0x330 [ 2185.650709] ? SyS_sendmsg+0x40/0x40 [ 2185.654467] ? __mutex_unlock_slowpath+0x75/0x770 [ 2185.659456] ? wait_for_completion_io+0x10/0x10 [ 2185.664138] ? vfs_write+0x319/0x4d0 [ 2185.667851] ? fput+0xb/0x140 [ 2185.670949] ? SyS_write+0x14d/0x210 [ 2185.674653] ? SyS_read+0x210/0x210 [ 2185.678386] SyS_sendmmsg+0x2f/0x50 [ 2185.682004] ? __sys_sendmmsg+0x330/0x330 [ 2185.686169] do_syscall_64+0x1d5/0x640 [ 2185.690069] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2185.695271] RIP: 0033:0x45e179 [ 2185.698460] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2185.706163] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2185.713552] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2185.720834] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2185.728108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000012 [ 2185.735381] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:05 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x3e, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa61861652248"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:05 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYRES32], 0x38}}, 0x0) 07:18:05 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e24, @multicast2}, 0x63) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:05 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) r1 = socket$caif_seqpacket(0x25, 0x5, 0x0) sendto(r1, &(0x7f00000000c0)="dfdbe4f24e1c037c4287009e3f999e200da43e3794b0b24b8530ba0f73659d14a4bdad7c569d50930f93222a5d931d5a7158cc403fbfc334a34f5079e604b8e77870ff342a9d0665b135bb6c5ba0a96ac13082cc31cc3b884ab21e9e736574dd1a1c2482c94ff923b48fa1040150a653d5a09fc30ed6a3cddf1fdc8f2aac5ec70fac095a067a8036043a27127cf247966b5dafa51948f27307d4b11e0fc38735737867bec4948ca1b0db494465b63f2690a78e670d28cec0cb46bd5c10c84b309f5dbaf576c50ea0e1d505c051c0103dd5e2c9457f40e2", 0xd7, 0x20008087, 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:18:05 executing program 5 (fault-call:5 fault-nth:19): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:05 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) getpid() r1 = getpid() tkill(r1, 0x34) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0xfd, 0x0, 0x0, 0x0, @time, {}, {0x2}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r3, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f00000001c0)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:06 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32], 0x38}}, 0x0) 07:18:06 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x2106, r0, 0x6d, 0x8) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r1, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={&(0x7f00000002c0), 0xc, &(0x7f0000000340)={&(0x7f0000000300)=@getaddr={0x14, 0x16, 0x100, 0x70bd2c, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x4c0c0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740cc684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) ioctl$BTRFS_IOC_SEND(r2, 0x40489426, &(0x7f0000000200)={{}, 0x7, &(0x7f00000001c0)=[0x6f9d, 0x7ff, 0xcc88, 0x4, 0x20, 0x18c54e2e, 0x40], 0x43, 0x4, [0xfffffffffffffffc, 0x0, 0x7, 0x200]}) [ 2187.942397] net_ratelimit: 6 callbacks suppressed [ 2187.942402] ip_tables: iptables: counters copy to user failed while replacing table [ 2187.970815] ip_tables: iptables: counters copy to user failed while replacing table [ 2187.999445] nla_parse: 7 callbacks suppressed [ 2187.999453] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2188.014160] FAULT_INJECTION: forcing a failure. [ 2188.014160] name failslab, interval 1, probability 0, space 0, times 0 [ 2188.038352] CPU: 1 PID: 8185 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 07:18:06 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4200, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2188.046189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2188.055549] Call Trace: [ 2188.058153] dump_stack+0x1b2/0x283 [ 2188.061795] should_fail.cold+0x10a/0x154 [ 2188.065954] should_failslab+0xd6/0x130 [ 2188.069939] kmem_cache_alloc_node+0x263/0x410 [ 2188.074541] __alloc_skb+0x5c/0x510 [ 2188.078177] alloc_skb_with_frags+0x85/0x500 [ 2188.082599] sock_alloc_send_pskb+0x577/0x6d0 [ 2188.087099] ? SyS_sendmmsg+0x2f/0x50 [ 2188.090905] ? do_syscall_64+0x1d5/0x640 [ 2188.094968] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb 07:18:06 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2188.100347] ? sock_kzfree_s+0x50/0x50 [ 2188.104244] ? netlbl_enabled+0x5/0x50 [ 2188.108137] ? __ip_dev_find+0x248/0x470 [ 2188.112206] ? lock_acquire+0x170/0x3f0 [ 2188.116192] __ip_append_data+0x11ec/0x1ff0 [ 2188.120560] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2188.125761] ? ip_do_fragment+0x1f50/0x1f50 [ 2188.130097] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2188.135117] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2188.140316] ? ip_setup_cork+0x6b0/0x6b0 [ 2188.144384] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2188.149641] ? ipv4_mtu+0x27e/0x370 [ 2188.153275] ? ip_do_fragment+0x1f50/0x1f50 [ 2188.157602] ip_make_skb+0x167/0x1b0 [ 2188.161325] ? ip_flush_pending_frames+0x20/0x20 [ 2188.166095] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2188.171244] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2188.176799] ? xfrm_lookup_route+0x43/0x1b0 [ 2188.181136] udp_sendmsg+0x156f/0x1c00 [ 2188.185036] ? ip_do_fragment+0x1f50/0x1f50 [ 2188.189378] ? udp_seq_next+0xa0/0xa0 [ 2188.193196] ? __might_fault+0x104/0x1b0 07:18:06 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="500000153501040103000000000000000000000000080003400000800006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2188.197264] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2188.197950] ip_tables: iptables: counters copy to user failed while replacing table [ 2188.202025] ? lock_acquire+0x170/0x3f0 [ 2188.202043] ? dup_iter+0x240/0x240 [ 2188.202060] ? kernel_recvmsg+0x210/0x210 [ 2188.202071] inet_sendmsg+0x11a/0x4e0 [ 2188.202081] ? security_socket_sendmsg+0x83/0xb0 [ 2188.202088] ? inet_recvmsg+0x4d0/0x4d0 [ 2188.202098] sock_sendmsg+0xb5/0x100 [ 2188.202106] ___sys_sendmsg+0x326/0x800 [ 2188.202115] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2188.202127] ? lock_downgrade+0x740/0x740 [ 2188.250879] ? trace_hardirqs_on+0x10/0x10 [ 2188.255118] ? up_read+0x17/0x30 [ 2188.258486] ? __do_page_fault+0x19a/0xb50 [ 2188.262723] ? retint_kernel+0x2d/0x2d [ 2188.269573] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2188.274597] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2188.279367] ? __might_fault+0x104/0x1b0 [ 2188.283435] ? lock_acquire+0x170/0x3f0 [ 2188.287421] __sys_sendmmsg+0x129/0x330 [ 2188.291400] ? SyS_sendmsg+0x40/0x40 [ 2188.295133] ? __mutex_unlock_slowpath+0x75/0x770 [ 2188.299986] ? wait_for_completion_io+0x10/0x10 [ 2188.304678] ? vfs_write+0x319/0x4d0 [ 2188.308400] ? fput+0xb/0x140 [ 2188.311511] ? SyS_write+0x14d/0x210 [ 2188.314443] ip_tables: iptables: counters copy to user failed while replacing table [ 2188.315222] ? SyS_read+0x210/0x210 [ 2188.315238] SyS_sendmmsg+0x2f/0x50 [ 2188.315246] ? __sys_sendmmsg+0x330/0x330 [ 2188.315257] do_syscall_64+0x1d5/0x640 [ 2188.315271] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2188.343464] RIP: 0033:0x45e179 07:18:06 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000180, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) ptrace$setopts(0x4200, r0, 0x2, 0x100000) [ 2188.346653] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2188.348484] ip_tables: iptables: counters copy to user failed while replacing table [ 2188.354359] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2188.354366] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2188.354370] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2188.354374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013 [ 2188.354379] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:08 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x40, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:08 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32], 0x38}}, 0x0) 07:18:08 executing program 5 (fault-call:5 fault-nth:20): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:08 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="000000010401800000000000ffee000000000011000340000000000600064000000100019e808727a72bdd2073e4bee20f613c53f70e339ee656fa6bf7ffffefa1c58bf22ecad5497ccc4b2cc9855b75a5ad083120a7ea46bc6789dda39bd9b466dec1b1bb8c530aa4f17a8d"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x406, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:08 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000040)={0xfffffffffffffffd, 0x7fffffff, 0xdf}) 07:18:09 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32], 0x38}}, 0x0) 07:18:09 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x40, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2190.929770] ip_tables: iptables: counters copy to user failed while replacing table [ 2190.944183] FAULT_INJECTION: forcing a failure. [ 2190.944183] name failslab, interval 1, probability 0, space 0, times 0 07:18:09 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="38000000540001000000", @ANYRES32], 0x38}}, 0x0) [ 2190.983460] CPU: 0 PID: 8237 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2190.991296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2191.000650] Call Trace: [ 2191.003240] dump_stack+0x1b2/0x283 [ 2191.006874] should_fail.cold+0x10a/0x154 [ 2191.011028] should_failslab+0xd6/0x130 [ 2191.015008] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2191.020120] __kmalloc_node_track_caller+0x38/0x70 [ 2191.025061] __alloc_skb+0x96/0x510 [ 2191.028693] alloc_skb_with_frags+0x85/0x500 07:18:09 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="38000000540001000000", @ANYRES32], 0x38}}, 0x0) [ 2191.033115] sock_alloc_send_pskb+0x577/0x6d0 [ 2191.037619] ? SyS_sendmmsg+0x2f/0x50 [ 2191.041444] ? do_syscall_64+0x1d5/0x640 [ 2191.045501] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2191.050874] ? sock_kzfree_s+0x50/0x50 [ 2191.054770] ? netlbl_enabled+0x5/0x50 [ 2191.058670] ? __ip_dev_find+0x248/0x470 [ 2191.062742] ? lock_acquire+0x170/0x3f0 [ 2191.066723] __ip_append_data+0x11ec/0x1ff0 [ 2191.071054] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2191.076257] ? ip_do_fragment+0x1f50/0x1f50 07:18:09 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="38000000540001000000", @ANYRES32], 0x38}}, 0x0) [ 2191.080592] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2191.085610] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2191.090845] ? ip_setup_cork+0x6b0/0x6b0 [ 2191.094912] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2191.100109] ? ipv4_mtu+0x27e/0x370 [ 2191.103738] ? ip_do_fragment+0x1f50/0x1f50 [ 2191.108064] ip_make_skb+0x167/0x1b0 [ 2191.111786] ? ip_flush_pending_frames+0x20/0x20 [ 2191.116549] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2191.121574] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2191.127122] ? xfrm_lookup_route+0x43/0x1b0 [ 2191.131457] udp_sendmsg+0x156f/0x1c00 [ 2191.135357] ? ip_do_fragment+0x1f50/0x1f50 [ 2191.139689] ? udp_seq_next+0xa0/0xa0 [ 2191.143503] ? __might_fault+0x104/0x1b0 [ 2191.147570] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2191.152338] ? lock_acquire+0x170/0x3f0 [ 2191.156330] ? dup_iter+0x240/0x240 [ 2191.159973] ? kernel_recvmsg+0x210/0x210 [ 2191.164123] inet_sendmsg+0x11a/0x4e0 [ 2191.167926] ? security_socket_sendmsg+0x83/0xb0 [ 2191.172690] ? inet_recvmsg+0x4d0/0x4d0 [ 2191.176672] sock_sendmsg+0xb5/0x100 [ 2191.180394] ___sys_sendmsg+0x326/0x800 07:18:09 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000005400010000000000000000", @ANYRES32], 0x38}}, 0x0) [ 2191.184371] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2191.189135] ? lock_downgrade+0x740/0x740 [ 2191.193296] ? trace_hardirqs_on+0x10/0x10 [ 2191.197543] ? up_read+0x17/0x30 [ 2191.200910] ? __do_page_fault+0x19a/0xb50 [ 2191.205199] ? retint_kernel+0x2d/0x2d [ 2191.209188] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2191.214200] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2191.218966] ? __might_fault+0x104/0x1b0 [ 2191.223042] ? lock_acquire+0x170/0x3f0 [ 2191.224698] ip_tables: iptables: counters copy to user failed while replacing table [ 2191.227021] __sys_sendmmsg+0x129/0x330 [ 2191.227033] ? SyS_sendmsg+0x40/0x40 [ 2191.227059] ? __mutex_unlock_slowpath+0x75/0x770 [ 2191.247345] ? wait_for_completion_io+0x10/0x10 [ 2191.252017] ? vfs_write+0x319/0x4d0 [ 2191.255735] ? fput+0xb/0x140 [ 2191.258842] ? SyS_write+0x14d/0x210 [ 2191.262563] ? SyS_read+0x210/0x210 [ 2191.266186] SyS_sendmmsg+0x2f/0x50 [ 2191.269808] ? __sys_sendmmsg+0x330/0x330 [ 2191.273963] do_syscall_64+0x1d5/0x640 [ 2191.277877] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2191.283064] RIP: 0033:0x45e179 [ 2191.286249] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2191.293961] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2191.301232] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2191.308501] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2191.315772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 2191.323048] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:09 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) sched_getaffinity(r0, 0x8, &(0x7f00000001c0)) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = getpid() ptrace$cont(0x18, r4, 0x0, 0x0) 07:18:09 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x18040, 0x0) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0xffffffffffffff79, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x111880) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:09 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000005400010000000000000000", @ANYRES32], 0x38}}, 0x0) 07:18:09 executing program 5 (fault-call:5 fault-nth:21): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:09 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000005400010000000000000000", @ANYRES32], 0x38}}, 0x0) [ 2191.486308] ip_tables: iptables: counters copy to user failed while replacing table [ 2191.496038] ip_tables: iptables: counters copy to user failed while replacing table [ 2191.516159] FAULT_INJECTION: forcing a failure. [ 2191.516159] name failslab, interval 1, probability 0, space 0, times 0 [ 2191.564036] ip_tables: iptables: counters copy to user failed while replacing table [ 2191.574547] CPU: 1 PID: 8280 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2191.582366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2191.591838] Call Trace: [ 2191.594436] dump_stack+0x1b2/0x283 [ 2191.598067] should_fail.cold+0x10a/0x154 [ 2191.602322] should_failslab+0xd6/0x130 [ 2191.606286] kmem_cache_alloc+0x40/0x3c0 [ 2191.610340] dst_alloc+0xed/0x6d0 [ 2191.613799] rt_dst_alloc+0x6b/0x430 [ 2191.617539] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2191.622828] ip_route_output_key_hash+0x195/0x2a0 [ 2191.627676] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2191.633222] ? udp_sendmsg+0xe45/0x1c00 [ 2191.637196] ? lock_acquire+0x170/0x3f0 [ 2191.641174] ? lock_downgrade+0x740/0x740 [ 2191.645330] ip_route_output_flow+0x22/0xb0 [ 2191.649658] udp_sendmsg+0x13b5/0x1c00 [ 2191.653554] ? ip_do_fragment+0x1f50/0x1f50 [ 2191.657888] ? udp_seq_next+0xa0/0xa0 [ 2191.661704] ? __might_fault+0x104/0x1b0 [ 2191.665775] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2191.670717] ? lock_acquire+0x170/0x3f0 [ 2191.674758] ? dup_iter+0x240/0x240 [ 2191.678372] ? kernel_recvmsg+0x210/0x210 [ 2191.682560] inet_sendmsg+0x11a/0x4e0 [ 2191.686375] ? security_socket_sendmsg+0x83/0xb0 [ 2191.691130] ? inet_recvmsg+0x4d0/0x4d0 [ 2191.695151] sock_sendmsg+0xb5/0x100 [ 2191.698861] ___sys_sendmsg+0x326/0x800 [ 2191.702827] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2191.707594] ? lock_downgrade+0x740/0x740 07:18:09 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) socket$netlink(0x10, 0x3, 0x9) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:18:09 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) openat$cuse(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cuse\x00', 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmsg$L2TP_CMD_SESSION_MODIFY(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="3d060000", @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250700000014002000fe8000000000000000000000000000bb06000e00001000000800090002000000050004000700000006000300bc970000"], 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2191.711744] ? trace_hardirqs_on+0x10/0x10 [ 2191.715972] ? up_read+0x17/0x30 [ 2191.719320] ? __do_page_fault+0x19a/0xb50 [ 2191.723596] ? retint_kernel+0x2d/0x2d [ 2191.727562] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2191.732612] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2191.737473] ? __might_fault+0x104/0x1b0 [ 2191.741544] ? lock_acquire+0x170/0x3f0 [ 2191.745536] __sys_sendmmsg+0x129/0x330 [ 2191.749521] ? SyS_sendmsg+0x40/0x40 [ 2191.753255] ? __mutex_unlock_slowpath+0x75/0x770 [ 2191.758107] ? wait_for_completion_io+0x10/0x10 [ 2191.762781] ? vfs_write+0x319/0x4d0 [ 2191.766495] ? fput+0xb/0x140 [ 2191.769606] ? SyS_write+0x14d/0x210 [ 2191.773321] ? SyS_read+0x210/0x210 [ 2191.776963] SyS_sendmmsg+0x2f/0x50 [ 2191.780591] ? __sys_sendmmsg+0x330/0x330 [ 2191.784748] do_syscall_64+0x1d5/0x640 [ 2191.788681] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2191.793976] RIP: 0033:0x45e179 [ 2191.797163] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2191.804874] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2191.812146] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2191.813312] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2191.819415] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2191.819421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 2191.819426] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:12 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x40, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:12 executing program 5 (fault-call:5 fault-nth:22): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:12 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000005400010000000000000000000700", @ANYRES32], 0x38}}, 0x0) 07:18:12 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="00000000000008000340000000000600064000020000050001000100"/41], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:12 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r1, 0x0, 0x0) ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f00000000c0)={0x8, 0xb, 0x4, 0x2000, 0x4, {0x0, 0xea60}, {0x3, 0x2, 0xf9, 0x9, 0x80, 0x7, "289cf0a5"}, 0x4, 0x1, @fd, 0x7f}) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) ioctl$SNDCTL_MIDI_PRETIME(r1, 0xc0046d00, &(0x7f0000000040)=0x10000) [ 2194.020871] net_ratelimit: 1 callbacks suppressed [ 2194.020877] ip_tables: iptables: counters copy to user failed while replacing table [ 2194.028081] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2194.038870] FAULT_INJECTION: forcing a failure. [ 2194.038870] name failslab, interval 1, probability 0, space 0, times 0 [ 2194.049718] PF_BRIDGE: br_mdb_parse() with unknown ifindex [ 2194.060519] ip_tables: iptables: counters copy to user failed while replacing table [ 2194.072536] CPU: 0 PID: 8325 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2194.080352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2194.089707] Call Trace: [ 2194.092416] dump_stack+0x1b2/0x283 [ 2194.096055] should_fail.cold+0x10a/0x154 [ 2194.100239] should_failslab+0xd6/0x130 [ 2194.104223] kmem_cache_alloc_node+0x263/0x410 [ 2194.108822] __alloc_skb+0x5c/0x510 [ 2194.111910] ip_tables: iptables: counters copy to user failed while replacing table [ 2194.112453] alloc_skb_with_frags+0x85/0x500 [ 2194.112478] sock_alloc_send_pskb+0x577/0x6d0 [ 2194.129154] ? SyS_sendmmsg+0x2f/0x50 [ 2194.132966] ? do_syscall_64+0x1d5/0x640 [ 2194.137031] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2194.142408] ? sock_kzfree_s+0x50/0x50 [ 2194.146300] ? netlbl_enabled+0x5/0x50 [ 2194.150199] ? __ip_dev_find+0x248/0x470 [ 2194.154273] ? lock_acquire+0x170/0x3f0 [ 2194.158259] __ip_append_data+0x11ec/0x1ff0 [ 2194.162592] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2194.167792] ? ip_do_fragment+0x1f50/0x1f50 [ 2194.172125] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2194.177148] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2194.182350] ? ip_setup_cork+0x6b0/0x6b0 [ 2194.186417] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2194.191609] ? ipv4_mtu+0x27e/0x370 [ 2194.195243] ? ip_do_fragment+0x1f50/0x1f50 [ 2194.199567] ip_make_skb+0x167/0x1b0 [ 2194.203292] ? ip_flush_pending_frames+0x20/0x20 [ 2194.208057] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2194.213510] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2194.219056] ? xfrm_lookup_route+0x43/0x1b0 [ 2194.223388] udp_sendmsg+0x156f/0x1c00 [ 2194.227288] ? ip_do_fragment+0x1f50/0x1f50 [ 2194.231643] ? udp_seq_next+0xa0/0xa0 [ 2194.235451] ? __might_fault+0x104/0x1b0 [ 2194.239518] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2194.244283] ? lock_acquire+0x170/0x3f0 [ 2194.248274] ? dup_iter+0x240/0x240 [ 2194.251911] ? kernel_recvmsg+0x210/0x210 [ 2194.256208] inet_sendmsg+0x11a/0x4e0 [ 2194.260056] ? security_socket_sendmsg+0x83/0xb0 [ 2194.264810] ? inet_recvmsg+0x4d0/0x4d0 [ 2194.268769] sock_sendmsg+0xb5/0x100 [ 2194.272563] ___sys_sendmsg+0x326/0x800 [ 2194.276529] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2194.281276] ? lock_downgrade+0x740/0x740 [ 2194.285418] ? trace_hardirqs_on+0x10/0x10 [ 2194.289644] ? up_read+0x17/0x30 [ 2194.293002] ? __do_page_fault+0x19a/0xb50 [ 2194.297253] ? retint_kernel+0x2d/0x2d [ 2194.301139] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2194.306164] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2194.310948] ? __might_fault+0x104/0x1b0 [ 2194.315005] ? lock_acquire+0x170/0x3f0 [ 2194.318970] __sys_sendmmsg+0x129/0x330 [ 2194.322927] ? SyS_sendmsg+0x40/0x40 [ 2194.326641] ? __mutex_unlock_slowpath+0x75/0x770 [ 2194.331478] ? wait_for_completion_io+0x10/0x10 [ 2194.336138] ? vfs_write+0x319/0x4d0 [ 2194.339870] ? fput+0xb/0x140 [ 2194.342967] ? SyS_write+0x14d/0x210 [ 2194.346664] ? SyS_read+0x210/0x210 [ 2194.350283] SyS_sendmmsg+0x2f/0x50 [ 2194.353923] ? __sys_sendmmsg+0x330/0x330 [ 2194.358062] do_syscall_64+0x1d5/0x640 [ 2194.361936] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2194.367121] RIP: 0033:0x45e179 [ 2194.370297] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2194.377997] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2194.385251] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2194.392510] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2194.399795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000016 [ 2194.407056] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:12 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r1, 0x0, 0x0) setsockopt$inet_udp_int(r1, 0x11, 0xa, &(0x7f00000001c0)=0x6, 0x4) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:12 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000005400010000000000000000000700", @ANYRES32], 0x38}}, 0x0) 07:18:12 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000c8120008ede5400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1\x00', 0x40, 0x0) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:12 executing program 5 (fault-call:5 fault-nth:23): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2194.509130] ip_tables: iptables: counters copy to user failed while replacing table [ 2194.518806] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2194.530769] PF_BRIDGE: br_mdb_parse() with unknown ifindex [ 2194.533234] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2194.536784] ip_tables: iptables: counters copy to user failed while replacing table [ 2194.565732] FAULT_INJECTION: forcing a failure. [ 2194.565732] name failslab, interval 1, probability 0, space 0, times 0 [ 2194.578004] CPU: 0 PID: 8353 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2194.585812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2194.595172] Call Trace: [ 2194.597770] dump_stack+0x1b2/0x283 [ 2194.601411] should_fail.cold+0x10a/0x154 [ 2194.605559] should_failslab+0xd6/0x130 [ 2194.609642] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2194.614749] __kmalloc_node_track_caller+0x38/0x70 [ 2194.619690] __alloc_skb+0x96/0x510 [ 2194.623329] alloc_skb_with_frags+0x85/0x500 [ 2194.627750] sock_alloc_send_pskb+0x577/0x6d0 [ 2194.632250] ? SyS_sendmmsg+0x2f/0x50 [ 2194.636054] ? do_syscall_64+0x1d5/0x640 [ 2194.638077] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2194.640113] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2194.640132] ? sock_kzfree_s+0x50/0x50 [ 2194.640141] ? netlbl_enabled+0x5/0x50 [ 2194.640152] ? __ip_dev_find+0x248/0x470 07:18:12 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./file0\x00', 0x3, 0x8, &(0x7f0000000680)=[{&(0x7f0000000140)="8273f38d301e194aecf9086dc22bad26335bcf116bfb6ba1ed03190015b3512b8ab4ff99194b178fee", 0x29, 0x80000001}, {&(0x7f0000000180)="195d28a308ed8871b5787535e5c8ec6f5156510e47f6d4528081c0c78a44991770c713d29789c56885c6e2a858623b1744958faad9e0c5a6af102df7fb168a2e2e0b969a80f5ca146cd3423246402ed78438cd186933fba264905527a130e4cb59ba55412838661bce54539062122b0fe48c6fbf6bd015dd9b6ab172f4a2227d9b33a26adf98537d1e50e3d7f5b180", 0x8f, 0x401}, {&(0x7f0000000240)="bfcd72e8a461906d160db855a2e8f1be21618dc0e2fd5bd20168f99bf941c090bd0dd44c82091586e22c60711e2a8007d28a4dd773bd4219ce44d655ef682debf6ccdbbeb847acd7da17104f65bdefe00baf421f1ae8646a5689bb5865589a7ed3e2dff299cb626f2b504edcdd50b4c53e5ad97f548b92f5bdee4d8a1b830b95040a6bfffe30d85074c7f736f7af24d6b74c0d271f6ea1b41fc9786ff56f67ed62f10e86d0fc38ec03623424fc2859cc4203f2e283bb4429749e46ad8ae6f1bdfb0f46c89f99137b473f0742083c372046155cea201f351322d162e7bb31cda1e8f8e144c706683351d59f498617bea2090e2fd0d7aef0", 0xf7, 0xfffffffffffffff7}, {&(0x7f0000000340)="a0d7c8d2744909ad71bfd3daa7b3ede40f0e08b8f1d0b499784f110fbbd827d69d5f1cb5603826f0a68ac7b608023ee4ca11a4724ef86124c001a5e01ba3286412089a1fc204731dbe2d34ce750207daf67e3cacb05cf793e446b3ecad145a59f5f826e33749cc4127d8d89f733b527acfcadb9f535664213ac5f87dfece79ac016f185f2560936dc596e33b168c5ec5d4ba3588ce2980a3cbdda5e61181e4a82c447a78ba4e52ca71c68bc5e411e37281ed77a55fb15ab038851cae4cb3eba1f117a1250710ad4a5e869c414e9b1358a63670452c908b0864d2994d4f38dc8eb8a207", 0xe3, 0xffff}, {&(0x7f0000000440)="fa70819a5368cba039a7021dacc8e080782a4cbe6db337062be762dc1e80b74c1660d891507419fb18b578e032a98cec43dbae8f499f63305a21b480f232a45338f43f42a4f2b2ac18736336d433fa8622d8171b7f34c31767f11bdec0f3a30fbfb4f7a58363ec721574856b8a6de080af0e1cff99c4f1245112ed65a9f1fe098f9605187b5785e7c534a49e438fd17398b4fce238dc9f27215d6bea036625699c284e80", 0xa4, 0x80000001}, {&(0x7f0000000840)="096d382b7fb94abba195f44116d5587de2eef54bce70c4b4db869992a2b2bc20fb81e32b3cab624663cc693e2a13cadb88d4f98c9d68b1e04bf120", 0x3b, 0x5}, {&(0x7f0000000540)="265dd2a6a85db1a270435c68dc7d2ccad044fe5cb34504af2ffd55d16e577053a59a69d86efc4476517136dfee210ffd047da084180070a5198ae62c8b51bdc664d6fd51968d5fbae29ab2c8f32872b1cef47f13cfd65ffc4e507a57c7a2c4958b0f69c1e12b9dd4f7731edb9787aad2440d3997ba248d6493ee15e190ff718a0e1d3c97977c4b3561bc1f22f72a5e4788339cf22b0da27ce2f406ab66b4bb00bae2b66da377970de620eb244b290a45da75d698c6f4dd4fee2083822beca847410dc48d618919ac80f5460061da6fd8e23b3359", 0xd4, 0x4}, {&(0x7f0000000640)="a9b99f30cf9c09a52866bcdbbebde35fe4d995f99af41e7db77b2c220320bfa24b4e8fd406d2c8054a6920f9ab16810d00683aeb88eab2bb", 0x38, 0x3}], 0x893008, &(0x7f0000000740)={[{@decompose='decompose'}, {@creator={'creator', 0x3d, "4ab76842"}}, {@gid={'gid'}}, {@creator={'creator', 0x3d, "00ea55f8"}}, {@umask={'umask', 0x3d, 0x3ff}}, {@creator={'creator', 0x3d, "d10ecb71"}}], [{@fowner_lt={'fowner<', 0xffffffffffffffff}}, {@euid_gt={'euid>', 0xee00}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'macsec0\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x65, 0x64, 0x62, 0x31, 0x65, 0x62, 0x37, 0x31], 0x2d, [0x63, 0x34, 0x39, 0x65], 0x2d, [0x61, 0x1c4e98252f648e00, 0x65, 0x32], 0x2d, [0x37, 0x63, 0x66, 0x34], 0x2d, [0x62, 0x31, 0x30, 0x32, 0x64, 0x64, 0x61, 0x65]}}}, {@euid_lt={'euid<', 0xffffffffffffffff}}]}) r5 = fcntl$dupfd(r4, 0x406, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r6, 0x0, 0x0) ioctl$KDSKBSENT(r6, 0x4b49, &(0x7f0000000c80)={0x1f, "3e95538fde5554ba2ce95e8f208a8d233f60d992c6cc111f56808519cd8a2f8ef394a742014c4d585083ae599566faae5e5904ba8bfb84c558d53d8382dd73c780b2bc6595e5a5dfc93fd1c21f79bfabffd43bca5e44ba5df22d1c360ea1da893422d1feb397ed412138ac7ec6dac9f771f9d269569a4780da14ea12b7becf1945c93e2f7103bee90d08e81a972cd496b562d90e1b7f5496c5af096ec53279edc57b035f055d200507261a662215314ce10068f8037ef6121d8de14fa28af82049950975d770fb74bf971bf908fa703f5ef0099b36aecb8896e945fbb498ef9656e589a1bff2ca039564fbecf82c204d6cca08b19c06e42634f398adcf4264a24911868087c47546c5607b9a57586020cdc5a3f3e01fe38877abf8978552160357c2dd7fa717b761753a48588eccc209baa47e2c06d8188f428b3c87d4d800d74cb5ca4291439e3e1ae01689703aca3990d53928c29800ee5b72c7f9398d2fffc048abb8de97dea02a2b983701bb6008ff3d9ab94401eea7da5e233d9ccacd58b40af559a4410d1d8eb4eb3406648507fc04d7f14d95a2ae4bc88ed2a94eb960b860973f0ba12f5a0cf01836aca63d573788b0b02699cd4c56f3534b643991340025f3343fe2a8d9b2050158740f24b89d72564aef69f9456dd4979f932047e6621474a9220097bf70f3e827b2ae9ec7dc10e4d2b251c8ba136dead9866612e9"}) [ 2194.640164] ? lock_acquire+0x170/0x3f0 [ 2194.640175] __ip_append_data+0x11ec/0x1ff0 [ 2194.640186] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2194.640196] ? ip_do_fragment+0x1f50/0x1f50 [ 2194.640208] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2194.640216] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2194.640224] ? ip_setup_cork+0x6b0/0x6b0 [ 2194.640232] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2194.640240] ? ipv4_mtu+0x27e/0x370 [ 2194.640251] ? ip_do_fragment+0x1f50/0x1f50 [ 2194.640260] ip_make_skb+0x167/0x1b0 [ 2194.640273] ? ip_flush_pending_frames+0x20/0x20 [ 2194.640285] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2194.640293] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2194.640308] ? xfrm_lookup_route+0x43/0x1b0 [ 2194.640321] udp_sendmsg+0x156f/0x1c00 [ 2194.640335] ? ip_do_fragment+0x1f50/0x1f50 [ 2194.640348] ? udp_seq_next+0xa0/0xa0 [ 2194.640361] ? __might_fault+0x104/0x1b0 [ 2194.640371] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2194.640382] ? lock_acquire+0x170/0x3f0 [ 2194.640398] ? dup_iter+0x240/0x240 [ 2194.640413] ? kernel_recvmsg+0x210/0x210 [ 2194.640424] inet_sendmsg+0x11a/0x4e0 [ 2194.640434] ? security_socket_sendmsg+0x83/0xb0 [ 2194.640442] ? inet_recvmsg+0x4d0/0x4d0 [ 2194.640453] sock_sendmsg+0xb5/0x100 [ 2194.640463] ___sys_sendmsg+0x326/0x800 [ 2194.640480] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2194.640492] ? lock_downgrade+0x740/0x740 [ 2194.640504] ? trace_hardirqs_on+0x10/0x10 [ 2194.640513] ? up_read+0x17/0x30 [ 2194.640522] ? __do_page_fault+0x19a/0xb50 [ 2194.640529] ? retint_kernel+0x2d/0x2d [ 2194.640540] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2194.640550] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2194.640559] ? __might_fault+0x104/0x1b0 [ 2194.640570] ? lock_acquire+0x170/0x3f0 [ 2194.640586] __sys_sendmmsg+0x129/0x330 [ 2194.640596] ? SyS_sendmsg+0x40/0x40 [ 2194.654569] ip_tables: iptables: counters copy to user failed while replacing table [ 2194.658413] ? __mutex_unlock_slowpath+0x75/0x770 [ 2194.658427] ? wait_for_completion_io+0x10/0x10 [ 2194.658436] ? vfs_write+0x319/0x4d0 [ 2194.658446] ? fput+0xb/0x140 [ 2194.798584] ip_tables: iptables: counters copy to user failed while replacing table [ 2194.800798] ? SyS_write+0x14d/0x210 [ 2194.800809] ? SyS_read+0x210/0x210 [ 2194.800822] SyS_sendmmsg+0x2f/0x50 [ 2194.800830] ? __sys_sendmmsg+0x330/0x330 [ 2194.800841] do_syscall_64+0x1d5/0x640 [ 2194.800854] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2194.800862] RIP: 0033:0x45e179 [ 2194.800866] RSP: 002b:00007fb075f5cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2194.800876] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 07:18:12 executing program 5 (fault-call:5 fault-nth:24): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:12 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000005400010000000000000000000700", @ANYRES32], 0x38}}, 0x0) [ 2194.800880] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2194.800885] RBP: 00007fb075f5cca0 R08: 0000000000000000 R09: 0000000000000000 [ 2194.800889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 2194.800893] R13: 00007ffec7e3704f R14: 00007fb075f5d9c0 R15: 000000000118cff4 [ 2194.941198] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2194.984327] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2195.007684] ip_tables: iptables: counters copy to user failed while replacing table [ 2195.034896] PF_BRIDGE: br_mdb_parse() with unknown ifindex [ 2195.063072] ip_tables: iptables: counters copy to user failed while replacing table [ 2195.064645] FAULT_INJECTION: forcing a failure. [ 2195.064645] name failslab, interval 1, probability 0, space 0, times 0 [ 2195.072126] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2195.136481] CPU: 1 PID: 8369 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2195.144312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2195.153666] Call Trace: [ 2195.156263] dump_stack+0x1b2/0x283 [ 2195.159903] should_fail.cold+0x10a/0x154 [ 2195.164059] should_failslab+0xd6/0x130 [ 2195.168037] kmem_cache_alloc+0x40/0x3c0 [ 2195.172101] dst_alloc+0xed/0x6d0 [ 2195.175639] rt_dst_alloc+0x6b/0x430 [ 2195.179335] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2195.184647] ip_route_output_key_hash+0x195/0x2a0 [ 2195.189486] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2195.195020] ? udp_sendmsg+0xe45/0x1c00 [ 2195.198980] ? lock_acquire+0x170/0x3f0 [ 2195.202932] ? lock_downgrade+0x740/0x740 [ 2195.207060] ip_route_output_flow+0x22/0xb0 [ 2195.211380] udp_sendmsg+0x13b5/0x1c00 [ 2195.215246] ? ip_do_fragment+0x1f50/0x1f50 [ 2195.219547] ? udp_seq_next+0xa0/0xa0 [ 2195.223330] ? __might_fault+0x104/0x1b0 [ 2195.227370] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2195.232106] ? lock_acquire+0x170/0x3f0 [ 2195.236073] ? dup_iter+0x240/0x240 [ 2195.239686] ? kernel_recvmsg+0x210/0x210 [ 2195.243816] inet_sendmsg+0x11a/0x4e0 [ 2195.247596] ? security_socket_sendmsg+0x83/0xb0 [ 2195.252332] ? inet_recvmsg+0x4d0/0x4d0 [ 2195.256296] sock_sendmsg+0xb5/0x100 [ 2195.259990] ___sys_sendmsg+0x326/0x800 [ 2195.263946] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2195.268696] ? lock_downgrade+0x740/0x740 [ 2195.272827] ? trace_hardirqs_on+0x10/0x10 [ 2195.277043] ? up_read+0x17/0x30 [ 2195.280389] ? __do_page_fault+0x19a/0xb50 [ 2195.284622] ? retint_kernel+0x2d/0x2d [ 2195.288493] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2195.293490] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2195.298241] ? __might_fault+0x104/0x1b0 [ 2195.302285] ? lock_acquire+0x170/0x3f0 [ 2195.306246] __sys_sendmmsg+0x129/0x330 [ 2195.310204] ? SyS_sendmsg+0x40/0x40 [ 2195.313909] ? __mutex_unlock_slowpath+0x75/0x770 [ 2195.318733] ? wait_for_completion_io+0x10/0x10 [ 2195.323382] ? vfs_write+0x319/0x4d0 [ 2195.327074] ? fput+0xb/0x140 [ 2195.330158] ? SyS_write+0x14d/0x210 [ 2195.333851] ? SyS_read+0x210/0x210 [ 2195.337466] SyS_sendmmsg+0x2f/0x50 [ 2195.341073] ? __sys_sendmmsg+0x330/0x330 [ 2195.345204] do_syscall_64+0x1d5/0x640 [ 2195.349076] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2195.354243] RIP: 0033:0x45e179 [ 2195.357430] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2195.365135] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2195.372401] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2195.379651] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2195.386914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000018 [ 2195.394166] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:15 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x41, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:15 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/udp\x00') ioctl$VIDIOC_SUBDEV_G_FMT(r1, 0xc0585604, &(0x7f00000000c0)={0x1, 0x0, {0xffffffff, 0xfff, 0x1004, 0x3, 0x8, 0x4, 0x2, 0x4}}) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:18:15 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="38000000540001000000000000000000070000", @ANYRES32], 0x38}}, 0x0) 07:18:15 executing program 5 (fault-call:5 fault-nth:25): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:15 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000040)={0x0, 0xa2}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000080)=@encrypted_update={'update ', 'default', 0x20, 'trusted:', '*'}, 0x19, 0xfffffffffffffff8) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x1ff}, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x8) r5 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x841, 0x0) signalfd(r4, &(0x7f0000000040)={[0x7fff]}, 0x8) sendto$l2tp6(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, &(0x7f0000000080)=0x10001) ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000000340)) sendfile(r6, r5, 0x0, 0x1c01) r7 = fcntl$dupfd(0xffffffffffffffff, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) [ 2197.036314] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2197.036369] ip_tables: iptables: counters copy to user failed while replacing table [ 2197.046593] PF_BRIDGE: br_mdb_parse() with unknown ifindex [ 2197.076462] FAULT_INJECTION: forcing a failure. [ 2197.076462] name failslab, interval 1, probability 0, space 0, times 0 [ 2197.076765] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2197.115499] CPU: 1 PID: 8396 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2197.123334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2197.132689] Call Trace: [ 2197.135286] dump_stack+0x1b2/0x283 [ 2197.138924] should_fail.cold+0x10a/0x154 [ 2197.143085] should_failslab+0xd6/0x130 [ 2197.147097] kmem_cache_alloc_node+0x263/0x410 [ 2197.151694] __alloc_skb+0x5c/0x510 [ 2197.155332] alloc_skb_with_frags+0x85/0x500 [ 2197.159756] sock_alloc_send_pskb+0x577/0x6d0 [ 2197.160524] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2197.164250] ? SyS_sendmmsg+0x2f/0x50 [ 2197.164261] ? do_syscall_64+0x1d5/0x640 [ 2197.164272] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2197.164291] ? sock_kzfree_s+0x50/0x50 [ 2197.189925] ? netlbl_enabled+0x5/0x50 [ 2197.193820] ? __ip_dev_find+0x248/0x470 [ 2197.197883] ? lock_acquire+0x170/0x3f0 [ 2197.201962] __ip_append_data+0x11ec/0x1ff0 [ 2197.206281] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2197.211562] ? ip_do_fragment+0x1f50/0x1f50 [ 2197.215892] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2197.220894] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2197.226097] ? ip_setup_cork+0x6b0/0x6b0 [ 2197.230167] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2197.235352] ? ipv4_mtu+0x27e/0x370 [ 2197.239004] ? ip_do_fragment+0x1f50/0x1f50 [ 2197.243363] ip_make_skb+0x167/0x1b0 [ 2197.247070] ? ip_flush_pending_frames+0x20/0x20 [ 2197.251877] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2197.256901] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2197.262466] ? xfrm_lookup_route+0x43/0x1b0 [ 2197.266785] udp_sendmsg+0x156f/0x1c00 [ 2197.270667] ? ip_do_fragment+0x1f50/0x1f50 [ 2197.274979] ? udp_seq_next+0xa0/0xa0 [ 2197.278767] ? __might_fault+0x104/0x1b0 [ 2197.282825] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2197.287581] ? lock_acquire+0x170/0x3f0 [ 2197.291570] ? dup_iter+0x240/0x240 [ 2197.295214] ? kernel_recvmsg+0x210/0x210 [ 2197.299415] inet_sendmsg+0x11a/0x4e0 [ 2197.303212] ? security_socket_sendmsg+0x83/0xb0 [ 2197.307977] ? inet_recvmsg+0x4d0/0x4d0 [ 2197.311948] sock_sendmsg+0xb5/0x100 [ 2197.315652] ___sys_sendmsg+0x326/0x800 [ 2197.319607] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2197.324350] ? lock_downgrade+0x740/0x740 [ 2197.328499] ? trace_hardirqs_on+0x10/0x10 [ 2197.332725] ? up_read+0x17/0x30 [ 2197.336088] ? __do_page_fault+0x19a/0xb50 [ 2197.340315] ? retint_kernel+0x2d/0x2d [ 2197.344193] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2197.349226] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2197.354008] ? __might_fault+0x104/0x1b0 [ 2197.358074] ? lock_acquire+0x170/0x3f0 [ 2197.362054] __sys_sendmmsg+0x129/0x330 [ 2197.366015] ? SyS_sendmsg+0x40/0x40 [ 2197.369741] ? __mutex_unlock_slowpath+0x75/0x770 [ 2197.374589] ? wait_for_completion_io+0x10/0x10 [ 2197.379265] ? vfs_write+0x319/0x4d0 [ 2197.382972] ? fput+0xb/0x140 [ 2197.386058] ? SyS_write+0x14d/0x210 [ 2197.390469] ? SyS_read+0x210/0x210 [ 2197.394088] SyS_sendmmsg+0x2f/0x50 [ 2197.397717] ? __sys_sendmmsg+0x330/0x330 [ 2197.401853] do_syscall_64+0x1d5/0x640 [ 2197.405729] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2197.410901] RIP: 0033:0x45e179 [ 2197.414077] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 07:18:15 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) r4 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r4, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) ioctl$BTRFS_IOC_SET_FEATURES(r4, 0x40309439, &(0x7f00000001c0)={0x1, 0x3, 0xc}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000200)='net/llc/core\x00') write$rfkill(r5, &(0x7f0000000240)={0x4, 0x0, 0x1, 0x0, 0x1}, 0x8) 07:18:15 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="38000000540001000000000000000000070000", @ANYRES32], 0x38}}, 0x0) 07:18:15 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x41, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:15 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) syz_genetlink_get_family_id$gtp(&(0x7f0000000040)='gtp\x00') sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2197.421774] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2197.429109] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2197.436371] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2197.443629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000019 [ 2197.450900] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:15 executing program 5 (fault-call:5 fault-nth:26): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2197.594253] PF_BRIDGE: br_mdb_parse() with unknown ifindex [ 2197.597277] FAULT_INJECTION: forcing a failure. [ 2197.597277] name failslab, interval 1, probability 0, space 0, times 0 [ 2197.625066] CPU: 0 PID: 8423 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2197.632902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2197.642260] Call Trace: [ 2197.644861] dump_stack+0x1b2/0x283 [ 2197.648499] should_fail.cold+0x10a/0x154 [ 2197.653006] should_failslab+0xd6/0x130 [ 2197.656981] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2197.662092] __kmalloc_node_track_caller+0x38/0x70 [ 2197.667176] __alloc_skb+0x96/0x510 [ 2197.670791] alloc_skb_with_frags+0x85/0x500 [ 2197.675183] sock_alloc_send_pskb+0x577/0x6d0 [ 2197.679660] ? SyS_sendmmsg+0x2f/0x50 [ 2197.683455] ? do_syscall_64+0x1d5/0x640 [ 2197.687560] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2197.692908] ? sock_kzfree_s+0x50/0x50 [ 2197.696776] ? netlbl_enabled+0x5/0x50 [ 2197.700652] ? __ip_dev_find+0x248/0x470 [ 2197.704725] ? lock_acquire+0x170/0x3f0 [ 2197.708793] __ip_append_data+0x11ec/0x1ff0 [ 2197.713111] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2197.718286] ? ip_do_fragment+0x1f50/0x1f50 [ 2197.722610] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2197.727614] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2197.732869] ? ip_setup_cork+0x6b0/0x6b0 [ 2197.736944] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2197.742121] ? ipv4_mtu+0x27e/0x370 [ 2197.745736] ? ip_do_fragment+0x1f50/0x1f50 [ 2197.750039] ip_make_skb+0x167/0x1b0 [ 2197.753794] ? ip_flush_pending_frames+0x20/0x20 [ 2197.758532] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2197.763538] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2197.769115] ? xfrm_lookup_route+0x43/0x1b0 [ 2197.773421] udp_sendmsg+0x156f/0x1c00 [ 2197.777295] ? ip_do_fragment+0x1f50/0x1f50 [ 2197.781609] ? udp_seq_next+0xa0/0xa0 [ 2197.785402] ? __might_fault+0x104/0x1b0 [ 2197.789547] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2197.794297] ? lock_acquire+0x170/0x3f0 [ 2197.798258] ? dup_iter+0x240/0x240 [ 2197.801881] ? kernel_recvmsg+0x210/0x210 [ 2197.806036] inet_sendmsg+0x11a/0x4e0 [ 2197.809830] ? security_socket_sendmsg+0x83/0xb0 [ 2197.814566] ? inet_recvmsg+0x4d0/0x4d0 [ 2197.818517] sock_sendmsg+0xb5/0x100 [ 2197.822216] ___sys_sendmsg+0x326/0x800 [ 2197.826190] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2197.830959] ? lock_downgrade+0x740/0x740 [ 2197.835121] ? trace_hardirqs_on+0x10/0x10 [ 2197.839342] ? up_read+0x17/0x30 [ 2197.842697] ? __do_page_fault+0x19a/0xb50 [ 2197.846916] ? retint_kernel+0x2d/0x2d [ 2197.850789] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2197.855797] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2197.860536] ? __might_fault+0x104/0x1b0 [ 2197.864578] ? lock_acquire+0x170/0x3f0 [ 2197.868548] __sys_sendmmsg+0x129/0x330 [ 2197.872508] ? SyS_sendmsg+0x40/0x40 [ 2197.876209] ? __mutex_unlock_slowpath+0x75/0x770 [ 2197.881035] ? wait_for_completion_io+0x10/0x10 [ 2197.885684] ? vfs_write+0x319/0x4d0 [ 2197.889382] ? fput+0xb/0x140 [ 2197.892487] ? SyS_write+0x14d/0x210 [ 2197.896240] ? SyS_read+0x210/0x210 [ 2197.899857] SyS_sendmmsg+0x2f/0x50 [ 2197.903462] ? __sys_sendmmsg+0x330/0x330 [ 2197.907591] do_syscall_64+0x1d5/0x640 [ 2197.911463] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2197.916632] RIP: 0033:0x45e179 [ 2197.919811] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2197.927499] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2197.934745] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 07:18:16 executing program 3: socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="38000000540001000000000000000000070000", @ANYRES32], 0x38}}, 0x0) [ 2197.941995] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2197.949242] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a [ 2197.956508] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:16 executing program 5 (fault-call:5 fault-nth:27): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:16 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000240)={@multicast2, @empty}, 0x8) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f0000000140)={0xc, 0x8, 0xfa00, {0x0}}, 0x10) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @mcast1}, r3}}, 0x48) write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x8, 0xfa00, {r3, 0xffffffff}}, 0x10) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="0001040100000000000400080001400002000006000640000200a45000010001000000"], 0x50}}, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) bind$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r5, &(0x7f0000007fc0), 0x60, 0x0) [ 2198.025452] PF_BRIDGE: br_mdb_parse() with unknown ifindex 07:18:16 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r1, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r1, 0xc00464be, &(0x7f0000000040)={0x1}) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0) r3 = accept4$tipc(r1, &(0x7f0000000100), &(0x7f0000000140)=0x10, 0x80000) writev(r3, &(0x7f0000000400)=[{&(0x7f0000000180)="28bf66236c4671080427cf5947e3d35c236b492fcf8d0b32eea994bc51e499d3e24ba3845d83724deba8b961e46516b3a65a6cb17423beb4c7d0aee5f4e7c802f06de3789481ef578c6676dd652e1e8c241f1247458636c842acd1dcb2fd", 0x5e}, {&(0x7f0000000300)="cc657c0f1f0d62f81badf13afde92693aecb9082f1416aabda18db198884348a37ef8dcabd04d2a5fdc27466c7938fcd06114d7e44078339fc0375b5363d62cda48cf2e6a42312c161e15ea73b70af020fbeff76383c8c5451708dbc4943be1dde705cb5b8c5dda6142dca802e195dc348fb77a9dd85fb7ea26c58c5396210f9c8b39f847f46ae68b300f5d1f67240c16cde9a9ccad99fee6e217aedf21bc340aa302fdec64dfd25933335d4f0bad5fc8d4804c745bf2286ca4205985925ec14aeaa83379e899c39db11e9", 0xcb}, {&(0x7f0000004200)="f4e617f32c1055c2c5663a68c604b2504bb76d3a8a56dc782220d0058967b04e861574bcb79a6b3e1733d72eaf5094a4b031bb56467b681cf5ef01c08fd974401f74d4a90c3c0251f7ead6537768d34c36bd3caea8c4e577753c042f8088e85dc22a60323b0d0ba7419613d30f54d2e4da3d5cd216cc899ea9fa906e7034f91e0a6f566c246b5759121e7b39fc164937e4afbf6de7bff6a4e97b2e91bd70a4dbe3e52e1f40a420bbc316c0ca159c56e22131a0ee10095e7916c7dee1270333683eeea3615801864a31b3b8aa6ec51e799b0868c66b982c8dcb44c4050c4021d90f94ab2fa58970f5d7f7b40dcb1e391a0c136af4fbc4c37b0cc4f24c56858cce33d1400ad09cdea7d65d5f4684d53d9e0f267310d04a3aac987bd4b8077beeb7b6e9b33edf30a4861262172a0507c30f76467b9728fd0c74433e0330769324f0c71c7bea25d4879b0b9f83be11747248226b1858078faf503da0a33838dc7f86f2912aee23cc839a3e46ebea246751ea4e2f0dd8c6bdfc6334a70df0383e735f08f94fa3179d0252e156cb6d206dedcee9d7d4d27b4479ba522ecc6d74f90070cb937a4fefd801614fc3940aab46f5d9651bd4bceafea9f361c0d83531dd30e6b02743ee6d5411e2b213ca53975d409635e37a9547fc25980c93951751a935ce7babc6683ca4d4b9e21cb552c15584e0f6ed0407e45d4e4e9bec247f8efa3797dd550ee19dd849befaae314b128fe79cc8fc84df8e50e28d108a5e55177a487d607b040ead9b24d99a069d4fa6f996b1f86119e21ca67da2aba6954dfff5c2980b048e7f5e6ebd2ffb0d8108c9cfb9100576c6ff21c35e23d5e6b06c8f9329672e3a5e45695d5274b778086a3ceb2dca3e60ccb544ff44a6ba0e4b7451d5b5d800c2ebc57332fc14960bd5bc41cce22391c450961f80baf841e2165b4695ae0c42bd81e10f7e9670a4288143d64746362e08412314d44f779e54f3149393a3b803c54d10c9f6a6ea8a7494e88904c10b230dfa59baf7f3bbdc43823b88907b4b058c4f9f019f5537b787cd912d9be11a7d3b18ad283348be3511ae73c3663168c5240d45ac051912645bb73a1be4dd59c87e441eebfc526085d990584f46f8268b6b5edce0159a1440c935cd1a36f4e385c94170a6da28f01e5f0ca98fc8d3a646a490bf6c8d9b559960b4616b3910cfab75f88a4421e9c9f4ed59d88d569eece14581969c006b3481342c3542cc32398da24b2f8fa309ebf08c310fe52aa2e4b4f19eabe5e8855708d238517b15e42c1e7c5914c380a63f539a3c4c5065bdaa3f0dae756aa71cc597c4a128cfb9ddd1775b168871bfcfd4114860ba2056ce39c858f664ef976f8ebd893e187be47ef2e8119e13cec659da919764cc27fc63ca0572b012f7bd49d411a7b0a3a9755e6422da5ecae37a59a76583f5418b2d0cacadf88a088629949881c91b59b9b84096839ae0f84456f87ad33d90e9174bca8d800c6cb172fdde0573502c28b58fdc2e090501a5d906aea7a7d5e086765004708f4b317e157b940b0cd4b1ceff14a8c9944bab751dbbdb3641bedf425ba3d0ed24b95795628de0e47825396c6875f366e965240fe67e8d7cbfe08a44b08a4992b492b0f9cab37da4f28ddbd7097cdc9b45ced4bb51628a31fd9e1f37473dadf030adfcb88281b0a24cd4a2051b0975c220060cd039c8cbf1ab483130bbf9200c0bd6a07fe5c333874c19b29da54e210d99940d3b64333e2a9d09fd90ed31bd7fb4d3d61146cadbf0e56754a6990920f48e5508d092b1b58ab72803f6385782a121a3bc6e497aebfed0e7c7cb88d1643ab5ef1b9fddd6a032ed75ddafed5d71445bd0abaaeeea4082ee67261aeed857ed9a7b6626a865b8ba49f68cb4b830dbe2ba58a403452f3d652f74670e22576a81aba7f959b15e39c91cbb477435307c6deea190587a36cd3f92f9f8fb2638fc996c69d84391b5ee66bd097d88b2609b7ed2474205258193ce45f4ada47aa56ece5bf60357d3f2a39b03fe376b9fdc22223fd68d4048ecb72492b2ff8a71570d5866283740da6c4aa48fa6ad305cbaf65707a19ca9d0a4fd4c25d77e73fcee32aeae57052f22eeae23137e2898c74832d5ff3840f323ea8a47fcd55a79a5d25ddbfb0ee89a92ed0a2e8a21b3a40b57b360013dcb7378ae764d4f5850d2af1628fafc382b2d2d184efc4631a1e821570a2c93ab540a374c655ebc2b8d59946c4f5956f9e4797048c4d21953334d1751a35c604b8d5de3f23aca62fa9936291794febc1923887e9fd6a3e924b5f23c2e04187936af808345f6ba923815002d75c7ff08cf99d4af73b0a07d23e30f47f1c57da5d81b4a4070bb61b6ea3133188e8ea484d4ed1b0bd3283aa4267b23f57e15fd1a8d7418d267fdb070b5cc377f47a6b76deb4babfb2423f9e271f45a2d41453212bdbe9aceba51c3c9c91315a54f20e0bd2cb183275e21bc2cb01c2efd4681e7415f50cfe3a093a0b1ef553214a3e377a3d3f39155ae1c88e51b0da1b752c38e89f7c66b1b428f57032d27cfae8119d4660e0d043b439f219580890cccd02334d09cb711f1619f9b15f9ce47364264a3c1a1e7b93e75760267b9bb7b8a51eb032d2d0b2a444b38a93a6ef9cd57384631b1691c1f0e997cf1f265f0d28dabb9b6a179876c02699da78ab1ef3ec4a069ba0795d58c572478e33070e7025e9eba22d0b37a88beeff59e07a33dd1e89ede60f80bfec3b0f82b0557439eea64f37049fc29d7334a493857af0b349d7b5f00c1a414e725760b301a6bb7290168fcb59558fd43c6e1c963b5f3da6d1a932adab19beb015050bc200ecd4751c57540cef327ff31d604bb2c66b0da5596d36b14dddd44b623c2863c969ee85af50e37c6224d31143c7e0dd3ae3ae5a67ef9c4ab29b7c037a0d866e61efdb05e8389a4d8207503b7dea9398fc5f914f386faff7ed18bd5ccdaff9f85b2193e91968f681763dc01940ba3c9bc72d8c233604de82de61115c79d174f7ac3cbed1204240b98486e7cdc94ce84e7cb4a4338a0e9b6a5b6efcda6b5845166e3d82c991196cecdfc655ba00cd9bc82340fbdca7b6fadf7101cb42debd083c20ff23bf055228bfa3fab8568e2b5eac38dfff079c802f9f12d621fb155d221ec227b65fe70cc80777af754956b6b6dc6c35281b857772ffcbd64f2d2f2399269e1d8d6e9b50b58a77f89b63641c00b1dd7f8ff7b695404e452c7151b3da92df6d18d2cfe4a15e9682f6a525d888bc037ac4c6b1fda3db4ee330d98dc1060a107b5202f40d4c03ef6bee7755a055b292ab0e810c503d3a984954d2786df3ccaf6bc751542f1cc7ce6bf30dca5af7b934036a26f71a63a72e0bb37d093eab9c052a28ee664eab31177b6ddd881e2e0a6a67df1f3bcc0853edfff567c8118d76ea67d4cd44f04710cea7653a6df971724ec7cdca773d054fb728f9d4c15de814fbeeaeeca3855cc5ab0243d28df7236092cfc7deb09478d69bdaca8c7a5777c32dcb6f3f0c30774bcaf93a6ea8bb4bf6fc977d36ba4c211353a7f0fcce1ec8fe451f633398416f63152cc71de7b91e22f31708416a7d253eab99f8b887ae63aeb11751a97eadf5dc54de17b9e486687e284a5dcc2c979a916aa0d435277d394bbdaa363756c87d6f34a4731515fbdd9c457fa8f8d49d3fe9aef92a9e8c5abc17b37f7f739d63b44a19cac957ffd8a9a6931a797caac165ce159c404e7ff6836b729df1ffc657fdd00952dec4c0d11f88c6e8d8734655daf5e3a2e7715795949c6c5a32e4f7645655e5e55020e5a2a526733a091405a4a03f0de764c1f81df379dd705bb6e3d02396c5f4e903257b9a83ec296ad212b863df941c23a04c6f6c1b1cdf8e990ef2d5225b12b29855b74fc63fe27f92b91acbd1a729f614da010052553a1a46d7d3a91df32a0dbb0d9baa8121960b4fdb4f3c3ed416e819eca4b14a53f23ac746bca5d4e2a6425f46a30d1fd791066935fecd84ef3af012df31a887404000bdb3396fa2191a261d8bde3415a7f2c241ccde3b7d3b1ae3a0344985043a52fd17943552ca51a7848df2a86b7df522ff673a32a3f29f464c2b1bca7b8913abed39515c200c510c416616f8b286e63754a3fd7a234cc34a2c6c85d6db3ff428ebcc808259ba51c22a4d21bd4827377adb4f3534aefeaf4ac7c88ee97f54823a9b6d43226c7eab00f52f2cffc7278d479752c1478751927961f231d1179fae0517d110cde98b5b01f9bbbe7a69d672fbeeba650756b322408a8aa9d33e2a2e04bfb492f02b8a891c54640e5b734f2a22f49173dd135036ed0edf08e5a0a67fd072bed52804d74127e976010005541a1bc0eb5bcf8331bfbd22ccb6be663aeb36c00299ad4a988e2999a8de2b38a51ebd86caf9e45cb35a0a06e43c54dc79251b265a833c314099f228db59527c881b32946794c9740e545a600c2c66471c8556dc6e15200f08d0a6f020a17448a3c3717819d0fbfd9aad254168e3503460211c7ebb6c7ad967e1365f4258636320afad21c069b06c08a37c60a6a7ddc50b96a6fe78b2e97eb8c968a2b7a13880026efba7462ea8f0820aeb4f6525a06b49b57f375daacf2780a4614e32c35159ee7886885e26ebb3dd2e327341514306d620b5d0e62ecb6d3ca87271602d5f09a1643718b569433f3961fdde5c71f1d550bf85d9e861a773d9452fe0245a93799cdfeaa295674907a8f374c835e56d2b222398b4dfde30f1ee54724588740674961d5ad9791d558ef1b2744e73a9de8d8ddf38f45eaea2f24fdd57c5147fe6e60e0f305b01a9cf7b1557821c15701a9cc07a4609eb144aae56a496b9a6bf39762ead8bc0026ce2a4fe33d0c9df625a0b88e3d42f2b43309e06a4d342dd472775ec62f36e4b99a7e80472d4e6938bed679d83acc4c605bc7acdb0380a534f034bca3e961e28ab56ec0dff0593be822cb1a3be5c2508a25ea5418e4c51666dd82741711a2334d7de0bfacad0ddc409ae915e17644308e070a6059f487f94fe996a3e410bf5061acdca0c87603af049aca38bec0f945bd7d5b1da3a572cfb5c4919529846d89b3fe8f90652b71221f5722327a1e7bbb35350c462aaed3086a04f439e1e125329e734f4143edefcef6ba220a2aadd1f7c7948e0080e16d85ccf2d2da7b0d3ca783bb203292cec36cdfa209d65de81ff2039bea6cc3d40f81d25856ea6ec4b2155baa78c5e13d7636065256451657d9e59bfb77b3327dd7997fa9aff1a366aaf290f9ff3e810bbc78f221390aaf7895df177caf872069bb04fe5f86582d02804598f79cadf18104436b9962fc1210b043348ba6fccb4ff364532cac085152665f5f49fe95276dfb544c6a248586dffd59fafa135fd312a1336377cdf30fb3934acc95c794981ffff1762c3a500e54f74a7ff898693752a27ec38d9bf12879355c304c857bcb589cc429bb792dec1dfa4836a6779ad7790f9e5835f60abae2a45d2af072de2951e3e81c9a7256443eef871e544719c86b03f2a4e655394d9b38278bfa8725205dc635a4e947ddd2d8abc3c1faf9b58591d00815173cd6d408117566941579a410576dd8a40b7824f911b0f86ac95d0c0595fd776e9cb81bc3ef6abbf3ea92db7664113768828ce433ac94ddbf1efd14fd5c037660811afdb429af7b0e2d0500422a1305a82c8dfc8da1318942dd07f75c1b6f3603fb4dd4ce10d7115fdb8939d7edea89f3e43a4694451b93682a68e35c9acfc6c3c8eab5bdc3b7f3797b5a8d217bdaf13af0a52edbfff3a69441a29818c5", 0x1000}], 0x3) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c64656661756c745f7065726d696373696f6e732c02"]) read$FUSE(r2, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000000040)={0x50, 0x0, r4}, 0x50) write$FUSE_INTERRUPT(r1, &(0x7f00000000c0)={0x10, 0xffffffffffffffda, r4}, 0x10) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:18:16 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x40, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2198.137682] FAULT_INJECTION: forcing a failure. [ 2198.137682] name failslab, interval 1, probability 0, space 0, times 0 [ 2198.200056] CPU: 0 PID: 8443 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2198.207884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2198.217242] Call Trace: [ 2198.219840] dump_stack+0x1b2/0x283 [ 2198.223489] should_fail.cold+0x10a/0x154 [ 2198.227654] should_failslab+0xd6/0x130 [ 2198.231655] kmem_cache_alloc_node+0x263/0x410 [ 2198.236258] __alloc_skb+0x5c/0x510 [ 2198.239891] alloc_skb_with_frags+0x85/0x500 [ 2198.244313] sock_alloc_send_pskb+0x577/0x6d0 [ 2198.248820] ? SyS_sendmmsg+0x2f/0x50 [ 2198.252671] ? do_syscall_64+0x1d5/0x640 [ 2198.256790] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2198.262166] ? sock_kzfree_s+0x50/0x50 [ 2198.266070] ? netlbl_enabled+0x5/0x50 [ 2198.269964] ? __ip_dev_find+0x248/0x470 [ 2198.274026] ? lock_acquire+0x170/0x3f0 [ 2198.277997] __ip_append_data+0x11ec/0x1ff0 [ 2198.283015] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2198.288221] ? ip_do_fragment+0x1f50/0x1f50 [ 2198.292553] ? trace_hardirqs_on_caller+0x3a8/0x580 07:18:16 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x40800) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0xff, 0x0}}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2198.297575] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2198.302773] ? ip_setup_cork+0x6b0/0x6b0 [ 2198.306847] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2198.312031] ? ipv4_mtu+0x27e/0x370 [ 2198.315667] ? ip_do_fragment+0x1f50/0x1f50 [ 2198.319991] ip_make_skb+0x167/0x1b0 [ 2198.323701] ? ip_flush_pending_frames+0x20/0x20 [ 2198.328463] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2198.333478] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2198.339027] ? xfrm_lookup_route+0x43/0x1b0 [ 2198.343362] udp_sendmsg+0x156f/0x1c00 [ 2198.347255] ? ip_do_fragment+0x1f50/0x1f50 [ 2198.351584] ? udp_seq_next+0xa0/0xa0 [ 2198.355390] ? __might_fault+0x104/0x1b0 [ 2198.359454] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2198.364216] ? lock_acquire+0x170/0x3f0 [ 2198.368193] ? dup_iter+0x240/0x240 [ 2198.371828] ? kernel_recvmsg+0x210/0x210 [ 2198.375980] inet_sendmsg+0x11a/0x4e0 [ 2198.379781] ? security_socket_sendmsg+0x83/0xb0 [ 2198.384542] ? inet_recvmsg+0x4d0/0x4d0 [ 2198.388560] sock_sendmsg+0xb5/0x100 [ 2198.392270] ___sys_sendmsg+0x326/0x800 [ 2198.396248] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2198.401011] ? lock_downgrade+0x740/0x740 [ 2198.405192] ? trace_hardirqs_on+0x10/0x10 [ 2198.409432] ? up_read+0x17/0x30 [ 2198.412794] ? __do_page_fault+0x19a/0xb50 [ 2198.417025] ? retint_kernel+0x2d/0x2d [ 2198.420918] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2198.426030] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2198.430794] ? __might_fault+0x104/0x1b0 [ 2198.434851] ? lock_acquire+0x170/0x3f0 [ 2198.438835] __sys_sendmmsg+0x129/0x330 [ 2198.442835] ? SyS_sendmsg+0x40/0x40 [ 2198.446571] ? __mutex_unlock_slowpath+0x75/0x770 07:18:16 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) fcntl$setsig(r2, 0xa, 0x25) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) r5 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r5, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r5, 0xf505, 0x0) [ 2198.451428] ? wait_for_completion_io+0x10/0x10 [ 2198.456102] ? vfs_write+0x319/0x4d0 [ 2198.459821] ? fput+0xb/0x140 [ 2198.462929] ? SyS_write+0x14d/0x210 [ 2198.466646] ? SyS_read+0x210/0x210 [ 2198.470273] SyS_sendmmsg+0x2f/0x50 [ 2198.473898] ? __sys_sendmmsg+0x330/0x330 [ 2198.478047] do_syscall_64+0x1d5/0x640 [ 2198.481946] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2198.487134] RIP: 0033:0x45e179 [ 2198.490325] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2198.498035] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2198.505308] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2198.513187] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2198.520460] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001b [ 2198.527731] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:18 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm_plock\x00', 0x10000, 0x0) ioctl$BLKPBSZGET(r1, 0x127b, &(0x7f0000000200)) wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) ioctl$KDDELIO(r2, 0x4b35, 0x401) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:18 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) read$fb(0xffffffffffffffff, &(0x7f0000000140)=""/130, 0x82) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:18 executing program 5 (fault-call:5 fault-nth:28): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:18 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x507000, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:18:18 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x41, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2200.579314] net_ratelimit: 12 callbacks suppressed [ 2200.579319] ip_tables: iptables: counters copy to user failed while replacing table [ 2200.601178] ip_tables: iptables: counters copy to user failed while replacing table [ 2200.616698] nla_parse: 8 callbacks suppressed [ 2200.616704] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2200.627354] FAULT_INJECTION: forcing a failure. [ 2200.627354] name failslab, interval 1, probability 0, space 0, times 0 [ 2200.652970] CPU: 0 PID: 8483 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2200.660798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2200.664665] ip_tables: iptables: counters copy to user failed while replacing table [ 2200.670302] Call Trace: [ 2200.670322] dump_stack+0x1b2/0x283 [ 2200.670336] should_fail.cold+0x10a/0x154 [ 2200.670349] should_failslab+0xd6/0x130 [ 2200.670358] kmem_cache_alloc_node+0x263/0x410 [ 2200.670372] __alloc_skb+0x5c/0x510 [ 2200.670382] alloc_skb_with_frags+0x85/0x500 [ 2200.670396] sock_alloc_send_pskb+0x577/0x6d0 [ 2200.670407] ? SyS_sendmmsg+0x2f/0x50 [ 2200.685173] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2200.688549] ? do_syscall_64+0x1d5/0x640 [ 2200.688559] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2200.688575] ? sock_kzfree_s+0x50/0x50 [ 2200.688584] ? netlbl_enabled+0x5/0x50 [ 2200.688594] ? __ip_dev_find+0x248/0x470 [ 2200.688607] ? lock_acquire+0x170/0x3f0 [ 2200.688620] __ip_append_data+0x11ec/0x1ff0 [ 2200.688632] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2200.688644] ? ip_do_fragment+0x1f50/0x1f50 [ 2200.688655] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2200.688664] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2200.688673] ? ip_setup_cork+0x6b0/0x6b0 [ 2200.688681] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2200.688689] ? ipv4_mtu+0x27e/0x370 [ 2200.688700] ? ip_do_fragment+0x1f50/0x1f50 [ 2200.688710] ip_make_skb+0x167/0x1b0 [ 2200.688724] ? ip_flush_pending_frames+0x20/0x20 [ 2200.688737] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2200.688747] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2200.688762] ? xfrm_lookup_route+0x43/0x1b0 [ 2200.688776] udp_sendmsg+0x156f/0x1c00 [ 2200.688789] ? ip_do_fragment+0x1f50/0x1f50 [ 2200.688802] ? udp_seq_next+0xa0/0xa0 [ 2200.688815] ? __might_fault+0x104/0x1b0 [ 2200.688824] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2200.688834] ? lock_acquire+0x170/0x3f0 [ 2200.688851] ? dup_iter+0x240/0x240 [ 2200.688867] ? kernel_recvmsg+0x210/0x210 [ 2200.688884] inet_sendmsg+0x11a/0x4e0 [ 2200.688893] ? security_socket_sendmsg+0x83/0xb0 [ 2200.688902] ? inet_recvmsg+0x4d0/0x4d0 [ 2200.688912] sock_sendmsg+0xb5/0x100 [ 2200.688920] ___sys_sendmsg+0x326/0x800 [ 2200.688929] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2200.688938] ? lock_downgrade+0x740/0x740 [ 2200.688948] ? trace_hardirqs_on+0x10/0x10 [ 2200.688957] ? up_read+0x17/0x30 [ 2200.688965] ? __do_page_fault+0x19a/0xb50 [ 2200.688974] ? retint_kernel+0x2d/0x2d [ 2200.688985] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2200.688994] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2200.689004] ? __might_fault+0x104/0x1b0 [ 2200.689015] ? lock_acquire+0x170/0x3f0 [ 2200.689030] __sys_sendmmsg+0x129/0x330 [ 2200.910593] ? SyS_sendmsg+0x40/0x40 [ 2200.914310] ? __mutex_unlock_slowpath+0x75/0x770 [ 2200.919139] ? wait_for_completion_io+0x10/0x10 [ 2200.923798] ? vfs_write+0x319/0x4d0 [ 2200.927498] ? fput+0xb/0x140 [ 2200.930594] ? SyS_write+0x14d/0x210 [ 2200.934299] ? SyS_read+0x210/0x210 [ 2200.937926] SyS_sendmmsg+0x2f/0x50 [ 2200.941537] ? __sys_sendmmsg+0x330/0x330 [ 2200.945675] do_syscall_64+0x1d5/0x640 [ 2200.949554] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2200.954734] RIP: 0033:0x45e179 [ 2200.957909] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2200.965599] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2200.972851] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 07:18:19 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x350, 0xd8, 0x0, 0xb0, 0x0, 0xb0, 0x2b8, 0x1a8, 0x1a8, 0x2b8, 0x1a8, 0x3, 0x0, {[{{@ip={@private=0xa010101, @empty}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x5, 0x3a, 0x0, 0x4, 'syz0\x00', 'syz1\x00', {0x3f}}}}, {{@ip={@private=0xa010102, @private=0xa010101, 0xffffff00, 0xffffffff, 'dummy0\x00', 'lo\x00', {0xff}, {0xff}, 0x62, 0x1, 0x10}, 0x0, 0x1c0, 0x1e0, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="499c04da2b42150941a29c6d000000010401030000000000000000000000000800034e0000000006000640000215ef3d24110001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) pwritev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="0a6c76254f7518e6cc8f71479c96b3482998a51a405993d42b78163f27481b6a3b2239b5b65b0b0ba983dbcc1d278939d6f8487194e2f3d36a4cdea177c99177e81532", 0x43}, {&(0x7f0000000080)="88f1634acc816570d73384e615", 0xd}], 0x2, 0x8, 0x3) 07:18:19 executing program 5 (fault-call:5 fault-nth:29): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2200.980147] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2200.987509] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001c [ 2200.994781] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c [ 2201.055775] ip_tables: iptables: counters copy to user failed while replacing table [ 2201.094223] ip_tables: iptables: counters copy to user failed while replacing table [ 2201.109138] ip_tables: iptables: counters copy to user failed while replacing table [ 2201.126432] FAULT_INJECTION: forcing a failure. [ 2201.126432] name failslab, interval 1, probability 0, space 0, times 0 [ 2201.144570] CPU: 0 PID: 8504 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 07:18:19 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000001040103000000000000e6ff000000000800034000c83cff4d6ac4e09392f9ff0006000624010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2201.152411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2201.161766] Call Trace: [ 2201.164360] dump_stack+0x1b2/0x283 [ 2201.167998] should_fail.cold+0x10a/0x154 [ 2201.172177] should_failslab+0xd6/0x130 [ 2201.176163] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2201.181275] __kmalloc_node_track_caller+0x38/0x70 [ 2201.186211] __alloc_skb+0x96/0x510 [ 2201.189846] alloc_skb_with_frags+0x85/0x500 [ 2201.194271] sock_alloc_send_pskb+0x577/0x6d0 [ 2201.198768] ? SyS_sendmmsg+0x2f/0x50 [ 2201.202577] ? do_syscall_64+0x1d5/0x640 [ 2201.206638] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2201.212012] ? sock_kzfree_s+0x50/0x50 [ 2201.215903] ? netlbl_enabled+0x5/0x50 [ 2201.219806] ? __ip_dev_find+0x248/0x470 [ 2201.223869] ? lock_acquire+0x170/0x3f0 [ 2201.227850] __ip_append_data+0x11ec/0x1ff0 [ 2201.231432] ip_tables: iptables: counters copy to user failed while replacing table [ 2201.232178] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2201.232193] ? ip_do_fragment+0x1f50/0x1f50 [ 2201.232213] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2201.245489] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2201.249495] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2201.249507] ? ip_setup_cork+0x6b0/0x6b0 [ 2201.249516] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2201.249522] ? ipv4_mtu+0x27e/0x370 [ 2201.249531] ? ip_do_fragment+0x1f50/0x1f50 [ 2201.249540] ip_make_skb+0x167/0x1b0 [ 2201.249554] ? ip_flush_pending_frames+0x20/0x20 [ 2201.249565] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2201.249574] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2201.249588] ? xfrm_lookup_route+0x43/0x1b0 [ 2201.249600] udp_sendmsg+0x156f/0x1c00 [ 2201.249612] ? ip_do_fragment+0x1f50/0x1f50 [ 2201.249623] ? udp_seq_next+0xa0/0xa0 [ 2201.249636] ? __might_fault+0x104/0x1b0 [ 2201.308380] ip_tables: iptables: counters copy to user failed while replacing table [ 2201.308868] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2201.308883] ? lock_acquire+0x170/0x3f0 [ 2201.308900] ? dup_iter+0x240/0x240 [ 2201.308915] ? kernel_recvmsg+0x210/0x210 [ 2201.325583] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2201.332722] inet_sendmsg+0x11a/0x4e0 [ 2201.332735] ? security_socket_sendmsg+0x83/0xb0 [ 2201.332744] ? inet_recvmsg+0x4d0/0x4d0 [ 2201.332755] sock_sendmsg+0xb5/0x100 [ 2201.332763] ___sys_sendmsg+0x326/0x800 [ 2201.332773] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2201.332785] ? lock_downgrade+0x740/0x740 [ 2201.332795] ? trace_hardirqs_on+0x10/0x10 [ 2201.332804] ? up_read+0x17/0x30 [ 2201.332813] ? __do_page_fault+0x19a/0xb50 [ 2201.332822] ? retint_kernel+0x2d/0x2d [ 2201.332831] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2201.332840] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2201.332853] ? __might_fault+0x104/0x1b0 [ 2201.332865] ? lock_acquire+0x170/0x3f0 [ 2201.332882] __sys_sendmmsg+0x129/0x330 [ 2201.332891] ? SyS_sendmsg+0x40/0x40 [ 2201.332914] ? __mutex_unlock_slowpath+0x75/0x770 [ 2201.332926] ? wait_for_completion_io+0x10/0x10 [ 2201.332937] ? vfs_write+0x319/0x4d0 [ 2201.332946] ? fput+0xb/0x140 [ 2201.332954] ? SyS_write+0x14d/0x210 [ 2201.332963] ? SyS_read+0x210/0x210 [ 2201.332973] SyS_sendmmsg+0x2f/0x50 07:18:19 executing program 5 (fault-call:5 fault-nth:30): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:19 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x40, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:19 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000040)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) [ 2201.332981] ? __sys_sendmmsg+0x330/0x330 [ 2201.332991] do_syscall_64+0x1d5/0x640 [ 2201.333005] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2201.333013] RIP: 0033:0x45e179 [ 2201.333018] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2201.333028] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2201.333034] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2201.333039] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2201.333044] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001d [ 2201.333050] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c [ 2201.531792] ip_tables: iptables: counters copy to user failed while replacing table [ 2201.549177] FAULT_INJECTION: forcing a failure. [ 2201.549177] name failslab, interval 1, probability 0, space 0, times 0 [ 2201.569646] CPU: 1 PID: 8531 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2201.577505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2201.586867] Call Trace: [ 2201.589466] dump_stack+0x1b2/0x283 [ 2201.593118] should_fail.cold+0x10a/0x154 [ 2201.597278] should_failslab+0xd6/0x130 [ 2201.601260] kmem_cache_alloc+0x40/0x3c0 [ 2201.605322] dst_alloc+0xed/0x6d0 [ 2201.608764] rt_dst_alloc+0x6b/0x430 [ 2201.612567] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2201.617898] ip_route_output_key_hash+0x195/0x2a0 [ 2201.622785] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2201.628315] ? udp_sendmsg+0xe45/0x1c00 [ 2201.632297] ? lock_acquire+0x170/0x3f0 [ 2201.636260] ? lock_downgrade+0x740/0x740 [ 2201.640741] ip_route_output_flow+0x22/0xb0 [ 2201.645073] udp_sendmsg+0x13b5/0x1c00 [ 2201.648970] ? ip_do_fragment+0x1f50/0x1f50 [ 2201.653282] ? udp_seq_next+0xa0/0xa0 [ 2201.657087] ? __might_fault+0x104/0x1b0 [ 2201.661133] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2201.665876] ? lock_acquire+0x170/0x3f0 [ 2201.669843] ? dup_iter+0x240/0x240 [ 2201.673459] ? kernel_recvmsg+0x210/0x210 [ 2201.677601] inet_sendmsg+0x11a/0x4e0 [ 2201.681391] ? security_socket_sendmsg+0x83/0xb0 [ 2201.686131] ? inet_recvmsg+0x4d0/0x4d0 [ 2201.690110] sock_sendmsg+0xb5/0x100 [ 2201.693824] ___sys_sendmsg+0x326/0x800 [ 2201.697785] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2201.702546] ? lock_downgrade+0x740/0x740 [ 2201.706690] ? trace_hardirqs_on+0x10/0x10 [ 2201.710925] ? up_read+0x17/0x30 [ 2201.714277] ? __do_page_fault+0x19a/0xb50 [ 2201.718515] ? retint_kernel+0x2d/0x2d [ 2201.722407] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2201.727420] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2201.732268] ? __might_fault+0x104/0x1b0 [ 2201.736336] ? lock_acquire+0x170/0x3f0 [ 2201.740311] __sys_sendmmsg+0x129/0x330 [ 2201.744278] ? SyS_sendmsg+0x40/0x40 [ 2201.747989] ? __mutex_unlock_slowpath+0x75/0x770 [ 2201.753045] ? wait_for_completion_io+0x10/0x10 [ 2201.757766] ? vfs_write+0x319/0x4d0 [ 2201.761471] ? fput+0xb/0x140 [ 2201.764692] ? SyS_write+0x14d/0x210 [ 2201.768455] ? SyS_read+0x210/0x210 [ 2201.772180] SyS_sendmmsg+0x2f/0x50 [ 2201.775802] ? __sys_sendmmsg+0x330/0x330 [ 2201.779951] do_syscall_64+0x1d5/0x640 [ 2201.783844] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2201.789023] RIP: 0033:0x45e179 [ 2201.792198] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2201.799967] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2201.807223] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 07:18:19 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x400d0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r5, 0x0, 0x0) setsockopt$inet_udp_encap(r5, 0x11, 0x64, &(0x7f0000000040)=0x4, 0x4) r6 = signalfd4(r3, &(0x7f0000000080)={[0x9]}, 0x8, 0x0) bind$inet(r6, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2201.814483] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2201.821747] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001e [ 2201.829028] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c [ 2201.926838] ip_tables: iptables: counters copy to user failed while replacing table [ 2201.936288] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2201.958364] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. 07:18:21 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x20000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x8, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:21 executing program 5 (fault-call:5 fault-nth:31): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:21 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:21 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) write$P9_RLOPEN(r1, &(0x7f00000000c0)={0x18, 0xd, 0x2, {{0x1}, 0x5}}, 0x18) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000300)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x5000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0)="dc610e5811d41f50496f634ee131a41061ec78b45ef096007d360baf66a7469c086e2cf6e2db35a0da853276eb039aac3d9e1f97df3b9da7fc789991eaf58502c94d5c559fb4d2bffe42c3ad61d4e9b22d4907a7819328e95a54880500742ca806ec420d7140c4281037eb4a9ddb9e69418a908b120574d773cf5eeb1d4e77b94b9821e1563024d777d03b733fca76206249afe37038c8cd220d633f3405f57e69bf16ac85aa362991e9412a3caa64ed7dad2c491330099dc4588012e27bc813fb1aa33d7b222838e14d5e2d813a2aacef0c92eea6b61815d86192742885a0fb0a26e7ae60d5fc4ccd958cc2fe8c029af1f6927710210f110e6e89b38d", 0xfd, r2}, 0x68) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000140), &(0x7f0000000180)=0x4) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x80, 0x0) ioctl$BTRFS_IOC_BALANCE_CTL(r3, 0x40049421, 0x1) 07:18:21 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x42, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb"}}], 0x1c) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:21 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(0xffffffffffffffff, 0x40044104, &(0x7f00000000c0)=0x3) sched_getscheduler(0x0) r0 = gettid() wait4(r0, 0x0, 0x2, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000001c0)=[{0x0, 0x0, 0x0, 0x0, @time={0x0, 0x200}, {}, {0x2}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}, {0x67, 0x1, 0x3f, 0xf7, @time={0x3ff}, {0x21, 0x70}, {0xb4, 0x5}, @control={0x1f, 0x3, 0xfffffff9}}, {0x3f, 0xfb, 0xff, 0x8, @tick=0x1f, {0xdd, 0x5}, {0x3, 0x1}, @raw8={"3bc9d73433399395b2a8af50"}}], 0x1a) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r2, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) write$binfmt_elf32(r2, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x94, 0x4, 0x5, 0x8, 0x4, 0x3, 0x3e, 0x5, 0x50, 0x38, 0x393, 0xffff, 0x2, 0x20, 0x2, 0x9, 0x1f, 0x3}, [{0x2, 0x7fffffff, 0x6, 0x101, 0x6, 0xffff, 0x7, 0x6}, {0x70000000, 0x8001, 0x589f, 0x4, 0x0, 0xc9, 0x1, 0x1}], "b8f0f18ec3391428fa5184772ed010786b4465dd5ba8ed7bcae9f06ddafdc2c2cd5daca009f97090b5d572304b40e5bcbdaf0ec11029a85ebb4fc7b64983884c893936a6feb62380ed5f28765f5b588d9d6e83224cc61115d1277828ec801ab002fada94c7e80036ffc5", [[]]}, 0x1e2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2203.594602] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2203.610111] FAULT_INJECTION: forcing a failure. [ 2203.610111] name failslab, interval 1, probability 0, space 0, times 0 [ 2203.648906] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2203.667065] CPU: 0 PID: 8557 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2203.674899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2203.684260] Call Trace: [ 2203.686861] dump_stack+0x1b2/0x283 [ 2203.690500] should_fail.cold+0x10a/0x154 [ 2203.694660] should_failslab+0xd6/0x130 07:18:21 executing program 4: process_vm_readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000140)=""/212, 0xd4}, {&(0x7f0000000040)}, {&(0x7f0000000240)=""/118, 0x76}, {&(0x7f00000002c0)=""/76, 0x4c}], 0x4, &(0x7f0000000480)=[{&(0x7f0000000340)=""/47, 0x2f}, {&(0x7f0000000380)=""/3, 0x3}, {&(0x7f00000003c0)=""/154, 0x9a}], 0x3, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r5, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r5, 0x80489439, &(0x7f00000004c0)) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:21 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sched_rr_get_interval(0x0, &(0x7f00000000c0)) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f0000000140)=[{0x7, 0xfa, 0x2, 0x3, @time={0x7, 0x3}, {0x1, 0x80}, {0x2, 0xd4}, @result={0x7, 0x4}}, {0x2, 0x4, 0x85, 0x1, @time={0x20, 0x4}, {0xe0, 0x40}, {0x1, 0x1f}, @result={0x0, 0x2}}, {0x4, 0x0, 0x0, 0x8, @tick=0x5, {0x7f, 0x3f}, {0x2, 0x7f}, @raw8={"a0ce5371eb15e88dc644228a"}}, {0x7, 0x0, 0x9, 0x1, @time={0xf77, 0x2}, {0x0, 0x22}, {0x2, 0x9}, @note={0x81, 0x5, 0x9, 0x20, 0xffff}}], 0x70) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2203.698646] kmem_cache_alloc_node+0x263/0x410 [ 2203.703241] __alloc_skb+0x5c/0x510 [ 2203.706885] alloc_skb_with_frags+0x85/0x500 [ 2203.711307] sock_alloc_send_pskb+0x577/0x6d0 [ 2203.715810] ? SyS_sendmmsg+0x2f/0x50 [ 2203.719619] ? do_syscall_64+0x1d5/0x640 [ 2203.723686] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2203.729067] ? sock_kzfree_s+0x50/0x50 [ 2203.732953] ? netlbl_enabled+0x5/0x50 [ 2203.736856] ? __ip_dev_find+0x248/0x470 [ 2203.740937] ? lock_acquire+0x170/0x3f0 [ 2203.745031] __ip_append_data+0x11ec/0x1ff0 [ 2203.749363] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2203.754566] ? ip_do_fragment+0x1f50/0x1f50 [ 2203.758909] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2203.763947] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2203.769150] ? ip_setup_cork+0x6b0/0x6b0 [ 2203.773226] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2203.778426] ? ipv4_mtu+0x27e/0x370 [ 2203.782419] ? ip_do_fragment+0x1f50/0x1f50 [ 2203.786909] ip_make_skb+0x167/0x1b0 [ 2203.790634] ? ip_flush_pending_frames+0x20/0x20 [ 2203.795433] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2203.800444] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2203.805984] ? xfrm_lookup_route+0x43/0x1b0 [ 2203.810296] udp_sendmsg+0x156f/0x1c00 [ 2203.814193] ? ip_do_fragment+0x1f50/0x1f50 [ 2203.818544] ? udp_seq_next+0xa0/0xa0 [ 2203.822337] ? __might_fault+0x104/0x1b0 [ 2203.826382] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2203.831144] ? lock_acquire+0x170/0x3f0 [ 2203.835107] ? dup_iter+0x240/0x240 [ 2203.838743] ? kernel_recvmsg+0x210/0x210 [ 2203.842909] inet_sendmsg+0x11a/0x4e0 [ 2203.846714] ? security_socket_sendmsg+0x83/0xb0 [ 2203.851456] ? inet_recvmsg+0x4d0/0x4d0 [ 2203.855413] sock_sendmsg+0xb5/0x100 [ 2203.859122] ___sys_sendmsg+0x326/0x800 [ 2203.863081] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2203.867822] ? lock_downgrade+0x740/0x740 [ 2203.871963] ? trace_hardirqs_on+0x10/0x10 [ 2203.876221] ? up_read+0x17/0x30 [ 2203.879579] ? __do_page_fault+0x19a/0xb50 [ 2203.883807] ? retint_kernel+0x2d/0x2d [ 2203.887684] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2203.892716] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2203.897487] ? __might_fault+0x104/0x1b0 [ 2203.901536] ? lock_acquire+0x170/0x3f0 [ 2203.905512] __sys_sendmmsg+0x129/0x330 [ 2203.909474] ? SyS_sendmsg+0x40/0x40 [ 2203.913180] ? __mutex_unlock_slowpath+0x75/0x770 [ 2203.918011] ? wait_for_completion_io+0x10/0x10 [ 2203.922667] ? vfs_write+0x319/0x4d0 [ 2203.926366] ? fput+0xb/0x140 [ 2203.929457] ? SyS_write+0x14d/0x210 [ 2203.933155] ? SyS_read+0x210/0x210 [ 2203.936786] SyS_sendmmsg+0x2f/0x50 [ 2203.940403] ? __sys_sendmmsg+0x330/0x330 [ 2203.944558] do_syscall_64+0x1d5/0x640 [ 2203.948432] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2203.953604] RIP: 0033:0x45e179 [ 2203.956797] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2203.964489] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2203.971756] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2203.979204] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2203.986593] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001f 07:18:22 executing program 5 (fault-call:5 fault-nth:32): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2203.993853] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c [ 2204.066088] FAULT_INJECTION: forcing a failure. [ 2204.066088] name failslab, interval 1, probability 0, space 0, times 0 [ 2204.078930] CPU: 0 PID: 8584 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2204.086748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2204.096148] Call Trace: [ 2204.098744] dump_stack+0x1b2/0x283 [ 2204.102410] should_fail.cold+0x10a/0x154 [ 2204.106568] should_failslab+0xd6/0x130 [ 2204.110554] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2204.115666] __kmalloc_node_track_caller+0x38/0x70 [ 2204.120605] __alloc_skb+0x96/0x510 [ 2204.124242] alloc_skb_with_frags+0x85/0x500 [ 2204.125697] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2204.128662] sock_alloc_send_pskb+0x577/0x6d0 [ 2204.128671] ? SyS_sendmmsg+0x2f/0x50 [ 2204.128680] ? do_syscall_64+0x1d5/0x640 [ 2204.128693] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2204.155043] ? sock_kzfree_s+0x50/0x50 [ 2204.158935] ? netlbl_enabled+0x5/0x50 [ 2204.162863] ? __ip_dev_find+0x248/0x470 [ 2204.166937] ? lock_acquire+0x170/0x3f0 [ 2204.169245] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2204.170914] __ip_append_data+0x11ec/0x1ff0 [ 2204.170927] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2204.170938] ? ip_do_fragment+0x1f50/0x1f50 [ 2204.170956] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2204.170964] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2204.170973] ? ip_setup_cork+0x6b0/0x6b0 [ 2204.170980] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2204.170988] ? ipv4_mtu+0x27e/0x370 [ 2204.170998] ? ip_do_fragment+0x1f50/0x1f50 [ 2204.171006] ip_make_skb+0x167/0x1b0 [ 2204.171019] ? ip_flush_pending_frames+0x20/0x20 [ 2204.171030] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2204.171039] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2204.171058] ? xfrm_lookup_route+0x43/0x1b0 [ 2204.244168] udp_sendmsg+0x156f/0x1c00 [ 2204.248069] ? ip_do_fragment+0x1f50/0x1f50 [ 2204.252396] ? udp_seq_next+0xa0/0xa0 [ 2204.256197] ? __might_fault+0x104/0x1b0 [ 2204.260260] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2204.265023] ? lock_acquire+0x170/0x3f0 [ 2204.269049] ? dup_iter+0x240/0x240 [ 2204.272687] ? kernel_recvmsg+0x210/0x210 [ 2204.276839] inet_sendmsg+0x11a/0x4e0 [ 2204.280648] ? security_socket_sendmsg+0x83/0xb0 [ 2204.285411] ? inet_recvmsg+0x4d0/0x4d0 [ 2204.289396] sock_sendmsg+0xb5/0x100 [ 2204.293112] ___sys_sendmsg+0x326/0x800 [ 2204.297073] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2204.301811] ? lock_downgrade+0x740/0x740 [ 2204.305944] ? trace_hardirqs_on+0x10/0x10 [ 2204.310169] ? up_read+0x17/0x30 [ 2204.313557] ? __do_page_fault+0x19a/0xb50 [ 2204.317788] ? retint_kernel+0x2d/0x2d [ 2204.321675] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2204.326687] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2204.331463] ? __might_fault+0x104/0x1b0 [ 2204.335522] ? lock_acquire+0x170/0x3f0 [ 2204.339541] __sys_sendmmsg+0x129/0x330 [ 2204.343512] ? SyS_sendmsg+0x40/0x40 [ 2204.347327] ? __mutex_unlock_slowpath+0x75/0x770 [ 2204.352175] ? wait_for_completion_io+0x10/0x10 [ 2204.356842] ? vfs_write+0x319/0x4d0 [ 2204.360540] ? fput+0xb/0x140 [ 2204.363647] ? SyS_write+0x14d/0x210 [ 2204.367362] ? SyS_read+0x210/0x210 [ 2204.371010] SyS_sendmmsg+0x2f/0x50 [ 2204.374627] ? __sys_sendmmsg+0x330/0x330 [ 2204.378762] do_syscall_64+0x1d5/0x640 [ 2204.382641] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2204.387815] RIP: 0033:0x45e179 [ 2204.390992] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2204.398697] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2204.405953] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 07:18:22 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x40, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:22 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) r5 = socket$inet6_icmp(0xa, 0x2, 0x3a) ioctl$sock_inet_SIOCSIFNETMASK(r5, 0x891c, &(0x7f0000000080)={'veth0_to_batadv\x00', {0x2, 0x0, @multicast2}}) 07:18:22 executing program 5 (fault-call:5 fault-nth:33): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2204.413210] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2204.420479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000020 [ 2204.427751] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:22 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) arch_prctl$ARCH_SET_GS(0x1001, &(0x7f0000000040)) 07:18:22 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}, 0x1, 0x0, 0x0, 0x8001}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2204.564536] FAULT_INJECTION: forcing a failure. [ 2204.564536] name failslab, interval 1, probability 0, space 0, times 0 [ 2204.624393] CPU: 1 PID: 8608 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2204.632228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2204.641595] Call Trace: [ 2204.644196] dump_stack+0x1b2/0x283 [ 2204.647839] should_fail.cold+0x10a/0x154 [ 2204.652005] should_failslab+0xd6/0x130 [ 2204.655989] kmem_cache_alloc+0x40/0x3c0 [ 2204.660064] dst_alloc+0xed/0x6d0 [ 2204.663564] rt_dst_alloc+0x6b/0x430 [ 2204.667296] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2204.672594] ip_route_output_key_hash+0x195/0x2a0 [ 2204.677448] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2204.683041] ? udp_sendmsg+0xe45/0x1c00 [ 2204.687132] ? lock_acquire+0x170/0x3f0 [ 2204.691131] ? lock_downgrade+0x740/0x740 [ 2204.695290] ip_route_output_flow+0x22/0xb0 [ 2204.699624] udp_sendmsg+0x13b5/0x1c00 [ 2204.703521] ? ip_do_fragment+0x1f50/0x1f50 [ 2204.707855] ? udp_seq_next+0xa0/0xa0 [ 2204.711664] ? __might_fault+0x104/0x1b0 [ 2204.715733] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2204.720498] ? lock_acquire+0x170/0x3f0 07:18:22 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x30000, 0x0) setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000180)={0x1, &(0x7f0000000140)=[{0x7ff, 0x2, 0xfe, 0x9}]}, 0x10) r5 = openat$null(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/null\x00', 0x1, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r5, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="480000080e14200025bd7000fb2508000100020000000800030002000000080001000200000008003c000500000008000100010000000800030004000000158b2abc5fe1f4434a84f185d3c4a1bf2397a3664ccb849d0329b8ac25dec133b1f1e5944eef1b89c2797d34d612028c72d22f350d2e38b6d6fbe542230cca86e6e74ab243331be8f5715ac56a7dec27260237b8c4bcb8ffa4af1f81c8788502547a4cb4c9d4b226033fdff431e33ec34ad9c2d0e89862847988f4aaf937cba391c3f64ead3976e48d2f37728c5b68d885c75dbc6f2d00560c7574e51a42fad19c52a188aeee9761231b2091d8c1e0d89d62bfd49016aeab1599a4f042e7f72ae3bf104efec8700a1395b7055b83e2ed35bec45be96732dd690c0100440b17d44338e6a4bafcf1ec0df5f7be8185205e1e44f634444282"], 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) ioctl$MON_IOCX_GETX(r6, 0x4018920a, &(0x7f0000000480)={&(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000380)=""/235, 0xeb}) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x0) ioctl$DRM_IOCTL_GEM_OPEN(r3, 0xc010640b, &(0x7f0000000100)) r7 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x40000, 0x0) ioctl$KVM_GET_NR_MMU_PAGES(r7, 0xae45, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2204.724484] ? dup_iter+0x240/0x240 [ 2204.728118] ? kernel_recvmsg+0x210/0x210 [ 2204.732271] inet_sendmsg+0x11a/0x4e0 [ 2204.736179] ? security_socket_sendmsg+0x83/0xb0 [ 2204.740947] ? inet_recvmsg+0x4d0/0x4d0 [ 2204.744937] sock_sendmsg+0xb5/0x100 [ 2204.748656] ___sys_sendmsg+0x326/0x800 [ 2204.752639] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2204.757399] ? lock_downgrade+0x740/0x740 [ 2204.761557] ? trace_hardirqs_on+0x10/0x10 [ 2204.765803] ? up_read+0x17/0x30 [ 2204.769175] ? __do_page_fault+0x19a/0xb50 07:18:22 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r4, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000080)={r4}) r6 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) getsockopt$inet_sctp6_SCTP_NODELAY(r5, 0x84, 0x3, &(0x7f0000000140), &(0x7f0000000180)=0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) close(r6) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2204.774546] ? retint_kernel+0x2d/0x2d [ 2204.778442] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2204.783465] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2204.788232] ? __might_fault+0x104/0x1b0 [ 2204.792312] ? lock_acquire+0x170/0x3f0 [ 2204.796303] __sys_sendmmsg+0x129/0x330 [ 2204.800286] ? SyS_sendmsg+0x40/0x40 [ 2204.804023] ? __mutex_unlock_slowpath+0x75/0x770 [ 2204.808877] ? wait_for_completion_io+0x10/0x10 [ 2204.813550] ? vfs_write+0x319/0x4d0 [ 2204.817276] ? fput+0xb/0x140 [ 2204.820385] ? SyS_write+0x14d/0x210 [ 2204.824103] ? SyS_read+0x210/0x210 [ 2204.827734] SyS_sendmmsg+0x2f/0x50 [ 2204.831388] ? __sys_sendmmsg+0x330/0x330 [ 2204.835536] do_syscall_64+0x1d5/0x640 [ 2204.839436] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2204.844626] RIP: 0033:0x45e179 [ 2204.847817] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2204.855531] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2204.862801] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2204.870089] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2204.877359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000021 [ 2204.884637] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:24 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x42, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb"}}], 0x1c) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:24 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:24 executing program 5 (fault-call:5 fault-nth:34): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2206.605197] net_ratelimit: 16 callbacks suppressed [ 2206.605202] ip_tables: iptables: counters copy to user failed while replacing table [ 2206.621776] ip_tables: iptables: counters copy to user failed while replacing table [ 2206.625323] nla_parse: 4 callbacks suppressed [ 2206.625328] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2206.653139] ip_tables: iptables: counters copy to user failed while replacing table [ 2206.663864] FAULT_INJECTION: forcing a failure. [ 2206.663864] name failslab, interval 1, probability 0, space 0, times 0 [ 2206.667420] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2206.685973] CPU: 1 PID: 8639 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2206.693798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2206.703153] Call Trace: [ 2206.705730] dump_stack+0x1b2/0x283 [ 2206.709352] should_fail.cold+0x10a/0x154 [ 2206.713507] should_failslab+0xd6/0x130 [ 2206.717489] kmem_cache_alloc_node+0x263/0x410 [ 2206.722055] __alloc_skb+0x5c/0x510 [ 2206.725679] alloc_skb_with_frags+0x85/0x500 [ 2206.730085] sock_alloc_send_pskb+0x577/0x6d0 [ 2206.734573] ? SyS_sendmmsg+0x2f/0x50 [ 2206.738426] ? do_syscall_64+0x1d5/0x640 [ 2206.742495] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2206.747856] ? sock_kzfree_s+0x50/0x50 [ 2206.751762] ? netlbl_enabled+0x5/0x50 [ 2206.755645] ? __ip_dev_find+0x248/0x470 [ 2206.759753] ? lock_acquire+0x170/0x3f0 [ 2206.763715] __ip_append_data+0x11ec/0x1ff0 [ 2206.768026] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2206.773211] ? ip_do_fragment+0x1f50/0x1f50 [ 2206.777535] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2206.782537] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2206.787712] ? ip_setup_cork+0x6b0/0x6b0 [ 2206.791759] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2206.796932] ? ipv4_mtu+0x27e/0x370 [ 2206.800543] ? ip_do_fragment+0x1f50/0x1f50 [ 2206.804848] ip_make_skb+0x167/0x1b0 [ 2206.808565] ? ip_flush_pending_frames+0x20/0x20 [ 2206.813312] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2206.818340] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2206.823882] ? xfrm_lookup_route+0x43/0x1b0 [ 2206.828221] udp_sendmsg+0x156f/0x1c00 [ 2206.832207] ? ip_do_fragment+0x1f50/0x1f50 [ 2206.836539] ? udp_seq_next+0xa0/0xa0 [ 2206.840324] ? __might_fault+0x104/0x1b0 [ 2206.844368] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2206.849111] ? lock_acquire+0x170/0x3f0 [ 2206.853079] ? dup_iter+0x240/0x240 [ 2206.856701] ? kernel_recvmsg+0x210/0x210 [ 2206.860840] inet_sendmsg+0x11a/0x4e0 [ 2206.864625] ? security_socket_sendmsg+0x83/0xb0 [ 2206.869366] ? inet_recvmsg+0x4d0/0x4d0 [ 2206.873332] sock_sendmsg+0xb5/0x100 [ 2206.877040] ___sys_sendmsg+0x326/0x800 [ 2206.880995] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2206.885738] ? lock_downgrade+0x740/0x740 [ 2206.889877] ? trace_hardirqs_on+0x10/0x10 [ 2206.894106] ? up_read+0x17/0x30 [ 2206.897466] ? __do_page_fault+0x19a/0xb50 [ 2206.901688] ? retint_kernel+0x2d/0x2d [ 2206.905560] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2206.910565] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2206.915318] ? __might_fault+0x104/0x1b0 [ 2206.919375] ? lock_acquire+0x170/0x3f0 [ 2206.923343] __sys_sendmmsg+0x129/0x330 [ 2206.927300] ? SyS_sendmsg+0x40/0x40 [ 2206.931014] ? __mutex_unlock_slowpath+0x75/0x770 [ 2206.935861] ? wait_for_completion_io+0x10/0x10 [ 2206.940519] ? vfs_write+0x319/0x4d0 [ 2206.944215] ? fput+0xb/0x140 [ 2206.947328] ? SyS_write+0x14d/0x210 [ 2206.951030] ? SyS_read+0x210/0x210 [ 2206.954652] SyS_sendmmsg+0x2f/0x50 [ 2206.958264] ? __sys_sendmmsg+0x330/0x330 [ 2206.962453] do_syscall_64+0x1d5/0x640 [ 2206.966351] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2206.971531] RIP: 0033:0x45e179 [ 2206.974709] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2206.982407] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2206.989688] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2206.996956] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 07:18:25 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000200)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}, {&(0x7f0000002300)=""/210, 0xd2}], 0x4, 0x0, 0x0, 0x0) tkill(r0, 0x2f) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) read$FUSE(0xffffffffffffffff, &(0x7f00000002c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_open_procfs$namespace(r1, &(0x7f00000001c0)='ns/time\x00') ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$sock(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000002400)=@nfc_llcp={0x27, 0x1, 0x0, 0x5, 0x2, 0xe8, "0d11dc21e3411d87489a1545e66f778a1027d7d495750eeb6d7a96c33850714837d997040ca93795039c4be8a8d31247ce5befe8d605013911050460efb0ec", 0x1d}, 0x80, &(0x7f0000000080)=[{&(0x7f0000002480)="e7dbedbbbce6f497ea1a696626daecf2c715a300f840db660ddd3204ea318fac096151b6cf04a06a86055621f486933f92a029e4f1ff3b736db825808a0be9193a6851e1e3e738669633a104c575296092cc9a775c69538e6c5b42e4a18fa53fd187e1f8d582715013584bcf8d116e9d63cc1d2d2e49d3cf7ef3c304068fe382efce32b0ead20ecac7544b4e4bc083bb40469e6f2117bb75dc0c412368324697e10cf00ffcb9ba0cae27add845e3bdaf1fcb58647cd066032d2c2486e4e30aa62bed36906f1f1a49b99ba7a5d0cbe7daee5f0a", 0xd3}], 0x1, &(0x7f0000002580)=[@timestamping={{0x14}}, @timestamping={{0x14, 0x1, 0x25, 0x9}}, @timestamping={{0x14, 0x1, 0x25, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0x1}}, @mark={{0x14, 0x1, 0x24, 0x400}}, @mark={{0x14, 0x1, 0x24, 0x7}}, @mark={{0x14, 0x1, 0x24, 0x6}}], 0xc0}, 0x8802) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:25 executing program 2: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000040)={0x5907, 0x8, [{0x2, 0x1}, {0xd}, {0xc, 0x1}, {0x5, 0x1}, {0x8}, {0xd}, {0xf}, {0x4, 0x1}]}) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r1}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000000)) readv(r1, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) [ 2207.004213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000022 [ 2207.011578] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:25 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x40, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) fcntl$dupfd(r2, 0x0, r1) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:25 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = getpid() sched_setattr(r5, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_open_procfs(r5, &(0x7f00000005c0)='net/mcfilter\x00') r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r6, 0x0, 0x0) r7 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x14, r7, 0x0, 0x0, 0x0, {0xf}}, 0x14}}, 0x0) syncfs(r1) sendmsg$TIPC_NL_BEARER_ADD(r6, &(0x7f0000000580)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000c80)=ANY=[@ANYBLOB="34040000", @ANYRES16=r7, @ANYBLOB="000125bd7000fbdbdf25150000001c0004800900010073797a31000000000900010073797a31000000001400038008000300070000000800010009000000100206800400020004000200f6000300643aac37b661b61a527cada22e729e2a83529bef7f2b30b94210a3c243ef6577399c82f71836d2571201ec7440c7e91a0606e228c224a9113d4f5ac02c13177605614ab34f235e415ed12cb90773d93a2e8a16cd5a7a8bbadfb15f529cdf00ca20bc990bdc026f45c724f04d3b07a0b7f2d32d3bcb6a9c80a8baf0f3be64546d54e45eaee1b79c7d610f2e67e4c014d881e299905b141b8612525b41a17c2cb822a77fb4db68fb62aa45e6240c691bb3b154a283949a45bc627b68596636348825675804a5d1c00b4c0bffce2c27d563821217f1429d11558fc742525eb621b514a1ee74e1e011fcd2f6ba953df28f5679ba012d51216000004b00040067636d2861657329000000000000000000000000000000000000000000000000230000008ac415e960f189c81ae719ec54a7734f6c20be468923e574fe77866341b63a09dfb0d2000400020008000100090000000800010003000000ac0003001339fede1340978fa50c105f7389b16d2f1c8dc47de110584740efbc62fa9187de70b597df3d3822eff32428d88d1d7a16a17af4a68a4d34027207bedebc77c2275c50c32b506bea1254446af41a529053dd46319e98cfeee424031a4db15d362faed7a77fdabbc844b5cd5aafc5d0c271cb0eca27e7edd4b499863b9fa29c937f8564dcf055913706b651ec650fe7926f0948ce7e8eaf41db2830ffe454c3eaa67daec071764b132000058008000100657468000c000280080001000c000000080001007564700034000980080002000200000008000200010000000800020001000000080002000500000008000100001000000800010000000000d00004803c000f8008000300050000000800020000feffff08000300000000000800010006000000080003000800000008000300ff7f000008000400733d000054000780080002001f0000000800020007000000080002000100010008000300018000000800010008000000080003000900000008000300000001000800020007000000080001000800000008000100190000001c000780080003000300000008000400080000000800040003000000040007801c0007800800020002000000080001000500000008000400010000000c0009800800010001000000280005800700010069620000140002800800040001000000080001000a00000008000100756470008800058044000280080002000104000008000300ff0300000800020007000000080004000800000008000400030000000800030007000000080004002036000008000300000001000c00028008000200f70e000008000100657468002c000280080001000e0000000800020009000000080003000500000008000300400000000800020006000000"], 0x434}, 0x1, 0x0, 0x0, 0x10}, 0x80) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:25 executing program 5 (fault-call:5 fault-nth:35): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2207.512409] ip_tables: iptables: counters copy to user failed while replacing table [ 2207.521044] ip_tables: iptables: counters copy to user failed while replacing table [ 2207.537937] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2207.548980] FAULT_INJECTION: forcing a failure. [ 2207.548980] name failslab, interval 1, probability 0, space 0, times 0 [ 2207.570311] CPU: 0 PID: 8662 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2207.578181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2207.587542] Call Trace: [ 2207.590143] dump_stack+0x1b2/0x283 [ 2207.593781] should_fail.cold+0x10a/0x154 [ 2207.596241] ip_tables: iptables: counters copy to user failed while replacing table [ 2207.597933] should_failslab+0xd6/0x130 [ 2207.597945] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2207.597960] __kmalloc_node_track_caller+0x38/0x70 [ 2207.597973] __alloc_skb+0x96/0x510 [ 2207.597983] alloc_skb_with_frags+0x85/0x500 [ 2207.597998] sock_alloc_send_pskb+0x577/0x6d0 [ 2207.626354] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2207.628007] ? SyS_sendmmsg+0x2f/0x50 [ 2207.628020] ? do_syscall_64+0x1d5/0x640 [ 2207.628031] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2207.628048] ? sock_kzfree_s+0x50/0x50 [ 2207.628057] ? netlbl_enabled+0x5/0x50 [ 2207.628071] ? __ip_dev_find+0x248/0x470 [ 2207.666515] ? lock_acquire+0x170/0x3f0 [ 2207.670502] __ip_append_data+0x11ec/0x1ff0 [ 2207.674831] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2207.680025] ? ip_do_fragment+0x1f50/0x1f50 [ 2207.684362] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2207.689623] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2207.694858] ? ip_setup_cork+0x6b0/0x6b0 [ 2207.698930] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2207.704136] ? ipv4_mtu+0x27e/0x370 [ 2207.707775] ? ip_do_fragment+0x1f50/0x1f50 [ 2207.712115] ip_make_skb+0x167/0x1b0 [ 2207.715847] ? ip_flush_pending_frames+0x20/0x20 [ 2207.720621] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2207.725646] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2207.731200] ? xfrm_lookup_route+0x43/0x1b0 [ 2207.735537] udp_sendmsg+0x156f/0x1c00 [ 2207.739440] ? ip_do_fragment+0x1f50/0x1f50 [ 2207.742045] ip_tables: iptables: counters copy to user failed while replacing table [ 2207.743764] ? udp_seq_next+0xa0/0xa0 [ 2207.743778] ? __might_fault+0x104/0x1b0 [ 2207.743788] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2207.743806] ? lock_acquire+0x170/0x3f0 [ 2207.743821] ? dup_iter+0x240/0x240 [ 2207.743837] ? kernel_recvmsg+0x210/0x210 [ 2207.776120] inet_sendmsg+0x11a/0x4e0 [ 2207.779937] ? security_socket_sendmsg+0x83/0xb0 [ 2207.784715] ? inet_recvmsg+0x4d0/0x4d0 [ 2207.788712] sock_sendmsg+0xb5/0x100 [ 2207.792452] ___sys_sendmsg+0x326/0x800 [ 2207.795073] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2207.796485] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2207.796504] ? lock_downgrade+0x740/0x740 [ 2207.796520] ? trace_hardirqs_on+0x10/0x10 [ 2207.818254] ? up_read+0x17/0x30 [ 2207.821649] ? __do_page_fault+0x19a/0xb50 [ 2207.825928] ? retint_kernel+0x2d/0x2d [ 2207.829829] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2207.834851] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2207.839621] ? __might_fault+0x104/0x1b0 [ 2207.843694] ? lock_acquire+0x170/0x3f0 [ 2207.847678] __sys_sendmmsg+0x129/0x330 [ 2207.851654] ? SyS_sendmsg+0x40/0x40 [ 2207.855383] ? __mutex_unlock_slowpath+0x75/0x770 [ 2207.860231] ? wait_for_completion_io+0x10/0x10 [ 2207.864907] ? vfs_write+0x319/0x4d0 07:18:25 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/timer\x00', 0x200) ioctl$int_out(r2, 0x2, &(0x7f0000000080)) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r6, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) getpeername(r6, &(0x7f0000000280)=@phonet, &(0x7f0000000300)=0x80) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) r7 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x34, r7, 0x8, 0x70bd27, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast2}]}, 0x34}, 0x1, 0x0, 0x0, 0x24008851}, 0x20008010) sendmmsg(r3, &(0x7f0000007fc0), 0x60, 0x0) [ 2207.865467] ip_tables: iptables: counters copy to user failed while replacing table [ 2207.868619] ? fput+0xb/0x140 [ 2207.868629] ? SyS_write+0x14d/0x210 [ 2207.868639] ? SyS_read+0x210/0x210 [ 2207.868651] SyS_sendmmsg+0x2f/0x50 [ 2207.868660] ? __sys_sendmmsg+0x330/0x330 [ 2207.868673] do_syscall_64+0x1d5/0x640 [ 2207.868687] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2207.899632] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2207.903681] RIP: 0033:0x45e179 07:18:26 executing program 5 (fault-call:5 fault-nth:36): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:26 executing program 4: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$inet(0x2, 0x1, 0x7fff) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x358, 0x90, 0x0, 0xb0, 0x90, 0xb0, 0x2c0, 0x1a8, 0x1a8, 0x2c0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) alarm(0x8) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103005500ccac00000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x406, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2207.903687] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2207.903697] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2207.903702] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2207.903707] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2207.903712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000023 [ 2207.903717] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:26 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x40, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r1, 0x5201) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000000)) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000180)={0x3, 0x4, 0x4, 0x0, 0x7}) readv(r0, &(0x7f0000000140)=[{&(0x7f0000002640)=""/4103, 0x1007}, {&(0x7f00000000c0)=""/99, 0x63}], 0x2) [ 2208.034611] ip_tables: iptables: counters copy to user failed while replacing table [ 2208.057783] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2208.063851] FAULT_INJECTION: forcing a failure. [ 2208.063851] name failslab, interval 1, probability 0, space 0, times 0 [ 2208.082209] CPU: 1 PID: 8691 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2208.090036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2208.099739] Call Trace: [ 2208.102335] dump_stack+0x1b2/0x283 [ 2208.105975] should_fail.cold+0x10a/0x154 [ 2208.110134] should_failslab+0xd6/0x130 [ 2208.114114] kmem_cache_alloc+0x40/0x3c0 [ 2208.115200] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2208.118174] dst_alloc+0xed/0x6d0 [ 2208.118188] rt_dst_alloc+0x6b/0x430 [ 2208.118200] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2208.139209] ip_route_output_key_hash+0x195/0x2a0 [ 2208.144067] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2208.149612] ? udp_sendmsg+0xe45/0x1c00 [ 2208.153600] ? lock_acquire+0x170/0x3f0 [ 2208.157580] ? lock_downgrade+0x740/0x740 [ 2208.161733] ip_route_output_flow+0x22/0xb0 [ 2208.166060] udp_sendmsg+0x13b5/0x1c00 [ 2208.169954] ? ip_do_fragment+0x1f50/0x1f50 [ 2208.174283] ? udp_seq_next+0xa0/0xa0 [ 2208.178088] ? __might_fault+0x104/0x1b0 [ 2208.182154] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2208.186908] ? lock_acquire+0x170/0x3f0 [ 2208.190869] ? dup_iter+0x240/0x240 [ 2208.194483] ? kernel_recvmsg+0x210/0x210 [ 2208.198611] inet_sendmsg+0x11a/0x4e0 [ 2208.202392] ? security_socket_sendmsg+0x83/0xb0 [ 2208.207136] ? inet_recvmsg+0x4d0/0x4d0 [ 2208.211091] sock_sendmsg+0xb5/0x100 [ 2208.214838] ___sys_sendmsg+0x326/0x800 [ 2208.218792] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2208.223531] ? lock_downgrade+0x740/0x740 [ 2208.227657] ? trace_hardirqs_on+0x10/0x10 [ 2208.231871] ? up_read+0x17/0x30 [ 2208.235234] ? __do_page_fault+0x19a/0xb50 [ 2208.239450] ? retint_kernel+0x2d/0x2d [ 2208.243338] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2208.248333] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2208.253068] ? __might_fault+0x104/0x1b0 [ 2208.257110] ? lock_acquire+0x170/0x3f0 [ 2208.261068] __sys_sendmmsg+0x129/0x330 [ 2208.265022] ? SyS_sendmsg+0x40/0x40 [ 2208.268737] ? __mutex_unlock_slowpath+0x75/0x770 [ 2208.273560] ? wait_for_completion_io+0x10/0x10 [ 2208.278229] ? vfs_write+0x319/0x4d0 [ 2208.281952] ? fput+0xb/0x140 [ 2208.285036] ? SyS_write+0x14d/0x210 [ 2208.288729] ? SyS_read+0x210/0x210 [ 2208.292335] SyS_sendmmsg+0x2f/0x50 [ 2208.295947] ? __sys_sendmmsg+0x330/0x330 [ 2208.300077] do_syscall_64+0x1d5/0x640 [ 2208.303963] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2208.309137] RIP: 0033:0x45e179 [ 2208.312305] RSP: 002b:00007fb075f5cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2208.319993] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2208.327262] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2208.334537] RBP: 00007fb075f5cca0 R08: 0000000000000000 R09: 0000000000000000 [ 2208.341787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000024 [ 2208.349035] R13: 00007ffec7e3704f R14: 00007fb075f5d9c0 R15: 000000000118cff4 07:18:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x42, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb"}}], 0x1c) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:27 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'macvlan0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_PROTO_DOWN={0x5}]}, 0x28}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000180)=0x14) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r6}, [@IFLA_PROTO_DOWN={0x5}]}, 0x28}}, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xb8, 0x0, 0x20, 0x70bd29, 0x25dfdbfc, {}, [@HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x800}, 0x4800) r7 = socket$inet_udp(0x2, 0x2, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r8, 0x0, r8) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x9) bind$inet(r7, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r7, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r7, &(0x7f0000007fc0), 0x60, 0x0) 07:18:27 executing program 5 (fault-call:5 fault-nth:37): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2209.616951] ip_tables: iptables: counters copy to user failed while replacing table [ 2209.632369] FAULT_INJECTION: forcing a failure. [ 2209.632369] name failslab, interval 1, probability 0, space 0, times 0 [ 2209.635612] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2209.644508] CPU: 0 PID: 8710 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2209.660099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2209.669452] Call Trace: [ 2209.672034] dump_stack+0x1b2/0x283 [ 2209.675645] should_fail.cold+0x10a/0x154 [ 2209.679889] should_failslab+0xd6/0x130 [ 2209.683843] kmem_cache_alloc_node+0x263/0x410 [ 2209.688463] __alloc_skb+0x5c/0x510 [ 2209.692067] alloc_skb_with_frags+0x85/0x500 [ 2209.696502] sock_alloc_send_pskb+0x577/0x6d0 [ 2209.700980] ? SyS_sendmmsg+0x2f/0x50 [ 2209.704758] ? do_syscall_64+0x1d5/0x640 [ 2209.708794] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2209.714139] ? sock_kzfree_s+0x50/0x50 [ 2209.718019] ? netlbl_enabled+0x5/0x50 [ 2209.721909] ? __ip_dev_find+0x248/0x470 [ 2209.725948] ? lock_acquire+0x170/0x3f0 [ 2209.729904] __ip_append_data+0x11ec/0x1ff0 [ 2209.734230] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2209.739415] ? ip_do_fragment+0x1f50/0x1f50 [ 2209.743722] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2209.748719] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2209.754001] ? ip_setup_cork+0x6b0/0x6b0 [ 2209.758048] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2209.763223] ? ipv4_mtu+0x27e/0x370 [ 2209.766916] ? ip_do_fragment+0x1f50/0x1f50 [ 2209.771260] ip_make_skb+0x167/0x1b0 [ 2209.774957] ? ip_flush_pending_frames+0x20/0x20 [ 2209.779728] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2209.784719] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2209.790263] ? xfrm_lookup_route+0x43/0x1b0 [ 2209.794560] udp_sendmsg+0x156f/0x1c00 [ 2209.798427] ? ip_do_fragment+0x1f50/0x1f50 [ 2209.802731] ? udp_seq_next+0xa0/0xa0 [ 2209.806527] ? __might_fault+0x104/0x1b0 [ 2209.810624] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2209.815373] ? lock_acquire+0x170/0x3f0 [ 2209.819326] ? dup_iter+0x240/0x240 [ 2209.822941] ? kernel_recvmsg+0x210/0x210 [ 2209.827067] inet_sendmsg+0x11a/0x4e0 [ 2209.830846] ? security_socket_sendmsg+0x83/0xb0 [ 2209.835681] ? inet_recvmsg+0x4d0/0x4d0 [ 2209.839650] sock_sendmsg+0xb5/0x100 [ 2209.843355] ___sys_sendmsg+0x326/0x800 [ 2209.847305] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2209.852058] ? lock_downgrade+0x740/0x740 [ 2209.856182] ? trace_hardirqs_on+0x10/0x10 [ 2209.860391] ? up_read+0x17/0x30 [ 2209.863732] ? __do_page_fault+0x19a/0xb50 [ 2209.867944] ? retint_kernel+0x2d/0x2d [ 2209.871808] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2209.876818] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2209.881553] ? __might_fault+0x104/0x1b0 [ 2209.885618] ? lock_acquire+0x170/0x3f0 [ 2209.889660] __sys_sendmmsg+0x129/0x330 [ 2209.893612] ? SyS_sendmsg+0x40/0x40 [ 2209.897321] ? __mutex_unlock_slowpath+0x75/0x770 [ 2209.902154] ? wait_for_completion_io+0x10/0x10 [ 2209.906904] ? vfs_write+0x319/0x4d0 [ 2209.910599] ? fput+0xb/0x140 [ 2209.913682] ? SyS_write+0x14d/0x210 [ 2209.917376] ? SyS_read+0x210/0x210 [ 2209.920986] SyS_sendmmsg+0x2f/0x50 [ 2209.924712] ? __sys_sendmmsg+0x330/0x330 [ 2209.928909] do_syscall_64+0x1d5/0x640 [ 2209.932827] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2209.938036] RIP: 0033:0x45e179 [ 2209.941203] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2209.948935] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2209.956184] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2209.963432] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2209.970679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000025 [ 2209.977926] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c [ 2210.008672] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2210.033258] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8714 comm=syz-executor.4 07:18:28 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r4, 0x0, 0x0) setsockopt$inet6_tcp_TLS_RX(r4, 0x6, 0x2, &(0x7f00000001c0)=@gcm_256={{}, "30655932fb5ee833", "dfc79995e5091175bff15ace098a6ff5171a52fc128251e318d4ef485e476b5d", "7fb3f52c", "6f3f4cc33e9b08d3"}, 0x38) 07:18:28 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000040)) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:18:28 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x40, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) fcntl$dupfd(r2, 0x0, r1) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:28 executing program 5 (fault-call:5 fault-nth:38): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:28 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r5, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_SPLIT(r5, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x9c, 0x0, 0x200, 0x70bd29, 0x25dfdbff, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}, {0x8, 0x9, 0x6}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x8, 0x9, 0x3}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x44040}, 0x40044) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r6, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r6, 0x84, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4) 07:18:28 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r2, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) bind$vsock_dgram(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x2710}, 0x10) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2210.549791] FAULT_INJECTION: forcing a failure. [ 2210.549791] name failslab, interval 1, probability 0, space 0, times 0 [ 2210.568377] CPU: 0 PID: 8742 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2210.576232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2210.585587] Call Trace: [ 2210.588189] dump_stack+0x1b2/0x283 [ 2210.591831] should_fail.cold+0x10a/0x154 [ 2210.595990] should_failslab+0xd6/0x130 [ 2210.599973] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2210.605112] __kmalloc_node_track_caller+0x38/0x70 [ 2210.610089] __alloc_skb+0x96/0x510 [ 2210.613721] alloc_skb_with_frags+0x85/0x500 [ 2210.618141] sock_alloc_send_pskb+0x577/0x6d0 [ 2210.622644] ? SyS_sendmmsg+0x2f/0x50 [ 2210.626451] ? do_syscall_64+0x1d5/0x640 [ 2210.630510] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2210.635872] ? sock_kzfree_s+0x50/0x50 [ 2210.639762] ? netlbl_enabled+0x5/0x50 [ 2210.643655] ? __ip_dev_find+0x248/0x470 [ 2210.647724] ? lock_acquire+0x170/0x3f0 [ 2210.651704] __ip_append_data+0x11ec/0x1ff0 [ 2210.656027] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2210.661308] ? ip_do_fragment+0x1f50/0x1f50 [ 2210.665830] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2210.670853] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2210.676051] ? ip_setup_cork+0x6b0/0x6b0 [ 2210.680121] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2210.685317] ? ipv4_mtu+0x27e/0x370 [ 2210.688951] ? ip_do_fragment+0x1f50/0x1f50 [ 2210.693274] ip_make_skb+0x167/0x1b0 07:18:28 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="800000000206050000000000000000000c00000a0500050000000000480007800c000180080001400000000005001400070000000805000000001000080017400000000105000300e4000000060005404e220000080013400000000605001500800000000500040002000000120003006269746d61703a69702c6d6163000000"], 0x80}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010101"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000400)={0x2, 0xecc3, 0x8000, 0x800, 0xffffffffffffffff}) ioctl$BTRFS_IOC_INO_PATHS(r3, 0xc0389423, &(0x7f00000004c0)={0xd6, 0x48, [0x4, 0x101, 0xffffffffffffffe1, 0xffffffffffffffff], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$TIOCL_SCROLLCONSOLE(r5, 0x541c, &(0x7f0000000040)={0xd, 0x1ff}) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r5, 0x84, 0x70, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e20, @private=0xa010101}}, [0xdd31, 0x9, 0x1, 0x1, 0x80, 0x4, 0x401, 0x9, 0x8, 0x8, 0x0, 0x9, 0x1, 0xe79, 0x9]}, &(0x7f0000000080)=0x100) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000240)={0x7, 0x8000, 0x200, 0xff, r6}, &(0x7f0000000280)=0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2210.696998] ? ip_flush_pending_frames+0x20/0x20 [ 2210.701761] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2210.706779] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2210.712326] ? xfrm_lookup_route+0x43/0x1b0 [ 2210.716663] udp_sendmsg+0x156f/0x1c00 [ 2210.720571] ? ip_do_fragment+0x1f50/0x1f50 [ 2210.724905] ? udp_seq_next+0xa0/0xa0 [ 2210.728714] ? __might_fault+0x104/0x1b0 [ 2210.732778] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2210.737531] ? lock_acquire+0x170/0x3f0 [ 2210.741521] ? dup_iter+0x240/0x240 [ 2210.745164] ? kernel_recvmsg+0x210/0x210 07:18:28 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000e8030103000000000000000000000000080003400000000006000640000200000500010001ac4c21bb09e129fd66c0fd643a0b0302ebac2f334449d7c4ad186034abff43da69def0fd5f58c102a12340081495c4e3d534466c8fb2cb30efa23e"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = socket$inet_udp(0x2, 0x2, 0x0) fstat(r5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r6) getuid() syz_mount_image$bfs(&(0x7f0000000040)='bfs\x00', &(0x7f0000000080)='./file0\x00', 0x8000, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="ab9bd96ba9fff59d47", 0x9, 0x2caa}], 0x2800000, &(0x7f00000002c0)={[{'rQaw\x00'}, {'raw\x00'}, {'macsec0\x00'}, {}, {'-,:[.(\\'}, {'\a\x00\x00\x00\x00'}, {'NFLOG\x00'}, {'&'}], [{@smackfsdef={'smackfsdef', 0x3d, '&)\\)\''}}, {@uid_lt={'uid<', r6}}, {@context={'context', 0x3d, 'staff_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0x66, 0x31, 0x31, 0x61, 0x62, 0x33, 0x66, 0x32], 0x2d, [0x38, 0x64, 0x32, 0x63], 0x2d, [0x33, 0x39, 0x36, 0x33], 0x2d, [0x32, 0x34, 0x66, 0x39], 0x2d, [0x63, 0x66, 0x33, 0x36, 0x35, 0x62, 0x33, 0x36]}}}, {@appraise_type='appraise_type=imasig'}, {@appraise='appraise'}, {@smackfshat={'smackfshat', 0x3d, '&\xef-'}}, {@smackfsroot={'smackfsroot', 0x3d, '\x00'}}]}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2210.749324] inet_sendmsg+0x11a/0x4e0 [ 2210.753124] ? security_socket_sendmsg+0x83/0xb0 [ 2210.757874] ? inet_recvmsg+0x4d0/0x4d0 [ 2210.761850] sock_sendmsg+0xb5/0x100 [ 2210.765572] ___sys_sendmsg+0x326/0x800 [ 2210.769550] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2210.774315] ? lock_downgrade+0x740/0x740 [ 2210.778470] ? trace_hardirqs_on+0x10/0x10 [ 2210.782738] ? up_read+0x17/0x30 [ 2210.786104] ? __do_page_fault+0x19a/0xb50 [ 2210.790338] ? retint_kernel+0x2d/0x2d [ 2210.794229] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2210.799248] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2210.804003] ? __might_fault+0x104/0x1b0 [ 2210.808065] ? lock_acquire+0x170/0x3f0 [ 2210.812048] __sys_sendmmsg+0x129/0x330 [ 2210.816020] ? SyS_sendmsg+0x40/0x40 [ 2210.819742] ? __mutex_unlock_slowpath+0x75/0x770 [ 2210.824583] ? wait_for_completion_io+0x10/0x10 [ 2210.829255] ? vfs_write+0x319/0x4d0 [ 2210.832974] ? fput+0xb/0x140 [ 2210.836088] ? SyS_write+0x14d/0x210 [ 2210.839806] ? SyS_read+0x210/0x210 [ 2210.843563] SyS_sendmmsg+0x2f/0x50 [ 2210.847190] ? __sys_sendmmsg+0x330/0x330 07:18:28 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$USBDEVFS_DISCSIGNAL(r4, 0x8010550e, &(0x7f0000000040)={0x2, &(0x7f0000000140)="847e80ca77b571835dbf655b67ec0d015d08b12ebc727d7a02d945fdbf6c24d477f9132478d757279e6c02b1c084e3f3ea9657f36503a72cf379c195d59dfa71f8555fb01aa7beee881a96bb4467965b95754be44d9ee0bee743524804abbb340ed4ff2dce9d5591da168fc763d42fa53efd95eff693c4ae507f49e7f6c33b5d9509af715d3ea1a72791c42de80b3ef0741a409bf3a4bf450d03523b5f47f159880bfcf98940261eccaca7b7"}) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f0000000080)={0x0, 0x1}, &(0x7f0000000200)=0x8) [ 2210.851346] do_syscall_64+0x1d5/0x640 [ 2210.855236] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2210.860424] RIP: 0033:0x45e179 [ 2210.863606] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2210.871317] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2210.878587] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2210.885859] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2210.893154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000026 [ 2210.900425] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:30 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x42, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb"}}], 0x1c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:30 executing program 5 (fault-call:5 fault-nth:39): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:30 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000040)={0x8, &(0x7f0000000300)=[{}, {@fixed}, {}, {@fixed}, {}, {@fixed}, {}, {@fixed}]}) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles\x00', 0x0, 0x0) ioctl$LOOP_CLR_FD(r1, 0x4c01) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:18:30 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x406, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x4, 0x40400) getsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, &(0x7f0000000140)={{{@in=@broadcast, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@multicast1}}, &(0x7f0000000240)=0xe8) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=@deltclass={0x40, 0x29, 0x20, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xc, 0x9}, {0x9, 0xa}, {0x4, 0xfff2}}, [@tclass_kind_options=@c_atm={{0x8, 0x1, 'atm\x00'}, {0xc, 0x2, [@TCA_ATM_EXCESS={0x8, 0x4, {0xb, 0x9}}]}}, @TCA_RATE={0x6, 0x5, {0x2, 0x3}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x8000) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340)={0x8, 0x2, 0x0, 0x7, 0x4, 0x40, 0xa0, 0x7, 0x77, 0x9, 0x5, 0x2, 0x20, 0x6}, 0xe) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2212.653611] net_ratelimit: 10 callbacks suppressed [ 2212.653616] ip_tables: iptables: counters copy to user failed while replacing table [ 2212.669224] ip_tables: iptables: counters copy to user failed while replacing table [ 2212.678816] nla_parse: 6 callbacks suppressed [ 2212.678822] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2212.681661] FAULT_INJECTION: forcing a failure. [ 2212.681661] name failslab, interval 1, probability 0, space 0, times 0 [ 2212.704570] ip_tables: iptables: counters copy to user failed while replacing table [ 2212.716471] CPU: 1 PID: 8773 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2212.721896] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2212.724292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2212.724297] Call Trace: [ 2212.724316] dump_stack+0x1b2/0x283 [ 2212.724332] should_fail.cold+0x10a/0x154 [ 2212.724346] should_failslab+0xd6/0x130 [ 2212.756583] kmem_cache_alloc+0x40/0x3c0 [ 2212.760640] dst_alloc+0xed/0x6d0 [ 2212.764082] rt_dst_alloc+0x6b/0x430 [ 2212.767785] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2212.773180] ip_route_output_key_hash+0x195/0x2a0 [ 2212.778031] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2212.783642] ? udp_sendmsg+0xe45/0x1c00 [ 2212.787600] ? lock_acquire+0x170/0x3f0 [ 2212.791556] ? lock_downgrade+0x740/0x740 [ 2212.795692] ip_route_output_flow+0x22/0xb0 [ 2212.800005] udp_sendmsg+0x13b5/0x1c00 [ 2212.803936] ? ip_do_fragment+0x1f50/0x1f50 [ 2212.808241] ? udp_seq_next+0xa0/0xa0 [ 2212.812023] ? __might_fault+0x104/0x1b0 [ 2212.816069] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2212.820808] ? lock_acquire+0x170/0x3f0 [ 2212.824767] ? dup_iter+0x240/0x240 [ 2212.828467] ? kernel_recvmsg+0x210/0x210 [ 2212.832662] inet_sendmsg+0x11a/0x4e0 [ 2212.836444] ? security_socket_sendmsg+0x83/0xb0 [ 2212.841182] ? inet_recvmsg+0x4d0/0x4d0 [ 2212.845181] sock_sendmsg+0xb5/0x100 [ 2212.848885] ___sys_sendmsg+0x326/0x800 [ 2212.852849] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2212.857767] ? lock_downgrade+0x740/0x740 [ 2212.861955] ? trace_hardirqs_on+0x10/0x10 [ 2212.866186] ? up_read+0x17/0x30 [ 2212.869549] ? __do_page_fault+0x19a/0xb50 [ 2212.873803] ? retint_kernel+0x2d/0x2d [ 2212.877673] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2212.882687] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2212.887441] ? __might_fault+0x104/0x1b0 [ 2212.891505] ? lock_acquire+0x170/0x3f0 [ 2212.895466] __sys_sendmmsg+0x129/0x330 [ 2212.899463] ? SyS_sendmsg+0x40/0x40 [ 2212.903187] ? __mutex_unlock_slowpath+0x75/0x770 [ 2212.908014] ? wait_for_completion_io+0x10/0x10 [ 2212.912755] ? vfs_write+0x319/0x4d0 [ 2212.916452] ? fput+0xb/0x140 [ 2212.919540] ? SyS_write+0x14d/0x210 [ 2212.923237] ? SyS_read+0x210/0x210 [ 2212.926865] SyS_sendmmsg+0x2f/0x50 [ 2212.930471] ? __sys_sendmmsg+0x330/0x330 [ 2212.934609] do_syscall_64+0x1d5/0x640 [ 2212.938481] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2212.943670] RIP: 0033:0x45e179 [ 2212.946840] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 07:18:31 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400203) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2212.954534] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2212.961797] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2212.969621] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2212.976870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000027 [ 2212.984120] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c [ 2213.033855] ip_tables: iptables: counters copy to user failed while replacing table [ 2213.050978] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2213.086623] ip_tables: iptables: counters copy to user failed while replacing table [ 2213.094739] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. 07:18:31 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x40, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) fcntl$dupfd(r2, 0x0, r1) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:31 executing program 5 (fault-call:5 fault-nth:40): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:31 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000000104010300000000e400000000000000080003c00000000006000640190200000500010094"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(0xffffffffffffffff, 0xc0385720, &(0x7f0000000180)) bind$inet(r2, &(0x7f0000000140)={0x2, 0x2, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) r5 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) r6 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r6, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) setsockopt$llc_int(r6, 0x10c, 0x5, &(0x7f0000000040)=0x4000, 0x4) socket$nl_sock_diag(0x10, 0x3, 0x4) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000080)) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r5, 0xf503, 0x0) 07:18:31 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1\x00', 0x19d5c6, 0x0) ppoll(&(0x7f0000000000)=[{r0}], 0x1, 0x0, 0x0, 0xffffffffffffff9e) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:18:31 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) fcntl$dupfd(r2, 0x0, r1) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2213.564530] ip_tables: iptables: counters copy to user failed while replacing table [ 2213.614647] FAULT_INJECTION: forcing a failure. [ 2213.614647] name failslab, interval 1, probability 0, space 0, times 0 [ 2213.616180] ip_tables: iptables: counters copy to user failed while replacing table [ 2213.645192] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2213.655501] CPU: 1 PID: 8811 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2213.663311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2213.672685] Call Trace: [ 2213.675287] dump_stack+0x1b2/0x283 [ 2213.678935] should_fail.cold+0x10a/0x154 [ 2213.683092] should_failslab+0xd6/0x130 [ 2213.687074] kmem_cache_alloc_node+0x263/0x410 [ 2213.691679] __alloc_skb+0x5c/0x510 [ 2213.695315] alloc_skb_with_frags+0x85/0x500 [ 2213.699744] sock_alloc_send_pskb+0x577/0x6d0 [ 2213.704233] ? SyS_sendmmsg+0x2f/0x50 [ 2213.708130] ? do_syscall_64+0x1d5/0x640 [ 2213.712195] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2213.717573] ? sock_kzfree_s+0x50/0x50 [ 2213.721465] ? netlbl_enabled+0x5/0x50 [ 2213.725351] ? __ip_dev_find+0x248/0x470 [ 2213.729422] ? lock_acquire+0x170/0x3f0 [ 2213.733392] __ip_append_data+0x11ec/0x1ff0 [ 2213.737724] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2213.742910] ? ip_do_fragment+0x1f50/0x1f50 [ 2213.747241] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2213.752258] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2213.757449] ? ip_setup_cork+0x6b0/0x6b0 [ 2213.761516] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2213.766706] ? ipv4_mtu+0x27e/0x370 [ 2213.770339] ? ip_do_fragment+0x1f50/0x1f50 [ 2213.774662] ip_make_skb+0x167/0x1b0 [ 2213.778517] ? ip_flush_pending_frames+0x20/0x20 [ 2213.783283] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2213.785521] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2213.788475] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2213.788493] ? xfrm_lookup_route+0x43/0x1b0 [ 2213.788505] udp_sendmsg+0x156f/0x1c00 [ 2213.788518] ? ip_do_fragment+0x1f50/0x1f50 [ 2213.802394] ip_tables: iptables: counters copy to user failed while replacing table [ 2213.802616] ? udp_seq_next+0xa0/0xa0 [ 2213.826932] ? __might_fault+0x104/0x1b0 [ 2213.830996] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2213.835763] ? lock_acquire+0x170/0x3f0 [ 2213.839746] ? dup_iter+0x240/0x240 [ 2213.843484] ? kernel_recvmsg+0x210/0x210 [ 2213.847635] inet_sendmsg+0x11a/0x4e0 [ 2213.851436] ? security_socket_sendmsg+0x83/0xb0 [ 2213.856191] ? inet_recvmsg+0x4d0/0x4d0 [ 2213.860171] sock_sendmsg+0xb5/0x100 07:18:31 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2213.863883] ___sys_sendmsg+0x326/0x800 [ 2213.867855] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2213.872616] ? lock_downgrade+0x740/0x740 [ 2213.876773] ? trace_hardirqs_on+0x10/0x10 [ 2213.881015] ? up_read+0x17/0x30 [ 2213.884383] ? __do_page_fault+0x19a/0xb50 [ 2213.888614] ? retint_kernel+0x2d/0x2d [ 2213.892504] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2213.897526] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2213.902291] ? __might_fault+0x104/0x1b0 [ 2213.906358] ? lock_acquire+0x170/0x3f0 [ 2213.910346] __sys_sendmmsg+0x129/0x330 [ 2213.914324] ? SyS_sendmsg+0x40/0x40 [ 2213.918056] ? __mutex_unlock_slowpath+0x75/0x770 [ 2213.922901] ? wait_for_completion_io+0x10/0x10 [ 2213.927573] ? vfs_write+0x319/0x4d0 [ 2213.931297] ? fput+0xb/0x140 [ 2213.934405] ? SyS_write+0x14d/0x210 [ 2213.938120] ? SyS_read+0x210/0x210 [ 2213.941837] SyS_sendmmsg+0x2f/0x50 [ 2213.945460] ? __sys_sendmmsg+0x330/0x330 [ 2213.949634] do_syscall_64+0x1d5/0x640 [ 2213.953529] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2213.958728] RIP: 0033:0x45e179 07:18:32 executing program 5 (fault-call:5 fault-nth:41): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2213.961913] RSP: 002b:00007fb075f5cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2213.969619] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2213.976889] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2213.984160] RBP: 00007fb075f5cca0 R08: 0000000000000000 R09: 0000000000000000 [ 2213.991430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000028 [ 2213.998706] R13: 00007ffec7e3704f R14: 00007fb075f5d9c0 R15: 000000000118cff4 [ 2214.004019] ip_tables: iptables: counters copy to user failed while replacing table [ 2214.045159] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2214.066763] ip_tables: iptables: counters copy to user failed while replacing table [ 2214.096080] FAULT_INJECTION: forcing a failure. [ 2214.096080] name failslab, interval 1, probability 0, space 0, times 0 [ 2214.107982] CPU: 1 PID: 8824 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2214.114460] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2214.115788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2214.115792] Call Trace: [ 2214.115810] dump_stack+0x1b2/0x283 [ 2214.115827] should_fail.cold+0x10a/0x154 [ 2214.115842] should_failslab+0xd6/0x130 [ 2214.148041] kmem_cache_alloc_node_trace+0x25a/0x400 [ 2214.153161] __kmalloc_node_track_caller+0x38/0x70 [ 2214.158102] __alloc_skb+0x96/0x510 [ 2214.161739] alloc_skb_with_frags+0x85/0x500 [ 2214.166158] sock_alloc_send_pskb+0x577/0x6d0 [ 2214.170648] ? SyS_sendmmsg+0x2f/0x50 [ 2214.174446] ? do_syscall_64+0x1d5/0x640 [ 2214.178510] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2214.183879] ? sock_kzfree_s+0x50/0x50 [ 2214.187763] ? netlbl_enabled+0x5/0x50 [ 2214.191648] ? __ip_dev_find+0x248/0x470 [ 2214.195712] ? lock_acquire+0x170/0x3f0 [ 2214.199690] __ip_append_data+0x11ec/0x1ff0 [ 2214.204012] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2214.209205] ? ip_do_fragment+0x1f50/0x1f50 [ 2214.213536] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2214.218549] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2214.223724] ? ip_setup_cork+0x6b0/0x6b0 [ 2214.227767] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2214.233006] ? ipv4_mtu+0x27e/0x370 [ 2214.236621] ? ip_do_fragment+0x1f50/0x1f50 [ 2214.240937] ip_make_skb+0x167/0x1b0 [ 2214.244654] ? ip_flush_pending_frames+0x20/0x20 [ 2214.249413] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2214.254425] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2214.259974] ? xfrm_lookup_route+0x43/0x1b0 [ 2214.264324] udp_sendmsg+0x156f/0x1c00 [ 2214.268215] ? ip_do_fragment+0x1f50/0x1f50 [ 2214.272594] ? udp_seq_next+0xa0/0xa0 [ 2214.276382] ? __might_fault+0x104/0x1b0 [ 2214.280434] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2214.285185] ? lock_acquire+0x170/0x3f0 [ 2214.289148] ? dup_iter+0x240/0x240 [ 2214.292781] ? kernel_recvmsg+0x210/0x210 [ 2214.296913] inet_sendmsg+0x11a/0x4e0 [ 2214.300722] ? security_socket_sendmsg+0x83/0xb0 [ 2214.305468] ? inet_recvmsg+0x4d0/0x4d0 [ 2214.309428] sock_sendmsg+0xb5/0x100 [ 2214.313143] ___sys_sendmsg+0x326/0x800 [ 2214.317116] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2214.321869] ? lock_downgrade+0x740/0x740 [ 2214.326012] ? trace_hardirqs_on+0x10/0x10 [ 2214.330252] ? up_read+0x17/0x30 [ 2214.333601] ? __do_page_fault+0x19a/0xb50 [ 2214.337816] ? retint_kernel+0x2d/0x2d [ 2214.341783] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2214.346819] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2214.351569] ? __might_fault+0x104/0x1b0 [ 2214.355627] ? lock_acquire+0x170/0x3f0 [ 2214.359603] __sys_sendmmsg+0x129/0x330 [ 2214.363572] ? SyS_sendmsg+0x40/0x40 [ 2214.367283] ? __mutex_unlock_slowpath+0x75/0x770 [ 2214.372122] ? wait_for_completion_io+0x10/0x10 [ 2214.376791] ? vfs_write+0x319/0x4d0 [ 2214.380509] ? fput+0xb/0x140 [ 2214.383618] ? SyS_write+0x14d/0x210 [ 2214.387331] ? SyS_read+0x210/0x210 [ 2214.390966] SyS_sendmmsg+0x2f/0x50 [ 2214.394593] ? __sys_sendmmsg+0x330/0x330 [ 2214.398745] do_syscall_64+0x1d5/0x640 [ 2214.402638] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2214.407889] RIP: 0033:0x45e179 [ 2214.411071] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2214.418774] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2214.426035] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2214.433289] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2214.440547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000029 [ 2214.447805] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:33 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x42, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb"}}], 0x1c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:33 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0x0, 0x0, '\x00', '\x00', {}, {}, 0x0, 0x0, 0x40}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="50000000010401030000000000000000000000000800034000000000060006400002000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_persist_mode\x00', 0x2, 0x0) ioctl$DRM_IOCTL_ADD_BUFS(r5, 0xc0206416, &(0x7f0000000080)={0x7, 0xffffffff, 0x9, 0x4, 0x10, 0x1}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0xffff, @multicast2}, 0x10) 07:18:33 executing program 2: ppoll(&(0x7f00000002c0)=[{0xffffffffffffffff, 0x2080}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x8080, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x401, 0x5, 0x1, 0x1, 0x1}, 0x8) readv(0xffffffffffffffff, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:18:33 executing program 5 (fault-call:5 fault-nth:42): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2215.676194] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2215.677811] FAULT_INJECTION: forcing a failure. [ 2215.677811] name failslab, interval 1, probability 0, space 0, times 0 [ 2215.693030] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2215.715379] CPU: 1 PID: 8841 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2215.723198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2215.732544] Call Trace: [ 2215.735116] dump_stack+0x1b2/0x283 [ 2215.738873] should_fail.cold+0x10a/0x154 [ 2215.743029] should_failslab+0xd6/0x130 [ 2215.747010] kmem_cache_alloc+0x40/0x3c0 [ 2215.751122] dst_alloc+0xed/0x6d0 [ 2215.754615] rt_dst_alloc+0x6b/0x430 [ 2215.758317] ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2215.763579] ip_route_output_key_hash+0x195/0x2a0 [ 2215.768400] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2215.773924] ? udp_sendmsg+0xe45/0x1c00 [ 2215.777985] ? lock_acquire+0x170/0x3f0 [ 2215.781943] ? lock_downgrade+0x740/0x740 [ 2215.786079] ip_route_output_flow+0x22/0xb0 [ 2215.790378] udp_sendmsg+0x13b5/0x1c00 [ 2215.794244] ? ip_do_fragment+0x1f50/0x1f50 [ 2215.798546] ? udp_seq_next+0xa0/0xa0 [ 2215.802488] ? __might_fault+0x104/0x1b0 [ 2215.806530] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2215.811281] ? lock_acquire+0x170/0x3f0 [ 2215.815250] ? dup_iter+0x240/0x240 [ 2215.818874] ? kernel_recvmsg+0x210/0x210 [ 2215.823004] inet_sendmsg+0x11a/0x4e0 [ 2215.826786] ? security_socket_sendmsg+0x83/0xb0 [ 2215.834301] ? inet_recvmsg+0x4d0/0x4d0 [ 2215.838281] sock_sendmsg+0xb5/0x100 [ 2215.841975] ___sys_sendmsg+0x326/0x800 [ 2215.845946] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2215.850684] ? lock_downgrade+0x740/0x740 [ 2215.854826] ? trace_hardirqs_on+0x10/0x10 [ 2215.859040] ? up_read+0x17/0x30 [ 2215.862384] ? __do_page_fault+0x19a/0xb50 [ 2215.866599] ? retint_kernel+0x2d/0x2d [ 2215.870467] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2215.875477] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2215.880233] ? __might_fault+0x104/0x1b0 [ 2215.884275] ? lock_acquire+0x170/0x3f0 [ 2215.888248] __sys_sendmmsg+0x129/0x330 [ 2215.892200] ? SyS_sendmsg+0x40/0x40 [ 2215.895899] ? __mutex_unlock_slowpath+0x75/0x770 [ 2215.900720] ? wait_for_completion_io+0x10/0x10 [ 2215.905382] ? vfs_write+0x319/0x4d0 [ 2215.909075] ? fput+0xb/0x140 [ 2215.912176] ? SyS_write+0x14d/0x210 [ 2215.915867] ? SyS_read+0x210/0x210 [ 2215.919488] SyS_sendmmsg+0x2f/0x50 [ 2215.923108] ? __sys_sendmmsg+0x330/0x330 [ 2215.927235] do_syscall_64+0x1d5/0x640 [ 2215.931110] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2215.936280] RIP: 0033:0x45e179 [ 2215.939450] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2215.947135] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2215.954384] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2215.961634] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2215.968881] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002a 07:18:34 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000010401030000000000000021c77e335020a700000000000800034000000000060006400002000005000100010719d304ee9cf77bb5819f50f0726aa90ac994ae9020899c478ae5379d5452856be8fad5ff85cc13d161d3f384305a2dfe8ce0de5ea500c70031f0e98d0cbfd5bfce1e16ff528d051b043ec90fe0b87f81a2bcb70239251426aadc025c9d96f306a4cd6643c8d52c988ed2c77ae8906917400354"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2215.976147] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:34 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x40, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:34 executing program 5 (fault-call:5 fault-nth:43): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:34 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000004a780b8fbdde17d0b95a72f7be859701040103000000000000000000000000080003400000"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x100440, 0x0) ioctl$VT_RELDISP(r5, 0x5605) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:34 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:18:34 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x3, 0xfd, @time={0xaae, 0xc16e}, {}, {}, @quote={{0x5d, 0x81}, 0x7f, &(0x7f00000001c0)={0x2, 0x3, 0x0, 0x3f, @tick=0x8, {0x8, 0xc0}, {0x2, 0x38}, @ext={0x1000, &(0x7f00000002c0)="c6858dec0433dbe2bab3f373e02c5d9273b184b30326a06078e419fe04e1d8835ff493419675972eb1432fc2af1a652cb03d21df5d035a208a5f6601ef2786671792865e7e900c645113376ea20ddeb47f728da715e5cb2dbbf67d89059d3bce4105783bfaec72f553a0e9ae57727f92f7901f3b5f471540ce6ed1cc6f4207dd1179e92833e1a812126c8d1d285945fb08cb23bb19834f974dfe356884e60e3cc050310d3161f321400f68ccb776d039d9515a396b4f2089fe203ff6633290339bbc593f6fa7d8f59050b5dd3b144bb3a29255bf9dbeb790b59a0690aee54cb94941d11da791de85e98d9e9feb970f4edec4f1080de20b565fb1fc17d0fb361560c217f5e4ecc1b855ac75412afad45cb8eda8db82d35e5c7fa609753d6c2eafca978546f93cb234dc478ea49dd03948ce1b5cf72b47b92ce3977ee41eebcbf2eefa6b3958c3b38bb91a3af607b966556bcea838e0488263c6a3b967ccba438631633ffcfcf120a1636fd30a4ef4cf83bea90a5513e2a927ae8f477b50dbb43f6ffd336d1e34c02b3aef5f1fce0450477a4a9c30363cca5aa5bc4091490710be9763db5ad4db1ca66576da770dd600c69e006ee50c85b24e3c1be86b06571a0b820ec19c4651890e260196e131a40f6a443fafad9332a48e791c4d85fdae7784d7d1d29fd9f7efb5c56c1c4e42c52aa4052bae719cbe0a278d3f206ca4d7f4e6fcc9b238a314919ebca4d2231e0bb84fbc314ce695eee11f29a125b78c424b3f41e3d56283c8bb054ba32562fce139758ca73db80766bc753f14b1d3405506ed50e8b85f8abb84ed4ca0fde9fe001f7a6f1611aaa0091c3202d99c59e797282ddaf8bbad6bbc2a3c16b91699932a4cb637b61643239c5299867c6dd8eb26772e7752eaa1caaa105b6add51f695b508657c91dc907079554a8aa1f14f47556b67da01a81bc043a01b6ddd2ae39e28bc8f30240bf1409f08d89de300df1449a542cb173b68d17f7b06ef26c93fde86e9119ca14a20e35c92587df7ce0524388220e32d68e28e3b44b7fb063976de42a97f4ffa8deb23298f3cb3fad5a0345002ebf43638e0d390df4b37f50bd7e37411cd3756031e88c49d90befb9b3555ae3e530c1671bc8e6ee3716fde7e61cbd7f6eed196a373203a59709f5234d347499a83b65dc5e54ae5eba602ddb49d6b4fa4e4b241f0c6429512e39e48b7cde534157f3d870bf69761c172de771bc654bcf4e01b83d43e81ca18aae3202f5306c2d9164ebcfc1080d6d02fe014210ba9256f464ad44916e984d7f4f3e8c170e261a7f65fe8cb345324050f65c598f908adaad6368339896443a666bf2645f79de2aeeef3702107e260416b4771ed4ed4e4cc63ecd56c4f4a7ba6299636a1191b92c5590fcf0e6955a388cc48dd179d097480fd6b805e9e1f5996e9733c98837eee0041e22b5561c63fd0f5b38e72e3773516a0eb621c456686de1c662061122efd8093dcf8f24a7011d3c49255dcccda64188392bcc304ef32fc5c8ebd637b0f435bcdc0a4367c6b10f01eddbca0769972ed9fae65cf62a3550d78e5234a59745f35a0ae657994dad434ce88706bd5d89d84d2b1896da1e47980ea13042ea709a0fb35c4f1e557063ccf644e08822c34403766be8c7503773d4b0f4391e86160af13bf2e0233d4d26d712494f0d2bf7001db170c70936b3e705607e9021e809131db85cef130a5458e7fbd20d5c0d821ea98e6a409b345a335f9c7e8b549d9754b1244b5d67636fa5bd61006e82c37cf23f842ebec607fe2abee136e392c5ef274dc5bfe149c1ee1bf7504c69e1f36ac3a7e3165ed1c9501cf186ed8b36e862c1c78e1b827cbeec4e18ccd432f5f4098180f1c352619d6a6026a50bc605a00055c85fcb1fa9f524033eaf763c83342beb9c3abc84d9059a6fa4ca318b25dd5c69b5de2d6e645a2f282a0456ef1fb2dce862d6df6b18302597864f3c923a6c08417f190e92246fb0fc7eaf0c89165fa7f008ecdcc6764069160ad6fb682dcca75cfc3edc48471bfe963e34eedf82f53b10493c6011fc8766ae4500f6c4bbdb8f38681199e18662bccffe2357e04c8723c8511f608a230b16f5e3963dd5028c69bfb00e7a2a11a341b7464dadc09c1f2ffe5925c19ffed5fbbd150caf8c8580f997719572ab620b4a3e7ba54d80633350c9c4b12de389d00618726342b0c96bd185b2971a287f5fff5423b60dfc502426af98064b7247716696a0b2303e4497ad35d721eec448f6f792fcfb22ed3fd64758559f07d0f98beabd61d5d34fb4bb130bffaa5d71dae579976ef00328a95d40bdd3c4845f32bab29d19f0765d0032a2a4e1a0965e9fcf4132c3cf648a6ef81259d9a834dad27352d0c2478ad2c0d753ddace4e7103e3cf16817e8a2b57f8753c636f715293e71414f7dbc8723751a4b3e7a4422b7bb3a24a9eb3d980d8219656785932a30cb94ba44deaf539adabd21238bbd5e7edf936ee3fc2876c607c5d06d261bf7317a591716684a86bc46b21a212a5c05f4cd4c0cc2cf5e4bacb87c911758e26c7be215f24faefa356f786c466e72119030edde38fe1454709ebe5b8a7b141ce7b56cc9834ef092315299f778e7d3d363b2d5b7172407a120b301c189ecb9f5d0a4cc4721a68423deb5b32efd851e058041a2d7a7e21dbe4fc5331f8ecaff06093f4b3af26b1e4c8b3a011c1f183bff47010e1f08db69fe236c5109c43396a502f7fbfa3f67d7df856a2a6f4ddaa9a4c7eecff676918048740e16ecb2e0186969b015c8ac96325973c892dbf11994545589836da97b53d4aba6d64202ae1549bf4af7d0d1bae917cfc2799a6ad47084255e907c9128f3db3879fa82ad2a105883c4bf38b969baf7909482af12ccac02544e5d78ff454b571a09b181c2636d8a6df27c33ea51d3c623077837b4f928e2d3e2ee9ed5e062f6da71f6ac34978de29bc34c04d41c845239832b280b3a898e46f958ae70d99c9e52dd61b9e5d20da5635288c1642c20a73da633fb58fb822ca132b016759d4bc1a441f903e8c2463bf90a21b8f02a55506f093114a53152092e888f3a9f26111c48eb5e27cbb71e77619e7264b5a98d9a3c78040e3fab5585795bfee38d2c530abcc53061c7a379b185b17aaab3e867638838c939f8a29a65db44a58f501b9635722d15e389c4de28a3884445fab36bca21bbe988e6e45eaba84f0a3913957a4d922eca8be4448cb55ef7c1f35d53607ebdf9414e605a0f0778b201b090c1525dbd101be66559b3b12b92cf9ec87d01d27a8f23fcb04cb78042293ca0ddd58f6bc3b520dd9f3a9c53139f8798e3b49fc691b53f27dfc054ec617b66aae8d0450b1831490b95215680cfc1527fb4e914135aa98f8beb002e039a309e9594238a7c53e612d512a1edeea89358a256248771211cae3f726ae3e67cd6e85ab7147ec5ff2d54bb8fb95e39be9b4212898fc8527ed2d2d71faf8a722a37458998bd4aae4d3e398deaf9a1362a3593108a114031c06fe42df6d5b8f9f33899128cc196a728cb4857f4f7b8a3a5167fa7fa7e68216f734934fbb5b42529a1a74d1164b18f3682c5adbc8d9951a3944949a0fb650fb7cc9e18669de944941efe3884dd9be48cd4e6043e78b378c79e7abe46c32ad6164fec0cf009ae194abef0690a1c41bd8950c126aad58676cb39fa0e5bb6ed5f3e4d4f9bb21fceb1a1a41c18c1d79fc8408c37ec51e018d8b120a4101493c7e59faae06bd83123bacf1d4a41b500402e2d0c2b51ff489a9c06166488e767e9ad73cc2dd7ce4b84c1d187322e92c92b61e327c8e2c6f04d8fa9b8ebcc673b66a8491a455fe60947a5331739c2fc161e2b3fe09cc8a91d44fdd4b308b9b5b9648854813982897d165278ea5c18bdc5d2f473b973dcf03d01a20414e1994ce221f5b059dffd8956f0e72c34510ece0b9aa10ccdab04ec1a3d15b3ac165ce6af0eedf73a810549020302ada287d665f3f621c4e83e65bbe04f7ef60ec9b210ec31241d560eeea6d8de9ecd6d2ddac9ecf89cf33c2365d1de2241a18ef4fb2c75e6736962d9b81af9813eb5d5730da3d6048f7df8d933d03ec51db96397697c22564dc181da983650e7918ac2d134e176e174f5bb9145b59bf25f4d9ebc02bec6d2baad40f8eb9ea6c8dcb542b7425e66d3bd62a4a9cd025a9e9861692015e3229fbd27224f98a32becaefb0063c49cbc468ee99225ea714c9a17668586eebc003968c4bf7c77c8d720ef3e7358acdd3025b86e67565c34775bbee5c18ca23d4547041121e8e637d4238e88ec7f98adbbb8111305155fb6e780bf727e56da9e966e0983ef94cab4768c675d0935af1a315d4c2c30c87bfeea483d3840c301e7b625b691b916253b74ea32a79f215673b79369ef65adf3d66f7c83a53d051859320e68103c611f2b85f35bf358dc166fddf51cf63f108645a44b24d30f2f13f908d5cc4c1c014fc1c973693ca7ac2c470816e312b7861900f9d9af20057118080c4d07c4d1b8815f53b53d0e4df7c61f00746c0b7e7793b1251d9416bf4113094bb6020aa2306bdcc11c404c8d71e1ed72fad0495f0e9178cbf49dcf9f2088686491d629c9fdfe2ba4f76934a0d74bfefc2e5674f0116bb0637336f5a30c3004c6eda9848c3f2497b9493d4617f02f7b58b73a2bda04bfe68553cd3764a8e6d40464012b68650b68fe8cb3c6ac4142f0acb19dea10a84de7f974612a55b2eb687eb9a1dd55b341e9053cb127845970d7babaa960058606624d16ee5799286e3895ad43b3bf53374ad75698c7f64bd323e3d31b25cb415d3958aba70819a5b2b56ebbfc478734599858a6f8d75ad59507ef3aaaa47a71cd20113879780659cd18783c243921963ce1ef98971c4de04b0500993033e8479a5f71a556cc0349143bf573edced526829d3263d37989bce4e91dcb33fad3e6109aa1eec5a3d3e6fe1433c0cc5213f744f2605d8f5090d401ff59e98781bb1fb38a1e0444f7e0b38602c1a6db977ddbb00289403879ace55a96e884404e3e49418f2651baa6662dd3520b05de5c7b62b7dbc3344eddab3945931a834d935142e647f305f3495d9afd432a15865d6698712518d8a2e47302802b9e37281933a1e7c944c42272b43686c61ecedbcb48fbbdea85cbafcad721c629e0b6c058d91f0a1edb86c9171ed0da7981ed66faca85f5c3c5bff8a03dc8bff412bad82d1ff32343d085df399a6cbd4b3da5dc53caafbd320a53e008a95cdd74abd21b99e7157cac5e733dd42156397d1368b97ca507631042dda8af9819a8e231126a1cdf6b6c26e86736d2989db5fdceda17500c13b7da1e0b2b6d50002df62b16e373e82d084ecc1f7d84d1b8dc0e4c51ae694a4c6f174f5b0282efa6c286872db24a1f018ce5201d56e7cacfeea65cea8ef28e9a26029b669e3818481b564ceb4f3d5b0ceb73d050f3ee0e2391aa24f0bd07914f6e8b4f6c4aa4109989f971708a767ec248d4984fde55e0a317570937cba4585839a112820a3a62d3b1ef7d48faa5d008d2333e53031473be05da8df1d238bdd478089b9f5d755851c1872b2fd77793187def4826da5e5319213eadc4883de061ec288081bd63831b347805d705d1d9d111fa58f8ab792107957321ff95caed1e6043f2f73b3410048a2d502e9e84be0230cbcbf9d5b2555adf07ae3d69e14138f3b4cdd13e91b82da5a538798e91c1c943c912877321c71d18a6325f50051a251ef7d7632bcb751ccddca78c9596b0d49be0cc961715cc03e2c80a64fc9770919ecf490396d"}}}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) syz_mount_image$bfs(&(0x7f0000000200)='bfs\x00', &(0x7f0000000240)='./file0\x00', 0x401, 0x0, &(0x7f00000012c0), 0x3002008, &(0x7f0000001300)={[{}, {'!-'}, {'^.'}, {'\\@'}, {'#,\\'}, {'))'}], [{@appraise_type='appraise_type=imasig'}]}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet6_MRT6_DEL_MFC(r3, 0x29, 0xcd, &(0x7f0000000140)={{0xa, 0x4e22, 0x7fffffff, @empty, 0x9}, {0xa, 0x4e21, 0x1, @mcast2, 0x1f000}, 0x100, [0x5, 0x9, 0x1, 0xed83, 0x7fff, 0x649, 0xd06f, 0xccc4]}, 0x5c) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2216.602883] FAULT_INJECTION: forcing a failure. [ 2216.602883] name failslab, interval 1, probability 0, space 0, times 0 [ 2216.617700] CPU: 0 PID: 8863 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2216.625616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2216.634972] Call Trace: [ 2216.637573] dump_stack+0x1b2/0x283 [ 2216.641214] should_fail.cold+0x10a/0x154 [ 2216.645368] should_failslab+0xd6/0x130 [ 2216.649344] kmem_cache_alloc_node+0x263/0x410 [ 2216.653934] __alloc_skb+0x5c/0x510 [ 2216.657569] alloc_skb_with_frags+0x85/0x500 [ 2216.661988] sock_alloc_send_pskb+0x577/0x6d0 [ 2216.666485] ? SyS_sendmmsg+0x2f/0x50 [ 2216.670294] ? do_syscall_64+0x1d5/0x640 [ 2216.674357] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2216.679737] ? sock_kzfree_s+0x50/0x50 [ 2216.683643] ? netlbl_enabled+0x5/0x50 [ 2216.687626] ? __ip_dev_find+0x248/0x470 [ 2216.691698] ? lock_acquire+0x170/0x3f0 [ 2216.695673] __ip_append_data+0x11ec/0x1ff0 [ 2216.699999] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2216.705199] ? ip_do_fragment+0x1f50/0x1f50 [ 2216.709540] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2216.714563] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2216.719754] ? ip_setup_cork+0x6b0/0x6b0 [ 2216.723813] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2216.729004] ? ipv4_mtu+0x27e/0x370 [ 2216.732632] ? ip_do_fragment+0x1f50/0x1f50 [ 2216.736956] ip_make_skb+0x167/0x1b0 [ 2216.740679] ? ip_flush_pending_frames+0x20/0x20 [ 2216.745557] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2216.750584] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2216.756132] ? xfrm_lookup_route+0x43/0x1b0 [ 2216.757339] ttyprintk ttyprintk: tty_port_close_start: tty->count = 1 port count = 3 [ 2216.760451] udp_sendmsg+0x156f/0x1c00 [ 2216.760462] ? ip_do_fragment+0x1f50/0x1f50 [ 2216.760469] ? udp_seq_next+0xa0/0xa0 [ 2216.760478] ? __might_fault+0x104/0x1b0 [ 2216.760484] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2216.760491] ? lock_acquire+0x170/0x3f0 [ 2216.760501] ? dup_iter+0x240/0x240 [ 2216.760510] ? kernel_recvmsg+0x210/0x210 07:18:34 executing program 5 (fault-call:5 fault-nth:44): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:34 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) sendmsg$NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, 0x0, 0x4, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x200, 0x3}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40001}, 0x40) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2216.760517] inet_sendmsg+0x11a/0x4e0 [ 2216.760524] ? security_socket_sendmsg+0x83/0xb0 [ 2216.760530] ? inet_recvmsg+0x4d0/0x4d0 [ 2216.760541] sock_sendmsg+0xb5/0x100 [ 2216.760547] ___sys_sendmsg+0x326/0x800 [ 2216.760554] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2216.760561] ? lock_downgrade+0x740/0x740 [ 2216.760568] ? trace_hardirqs_on+0x10/0x10 [ 2216.760574] ? up_read+0x17/0x30 [ 2216.760581] ? __do_page_fault+0x19a/0xb50 [ 2216.760586] ? retint_kernel+0x2d/0x2d [ 2216.760593] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2216.760599] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2216.760606] ? __might_fault+0x104/0x1b0 [ 2216.760613] ? lock_acquire+0x170/0x3f0 [ 2216.760622] __sys_sendmmsg+0x129/0x330 [ 2216.760628] ? SyS_sendmsg+0x40/0x40 [ 2216.760641] ? __mutex_unlock_slowpath+0x75/0x770 [ 2216.760648] ? wait_for_completion_io+0x10/0x10 [ 2216.760653] ? vfs_write+0x319/0x4d0 [ 2216.760659] ? fput+0xb/0x140 [ 2216.760664] ? SyS_write+0x14d/0x210 [ 2216.760670] ? SyS_read+0x210/0x210 [ 2216.760676] SyS_sendmmsg+0x2f/0x50 [ 2216.760680] ? __sys_sendmmsg+0x330/0x330 [ 2216.760686] do_syscall_64+0x1d5/0x640 [ 2216.760694] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2216.760700] RIP: 0033:0x45e179 [ 2216.760703] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2216.760710] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2216.760713] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2216.760717] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2216.760720] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002b [ 2216.760724] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c [ 2216.865133] FAULT_INJECTION: forcing a failure. [ 2216.865133] name failslab, interval 1, probability 0, space 0, times 0 [ 2216.868429] [ 2216.868432] ====================================================== [ 2216.868436] WARNING: possible circular locking dependency detected [ 2216.868438] 4.14.198-syzkaller #0 Not tainted [ 2216.868441] ------------------------------------------------------ [ 2216.868444] syz-executor.4/8858 is trying to acquire lock: [ 2216.868445] (console_owner){-.-.}, at: [] vprintk_emit+0x32a/0x620 [ 2216.868456] [ 2216.868458] but task is already holding lock: [ 2216.868459] (&(&port->lock)->rlock){-.-.}, at: [] tty_port_close_start.part.0+0x28/0x4c0 [ 2216.868464] [ 2216.868466] which lock already depends on the new lock. [ 2216.868468] [ 2216.868469] [ 2216.868471] the existing dependency chain (in reverse order) is: [ 2216.868472] [ 2216.868473] -> #2 (&(&port->lock)->rlock){-.-.}: [ 2216.868481] _raw_spin_lock_irqsave+0x8c/0xc0 [ 2216.868483] tty_port_tty_get+0x1d/0x80 [ 2216.868485] tty_port_default_wakeup+0x11/0x40 [ 2216.868487] serial8250_tx_chars+0x3fe/0xbf0 [ 2216.868490] serial8250_handle_irq.part.0+0x1f8/0x240 [ 2216.868493] serial8250_default_handle_irq+0x8a/0x1f0 [ 2216.868495] serial8250_interrupt+0xe4/0x1a0 [ 2216.868497] __handle_irq_event_percpu+0xee/0x7f0 [ 2216.868499] handle_irq_event+0xf0/0x246 [ 2216.868501] handle_edge_irq+0x224/0xc40 [ 2216.868503] handle_irq+0x35/0x50 [ 2216.868505] do_IRQ+0x93/0x1d0 [ 2216.868507] ret_from_intr+0x0/0x1e [ 2216.868509] native_safe_halt+0xe/0x10 [ 2216.868511] default_idle+0x47/0x370 [ 2216.868513] do_idle+0x250/0x3c0 [ 2216.868515] cpu_startup_entry+0x14/0x20 [ 2216.868518] start_kernel+0x750/0x770 [ 2216.868520] secondary_startup_64+0xa5/0xb0 [ 2216.868521] [ 2216.868522] -> #1 (&port_lock_key){-.-.}: [ 2216.868529] _raw_spin_lock_irqsave+0x8c/0xc0 [ 2216.868531] serial8250_console_write+0x7a7/0x9d0 [ 2216.868533] console_unlock+0x99d/0xf20 [ 2216.868535] vprintk_emit+0x224/0x620 [ 2216.868537] vprintk_func+0x58/0x152 [ 2216.868539] printk+0x9e/0xbc [ 2216.868541] register_console+0x6f4/0xad0 [ 2216.868543] univ8250_console_init+0x2f/0x3a [ 2216.868545] console_init+0x46/0x53 [ 2216.868547] start_kernel+0x52e/0x770 [ 2216.868550] secondary_startup_64+0xa5/0xb0 [ 2216.868551] [ 2216.868552] -> #0 (console_owner){-.-.}: [ 2216.868559] lock_acquire+0x170/0x3f0 [ 2216.868560] vprintk_emit+0x367/0x620 [ 2216.868562] vprintk_func+0x58/0x152 [ 2216.868564] printk+0x9e/0xbc [ 2216.868567] tty_port_close_start.part.0+0x46c/0x4c0 [ 2216.868569] tty_port_close+0x3b/0x130 [ 2216.868571] tty_release+0x402/0xe20 [ 2216.868573] __fput+0x25f/0x7a0 [ 2216.868575] task_work_run+0x11f/0x190 [ 2216.868577] exit_to_usermode_loop+0x1ad/0x200 [ 2216.868579] do_syscall_64+0x4a3/0x640 [ 2216.868581] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2216.868583] [ 2216.868585] other info that might help us debug this: [ 2216.868586] [ 2216.868588] Chain exists of: [ 2216.868589] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 2216.868597] [ 2216.868600] Possible unsafe locking scenario: [ 2216.868601] [ 2216.868603] CPU0 CPU1 [ 2216.868605] ---- ---- [ 2216.868606] lock(&(&port->lock)->rlock); [ 2216.868611] lock(&port_lock_key); [ 2216.868615] lock(&(&port->lock)->rlock); [ 2216.868620] lock(console_owner); [ 2216.868623] [ 2216.868625] *** DEADLOCK *** [ 2216.868626] [ 2216.868628] 2 locks held by syz-executor.4/8858: [ 2216.868629] #0: (&tty->legacy_mutex){+.+.}, at: [] tty_lock+0x5f/0x70 [ 2216.868636] #1: (&(&port->lock)->rlock){-.-.}, at: [] tty_port_close_start.part.0+0x28/0x4c0 [ 2216.868645] [ 2216.868646] stack backtrace: [ 2216.868650] CPU: 1 PID: 8858 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0 [ 2216.868654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2216.868655] Call Trace: [ 2216.868657] dump_stack+0x1b2/0x283 [ 2216.868660] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 2216.868662] __lock_acquire+0x2e0e/0x3f20 [ 2216.868665] ? trace_hardirqs_on+0x10/0x10 [ 2216.868667] ? kvm_clock_read+0x1f/0x30 [ 2216.868669] ? vprintk_emit+0x342/0x620 [ 2216.868671] lock_acquire+0x170/0x3f0 [ 2216.868673] ? vprintk_emit+0x32a/0x620 [ 2216.868674] vprintk_emit+0x367/0x620 [ 2216.868676] ? vprintk_emit+0x32a/0x620 [ 2216.868678] vprintk_func+0x58/0x152 [ 2216.868680] printk+0x9e/0xbc [ 2216.868682] ? log_store.cold+0x16/0x16 [ 2216.868684] ? lock_acquire+0x170/0x3f0 [ 2216.868686] tty_port_close_start.part.0+0x46c/0x4c0 [ 2216.868689] tty_port_close+0x3b/0x130 [ 2216.868690] ? tpk_open+0x60/0x60 [ 2216.868692] tty_release+0x402/0xe20 [ 2216.868694] ? ima_file_free+0x4f/0x330 [ 2216.868696] ? do_tty_hangup+0x30/0x30 [ 2216.868698] __fput+0x25f/0x7a0 [ 2216.868700] task_work_run+0x11f/0x190 [ 2216.868702] exit_to_usermode_loop+0x1ad/0x200 [ 2216.868704] do_syscall_64+0x4a3/0x640 [ 2216.868707] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2216.868709] RIP: 0033:0x417901 [ 2216.868711] RSP: 002b:00007fff66e6d3b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 2216.868716] RAX: 0000000000000000 RBX: 0000000000000009 RCX: 0000000000417901 [ 2216.868719] RDX: 0000000000000000 RSI: 00000000000004c7 RDI: 0000000000000008 [ 2216.868723] RBP: 0000000000000001 R08: 00000000f1cfc4c8 R09: 0000000000000000 [ 2216.868726] R10: 00007fff66e6d4a0 R11: 0000000000000293 R12: 000000000118d9c0 [ 2216.868729] R13: 000000000118d9c0 R14: ffffffffffffffff R15: 000000000118cff4 [ 2217.517907] CPU: 1 PID: 8889 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0 [ 2217.525816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2217.535151] Call Trace: [ 2217.537722] dump_stack+0x1b2/0x283 [ 2217.541327] should_fail.cold+0x10a/0x154 [ 2217.545453] should_failslab+0xd6/0x130 [ 2217.549534] kmem_cache_alloc_node+0x263/0x410 [ 2217.554111] __alloc_skb+0x5c/0x510 [ 2217.557718] alloc_skb_with_frags+0x85/0x500 [ 2217.562106] ? kasan_kmalloc+0xeb/0x160 [ 2217.566053] ? dst_alloc+0xed/0x6d0 [ 2217.569671] ? rt_dst_alloc+0x6b/0x430 [ 2217.573533] ? ip_route_output_key_hash_rcu+0xab7/0x2990 [ 2217.578960] sock_alloc_send_pskb+0x577/0x6d0 [ 2217.583437] ? SyS_sendmmsg+0x2f/0x50 [ 2217.587224] ? do_syscall_64+0x1d5/0x640 [ 2217.591261] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2217.596608] ? sock_kzfree_s+0x50/0x50 [ 2217.600488] ? netlbl_enabled+0x5/0x50 [ 2217.604351] ? selinux_ip_postroute+0x297/0xa50 [ 2217.609001] ? lock_acquire+0x170/0x3f0 [ 2217.612950] __ip_append_data+0x11ec/0x1ff0 [ 2217.617252] ? lock_acquire+0x170/0x3f0 [ 2217.621223] ? ip_do_fragment+0x1f50/0x1f50 [ 2217.625551] ? rt_set_nexthop.constprop.0+0x4af/0xd20 [ 2217.630764] ? ip_setup_cork+0x6b0/0x6b0 [ 2217.634802] ? rt_set_nexthop.constprop.0+0x452/0xd20 [ 2217.640021] ? ipv4_mtu+0x27e/0x370 [ 2217.643668] ? ip_do_fragment+0x1f50/0x1f50 [ 2217.647966] ip_make_skb+0x167/0x1b0 [ 2217.651658] ? ip_flush_pending_frames+0x20/0x20 [ 2217.656404] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 2217.661395] ? ip_route_output_key_hash_rcu+0x2990/0x2990 [ 2217.666923] ? xfrm_lookup_route+0x43/0x1b0 [ 2217.671237] udp_sendmsg+0x156f/0x1c00 [ 2217.675120] ? ip_do_fragment+0x1f50/0x1f50 [ 2217.679428] ? udp_seq_next+0xa0/0xa0 [ 2217.683220] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 2217.687955] ? lock_acquire+0x170/0x3f0 [ 2217.691906] ? dup_iter+0x240/0x240 [ 2217.695546] ? kernel_recvmsg+0x210/0x210 [ 2217.699668] inet_sendmsg+0x11a/0x4e0 [ 2217.703472] ? security_socket_sendmsg+0x83/0xb0 [ 2217.708227] ? inet_recvmsg+0x4d0/0x4d0 [ 2217.712185] sock_sendmsg+0xb5/0x100 [ 2217.715889] ___sys_sendmsg+0x326/0x800 [ 2217.719840] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 2217.724585] ? lock_downgrade+0x740/0x740 [ 2217.728708] ? trace_hardirqs_on+0x10/0x10 [ 2217.732928] ? up_read+0x17/0x30 [ 2217.736271] ? __do_page_fault+0x19a/0xb50 [ 2217.740492] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2217.745359] ? lock_acquire+0x170/0x3f0 [ 2217.749430] ? lock_downgrade+0x740/0x740 [ 2217.753624] __sys_sendmmsg+0x129/0x330 [ 2217.757578] ? SyS_sendmsg+0x40/0x40 [ 2217.761313] ? __mutex_unlock_slowpath+0x75/0x770 [ 2217.766178] ? check_preemption_disabled+0x35/0x240 [ 2217.771172] ? wait_for_completion_io+0x10/0x10 [ 2217.775864] ? vfs_write+0x319/0x4d0 [ 2217.779554] ? fput+0xb/0x140 [ 2217.782635] ? SyS_write+0x14d/0x210 [ 2217.786324] ? SyS_read+0x210/0x210 [ 2217.789935] SyS_sendmmsg+0x2f/0x50 [ 2217.793535] ? __sys_sendmmsg+0x330/0x330 [ 2217.797670] do_syscall_64+0x1d5/0x640 [ 2217.801546] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2217.806756] RIP: 0033:0x45e179 [ 2217.809930] RSP: 002b:00007fb075f7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2217.817610] RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045e179 [ 2217.824857] RDX: 0000000000000060 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 2217.832123] RBP: 00007fb075f7dca0 R08: 0000000000000000 R09: 0000000000000000 [ 2217.839431] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002c [ 2217.846678] R13: 00007ffec7e3704f R14: 00007fb075f7e9c0 R15: 000000000118cf4c 07:18:36 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x42, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb"}}], 0x1c) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:36 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e23, @multicast1}}, [0x8, 0x3, 0x9, 0x3, 0x5, 0x0, 0x4, 0x2, 0x1, 0x4, 0x9, 0x9, 0xff, 0x0, 0x5]}, &(0x7f0000000040)=0x100) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4) r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/mice\x00', 0x404000) read$FUSE(r2, &(0x7f0000000c80)={0x2020, 0x0, 0x0}, 0x2020) r6 = getgid() sendmsg$unix(0xffffffffffffffff, &(0x7f0000002e40)={&(0x7f0000000540)=@abs={0x1}, 0x6e, &(0x7f0000000b40)=[{&(0x7f0000000680)}], 0x1, &(0x7f0000000840)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00}}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r6}}}], 0x80, 0x24004080}, 0x0) write$FUSE_DIRENTPLUS(r4, &(0x7f0000000240)={0x298, 0x0, r5, [{{0x6, 0x3, 0x1, 0x8, 0x2, 0x9, {0x5, 0x3, 0x5, 0x100000001, 0x2, 0x100, 0xffff0001, 0x7ff, 0x7, 0x2000, 0x1ff, 0xffffffffffffffff, 0xee01, 0x17e, 0x1000000}}, {0x2, 0x400, 0x1, 0x3f, '\x00'}}, {{0x0, 0x0, 0x408, 0x100, 0x6, 0x8cf800, {0x4, 0xc0a, 0x8, 0x101, 0x0, 0x2, 0x6, 0x1, 0x1, 0x4000, 0x2, 0xee01, 0xee00, 0x401}}, {0x6, 0x1800000, 0x4, 0x4, '$.]-'}}, {{0x0, 0x0, 0x4, 0x2ce, 0x10000, 0x3dbf45fc, {0x6, 0xd2aa, 0x9, 0x3, 0xffffffff, 0x6, 0xffff8001, 0x7fffffff, 0x80000000, 0x4000, 0x1, 0xee01, 0xee00, 0xc03, 0x9}}, {0x3, 0x9, 0x1, 0xfff, '\x00'}}, {{0x5, 0x0, 0xd2, 0xffff, 0x9b65, 0x400, {0x2, 0x9, 0x3f, 0x800, 0x8001, 0x0, 0x7ff, 0x10000, 0x10001, 0xc000, 0xc09, 0x0, r6, 0x9, 0xad}}, {0x1, 0xba, 0x9, 0x1, ',[:\xc5[%\\+['}}]}, 0x298) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x60, 0x0) 07:18:36 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/full\x00', 0x82440, 0x0) ioctl$SNDCTL_SYNTH_MEMAVL(r1, 0xc004510e, &(0x7f0000000200)=0x81) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:36 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, 0x7, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x3}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x400c4}, 0x8800) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:18:36 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000425bdc3d9fedbdf970f73f90100122ab9e4cc008434"], 0x24}}, 0x4040) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) wait4(0x0, &(0x7f0000000180), 0x40000000, &(0x7f0000000280)) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2218.677259] net_ratelimit: 10 callbacks suppressed [ 2218.677265] ip_tables: iptables: counters copy to user failed while replacing table [ 2218.697145] ip_tables: iptables: counters copy to user failed while replacing table [ 2218.706558] ip_tables: iptables: counters copy to user failed while replacing table [ 2218.709733] nla_parse: 2 callbacks suppressed [ 2218.709739] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2218.752057] ip_tables: iptables: counters copy to user failed while replacing table [ 2218.761824] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. 07:18:37 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x40, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:37 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) socket$netlink(0x10, 0x3, 0x12) 07:18:37 executing program 4: ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, &(0x7f0000000040)={0x8, 0x8000, 0x6}) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="50810000000000000000000000a3000000000000080003400002ff40000200000541010a01ce8e400e8cfcedaea714357c3dcbc92dce6ad5eea86c7ba3ab3c9a8c2573d78647504ba047efa7336b2bc18e923186f338ded9279789257a21ecc1dfc4ae807e5b39e3c0862e4d080470172e15f5b338db6142fd027e4b8f337125ebc12982313c17591a56ce03f097daf1274e79f95395802f067b2e8f9239a98bbc8fae938b993998c8a15dd58353cde40675f29fb4dab625a5d960e7cfc43303e8ba3527379d1e5cfccfe6206cc4a02e029c66ed6e475d68a8070000806441979dc4a1cf1359a455b6842c58ca7728743fd3034f23143b08aabc3ed04644f89f796a62ea2e8be347c31fb47a3beeb7b8a7652182030738d303fedfd165cd9eedd90d000000006b7d897311df1179e13065c0b490d2f1db2b351c70e03fd779bea994ad11fc3c23b4f15a80c08cfb591aee262376"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:37 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x10d600, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$KDFONTOP_GET(r1, 0x4b72, &(0x7f0000000040)={0x1, 0x1, 0x13, 0x20, 0x8d, &(0x7f0000000300)}) 07:18:37 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="5000001d9924010300000000000000000000180008000340000000000600064000021800050001000100f7fab36b77ad9ce62394d2debf894445019fae9d778c0e2ccee20a0ac0c8ba8ea540273f10e5887f7e369ba5ffffb21a28f73307dc070000004ab4b720c17f7f512078e651101db6366b018d425c096c7801c71d8f7ac517083bdda6e3cd6e0d9bc8708f8c9dcd14cb41064a778e3ef2a96d8c054aa5ee1a6f238f39fa9b360c10747c41d3f8b71419d3bc22e3ca99ded8fd5031b99ca596814b8b9aeb9495a17aab983d5ababa5c22e996dd3a93c1bdb56384410a67952dc2776ddf2760c0dad3917ed8117b9ba5ef0604d210beaadb23295fd034ecd31ac8391aa15d54d5420000000000000000000000000000000040a4371af54c600c1835e3af6cfd910d57b49873866779027bb7584d7c725ce4c524f0a0e43c8b1b292f5f56528d04b828e8ad9accacf588cbc93a9e4f262f6d836948b6be81a7a7a0fa9d4e0425e717c70c2de241e99c8048f81cd1c53497434ee003d7a230a2bc44027059e649258537811c12899f1f3d819210ddae2215e54221f96c96b82fbeb6624241cd81c80ef4612ceab56788d97405"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2219.603717] ip_tables: iptables: counters copy to user failed while replacing table [ 2219.617513] ip_tables: iptables: counters copy to user failed while replacing table [ 2219.635441] ip_tables: iptables: counters copy to user failed while replacing table 07:18:37 executing program 5: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000001c0)=@raw={'raw\x00', 0x9, 0x3, 0x220, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x188, 0x1a8, 0x1a8, 0x188, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x98, 0xf8, 0x0, {}, [@common=@inet=@dscp={{0x28, 'dscp\x00'}, {0x7, 0x1}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) r2 = eventfd2(0x4, 0x801) ioctl$BTRFS_IOC_SPACE_INFO(r2, 0xc0109414, &(0x7f0000000c40)={0xeb0, 0x3, [[], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], []]}) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sync_file_range(r2, 0x7fffffff, 0x522c3060, 0x2) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) r3 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0x0) sendmsg$AUDIT_TTY_SET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x18, 0x3f9, 0x300, 0x70bd25, 0x25dfdbfd, {0x1, 0x1}, ["", "", "", "", "", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0xc000}, 0x48000) keyctl$restrict_keyring(0x1d, r3, &(0x7f0000000100)='encrypted\x00', &(0x7f0000000140)='HMARK\x00') ioctl$FIOCLEX(r2, 0x5451) write$P9_RAUTH(0xffffffffffffffff, &(0x7f0000000180)={0x14, 0x67, 0x1, {0x80, 0x4, 0x6}}, 0x14) 07:18:37 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) [ 2219.688818] ip_tables: iptables: counters copy to user failed while replacing table [ 2219.725108] ip_tables: iptables: counters copy to user failed while replacing table [ 2219.798769] ip_tables: iptables: counters copy to user failed while replacing table 07:18:39 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x42, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:39 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000003040103000000000000000000000000dfa500000000000006000640000100000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r5, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r5, 0x84, 0x6c, &(0x7f00000002c0)={0x0, 0xda, "c0f81d134ea849498d5f2d68ee8ae0186353b9704cedb9ceebb0a4af567365099065e88b257b1dc494001864b22f9fa56c6afe9c2f25da7a14f45ca0a511d04a1f1e7d89b0b52bd9a2df318fc023ca3cf67836bdc0f13929917652090a1571c3b325c90a3e3bae88d1865dbed591dfe55ae18a40dca96db755b97f94bca390aaca8ab8a7f8bbb4cb7fb61a3935416e1ae0100e606c139005c5fbf90fc5b59d4ac6f2b88c4421121a0680f946de164745a8a72d9146c8129e4491f1f6ca4e10db140e93c9c205798f7be690a74f1233ac1944012548f5ba9a0cab"}, &(0x7f0000000200)=0xe2) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r1, 0x8008f512, &(0x7f00000001c0)) r7 = syz_genetlink_get_family_id$gtp(&(0x7f0000000000)='gtp\x00') sendmsg$GTP_CMD_NEWPDP(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000500)={0x44, r7, 0xc694d42685586125, 0x0, 0x0, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast1}, @GTPA_I_TEI={0x8}, @GTPA_O_TEI={0x8}, @GTPA_LINK={0x8}]}, 0x44}}, 0x0) sendmsg$GTP_CMD_NEWPDP(r4, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x14, r7, 0x8, 0x70bd26, 0x2}, 0x14}, 0x1, 0x0, 0x0, 0xd0}, 0x1) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:39 executing program 5: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x269531f5088fe9cb}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x74, 0x2, 0x8, 0x903, 0x0, 0x0, {0x3, 0x0, 0x9}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6558}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x1c, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x100}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7ff}]}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0xfff}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x7}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x800}, 0x4c801) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010102}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:39 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x8080, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) 07:18:39 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x4) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000200)={0x6, 'veth0_to_bond\x00', {0x1}, 0x20}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) ptrace$setregs(0xd, r0, 0xffffffffa549a42d, &(0x7f00000002c0)="8d5c6a630fbf0683a4df7317a362429893da2f6ed77355bf95eac31877257afdaf9fac90d3730a0c1bf780c2b063361ffd8cb283156abd671a93be23ebc6188931e2d5612fd2cac53eca63ab44adbc09d1d55f810ade432ed8eca50e6a72a43794446c87bb1242407b3b41e18d6558acab464a6395751abcbea0fd3e5a74cdeefb0e89427ab0a0e7c94514455d31") r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00464b4, &(0x7f0000000240)) 07:18:40 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x40, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:40 executing program 5: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nvme-fabrics\x00', 0x2900, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x9, 0x3, 0x368, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2d0, 0x1a8, 0x1a8, 0x2d0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0x0, 0xffffff00, '\x00', 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb0}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x2, 0x8, 0x3, 0x0, 0x0, 0xec53, 0xffffffff, 0x2]}}}, {{@ip={@broadcast, @dev={0xac, 0x14, 0x14, 0x43}, 0xff, 0x0, 'caif0\x00', 'veth1\x00', {0xff}, {0xff}, 0x11, 0x1, 0x3e}, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'syz_tun\x00', {0x81, 0x6, 0x0, 0x1, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r3, 0x0, 0x0) getsockopt$ARPT_SO_GET_INFO(r3, 0x0, 0x60, &(0x7f00000005c0)={'filter\x00'}, &(0x7f0000000640)=0x44) syncfs(r2) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, &(0x7f0000000040)={{0x29, @local, 0x4e20, 0x0, 'fo\x00', 0x30, 0xfff, 0x1}, {@multicast1, 0x4e24, 0x4, 0x7, 0xe869, 0x101}}, 0x44) rt_sigprocmask(0x0, &(0x7f0000000540)={[0x3f]}, &(0x7f0000000580), 0x8) 07:18:40 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_open_dev$ptys(0xc, 0x3, 0x1) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) r6 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x2000, 0x0) ioctl$GIO_UNIMAP(r6, 0x4b66, &(0x7f0000000180)={0x4, &(0x7f0000000140)=[{}, {}, {}, {}]}) socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:40 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) clock_getres(0x805382aff22c4389, &(0x7f0000000040)) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f00000012c0)=""/4095, 0xfff}], 0x1) socket$inet6_sctp(0xa, 0x1, 0x84) 07:18:40 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000000040), 0x0, 0x0) 07:18:40 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006d9fd7ce74b6bc25800010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2222.614151] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2222.646704] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. 07:18:40 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x90, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'team_slave_1\x00', {0x0, 0x6, 0x0, 0xfff, 0x0, 0xb9, 0x4, 0x0, 0x18}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x1, [0x1, 0x6, 0x6, 0x1, 0x4], 0x1, 0x1}, {0xffffffffffffffff, [0x4, 0x1, 0x5, 0x1, 0x2, 0x7], 0xfe, 0x6}}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f00000004c0)={{0x40, 0x3}, 'port1\x00', 0x10, 0x1, 0x2, 0x401, 0x8, 0x75f, 0x200, 0x0, 0x1, 0x80}) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2222.704312] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2222.723428] Cannot find add_set index 1 as target [ 2222.730052] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2222.751617] Cannot find add_set index 1 as target 07:18:42 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x42, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:42 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000100)={0x0, @in={{0x2, 0x4e22, @loopback}}, 0x7, 0x57b0}, &(0x7f0000000040)=0x90) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x4000, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f00000001c0)={0x0, r3, 0x7, 0xfffffffffffff3f4, 0x401, 0x401}) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:42 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000efb2004001040103000000000000000000000000080003400000000006000655000200000500010079"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:42 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, &(0x7f0000000400)={r1, @in={{0x2, 0x4e22, @remote}}}, 0x84) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f00000000c0)={0x0, 0x7, 0x101, 0x6, 0x7, 0xf17, 0x5, 0xa8, {r1, @in={{0x2, 0x4e24, @empty}}, 0x9, 0x1, 0x8001, 0x400, 0x9}}, &(0x7f0000000040)=0xb0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_GETBLKSIZE(r0, 0xc0045004, &(0x7f0000000180)) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600), 0x79973b3f7d585f4a) 07:18:42 executing program 1: read$midi(0xffffffffffffffff, &(0x7f00000001c0)=""/136, 0x88) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x43, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2224.735276] net_ratelimit: 10 callbacks suppressed [ 2224.735280] ip_tables: iptables: counters copy to user failed while replacing table [ 2224.751837] ip_tables: iptables: counters copy to user failed while replacing table [ 2224.768274] ip_tables: iptables: counters copy to user failed while replacing table [ 2224.778200] ip_tables: iptables: counters copy to user failed while replacing table 07:18:43 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x40, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:18:43 executing program 5: setsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f0000000040)=0x8, 0x4) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x60, 0x0) 07:18:43 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000001040103000000000000000000000000080003400000000006000640000200000500010001"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r4, 0x80585414, &(0x7f0000000040)) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) 07:18:43 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x0, 0x0) ppoll(&(0x7f00000002c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv(r0, &(0x7f0000002600)=[{&(0x7f0000002640)=""/4096, 0x1000}], 0x1) 07:18:43 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nvram\x00', 0x0, 0x0) read$FUSE(r1, 0x0, 0x0) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000100)={0xdb49, 0x80, 0xe1, 0xfffffffc, 0x18, "6bacfc4fda68b9e24ce195f94482370e1aad35"}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = getpid() sched_setattr(r3, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$setsig(0x4203, r3, 0x400, &(0x7f0000000040)={0x7, 0x1, 0xcbb}) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x3000003, 0x810, r2, 0x16fbf000) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2225.631052] ip_tables: iptables: counters copy to user failed while replacing table [ 2225.640281] ip_tables: iptables: counters copy to user failed while replacing table [ 2225.653182] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2225.655584] ip_tables: iptables: counters copy to user failed while replacing table 07:18:43 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x378, 0x0, 0x0, 0xb0, 0xb0, 0xb0, 0x2e0, 0x1a8, 0x1a8, 0x2e0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0xb0}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3b4272585404f97920335dabc5b3abeb5f79f5865c671cba15e125d11e4e"}}, {{@uncond, 0x0, 0x1c0, 0x230, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "83d3c6270bdf26ca2f96536bc2e40697482f29dd6fa05cd0bdcfdde72a55c3c8bca70dae763e01370171a0fd5ff281216297c717f200"}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000001301c5d070000000000000000000000080003400000000006000601010000000500010001d4584dde7dd260b31521480befb64f1aeb562f8f86e9"], 0x50}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x60, 0x0) [ 2225.703049] ip_tables: iptables: counters copy to user failed while replacing table [ 2225.712643] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2225.725383] ip_tables: iptables: counters copy to user failed while replacing table 07:18:43 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x9, 0x3, 0x348, 0x0, 0x0, 0xb0, 0x0, 0xb0, 0x2b0, 0x1a8, 0x1a8, 0x2b0, 0x1a8, 0x3, 0x0, {[{{@ip={@broadcast, @empty}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0x1c0, 0x220, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'macsec0\x00', {0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x4}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev, [], 0x0, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x0, 0x4080) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x4030560b, &(0x7f0000000040)={0x1, 0x53, &(0x7f0000000100)="6934c271a53636bf1e96dc2f4fb7e8293dcda2291e22227a8f76de2b641d668162ec6d4bc52fa0e1317fa67f60774cd553bedef3842edd92677abe8a5ee0e4079d6a254960431a55639a2ae36e59016f789102f324d53e9f2a6ca5a369909b1ab625cef030d4f33cea73ceae046cb479c134e1b224cc66ccff422933833f96d99df0503a7fb023c804b791d303cb9700bf4439a22fd4bbd12ef7c1437539d0399348ed1c999bdcf1beee", {0x1ff, 0x40, 0x8409131a, 0x3, 0xfffffe01, 0x6, 0x2, 0xb0}}) [ 2225.760713] ip_tables: iptables: counters copy to user failed while replacing table