limit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:24 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:24 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x6000000, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2310.471958] RSP: 002b:00007f07e43b8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2310.479767] RAX: ffffffffffffffda RBX: 00007f07e43b96d4 RCX: 000000000045b349 [ 2310.487059] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000008100 [ 2310.494339] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2310.501737] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2310.509017] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c 12:54:24 executing program 5: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2310.607821] xt_hashlimit: Unknown mode mask 6000000, kernel too old? 12:54:24 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2310.683545] bond166 (unregistering): Released all slaves [ 2310.727101] Task in /syz2 killed as a result of limit of /syz2 [ 2310.727129] memory: usage 307192kB, limit 307200kB, failcnt 212064 [ 2310.727138] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2310.727150] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2310.753268] xt_hashlimit: overflow, try lower: 0/0 [ 2310.760203] Memory cgroup stats for /syz2: cache:12KB rss:108788KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108876KB inactive_file:8KB active_file:4KB unevictable:0KB 12:54:25 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x7000000, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2310.838536] Memory cgroup out of memory: Kill process 31809 (syz-executor.2) score 1106 or sacrifice child [ 2310.890003] Killed process 31809 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2310.906967] xt_hashlimit: overflow, try lower: 0/0 [ 2310.954243] oom_reaper: reaped process 31809 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 2310.983125] xt_TCPMSS: Only works on TCP SYN packets 12:54:25 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2311.021020] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2311.062139] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2311.087263] CPU: 1 PID: 10332 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2311.095089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2311.104456] Call Trace: [ 2311.107064] dump_stack+0x197/0x210 [ 2311.110712] dump_header+0x15e/0xa55 [ 2311.114444] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2311.119569] ? ___ratelimit+0x60/0x595 [ 2311.123473] ? do_raw_spin_unlock+0x181/0x270 [ 2311.127985] oom_kill_process.cold+0x10/0x6ef [ 2311.132497] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2311.138049] ? task_will_free_mem+0x139/0x6e0 [ 2311.142566] out_of_memory+0x362/0x1330 [ 2311.146553] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2311.151665] ? oom_killer_disable+0x280/0x280 [ 2311.156171] ? find_held_lock+0x35/0x130 [ 2311.160262] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2311.165120] ? memcg_event_wake+0x230/0x230 [ 2311.169459] ? do_raw_spin_unlock+0x181/0x270 [ 2311.174053] ? _raw_spin_unlock+0x2d/0x50 [ 2311.178231] try_charge+0xc6e/0x1490 [ 2311.181971] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2311.186834] ? lock_downgrade+0x880/0x880 [ 2311.191051] ? kasan_check_read+0x11/0x20 [ 2311.195216] memcg_kmem_charge_memcg+0x83/0x170 [ 2311.199908] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2311.204452] ? __isolate_free_page+0x4c0/0x4c0 [ 2311.209053] memcg_kmem_charge+0x13b/0x370 [ 2311.213309] __alloc_pages_nodemask+0x3c3/0x750 [ 2311.218041] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2311.223164] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2311.227770] ? trace_hardirqs_on+0x67/0x220 [ 2311.232122] copy_process.part.0+0x3e0/0x7a30 [ 2311.236635] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2311.241753] ? delayacct_end+0x5c/0x100 [ 2311.245793] ? __delayacct_freepages_end+0xe0/0x140 [ 2311.251383] ? __lock_acquire+0x6ee/0x49c0 [ 2311.255643] ? __cleanup_sighand+0x70/0x70 [ 2311.259896] ? mark_held_locks+0x100/0x100 [ 2311.264158] _do_fork+0x257/0xfd0 [ 2311.267628] ? fork_idle+0x1d0/0x1d0 [ 2311.271361] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2311.277260] ? kasan_check_read+0x11/0x20 [ 2311.280909] xt_hashlimit: overflow, try lower: 0/0 [ 2311.286346] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2311.286364] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2311.286381] ? do_syscall_64+0x26/0x620 [ 2311.286396] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2311.286410] ? do_syscall_64+0x26/0x620 [ 2311.286431] __x64_sys_clone+0xbf/0x150 [ 2311.313197] do_syscall_64+0xfd/0x620 [ 2311.317018] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2311.322218] RIP: 0033:0x45dd19 [ 2311.325426] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2311.344338] RSP: 002b:00007fffa4b7b608 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2311.352057] RAX: ffffffffffffffda RBX: 00007f07e4398700 RCX: 000000000045dd19 [ 2311.359337] RDX: 00007f07e43989d0 RSI: 00007f07e4397db0 RDI: 00000000003d0f00 [ 2311.366619] RBP: 00007fffa4b7b820 R08: 00007f07e4398700 R09: 00007f07e4398700 [ 2311.373898] R10: 00007f07e43989d0 R11: 0000000000000202 R12: 0000000000000000 [ 2311.381181] R13: 00007fffa4b7b6bf R14: 00007f07e43989c0 R15: 000000000075bfd4 [ 2311.419786] Task in /syz2 killed as a result of limit of /syz2 [ 2311.432793] xt_hashlimit: Unknown mode mask 7000000, kernel too old? [ 2311.446546] memory: usage 306876kB, limit 307200kB, failcnt 212064 [ 2311.552527] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2311.564455] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2311.572169] Memory cgroup stats for /syz2: cache:12KB rss:108788KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108756KB inactive_file:8KB active_file:4KB unevictable:0KB [ 2311.593479] Memory cgroup out of memory: Kill process 363 (syz-executor.2) score 1106 or sacrifice child [ 2311.605461] Killed process 363 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:54:25 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x3e000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:25 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:25 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:25 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000037139323", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004000000"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7fffffff}, &(0x7f0000000240)=0x8) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100025080000009a000000000a000000", @ANYRES32=r8, @ANYBLOB="000000000000000008000a000f000000"], 0x28}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0xe60, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x3, 0x0, r6}}, 0x20}}, 0x0) 12:54:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000037139323", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004000000"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7fffffff}, &(0x7f0000000240)=0x8) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100025080000009a000000000a000000", @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00'], 0x2}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0xe60, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) 12:54:25 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0xa000000, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2311.721741] xt_TCPMSS: Only works on TCP SYN packets [ 2311.730923] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 2311.781223] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2311.815732] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2311.835165] CPU: 0 PID: 11094 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2311.843020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2311.852401] Call Trace: [ 2311.855106] dump_stack+0x197/0x210 [ 2311.858851] dump_header+0x15e/0xa55 [ 2311.862591] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2311.867722] ? ___ratelimit+0x60/0x595 [ 2311.871624] ? do_raw_spin_unlock+0x181/0x270 [ 2311.876148] oom_kill_process.cold+0x10/0x6ef [ 2311.880666] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2311.886234] ? task_will_free_mem+0x139/0x6e0 [ 2311.890773] out_of_memory+0x362/0x1330 [ 2311.893374] netlink: 'syz-executor.5': attribute type 1 has an invalid length. [ 2311.894761] ? lock_downgrade+0x880/0x880 [ 2311.894778] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2311.894798] ? oom_killer_disable+0x280/0x280 [ 2311.915899] ? find_held_lock+0x35/0x130 [ 2311.919995] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2311.924854] ? memcg_event_wake+0x230/0x230 [ 2311.929194] ? do_raw_spin_unlock+0x181/0x270 [ 2311.933709] ? _raw_spin_unlock+0x2d/0x50 [ 2311.937870] try_charge+0xec5/0x1490 [ 2311.941611] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2311.946485] ? lock_downgrade+0x880/0x880 [ 2311.950656] ? kasan_check_read+0x11/0x20 [ 2311.954824] memcg_kmem_charge_memcg+0x83/0x170 [ 2311.959522] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2311.964039] ? __isolate_free_page+0x4c0/0x4c0 [ 2311.968645] memcg_kmem_charge+0x13b/0x370 [ 2311.972909] __alloc_pages_nodemask+0x3c3/0x750 [ 2311.977609] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2311.982659] copy_process.part.0+0x3e0/0x7a30 [ 2311.987181] ? mark_held_locks+0x100/0x100 [ 2311.991448] ? __might_fault+0x12b/0x1e0 [ 2311.995539] ? __cleanup_sighand+0x70/0x70 [ 2311.999803] ? lock_downgrade+0x880/0x880 [ 2312.003984] _do_fork+0x257/0xfd0 [ 2312.007463] ? fork_idle+0x1d0/0x1d0 [ 2312.011213] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2312.016103] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2312.020910] ? do_syscall_64+0x26/0x620 [ 2312.023946] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2312.025011] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2312.025028] ? do_syscall_64+0x26/0x620 [ 2312.025049] __x64_sys_clone+0xbf/0x150 [ 2312.025068] do_syscall_64+0xfd/0x620 [ 2312.048322] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2312.050655] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2312.050673] RIP: 0033:0x45b349 12:54:26 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2312.050712] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2312.086762] RSP: 002b:00007fbcae56ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2312.094587] RAX: ffffffffffffffda RBX: 00007fbcae56b6d4 RCX: 000000000045b349 [ 2312.101874] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000008100 [ 2312.109163] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2312.116451] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2312.123733] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c [ 2312.163349] xt_hashlimit: Unknown mode mask A000000, kernel too old? 12:54:26 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x3f000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000037139323", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004000000"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7fffffff}, &(0x7f0000000240)=0x8) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100025080000009a000000000a000000", @ANYRES32=r8, @ANYBLOB="000000000000000008000a000f000000"], 0x28}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0xe60, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x3, 0x0, r6}}, 0x20}}, 0x0) [ 2312.266060] bond166 (unregistering): Released all slaves [ 2312.326947] Task in /syz0 killed as a result of limit of /syz0 12:54:26 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x20000000, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2312.376204] memory: usage 307200kB, limit 307200kB, failcnt 439574 [ 2312.404533] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 12:54:26 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:26 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x40000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2312.630331] xt_hashlimit: Unknown mode mask 20000000, kernel too old? [ 2312.651345] netlink: 'syz-executor.5': attribute type 1 has an invalid length. [ 2312.654397] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2312.665638] Memory cgroup stats for /syz0: cache:60KB rss:111696KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111864KB inactive_file:4KB active_file:0KB unevictable:0KB [ 2312.703474] Memory cgroup out of memory: Kill process 3039 (syz-executor.0) score 1106 or sacrifice child [ 2312.724550] Killed process 3039 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:54:27 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x3f000000, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2312.829082] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2312.840431] nla_parse: 2 callbacks suppressed [ 2312.840441] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 12:54:27 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2312.882747] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2312.901680] CPU: 1 PID: 11084 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2312.909520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2312.918884] Call Trace: [ 2312.921501] dump_stack+0x197/0x210 [ 2312.925155] dump_header+0x15e/0xa55 [ 2312.928888] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2312.934003] ? ___ratelimit+0x60/0x595 [ 2312.937900] ? do_raw_spin_unlock+0x181/0x270 [ 2312.942415] oom_kill_process.cold+0x10/0x6ef [ 2312.946926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2312.952475] ? task_will_free_mem+0x139/0x6e0 [ 2312.956997] out_of_memory+0x362/0x1330 [ 2312.960995] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2312.966109] ? oom_killer_disable+0x280/0x280 [ 2312.970621] ? find_held_lock+0x35/0x130 [ 2312.974726] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2312.979588] ? memcg_event_wake+0x230/0x230 [ 2312.983934] ? do_raw_spin_unlock+0x181/0x270 [ 2312.988713] ? _raw_spin_unlock+0x2d/0x50 [ 2312.992897] try_charge+0xc6e/0x1490 [ 2312.996628] ? lock_downgrade+0x880/0x880 [ 2313.000808] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2313.005664] ? rcu_read_unlock+0x33/0x60 [ 2313.009773] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2313.014642] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2313.020763] mem_cgroup_try_charge+0x259/0x6b0 [ 2313.025371] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2313.030327] __handle_mm_fault+0x1e50/0x3f80 [ 2313.034758] ? copy_page_range+0x2030/0x2030 [ 2313.039306] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2313.043998] handle_mm_fault+0x1b5/0x690 [ 2313.048083] __do_page_fault+0x62a/0xe90 [ 2313.052193] ? vmalloc_fault+0x740/0x740 [ 2313.056272] ? trace_hardirqs_off_caller+0x65/0x220 [ 2313.061299] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2313.066237] ? page_fault+0x8/0x30 [ 2313.069790] do_page_fault+0x71/0x57d [ 2313.073733] ? page_fault+0x8/0x30 [ 2313.077293] page_fault+0x1e/0x30 [ 2313.080759] RIP: 0033:0x45dcfd [ 2313.083965] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8c fb ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 2313.102996] RSP: 002b:00007ffebaa31338 EFLAGS: 00010202 [ 2313.108423] RAX: ffffffffffffffea RBX: 00007fbcae54a700 RCX: 00007fbcae54a700 [ 2313.115719] RDX: 00000000003d0f00 RSI: 00007fbcae549db0 RDI: 0000000000411f30 [ 2313.123007] RBP: 00007ffebaa31550 R08: 00007fbcae54a9d0 R09: 00007fbcae54a700 [ 2313.130296] R10: 00007fbcae549dc0 R11: 0000000000000246 R12: 0000000000000000 [ 2313.137681] R13: 00007ffebaa313ef R14: 00007fbcae54a9c0 R15: 000000000075bfd4 [ 2313.150370] tcpmss_tg6_check: 3 callbacks suppressed [ 2313.150377] xt_TCPMSS: Only works on TCP SYN packets [ 2313.187491] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2313.187827] xt_hashlimit: Unknown mode mask 3F000000, kernel too old? [ 2313.222145] xt_TCPMSS: Only works on TCP SYN packets [ 2313.244594] Task in /syz0 killed as a result of limit of /syz0 [ 2313.274090] memory: usage 306912kB, limit 307200kB, failcnt 439574 [ 2313.311319] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2313.332846] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2313.346796] Memory cgroup stats for /syz0: cache:60KB rss:111696KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111740KB inactive_file:4KB active_file:0KB unevictable:0KB [ 2313.406700] Memory cgroup out of memory: Kill process 7285 (syz-executor.0) score 1106 or sacrifice child [ 2313.424983] Killed process 7285 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:54:27 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:27 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:27 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x60000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000037139323", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004000000"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7fffffff}, &(0x7f0000000240)=0x8) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100025080000009a000000000a000000", @ANYRES32=r8, @ANYBLOB="000000000000000008000a000f000000"], 0x28}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0xe60, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x11, 0x0, 0x0, r6}}, 0x20}}, 0x0) 12:54:27 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x40000000, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2313.479903] xt_hashlimit: overflow, try lower: 0/0 [ 2313.484872] bond475 (unregistering): Released all slaves [ 2313.547460] xt_hashlimit: Unknown mode mask 40000000, kernel too old? [ 2313.560665] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 2313.575389] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 12:54:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000037139323", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004000000"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7fffffff}, &(0x7f0000000240)=0x8) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100025080000009a000000000a000000", @ANYRES32=r8, @ANYBLOB="000000000000000008000a000f000000"], 0x28}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0xe60, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x3, 0x0, r6}}, 0x20}}, 0x0) [ 2313.590198] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2313.635457] CPU: 1 PID: 8120 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2313.643643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2313.653003] Call Trace: [ 2313.655605] dump_stack+0x197/0x210 [ 2313.659260] dump_header+0x15e/0xa55 [ 2313.662992] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2313.668215] ? ___ratelimit+0x60/0x595 [ 2313.672126] ? do_raw_spin_unlock+0x181/0x270 [ 2313.677172] oom_kill_process.cold+0x10/0x6ef [ 2313.681690] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2313.687241] ? task_will_free_mem+0x139/0x6e0 [ 2313.691843] out_of_memory+0x362/0x1330 [ 2313.695831] ? lock_downgrade+0x880/0x880 [ 2313.699993] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2313.705107] ? oom_killer_disable+0x280/0x280 [ 2313.709618] ? find_held_lock+0x35/0x130 [ 2313.709649] xt_hashlimit: overflow, try lower: 0/0 [ 2313.713714] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2313.713730] ? memcg_event_wake+0x230/0x230 [ 2313.713749] ? do_raw_spin_unlock+0x181/0x270 [ 2313.732415] ? _raw_spin_unlock+0x2d/0x50 [ 2313.736672] try_charge+0xec5/0x1490 [ 2313.740526] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2313.745384] ? lock_downgrade+0x880/0x880 [ 2313.749543] ? kasan_check_read+0x11/0x20 [ 2313.753773] memcg_kmem_charge_memcg+0x83/0x170 [ 2313.758463] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2313.762972] ? __isolate_free_page+0x4c0/0x4c0 [ 2313.767565] memcg_kmem_charge+0x13b/0x370 [ 2313.771826] __alloc_pages_nodemask+0x3c3/0x750 [ 2313.776512] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2313.781657] ? find_held_lock+0x35/0x130 [ 2313.785732] ? copy_page_range+0x13b3/0x2030 [ 2313.790262] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2313.795819] alloc_pages_current+0x107/0x210 [ 2313.800250] pte_alloc_one+0x1b/0x1a0 [ 2313.804243] __pte_alloc+0x2a/0x360 [ 2313.807989] copy_page_range+0x16d0/0x2030 [ 2313.812267] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 2313.817135] ? __vma_link_rb+0x279/0x370 [ 2313.821213] copy_process.part.0+0x543e/0x7a30 [ 2313.825840] ? __cleanup_sighand+0x70/0x70 [ 2313.830112] _do_fork+0x257/0xfd0 [ 2313.833587] ? fork_idle+0x1d0/0x1d0 [ 2313.837334] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2313.842112] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2313.846993] ? do_syscall_64+0x26/0x620 [ 2313.851075] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2313.856454] ? do_syscall_64+0x26/0x620 [ 2313.860454] __x64_sys_clone+0xbf/0x150 [ 2313.864448] do_syscall_64+0xfd/0x620 [ 2313.868268] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2313.873475] RIP: 0033:0x45991a [ 2313.876677] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2313.895588] RSP: 002b:00007fffa4b7b8a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2313.903412] RAX: ffffffffffffffda RBX: 00007fffa4b7b8a0 RCX: 000000000045991a [ 2313.910788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2313.918068] RBP: 00007fffa4b7b8e0 R08: 0000000000000001 R09: 000000000149f940 [ 2313.925351] R10: 000000000149fc10 R11: 0000000000000246 R12: 0000000000000001 12:54:28 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:28 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2313.932633] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffa4b7b930 [ 2313.944192] Task in /syz2 killed as a result of limit of /syz2 [ 2313.950767] memory: usage 307200kB, limit 307200kB, failcnt 212110 [ 2313.964049] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2313.982758] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2313.989505] Memory cgroup stats for /syz2: cache:12KB rss:108744KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108876KB inactive_file:12KB active_file:12KB unevictable:0KB [ 2314.011304] Memory cgroup out of memory: Kill process 802 (syz-executor.2) score 1106 or sacrifice child [ 2314.021861] Killed process 802 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2314.023906] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2314.067328] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2314.086222] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 12:54:28 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x60000000, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2314.172642] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2314.187163] bond166 (unregistering): Released all slaves [ 2314.193046] CPU: 1 PID: 12117 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2314.200957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2314.210319] Call Trace: [ 2314.212928] dump_stack+0x197/0x210 [ 2314.216574] dump_header+0x15e/0xa55 [ 2314.220319] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2314.225437] ? ___ratelimit+0x60/0x595 [ 2314.229341] ? do_raw_spin_unlock+0x181/0x270 [ 2314.233854] oom_kill_process.cold+0x10/0x6ef [ 2314.238461] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2314.244020] ? task_will_free_mem+0x139/0x6e0 [ 2314.248540] out_of_memory+0x362/0x1330 [ 2314.252536] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2314.257650] ? oom_killer_disable+0x280/0x280 [ 2314.262157] ? find_held_lock+0x35/0x130 [ 2314.266238] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2314.271088] ? memcg_event_wake+0x230/0x230 [ 2314.275427] ? do_raw_spin_unlock+0x181/0x270 [ 2314.279939] ? _raw_spin_unlock+0x2d/0x50 [ 2314.284112] try_charge+0xec5/0x1490 [ 2314.287858] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2314.292722] ? lock_downgrade+0x880/0x880 [ 2314.296890] ? kasan_check_read+0x11/0x20 [ 2314.301060] memcg_kmem_charge_memcg+0x83/0x170 [ 2314.305837] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2314.310349] ? __isolate_free_page+0x4c0/0x4c0 [ 2314.314950] memcg_kmem_charge+0x13b/0x370 [ 2314.319205] __alloc_pages_nodemask+0x3c3/0x750 [ 2314.323892] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2314.328931] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2314.333526] ? trace_hardirqs_on+0x67/0x220 [ 2314.337988] copy_process.part.0+0x3e0/0x7a30 [ 2314.342506] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2314.347625] ? delayacct_end+0x5c/0x100 [ 2314.351613] ? __delayacct_freepages_end+0xe0/0x140 [ 2314.356649] ? __lock_acquire+0x6ee/0x49c0 [ 2314.360910] ? __cleanup_sighand+0x70/0x70 [ 2314.365167] ? mark_held_locks+0x100/0x100 [ 2314.369442] _do_fork+0x257/0xfd0 [ 2314.372921] ? fork_idle+0x1d0/0x1d0 [ 2314.376657] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2314.382910] ? kasan_check_read+0x11/0x20 [ 2314.387070] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2314.391842] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2314.396612] ? do_syscall_64+0x26/0x620 [ 2314.400598] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2314.405972] ? do_syscall_64+0x26/0x620 [ 2314.409969] __x64_sys_clone+0xbf/0x150 [ 2314.413958] do_syscall_64+0xfd/0x620 [ 2314.417772] entry_SYSCALL_64_after_hwframe+0x49/0xbe 12:54:28 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2314.419472] xt_hashlimit: Unknown mode mask 60000000, kernel too old? [ 2314.422971] RIP: 0033:0x45dd19 [ 2314.422987] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2314.422995] RSP: 002b:00007ffebaa31338 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2314.423010] RAX: ffffffffffffffda RBX: 00007fbcae56b700 RCX: 000000000045dd19 [ 2314.423019] RDX: 00007fbcae56b9d0 RSI: 00007fbcae56adb0 RDI: 00000000003d0f00 [ 2314.423033] RBP: 00007ffebaa31550 R08: 00007fbcae56b700 R09: 00007fbcae56b700 [ 2314.453633] xt_TCPMSS: Only works on TCP SYN packets [ 2314.459641] R10: 00007fbcae56b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2314.459651] R13: 00007ffebaa313ef R14: 00007fbcae56b9c0 R15: 000000000075bf2c [ 2314.596396] Task in /syz0 killed as a result of limit of /syz0 [ 2314.610416] memory: usage 307176kB, limit 307200kB, failcnt 439612 12:54:28 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x70010000, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2314.648494] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2314.679836] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2314.714005] Memory cgroup stats for /syz0: cache:60KB rss:111824KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111856KB inactive_file:4KB active_file:8KB unevictable:0KB [ 2314.735259] netlink: 'syz-executor.5': attribute type 1 has an invalid length. [ 2314.749903] Memory cgroup out of memory: Kill process 9687 (syz-executor.0) score 1106 or sacrifice child [ 2314.763765] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2314.772956] Killed process 9687 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2314.809860] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 12:54:29 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000037139323", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004000000"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7fffffff}, &(0x7f0000000240)=0x8) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100025080000009a000000000a000000", @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n'], 0x3}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0xe60, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) 12:54:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000037139323", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004000000"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7fffffff}, &(0x7f0000000240)=0x8) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100025080000009a000000000a000000", @ANYRES32=r8, @ANYBLOB="000000000000000008000a000f000000"], 0x28}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0xe60, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x11, 0x0, 0x0, r6}}, 0x20}}, 0x0) 12:54:29 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2314.891756] xt_hashlimit: Unknown mode mask 70010000, kernel too old? [ 2314.906165] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2314.920382] xt_hashlimit: overflow, try lower: 0/0 [ 2314.960832] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2314.991530] CPU: 0 PID: 12214 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2314.999372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2315.008748] Call Trace: [ 2315.011356] dump_stack+0x197/0x210 [ 2315.015000] dump_header+0x15e/0xa55 [ 2315.018740] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2315.023867] ? ___ratelimit+0x60/0x595 [ 2315.027769] ? do_raw_spin_unlock+0x181/0x270 [ 2315.032282] oom_kill_process.cold+0x10/0x6ef [ 2315.036794] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2315.042339] ? task_will_free_mem+0x139/0x6e0 [ 2315.046849] out_of_memory+0x362/0x1330 [ 2315.050840] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2315.055953] ? oom_killer_disable+0x280/0x280 [ 2315.060456] ? find_held_lock+0x35/0x130 [ 2315.064547] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2315.069399] ? memcg_event_wake+0x230/0x230 [ 2315.073737] ? do_raw_spin_unlock+0x181/0x270 [ 2315.078246] ? _raw_spin_unlock+0x2d/0x50 [ 2315.082404] try_charge+0xec5/0x1490 [ 2315.086131] ? lock_downgrade+0x880/0x880 [ 2315.090299] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2315.095151] ? rcu_read_unlock+0x33/0x60 [ 2315.099222] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2315.104076] ? mark_held_locks+0x100/0x100 [ 2315.108326] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2315.114402] mem_cgroup_try_charge+0x259/0x6b0 [ 2315.119002] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2315.123946] wp_page_copy+0x430/0x16a0 [ 2315.127854] ? follow_pfn+0x2a0/0x2a0 [ 2315.131687] ? do_raw_spin_unlock+0x181/0x270 [ 2315.136199] do_wp_page+0x57d/0x10b0 [ 2315.140044] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2315.144729] ? kasan_check_write+0x14/0x20 [ 2315.148980] ? do_raw_spin_lock+0xd7/0x250 [ 2315.153235] __handle_mm_fault+0x2305/0x3f80 [ 2315.157661] ? copy_page_range+0x2030/0x2030 [ 2315.162102] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2315.166787] handle_mm_fault+0x1b5/0x690 [ 2315.170871] __do_page_fault+0x62a/0xe90 [ 2315.174946] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2315.180850] ? vmalloc_fault+0x740/0x740 [ 2315.184931] ? trace_hardirqs_off_caller+0x65/0x220 [ 2315.189972] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2315.195021] ? page_fault+0x8/0x30 [ 2315.198582] do_page_fault+0x71/0x57d [ 2315.202389] ? page_fault+0x8/0x30 [ 2315.205942] page_fault+0x1e/0x30 [ 2315.209518] RIP: 0033:0x40e4d0 [ 2315.212719] Code: 50 80 60 20 01 48 89 48 10 48 8b 4c 24 60 48 89 48 18 8b 4c 24 68 89 48 24 8b 4c 24 28 89 48 28 31 c0 48 8b 8c 04 20 01 00 00 <48> 89 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f [ 2315.231740] RSP: 002b:00007fffa4b7b740 EFLAGS: 00010287 [ 2315.237113] RAX: 0000000000000008 RBX: 0000000000000000 RCX: 0000000000000029 [ 2315.244388] RDX: 00000000000000a8 RSI: 00007f07e4397db0 RDI: 000000000075bfd0 [ 2315.251677] RBP: 000000000075bfd4 R08: 0000000000000000 R09: 00007f07e4398700 [ 2315.258957] R10: 00007f07e43989d0 R11: 0000000000000202 R12: 000000000075bfc8 [ 2315.266231] R13: 0000000000000005 R14: 0000000000000001 R15: 000000000075bfd4 [ 2315.307828] netlink: 'syz-executor.5': attribute type 1 has an invalid length. [ 2315.358262] Task in /syz2 killed as a result of limit of /syz2 [ 2315.377858] memory: usage 307164kB, limit 307200kB, failcnt 212143 [ 2315.415872] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 2315.424330] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2315.446647] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2315.490906] Memory cgroup stats for /syz2: cache:12KB rss:108876KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108860KB inactive_file:12KB active_file:12KB unevictable:0KB [ 2315.535832] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2315.556487] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2315.565177] Memory cgroup out of memory: Kill process 3094 (syz-executor.2) score 1106 or sacrifice child [ 2315.579380] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2315.606489] Killed process 3094 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2315.629602] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2315.641107] oom_reaper: reaped process 3094 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 12:54:29 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x70010000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:29 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:29 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x80ffffff, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:29 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2315.711601] xt_hashlimit: Unknown mode mask 80FFFFFF, kernel too old? [ 2315.742558] bond475 (unregistering): Released all slaves [ 2315.807990] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2315.824618] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2315.831190] CPU: 1 PID: 12845 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2315.839009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2315.848455] Call Trace: [ 2315.851063] dump_stack+0x197/0x210 [ 2315.854813] dump_header+0x15e/0xa55 [ 2315.858552] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2315.863685] ? ___ratelimit+0x60/0x595 [ 2315.867593] ? do_raw_spin_unlock+0x181/0x270 [ 2315.872111] oom_kill_process.cold+0x10/0x6ef [ 2315.876632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2315.882294] ? task_will_free_mem+0x139/0x6e0 [ 2315.886825] out_of_memory+0x362/0x1330 [ 2315.890814] ? lock_downgrade+0x880/0x880 [ 2315.894982] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2315.900102] ? oom_killer_disable+0x280/0x280 [ 2315.904605] ? find_held_lock+0x35/0x130 [ 2315.908707] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2315.913561] ? memcg_event_wake+0x230/0x230 [ 2315.917900] ? do_raw_spin_unlock+0x181/0x270 [ 2315.922423] ? _raw_spin_unlock+0x2d/0x50 [ 2315.926596] try_charge+0xec5/0x1490 [ 2315.930333] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2315.935191] ? lock_downgrade+0x880/0x880 [ 2315.939389] ? kasan_check_read+0x11/0x20 [ 2315.943561] memcg_kmem_charge_memcg+0x83/0x170 [ 2315.948240] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2315.952759] ? __isolate_free_page+0x4c0/0x4c0 [ 2315.957357] memcg_kmem_charge+0x13b/0x370 [ 2315.961623] __alloc_pages_nodemask+0x3c3/0x750 [ 2315.966310] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2315.971538] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2315.976131] ? trace_hardirqs_on+0x67/0x220 [ 2315.980548] copy_process.part.0+0x3e0/0x7a30 [ 2315.985078] ? mark_held_locks+0x100/0x100 [ 2315.989331] ? __might_fault+0x12b/0x1e0 [ 2315.993412] ? __cleanup_sighand+0x70/0x70 [ 2315.997665] ? lock_downgrade+0x880/0x880 [ 2316.001840] _do_fork+0x257/0xfd0 [ 2316.005309] ? fork_idle+0x1d0/0x1d0 [ 2316.009057] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2316.013831] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2316.018597] ? do_syscall_64+0x26/0x620 [ 2316.022584] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2316.027956] ? do_syscall_64+0x26/0x620 [ 2316.031950] __x64_sys_clone+0xbf/0x150 [ 2316.035940] do_syscall_64+0xfd/0x620 [ 2316.039837] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2316.045031] RIP: 0033:0x45b349 [ 2316.048238] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2316.067172] RSP: 002b:00007fbcae56ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2316.074899] RAX: ffffffffffffffda RBX: 00007fbcae56b6d4 RCX: 000000000045b349 [ 2316.082199] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000008100 [ 2316.089485] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2316.096771] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 12:54:30 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0xa8020000, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2316.105703] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c 12:54:30 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2316.192891] bond166 (unregistering): Released all slaves [ 2316.213961] Task in /syz0 killed as a result of limit of /syz0 [ 2316.222774] xt_TCPMSS: Only works on TCP SYN packets [ 2316.232317] memory: usage 307200kB, limit 307200kB, failcnt 439652 12:54:30 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000037139323", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004000000"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7fffffff}, &(0x7f0000000240)=0x8) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100025080000009a000000000a000000", @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n'], 0x3}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0xe60, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) [ 2316.283748] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 12:54:30 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000037139323", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004000000"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7fffffff}, &(0x7f0000000240)=0x8) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100025080000009a000000000a000000", @ANYRES32=r8, @ANYBLOB="000000000000000008000a000f000000"], 0x28}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0xe60, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x11, 0x0, 0x0, r6}}, 0x20}}, 0x0) [ 2316.349090] xt_TCPMSS: Only works on TCP SYN packets [ 2316.350268] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2316.364218] xt_hashlimit: Unknown mode mask A8020000, kernel too old? 12:54:30 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x80ffffff}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2316.423816] xt_TCPMSS: Only works on TCP SYN packets [ 2316.428637] Memory cgroup stats for /syz0: cache:60KB rss:111824KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111860KB inactive_file:4KB active_file:8KB unevictable:0KB 12:54:30 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0xffff1f00, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2316.502083] Memory cgroup out of memory: Kill process 9826 (syz-executor.0) score 1106 or sacrifice child [ 2316.524114] Killed process 9826 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2316.583008] netlink: 'syz-executor.5': attribute type 1 has an invalid length. [ 2316.655634] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2316.705572] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 2316.720018] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2316.734138] xt_hashlimit: Unknown mode mask FFFF1F00, kernel too old? [ 2316.745307] xt_TCPMSS: Only works on TCP SYN packets [ 2316.756886] CPU: 1 PID: 12836 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2316.765059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2316.774449] Call Trace: [ 2316.777056] dump_stack+0x197/0x210 [ 2316.780820] dump_header+0x15e/0xa55 [ 2316.784550] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2316.789664] ? ___ratelimit+0x60/0x595 [ 2316.793564] ? do_raw_spin_unlock+0x181/0x270 [ 2316.798080] oom_kill_process.cold+0x10/0x6ef [ 2316.802600] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2316.808259] ? task_will_free_mem+0x139/0x6e0 [ 2316.812777] out_of_memory+0x362/0x1330 [ 2316.816774] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2316.821897] ? oom_killer_disable+0x280/0x280 [ 2316.826477] ? find_held_lock+0x35/0x130 [ 2316.830615] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2316.835489] ? memcg_event_wake+0x230/0x230 [ 2316.839854] ? do_raw_spin_unlock+0x181/0x270 [ 2316.844378] ? _raw_spin_unlock+0x2d/0x50 [ 2316.848578] try_charge+0xc6e/0x1490 [ 2316.852307] ? lock_downgrade+0x880/0x880 [ 2316.856624] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2316.861484] ? rcu_read_unlock+0x33/0x60 [ 2316.865570] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2316.870451] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2316.876546] mem_cgroup_try_charge+0x259/0x6b0 [ 2316.881157] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2316.886111] __handle_mm_fault+0x1e50/0x3f80 [ 2316.890559] ? copy_page_range+0x2030/0x2030 [ 2316.895000] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2316.899691] handle_mm_fault+0x1b5/0x690 [ 2316.903780] __do_page_fault+0x62a/0xe90 [ 2316.907862] ? vmalloc_fault+0x740/0x740 [ 2316.911943] ? trace_hardirqs_off_caller+0x65/0x220 [ 2316.916976] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2316.921920] ? page_fault+0x8/0x30 [ 2316.925487] do_page_fault+0x71/0x57d [ 2316.929307] ? page_fault+0x8/0x30 [ 2316.932866] page_fault+0x1e/0x30 [ 2316.936330] RIP: 0033:0x412b3f 12:54:31 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x8a030000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:31 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2316.939544] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2316.958486] RSP: 002b:00007ffebaa31380 EFLAGS: 00010206 [ 2316.963867] RAX: 00007fbcae52a000 RBX: 0000000000020000 RCX: 000000000045b39a [ 2316.971151] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2316.978433] RBP: 00007ffebaa31460 R08: ffffffffffffffff R09: 0000000000000000 [ 2316.985716] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffebaa31550 [ 2316.992999] R13: 00007fbcae54a700 R14: 0000000000000001 R15: 000000000075bfd4 [ 2317.016388] Task in /syz0 killed as a result of limit of /syz0 [ 2317.024526] memory: usage 306912kB, limit 307200kB, failcnt 439652 [ 2317.038700] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2317.046568] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:54:31 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0xffffff7f, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2317.053670] Memory cgroup stats for /syz0: cache:60KB rss:111692KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111736KB inactive_file:4KB active_file:8KB unevictable:0KB [ 2317.104074] bond475 (unregistering): Released all slaves [ 2317.115185] Memory cgroup out of memory: Kill process 13420 (syz-executor.0) score 1106 or sacrifice child [ 2317.148429] Killed process 13420 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:54:31 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:31 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2317.198654] oom_reaper: reaped process 13420 (syz-executor.0), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 2317.216237] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 2317.292527] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2317.300986] xt_hashlimit: Unknown mode mask FFFFFF7F, kernel too old? [ 2317.318924] CPU: 1 PID: 8120 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2317.326661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2317.336023] Call Trace: [ 2317.338632] dump_stack+0x197/0x210 [ 2317.342281] dump_header+0x15e/0xa55 [ 2317.346020] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2317.351257] ? ___ratelimit+0x60/0x595 [ 2317.355158] ? do_raw_spin_unlock+0x181/0x270 [ 2317.359675] oom_kill_process.cold+0x10/0x6ef [ 2317.364185] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2317.369849] ? task_will_free_mem+0x139/0x6e0 [ 2317.374419] out_of_memory+0x362/0x1330 [ 2317.378427] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2317.383547] ? oom_killer_disable+0x280/0x280 [ 2317.388054] ? find_held_lock+0x35/0x130 [ 2317.392137] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2317.396992] ? memcg_event_wake+0x230/0x230 [ 2317.401332] ? do_raw_spin_unlock+0x181/0x270 [ 2317.405850] ? _raw_spin_unlock+0x2d/0x50 [ 2317.410534] try_charge+0xec5/0x1490 [ 2317.414270] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2317.419131] ? lock_downgrade+0x880/0x880 [ 2317.423308] ? kasan_check_read+0x11/0x20 [ 2317.427471] memcg_kmem_charge_memcg+0x83/0x170 [ 2317.432152] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2317.436662] ? __isolate_free_page+0x4c0/0x4c0 [ 2317.441261] memcg_kmem_charge+0x13b/0x370 [ 2317.445515] __alloc_pages_nodemask+0x3c3/0x750 [ 2317.450199] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2317.455232] ? find_held_lock+0x35/0x130 [ 2317.459305] ? copy_page_range+0x13b3/0x2030 [ 2317.463722] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2317.469274] alloc_pages_current+0x107/0x210 [ 2317.473693] pte_alloc_one+0x1b/0x1a0 [ 2317.477503] __pte_alloc+0x2a/0x360 [ 2317.481144] copy_page_range+0x16d0/0x2030 [ 2317.485422] ? vmf_insert_mixed_mkwrite+0x90/0x90 12:54:31 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0xffffff80, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2317.490281] ? __vma_link_rb+0x279/0x370 [ 2317.494377] copy_process.part.0+0x543e/0x7a30 [ 2317.499117] ? __cleanup_sighand+0x70/0x70 [ 2317.503562] _do_fork+0x257/0xfd0 [ 2317.507043] ? fork_idle+0x1d0/0x1d0 [ 2317.510806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2317.515665] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2317.516886] xt_hashlimit: overflow, try lower: 0/0 [ 2317.520432] ? do_syscall_64+0x26/0x620 [ 2317.520450] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2317.520463] ? do_syscall_64+0x26/0x620 [ 2317.520485] __x64_sys_clone+0xbf/0x150 [ 2317.534955] xt_hashlimit: overflow, try lower: 0/0 [ 2317.538852] do_syscall_64+0xfd/0x620 [ 2317.538874] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2317.538885] RIP: 0033:0x45991a [ 2317.538899] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2317.538907] RSP: 002b:00007fffa4b7b8a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 12:54:31 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2317.538921] RAX: ffffffffffffffda RBX: 00007fffa4b7b8a0 RCX: 000000000045991a [ 2317.538929] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2317.538938] RBP: 00007fffa4b7b8e0 R08: 0000000000000001 R09: 000000000149f940 [ 2317.538947] R10: 000000000149fc10 R11: 0000000000000246 R12: 0000000000000001 [ 2317.538955] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffa4b7b930 [ 2317.649007] bond166 (unregistering): Released all slaves [ 2317.676597] Task in /syz2 killed as a result of limit of /syz2 [ 2317.687690] memory: usage 307200kB, limit 307200kB, failcnt 212219 [ 2317.710621] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2317.743954] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:54:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000037139323", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004000000"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7fffffff}, &(0x7f0000000240)=0x8) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100025080000009a000000000a000000", @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n'], 0x3}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0xe60, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) 12:54:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000037139323", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004000000"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7fffffff}, &(0x7f0000000240)=0x8) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100025080000009a000000000a000000", @ANYRES32=r8, @ANYBLOB="000000000000000008000a000f000000"], 0x28}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0xe60, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0xffffff9e, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) [ 2317.777465] xt_hashlimit: Unknown mode mask FFFFFF80, kernel too old? [ 2317.778063] Memory cgroup stats for /syz2: cache:12KB rss:108872KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108876KB inactive_file:12KB active_file:16KB unevictable:0KB [ 2317.789912] xt_TCPMSS: Only works on TCP SYN packets [ 2317.906448] Memory cgroup out of memory: Kill process 4023 (syz-executor.2) score 1106 or sacrifice child [ 2317.944698] Killed process 4023 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:54:32 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:32 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2317.969073] netlink: 'syz-executor.5': attribute type 1 has an invalid length. [ 2318.045353] nla_parse: 4 callbacks suppressed [ 2318.045363] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 12:54:32 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2318.088082] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2318.124788] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 2318.218276] xt_TCPMSS: Only works on TCP SYN packets [ 2318.219150] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2318.271019] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2318.293984] xt_hashlimit: overflow, try lower: 0/0 12:54:32 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xa8020000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:32 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2318.363588] bond475 (unregistering): Released all slaves 12:54:32 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:32 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x2, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2318.670979] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 12:54:33 executing program 3: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2318.714601] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2318.745402] CPU: 0 PID: 14357 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2318.753233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2318.762596] Call Trace: [ 2318.765192] dump_stack+0x197/0x210 [ 2318.768977] dump_header+0x15e/0xa55 [ 2318.772716] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2318.777836] ? ___ratelimit+0x60/0x595 [ 2318.781744] ? do_raw_spin_unlock+0x181/0x270 [ 2318.786265] oom_kill_process.cold+0x10/0x6ef [ 2318.790792] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2318.796347] ? task_will_free_mem+0x139/0x6e0 [ 2318.800873] out_of_memory+0x362/0x1330 [ 2318.804875] ? lock_downgrade+0x880/0x880 [ 2318.809041] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2318.814164] ? oom_killer_disable+0x280/0x280 [ 2318.818679] ? find_held_lock+0x35/0x130 [ 2318.822778] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2318.827638] ? memcg_event_wake+0x230/0x230 [ 2318.831981] ? do_raw_spin_unlock+0x181/0x270 [ 2318.836500] ? _raw_spin_unlock+0x2d/0x50 [ 2318.840674] try_charge+0xec5/0x1490 [ 2318.844409] ? lock_downgrade+0x880/0x880 [ 2318.848581] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2318.853469] ? rcu_read_unlock+0x33/0x60 [ 2318.857553] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2318.862421] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2318.868515] mem_cgroup_try_charge+0x259/0x6b0 [ 2318.873123] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2318.878084] wp_page_copy+0x430/0x16a0 [ 2318.882000] ? follow_pfn+0x2a0/0x2a0 [ 2318.885830] ? do_raw_spin_unlock+0x181/0x270 [ 2318.890390] do_wp_page+0x57d/0x10b0 [ 2318.894125] ? lock_acquire+0x16f/0x3f0 [ 2318.898141] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2318.903088] ? kasan_check_write+0x14/0x20 [ 2318.907342] ? do_raw_spin_lock+0xd7/0x250 [ 2318.912124] __handle_mm_fault+0x2305/0x3f80 [ 2318.916554] ? copy_page_range+0x2030/0x2030 [ 2318.921016] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2318.925797] handle_mm_fault+0x1b5/0x690 [ 2318.929873] __do_page_fault+0x62a/0xe90 [ 2318.933952] ? vmalloc_fault+0x740/0x740 [ 2318.938032] ? trace_hardirqs_off_caller+0x65/0x220 [ 2318.943062] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2318.948018] ? page_fault+0x8/0x30 [ 2318.951589] do_page_fault+0x71/0x57d [ 2318.955411] ? page_fault+0x8/0x30 [ 2318.958972] page_fault+0x1e/0x30 [ 2318.962439] RIP: 0033:0x410398 [ 2318.965645] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 75 0c 4c 00 31 c0 e8 13 1b ff ff 31 ff e8 5c 17 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 22 66 00 [ 2318.984561] RSP: 002b:00007ffebaa313a0 EFLAGS: 00010246 [ 2318.989943] RAX: 0000000026c9c1e8 RBX: 00000000dc0983ec RCX: 0000001b2fe20000 [ 2318.997233] RDX: 0000000000000000 RSI: 00000000000001e8 RDI: ffffffff26c9c1e8 [ 2319.004518] RBP: 0000000000000001 R08: 0000000026c9c1e8 R09: 0000000026c9c1ec [ 2319.011798] R10: 00007ffebaa31540 R11: 0000000000000246 R12: 000000000075bfa8 [ 2319.019079] R13: 0000000080000000 R14: 00007fbcb056c008 R15: 0000000000000001 [ 2319.038261] Task in /syz0 killed as a result of limit of /syz0 [ 2319.045959] memory: usage 307168kB, limit 307200kB, failcnt 439674 12:54:33 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000037139323", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004000000"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7fffffff}, &(0x7f0000000240)=0x8) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100025080000009a000000000a000000", @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b'], 0x3}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0xe60, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) [ 2319.064584] xt_TCPMSS: Only works on TCP SYN packets [ 2319.092749] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2319.113619] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2319.147788] Memory cgroup stats for /syz0: cache:60KB rss:111820KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111824KB inactive_file:8KB active_file:12KB unevictable:0KB [ 2319.198670] xt_hashlimit: overflow, try lower: 0/0 12:54:33 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:33 executing program 3: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:33 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x3, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2319.267159] netlink: 'syz-executor.5': attribute type 1 has an invalid length. 12:54:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000037139323", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004000000"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7fffffff}, &(0x7f0000000240)=0x8) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100025080000009a000000000a000000", @ANYRES32=r8, @ANYBLOB="000000000000000008000a000f000000"], 0x28}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0xe60, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0xffffff7f, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) [ 2319.373552] xt_TCPMSS: Only works on TCP SYN packets [ 2319.383080] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2319.407552] xt_hashlimit: overflow, try lower: 0/0 [ 2319.441930] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2319.490918] xt_TCPMSS: Only works on TCP SYN packets [ 2319.496486] Memory cgroup out of memory: Kill process 20493 (syz-executor.0) score 1106 or sacrifice child [ 2319.536898] Killed process 20493 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:54:33 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2319.615735] bond475 (unregistering): Released all slaves [ 2319.652281] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 2319.710648] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2319.766715] CPU: 1 PID: 8120 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2319.774464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2319.784959] Call Trace: [ 2319.787559] dump_stack+0x197/0x210 [ 2319.791216] dump_header+0x15e/0xa55 [ 2319.794944] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2319.800173] ? ___ratelimit+0x60/0x595 [ 2319.804216] ? do_raw_spin_unlock+0x181/0x270 [ 2319.808741] oom_kill_process.cold+0x10/0x6ef [ 2319.813264] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2319.818943] ? task_will_free_mem+0x139/0x6e0 [ 2319.823456] out_of_memory+0x362/0x1330 [ 2319.827450] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2319.832574] ? oom_killer_disable+0x280/0x280 [ 2319.837082] ? find_held_lock+0x35/0x130 [ 2319.841169] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2319.846028] ? memcg_event_wake+0x230/0x230 [ 2319.850365] ? do_raw_spin_unlock+0x181/0x270 [ 2319.855074] ? _raw_spin_unlock+0x2d/0x50 [ 2319.859242] try_charge+0xec5/0x1490 [ 2319.862981] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2319.867852] ? lock_downgrade+0x880/0x880 [ 2319.872018] ? kasan_check_read+0x11/0x20 [ 2319.876188] memcg_kmem_charge_memcg+0x83/0x170 [ 2319.880881] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2319.885406] ? __isolate_free_page+0x4c0/0x4c0 [ 2319.890011] memcg_kmem_charge+0x13b/0x370 [ 2319.894383] __alloc_pages_nodemask+0x3c3/0x750 [ 2319.899075] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2319.904101] ? kasan_slab_alloc+0xf/0x20 [ 2319.908167] ? kmem_cache_alloc+0x12e/0x700 [ 2319.912502] ? anon_vma_fork+0x1ea/0x4a0 [ 2319.916580] ? __lock_acquire+0x6ee/0x49c0 [ 2319.920831] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2319.926067] xt_hashlimit: overflow, try lower: 0/0 [ 2319.926379] alloc_pages_current+0x107/0x210 [ 2319.926400] get_zeroed_page+0x14/0x50 [ 2319.926415] __pud_alloc+0x3b/0x250 [ 2319.926433] pud_alloc+0xde/0x150 [ 2319.926448] copy_page_range+0x371/0x2030 [ 2319.926465] ? anon_vma_fork+0x371/0x4a0 [ 2319.954969] ? vma_compute_subtree_gap+0x158/0x230 [ 2319.959920] ? vma_gap_callbacks_rotate+0x62/0x80 [ 2319.964783] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 2319.969763] ? __vma_link_rb+0x279/0x370 [ 2319.973841] copy_process.part.0+0x543e/0x7a30 [ 2319.978471] ? __cleanup_sighand+0x70/0x70 [ 2319.982742] _do_fork+0x257/0xfd0 [ 2319.986212] ? fork_idle+0x1d0/0x1d0 [ 2319.990006] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2319.994802] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2319.999567] ? do_syscall_64+0x26/0x620 [ 2320.003558] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2320.008937] ? do_syscall_64+0x26/0x620 [ 2320.012935] __x64_sys_clone+0xbf/0x150 [ 2320.016930] do_syscall_64+0xfd/0x620 [ 2320.020753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2320.025951] RIP: 0033:0x45991a [ 2320.029154] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2320.048121] RSP: 002b:00007fffa4b7b8a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2320.055855] RAX: ffffffffffffffda RBX: 00007fffa4b7b8a0 RCX: 000000000045991a 12:54:34 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x4, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2320.063188] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2320.070580] RBP: 00007fffa4b7b8e0 R08: 0000000000000001 R09: 000000000149f940 [ 2320.077863] R10: 000000000149fc10 R11: 0000000000000246 R12: 0000000000000001 [ 2320.085148] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffa4b7b930 [ 2320.103814] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 2320.130126] xt_TCPMSS: Only works on TCP SYN packets [ 2320.166348] Task in /syz2 killed as a result of limit of /syz2 [ 2320.173682] memory: usage 307096kB, limit 307200kB, failcnt 212249 [ 2320.203483] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2320.214823] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2320.220111] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2320.225288] Memory cgroup stats for /syz2: cache:12KB rss:108872KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108880KB inactive_file:16KB active_file:16KB unevictable:0KB [ 2320.256707] Memory cgroup out of memory: Kill process 4420 (syz-executor.2) score 1106 or sacrifice child [ 2320.260842] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2320.281908] Killed process 4420 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2320.319774] oom_reaper: reaped process 4420 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 2320.404577] xt_TCPMSS: Only works on TCP SYN packets 12:54:34 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:34 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:34 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xc4030000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:34 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x5, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2320.483387] bond167 (unregistering): Released all slaves 12:54:34 executing program 5: [ 2320.555394] xt_hashlimit: overflow, try lower: 0/0 12:54:34 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:34 executing program 3: r0 = epoll_create1(0x0) r1 = getpid() r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x2, 0x0) r3 = getpgrp(0x0) kcmp$KCMP_EPOLL_TFD(r3, r1, 0x7, r2, &(0x7f00000000c0)={r0}) [ 2320.631003] xt_TCPMSS: Only works on TCP SYN packets 12:54:35 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2320.735064] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2320.770132] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2320.788907] CPU: 0 PID: 15194 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2320.796741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2320.806115] Call Trace: [ 2320.808726] dump_stack+0x197/0x210 [ 2320.812378] dump_header+0x15e/0xa55 [ 2320.816115] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2320.821230] ? ___ratelimit+0x60/0x595 [ 2320.825134] ? do_raw_spin_unlock+0x181/0x270 [ 2320.829664] oom_kill_process.cold+0x10/0x6ef [ 2320.834182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2320.839741] ? task_will_free_mem+0x139/0x6e0 [ 2320.844260] out_of_memory+0x362/0x1330 [ 2320.848264] ? lock_downgrade+0x880/0x880 [ 2320.852427] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2320.857546] ? oom_killer_disable+0x280/0x280 [ 2320.862061] ? find_held_lock+0x35/0x130 [ 2320.866160] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2320.871027] ? memcg_event_wake+0x230/0x230 [ 2320.875384] ? do_raw_spin_unlock+0x181/0x270 [ 2320.879908] ? _raw_spin_unlock+0x2d/0x50 [ 2320.884081] try_charge+0xec5/0x1490 [ 2320.887927] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2320.892790] ? lock_downgrade+0x880/0x880 [ 2320.896957] ? kasan_check_read+0x11/0x20 [ 2320.901130] memcg_kmem_charge_memcg+0x83/0x170 [ 2320.905831] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2320.910353] ? __isolate_free_page+0x4c0/0x4c0 [ 2320.914954] memcg_kmem_charge+0x13b/0x370 [ 2320.919214] __alloc_pages_nodemask+0x3c3/0x750 [ 2320.923906] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2320.928951] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2320.933556] ? trace_hardirqs_on+0x67/0x220 [ 2320.937905] copy_process.part.0+0x3e0/0x7a30 [ 2320.942427] ? mark_held_locks+0x100/0x100 [ 2320.946689] ? __might_fault+0x12b/0x1e0 [ 2320.950774] ? __cleanup_sighand+0x70/0x70 [ 2320.955031] ? lock_downgrade+0x880/0x880 [ 2320.959207] _do_fork+0x257/0xfd0 [ 2320.962687] ? fork_idle+0x1d0/0x1d0 [ 2320.966427] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2320.971205] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2320.975977] ? do_syscall_64+0x26/0x620 [ 2320.979966] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2320.985340] ? do_syscall_64+0x26/0x620 [ 2320.989333] __x64_sys_clone+0xbf/0x150 [ 2320.993324] do_syscall_64+0xfd/0x620 [ 2320.997160] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2321.002360] RIP: 0033:0x45b349 [ 2321.005564] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2321.024472] RSP: 002b:00007f07e43b8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2321.032197] RAX: ffffffffffffffda RBX: 00007f07e43b96d4 RCX: 000000000045b349 [ 2321.040170] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000008100 [ 2321.047451] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2321.054737] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2321.062018] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c 12:54:35 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x7, &(0x7f0000000040)=0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_submit(r0, 0x1, &(0x7f0000000240)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 12:54:35 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x6, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:35 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8004ae98, &(0x7f00000000c0)) [ 2321.176559] Task in /syz2 killed as a result of limit of /syz2 [ 2321.206985] memory: usage 307192kB, limit 307200kB, failcnt 212296 [ 2321.214029] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2321.246863] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2321.287729] Memory cgroup stats for /syz2: cache:12KB rss:109004KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108944KB inactive_file:16KB active_file:20KB unevictable:0KB [ 2321.336851] Memory cgroup out of memory: Kill process 5500 (syz-executor.2) score 1106 or sacrifice child [ 2321.340888] xt_TCPMSS: Only works on TCP SYN packets [ 2321.371972] Killed process 5500 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2321.430181] xt_TCPMSS: Only works on TCP SYN packets 12:54:35 executing program 3: write$P9_RWALK(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000780)=ANY=[@ANYBLOB="010000000000000000000000040000"]) [ 2321.490435] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 12:54:35 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:35 executing program 5: [ 2321.607796] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2321.666363] CPU: 1 PID: 15159 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2321.674412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2321.683782] Call Trace: [ 2321.686381] dump_stack+0x197/0x210 [ 2321.690022] dump_header+0x15e/0xa55 [ 2321.693752] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2321.698865] ? ___ratelimit+0x60/0x595 [ 2321.702767] ? do_raw_spin_unlock+0x181/0x270 [ 2321.707295] oom_kill_process.cold+0x10/0x6ef [ 2321.711805] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2321.717453] ? task_will_free_mem+0x139/0x6e0 [ 2321.721970] out_of_memory+0x362/0x1330 [ 2321.725962] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2321.731078] ? oom_killer_disable+0x280/0x280 [ 2321.735586] ? find_held_lock+0x35/0x130 [ 2321.739675] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2321.744532] ? memcg_event_wake+0x230/0x230 [ 2321.748867] ? do_raw_spin_unlock+0x181/0x270 [ 2321.753371] ? _raw_spin_unlock+0x2d/0x50 [ 2321.757534] try_charge+0xc6e/0x1490 [ 2321.761283] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2321.766141] ? lock_downgrade+0x880/0x880 [ 2321.770301] ? kasan_check_read+0x11/0x20 [ 2321.774464] memcg_kmem_charge_memcg+0x83/0x170 [ 2321.779141] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2321.783654] ? __isolate_free_page+0x4c0/0x4c0 [ 2321.788264] memcg_kmem_charge+0x13b/0x370 [ 2321.792608] __alloc_pages_nodemask+0x3c3/0x750 [ 2321.797296] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2321.802345] copy_process.part.0+0x3e0/0x7a30 [ 2321.806853] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2321.811977] ? delayacct_end+0x5c/0x100 [ 2321.815964] ? __delayacct_freepages_end+0xe0/0x140 [ 2321.820997] ? __lock_acquire+0x6ee/0x49c0 [ 2321.825252] ? __cleanup_sighand+0x70/0x70 [ 2321.829496] ? mark_held_locks+0x100/0x100 [ 2321.833751] _do_fork+0x257/0xfd0 [ 2321.837221] ? fork_idle+0x1d0/0x1d0 [ 2321.840952] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2321.846848] ? kasan_check_read+0x11/0x20 [ 2321.851010] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2321.855776] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2321.860538] ? do_syscall_64+0x26/0x620 [ 2321.864520] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2321.869895] ? do_syscall_64+0x26/0x620 [ 2321.873889] __x64_sys_clone+0xbf/0x150 [ 2321.877880] do_syscall_64+0xfd/0x620 [ 2321.881915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2321.887138] RIP: 0033:0x45dd19 [ 2321.890346] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2321.909254] RSP: 002b:00007fffa4b7b608 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2321.916975] RAX: ffffffffffffffda RBX: 00007f07e4398700 RCX: 000000000045dd19 [ 2321.924254] RDX: 00007f07e43989d0 RSI: 00007f07e4397db0 RDI: 00000000003d0f00 [ 2321.931622] RBP: 00007fffa4b7b820 R08: 00007f07e4398700 R09: 00007f07e4398700 [ 2321.939027] R10: 00007f07e43989d0 R11: 0000000000000202 R12: 0000000000000000 [ 2321.946312] R13: 00007fffa4b7b6bf R14: 00007f07e43989c0 R15: 000000000075bfd4 [ 2322.038844] Task in /syz2 killed as a result of limit of /syz2 [ 2322.055367] memory: usage 306900kB, limit 307200kB, failcnt 212296 [ 2322.113242] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2322.147660] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2322.165384] Memory cgroup stats for /syz2: cache:12KB rss:108868KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108824KB inactive_file:16KB active_file:20KB unevictable:0KB [ 2322.195128] Memory cgroup out of memory: Kill process 7738 (syz-executor.2) score 1106 or sacrifice child [ 2322.226716] Killed process 7738 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2322.253712] oom_reaper: reaped process 7738 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 12:54:36 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xc6010000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:36 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x7, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:36 executing program 3: [ 2322.270492] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2322.326528] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2322.331950] CPU: 1 PID: 15321 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2322.339751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2322.349108] Call Trace: [ 2322.351705] dump_stack+0x197/0x210 [ 2322.355347] dump_header+0x15e/0xa55 [ 2322.359163] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2322.364279] ? ___ratelimit+0x60/0x595 [ 2322.368178] ? do_raw_spin_unlock+0x181/0x270 [ 2322.372689] oom_kill_process.cold+0x10/0x6ef [ 2322.377199] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2322.382747] ? task_will_free_mem+0x139/0x6e0 [ 2322.387258] out_of_memory+0x362/0x1330 [ 2322.391246] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2322.396366] ? oom_killer_disable+0x280/0x280 [ 2322.400870] ? find_held_lock+0x35/0x130 [ 2322.404953] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2322.409804] ? memcg_event_wake+0x230/0x230 [ 2322.414136] ? do_raw_spin_unlock+0x181/0x270 [ 2322.418638] ? _raw_spin_unlock+0x2d/0x50 [ 2322.422811] try_charge+0xec5/0x1490 [ 2322.426538] ? lock_downgrade+0x880/0x880 [ 2322.430703] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2322.435554] ? rcu_read_unlock+0x33/0x60 [ 2322.439619] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2322.444478] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2322.450551] mem_cgroup_try_charge+0x259/0x6b0 [ 2322.455148] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2322.460089] wp_page_copy+0x430/0x16a0 [ 2322.463991] ? follow_pfn+0x2a0/0x2a0 [ 2322.467807] ? do_raw_spin_unlock+0x181/0x270 [ 2322.472313] do_wp_page+0x57d/0x10b0 [ 2322.476045] ? lock_acquire+0x16f/0x3f0 [ 2322.480026] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2322.484707] ? kasan_check_write+0x14/0x20 [ 2322.488969] ? do_raw_spin_lock+0xd7/0x250 [ 2322.493231] __handle_mm_fault+0x2305/0x3f80 [ 2322.497651] ? copy_page_range+0x2030/0x2030 [ 2322.502092] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2322.506780] handle_mm_fault+0x1b5/0x690 [ 2322.510855] __do_page_fault+0x62a/0xe90 [ 2322.514931] ? vmalloc_fault+0x740/0x740 [ 2322.519009] ? trace_hardirqs_off_caller+0x65/0x220 [ 2322.524030] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2322.529406] ? page_fault+0x8/0x30 [ 2322.532961] do_page_fault+0x71/0x57d [ 2322.536784] ? page_fault+0x8/0x30 [ 2322.540333] page_fault+0x1e/0x30 [ 2322.543783] RIP: 0033:0x410398 [ 2322.546985] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 75 0c 4c 00 31 c0 e8 13 1b ff ff 31 ff e8 5c 17 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 22 66 00 [ 2322.565897] RSP: 002b:00007ffebaa313a0 EFLAGS: 00010246 [ 2322.572226] RAX: 000000004ff9fc06 RBX: 00000000686f2f4c RCX: 0000001b2fe20000 [ 2322.579500] RDX: 0000000000000000 RSI: 0000000000001c06 RDI: ffffffff4ff9fc06 [ 2322.586861] RBP: 0000000000000003 R08: 000000004ff9fc06 R09: 000000004ff9fc0a [ 2322.594134] R10: 00007ffebaa31540 R11: 0000000000000246 R12: 000000000075bfa8 [ 2322.601492] R13: 0000000080000000 R14: 00007fbcb056c008 R15: 0000000000000003 [ 2322.617057] Task in /syz0 killed as a result of limit of /syz0 [ 2322.623195] xt_TCPMSS: Only works on TCP SYN packets [ 2322.648076] memory: usage 307168kB, limit 307200kB, failcnt 439694 [ 2322.755783] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2322.775151] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2322.798490] Memory cgroup stats for /syz0: cache:60KB rss:111688KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111828KB inactive_file:12KB active_file:12KB unevictable:0KB [ 2322.829535] Memory cgroup out of memory: Kill process 20746 (syz-executor.0) score 1106 or sacrifice child [ 2322.844010] Killed process 20746 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:54:37 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8090ae81, &(0x7f00000000c0)) 12:54:37 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:37 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r2, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") 12:54:37 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0xa, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:37 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xdc030000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2322.953188] xt_hashlimit: overflow, try lower: 0/0 [ 2322.960412] xt_hashlimit: overflow, try lower: 0/0 [ 2323.022211] autofs4:pid:15839:validate_dev_ioctl: invalid path supplied for cmd(0x00009376) [ 2323.079927] autofs4:pid:15890:validate_dev_ioctl: invalid path supplied for cmd(0x00009376) 12:54:37 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0000000000000000000025000000080001007063690011000200303030303a30303a31302e300000000008008b00", @ANYRES32=0x0, @ANYBLOB="18c742993ec2e2117e5dddffd7e70fdc15be51cf94f10b5625fed4f171bd0ffcb0087b7ce441cb729fdd01c2829ef1f9c58ab04fdf8e8998533f569ea84bb81785b4b584e3e3e13033"], 0x5}}, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f0000000080)=0x4) ioctl$KVM_GET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f00000000c0)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 12:54:37 executing program 5: write$P9_RWALK(0xffffffffffffffff, 0x0, 0x0) pipe(0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000780)=ANY=[@ANYBLOB="01"]) 12:54:37 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x60, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:37 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2323.243055] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2323.273478] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2323.295055] CPU: 1 PID: 15840 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2323.302897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2323.312264] Call Trace: [ 2323.314864] dump_stack+0x197/0x210 [ 2323.318517] dump_header+0x15e/0xa55 [ 2323.322261] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2323.327381] ? ___ratelimit+0x60/0x595 [ 2323.331308] ? do_raw_spin_unlock+0x181/0x270 [ 2323.335822] oom_kill_process.cold+0x10/0x6ef [ 2323.340335] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2323.345888] ? task_will_free_mem+0x139/0x6e0 [ 2323.350406] out_of_memory+0x362/0x1330 [ 2323.354402] ? lock_downgrade+0x880/0x880 [ 2323.358567] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2323.363682] ? oom_killer_disable+0x280/0x280 [ 2323.368189] ? find_held_lock+0x35/0x130 [ 2323.372274] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2323.377138] ? memcg_event_wake+0x230/0x230 [ 2323.381477] ? do_raw_spin_unlock+0x181/0x270 [ 2323.385988] ? _raw_spin_unlock+0x2d/0x50 [ 2323.390159] try_charge+0xec5/0x1490 [ 2323.393907] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2323.398773] ? lock_downgrade+0x880/0x880 [ 2323.402940] ? kasan_check_read+0x11/0x20 [ 2323.407105] memcg_kmem_charge_memcg+0x83/0x170 [ 2323.411788] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2323.416304] ? __isolate_free_page+0x4c0/0x4c0 [ 2323.420912] memcg_kmem_charge+0x13b/0x370 [ 2323.425173] __alloc_pages_nodemask+0x3c3/0x750 [ 2323.429864] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2323.434905] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2323.439500] ? trace_hardirqs_on+0x67/0x220 [ 2323.443838] copy_process.part.0+0x3e0/0x7a30 [ 2323.448349] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2323.453464] ? delayacct_end+0x5c/0x100 [ 2323.457451] ? __delayacct_freepages_end+0xe0/0x140 [ 2323.462479] ? __lock_acquire+0x6ee/0x49c0 [ 2323.466742] ? __cleanup_sighand+0x70/0x70 [ 2323.471077] ? mark_held_locks+0x100/0x100 [ 2323.475339] _do_fork+0x257/0xfd0 [ 2323.478809] ? fork_idle+0x1d0/0x1d0 [ 2323.482544] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2323.488442] ? kasan_check_read+0x11/0x20 [ 2323.492600] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2323.497373] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2323.502142] ? do_syscall_64+0x26/0x620 [ 2323.506127] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2323.511524] ? do_syscall_64+0x26/0x620 [ 2323.515513] __x64_sys_clone+0xbf/0x150 [ 2323.519506] do_syscall_64+0xfd/0x620 [ 2323.523317] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2323.528507] RIP: 0033:0x45dd19 [ 2323.531708] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2323.550621] RSP: 002b:00007fffa4b7b608 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2323.558345] RAX: ffffffffffffffda RBX: 00007f07e4398700 RCX: 000000000045dd19 [ 2323.565630] RDX: 00007f07e43989d0 RSI: 00007f07e4397db0 RDI: 00000000003d0f00 [ 2323.572909] RBP: 00007fffa4b7b820 R08: 00007f07e4398700 R09: 00007f07e4398700 [ 2323.580195] R10: 00007f07e43989d0 R11: 0000000000000202 R12: 0000000000000000 [ 2323.587478] R13: 00007fffa4b7b6bf R14: 00007f07e43989c0 R15: 000000000075bfd4 12:54:37 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x20, r1, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}]}]}, 0x20}}, 0x0) 12:54:38 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2323.714291] xt_hashlimit: overflow, try lower: 0/0 [ 2323.729405] Task in /syz2 killed as a result of limit of /syz2 [ 2323.735438] memory: usage 307160kB, limit 307200kB, failcnt 212322 [ 2323.762470] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2323.773100] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:54:38 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xe8030000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2323.797144] Memory cgroup stats for /syz2: cache:12KB rss:108852KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108948KB inactive_file:20KB active_file:20KB unevictable:0KB [ 2323.797220] Memory cgroup out of memory: Kill process 9329 (syz-executor.2) score 1106 or sacrifice child [ 2323.797276] Killed process 9329 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:54:38 executing program 3: r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_DO_IT(r0, 0xab09) [ 2323.866685] tcpmss_tg6_check: 3 callbacks suppressed [ 2323.866691] xt_TCPMSS: Only works on TCP SYN packets [ 2323.929395] xt_TCPMSS: Only works on TCP SYN packets [ 2323.977518] xt_TCPMSS: Only works on TCP SYN packets 12:54:38 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x170, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:38 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000000)="290000002000190f00003fffffffda060200000000e80001dd0000040d000d00ea1100000005000000", 0x29}], 0x1) r1 = socket(0x10, 0x80002, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe8697071") setsockopt$inet_mreqn(r0, 0x0, 0x6, 0x0, 0x0) [ 2324.103843] xt_TCPMSS: Only works on TCP SYN packets [ 2324.123950] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 12:54:38 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2324.250737] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2324.275483] CPU: 0 PID: 16129 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2324.283308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2324.292666] Call Trace: [ 2324.295263] dump_stack+0x197/0x210 [ 2324.298907] dump_header+0x15e/0xa55 [ 2324.302631] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2324.307741] ? ___ratelimit+0x60/0x595 [ 2324.311635] ? do_raw_spin_unlock+0x181/0x270 [ 2324.316147] oom_kill_process.cold+0x10/0x6ef [ 2324.320656] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2324.326201] ? task_will_free_mem+0x139/0x6e0 [ 2324.330714] out_of_memory+0x362/0x1330 [ 2324.334701] ? lock_downgrade+0x880/0x880 [ 2324.338857] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2324.343971] ? oom_killer_disable+0x280/0x280 [ 2324.348594] ? find_held_lock+0x35/0x130 [ 2324.352680] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2324.357541] ? memcg_event_wake+0x230/0x230 [ 2324.361877] ? do_raw_spin_unlock+0x181/0x270 [ 2324.366383] ? _raw_spin_unlock+0x2d/0x50 [ 2324.370543] try_charge+0xec5/0x1490 [ 2324.374277] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2324.379136] ? lock_downgrade+0x880/0x880 [ 2324.383298] ? kasan_check_read+0x11/0x20 [ 2324.387464] memcg_kmem_charge_memcg+0x83/0x170 [ 2324.392145] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2324.396655] ? __isolate_free_page+0x4c0/0x4c0 12:54:38 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r1 = dup(r0) setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000040)=0x41, 0x4) [ 2324.401256] memcg_kmem_charge+0x13b/0x370 [ 2324.405510] __alloc_pages_nodemask+0x3c3/0x750 [ 2324.410197] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2324.415327] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2324.420884] alloc_pages_current+0x107/0x210 [ 2324.425311] pte_alloc_one+0x1b/0x1a0 [ 2324.429129] __pte_alloc+0x2a/0x360 [ 2324.432776] __handle_mm_fault+0x340b/0x3f80 [ 2324.437199] ? copy_page_range+0x2030/0x2030 [ 2324.441657] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2324.446348] handle_mm_fault+0x1b5/0x690 [ 2324.450431] __do_page_fault+0x62a/0xe90 [ 2324.454608] ? vmalloc_fault+0x740/0x740 [ 2324.458682] ? trace_hardirqs_off_caller+0x65/0x220 [ 2324.463707] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2324.468645] ? page_fault+0x8/0x30 [ 2324.472202] do_page_fault+0x71/0x57d [ 2324.476011] ? page_fault+0x8/0x30 [ 2324.479559] page_fault+0x1e/0x30 [ 2324.483017] RIP: 0033:0x442661 [ 2324.486221] Code: 2e 0f 1f 84 00 00 00 00 00 48 81 fa 00 04 00 00 77 77 89 d1 c1 e9 05 74 60 ff c9 48 8b 06 4c 8b 46 08 4c 8b 4e 10 4c 8b 56 18 <48> 89 07 4c 89 47 08 4c 89 4f 10 4c 89 57 18 48 8d 76 20 48 8d 7f [ 2324.505129] RSP: 002b:00007ffebaa31468 EFLAGS: 00010246 [ 2324.510507] RAX: 0000000000776172 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 2324.517785] RDX: 0000000000000020 RSI: 0000000000760110 RDI: 0000000020000100 [ 2324.525059] RBP: 00000000007600f0 R08: 0000000000000000 R09: 0000000000000000 [ 2324.532334] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20 [ 2324.540129] R13: 0000000000237665 R14: 00000000007600f8 R15: 000000000075bf2c [ 2324.550050] Task in /syz0 killed as a result of limit of /syz0 [ 2324.580290] xt_TCPMSS: Only works on TCP SYN packets [ 2324.592657] memory: usage 307200kB, limit 307200kB, failcnt 439741 [ 2324.640104] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 12:54:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000090000"]) 12:54:39 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2324.681184] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2324.714307] Memory cgroup stats for /syz0: cache:60KB rss:111688KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111860KB inactive_file:12KB active_file:16KB unevictable:0KB 12:54:39 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r1 = dup(r0) setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000040)=0x41, 0x4) [ 2324.831774] Memory cgroup out of memory: Kill process 24009 (syz-executor.0) score 1106 or sacrifice child 12:54:39 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x2a8, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2324.896275] Killed process 24009 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:54:39 executing program 5: r0 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x30}, 0xc) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)="ef", 0x1, 0x0, 0x0, 0x0) [ 2325.025762] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2325.040681] xt_hashlimit: overflow, try lower: 0/0 12:54:39 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2325.098924] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2325.111970] xt_TCPMSS: Only works on TCP SYN packets [ 2325.144609] CPU: 0 PID: 16249 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2325.152452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2325.161811] Call Trace: [ 2325.164416] dump_stack+0x197/0x210 [ 2325.168068] dump_header+0x15e/0xa55 [ 2325.171818] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2325.176934] ? ___ratelimit+0x60/0x595 [ 2325.180835] ? do_raw_spin_unlock+0x181/0x270 [ 2325.185362] oom_kill_process.cold+0x10/0x6ef [ 2325.189891] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2325.195439] ? task_will_free_mem+0x139/0x6e0 [ 2325.199953] out_of_memory+0x362/0x1330 [ 2325.203937] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2325.209054] ? oom_killer_disable+0x280/0x280 [ 2325.213557] ? find_held_lock+0x35/0x130 [ 2325.217646] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2325.222496] ? memcg_event_wake+0x230/0x230 [ 2325.226830] ? do_raw_spin_unlock+0x181/0x270 [ 2325.231348] ? _raw_spin_unlock+0x2d/0x50 [ 2325.235506] try_charge+0xec5/0x1490 [ 2325.239238] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2325.244097] ? lock_downgrade+0x880/0x880 [ 2325.248260] ? kasan_check_read+0x11/0x20 [ 2325.252422] memcg_kmem_charge_memcg+0x83/0x170 [ 2325.257098] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2325.261603] ? __isolate_free_page+0x4c0/0x4c0 [ 2325.266193] memcg_kmem_charge+0x13b/0x370 [ 2325.270442] __alloc_pages_nodemask+0x3c3/0x750 [ 2325.275471] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2325.280504] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2325.285096] ? trace_hardirqs_on+0x67/0x220 [ 2325.289439] copy_process.part.0+0x3e0/0x7a30 [ 2325.293942] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2325.299061] ? delayacct_end+0x5c/0x100 [ 2325.303043] ? __delayacct_freepages_end+0xe0/0x140 [ 2325.308090] ? __lock_acquire+0x6ee/0x49c0 [ 2325.312346] ? __cleanup_sighand+0x70/0x70 [ 2325.316589] ? mark_held_locks+0x100/0x100 [ 2325.320846] _do_fork+0x257/0xfd0 [ 2325.324316] ? fork_idle+0x1d0/0x1d0 [ 2325.328045] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2325.333939] ? kasan_check_read+0x11/0x20 [ 2325.338095] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2325.343561] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2325.348325] ? do_syscall_64+0x26/0x620 [ 2325.352307] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2325.357675] ? do_syscall_64+0x26/0x620 [ 2325.361657] __x64_sys_clone+0xbf/0x150 [ 2325.365644] do_syscall_64+0xfd/0x620 [ 2325.369457] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2325.374651] RIP: 0033:0x45dd19 [ 2325.377849] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2325.396771] RSP: 002b:00007fffa4b7b608 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2325.404484] RAX: ffffffffffffffda RBX: 00007f07e4398700 RCX: 000000000045dd19 [ 2325.411757] RDX: 00007f07e43989d0 RSI: 00007f07e4397db0 RDI: 00000000003d0f00 [ 2325.419034] RBP: 00007fffa4b7b820 R08: 00007f07e4398700 R09: 00007f07e4398700 [ 2325.426310] R10: 00007f07e43989d0 R11: 0000000000000202 R12: 0000000000000000 [ 2325.433593] R13: 00007fffa4b7b6bf R14: 00007f07e43989c0 R15: 000000000075bfd4 [ 2325.456485] Task in /syz2 killed as a result of limit of /syz2 [ 2325.467245] memory: usage 307160kB, limit 307200kB, failcnt 212342 [ 2325.493040] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2325.519206] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2325.556789] Memory cgroup stats for /syz2: cache:12KB rss:108984KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108944KB inactive_file:24KB active_file:20KB unevictable:0KB [ 2325.610889] Memory cgroup out of memory: Kill process 13672 (syz-executor.2) score 1106 or sacrifice child [ 2325.645644] Killed process 13672 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2325.670898] oom_reaper: reaped process 13672 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 2325.694352] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2325.701007] xt_TCPMSS: Only works on TCP SYN packets [ 2325.725639] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2325.746483] CPU: 1 PID: 16772 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2325.754313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2325.763669] Call Trace: [ 2325.766273] dump_stack+0x197/0x210 [ 2325.769917] dump_header+0x15e/0xa55 [ 2325.773646] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2325.778759] ? ___ratelimit+0x60/0x595 [ 2325.782652] ? do_raw_spin_unlock+0x181/0x270 [ 2325.787164] oom_kill_process.cold+0x10/0x6ef [ 2325.791680] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2325.797230] ? task_will_free_mem+0x139/0x6e0 [ 2325.801740] out_of_memory+0x362/0x1330 [ 2325.805750] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2325.810862] ? oom_killer_disable+0x280/0x280 [ 2325.815372] ? find_held_lock+0x35/0x130 [ 2325.819455] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2325.824310] ? memcg_event_wake+0x230/0x230 [ 2325.828648] ? do_raw_spin_unlock+0x181/0x270 [ 2325.833154] ? _raw_spin_unlock+0x2d/0x50 [ 2325.837319] try_charge+0xec5/0x1490 [ 2325.841048] ? lock_downgrade+0x880/0x880 [ 2325.845211] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2325.850171] ? rcu_read_unlock+0x33/0x60 [ 2325.854245] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2325.859112] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2325.865224] mem_cgroup_try_charge+0x259/0x6b0 [ 2325.869842] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2325.874788] wp_page_copy+0x430/0x16a0 [ 2325.878695] ? follow_pfn+0x2a0/0x2a0 [ 2325.882512] ? do_raw_spin_unlock+0x181/0x270 [ 2325.887019] do_wp_page+0x57d/0x10b0 [ 2325.890748] ? lock_acquire+0x16f/0x3f0 [ 2325.894734] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2325.899412] ? kasan_check_write+0x14/0x20 [ 2325.903655] ? do_raw_spin_lock+0xd7/0x250 [ 2325.907902] __handle_mm_fault+0x2305/0x3f80 [ 2325.912413] ? copy_page_range+0x2030/0x2030 [ 2325.916855] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2325.921537] handle_mm_fault+0x1b5/0x690 [ 2325.925617] __do_page_fault+0x62a/0xe90 [ 2325.929699] ? vmalloc_fault+0x740/0x740 [ 2325.933773] ? trace_hardirqs_off_caller+0x65/0x220 [ 2325.938797] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2325.943740] ? page_fault+0x8/0x30 [ 2325.947296] do_page_fault+0x71/0x57d [ 2325.951101] ? page_fault+0x8/0x30 [ 2325.954646] page_fault+0x1e/0x30 [ 2325.958103] RIP: 0033:0x410398 [ 2325.961305] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 75 0c 4c 00 31 c0 e8 13 1b ff ff 31 ff e8 5c 17 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 22 66 00 [ 2325.980225] RSP: 002b:00007ffebaa313a0 EFLAGS: 00010246 [ 2325.985602] RAX: 0000000026799769 RBX: 000000001296e78f RCX: 0000001b2fe20000 [ 2325.994028] RDX: 0000000000000000 RSI: 0000000000001769 RDI: ffffffff26799769 [ 2326.001311] RBP: 0000000000000006 R08: 0000000026799769 R09: 000000002679976d [ 2326.008706] R10: 00007ffebaa31540 R11: 0000000000000246 R12: 000000000075bfa8 [ 2326.015991] R13: 0000000080000000 R14: 00007fbcb056c008 R15: 0000000000000006 12:54:40 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xf8030000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:40 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f0000000080)=0x4) r5 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10811, r5, 0x0) 12:54:40 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:40 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x300, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:40 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x389}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000500)='net/icmp6\x00') preadv(r0, &(0x7f00000017c0), 0x37f, 0x0) [ 2326.091409] Task in /syz0 killed as a result of limit of /syz0 [ 2326.097882] memory: usage 307168kB, limit 307200kB, failcnt 439764 [ 2326.104218] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2326.111298] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2326.148199] xt_TCPMSS: Only works on TCP SYN packets [ 2326.168326] Memory cgroup stats for /syz0: cache:60KB rss:111688KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111828KB inactive_file:12KB active_file:16KB unevictable:0KB 12:54:40 executing program 5: r0 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket(0x2, 0x1, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) [ 2326.240145] xt_TCPMSS: Only works on TCP SYN packets [ 2326.280474] Memory cgroup out of memory: Kill process 25060 (syz-executor.0) score 1106 or sacrifice child [ 2326.353869] Killed process 25060 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:54:40 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:40 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4020ae46, &(0x7f0000000780)=ANY=[]) [ 2326.420600] xt_hashlimit: overflow, try lower: 0/0 [ 2326.433015] block nbd5: Receive control failed (result -107) [ 2326.441429] xt_hashlimit: overflow, try lower: 0/0 [ 2326.448102] block nbd5: shutting down sockets [ 2326.460350] block nbd5: shutting down sockets 12:54:40 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:40 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") [ 2326.488713] xt_TCPMSS: Only works on TCP SYN packets 12:54:40 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x500, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:41 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") [ 2326.702040] autofs4:pid:17043:validate_dev_ioctl: invalid path supplied for cmd(0x00009376) 12:54:41 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xfa030000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:41 executing program 3: connect$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f00000000c0)="ffb10c10ba4300b0c8ee660f38826f3cf30f01e80f69e866f20f38f015650f01c883dd000f0131baf80c66b87aa1cc8b66efbafc0ced", 0x36}], 0x28d, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000140)={[0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x4ca]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:54:41 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2326.931585] autofs4:pid:17214:validate_dev_ioctl: invalid path supplied for cmd(0x00009376) 12:54:41 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") [ 2326.990272] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 12:54:41 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x600, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2327.058095] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2327.088031] CPU: 0 PID: 17075 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2327.095863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2327.105233] Call Trace: [ 2327.107843] dump_stack+0x197/0x210 [ 2327.111498] dump_header+0x15e/0xa55 [ 2327.115226] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2327.120349] ? ___ratelimit+0x60/0x595 [ 2327.124253] ? do_raw_spin_unlock+0x181/0x270 [ 2327.128764] oom_kill_process.cold+0x10/0x6ef [ 2327.133286] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2327.138843] ? task_will_free_mem+0x139/0x6e0 [ 2327.143369] out_of_memory+0x362/0x1330 [ 2327.147357] ? lock_downgrade+0x880/0x880 [ 2327.151514] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2327.156630] ? oom_killer_disable+0x280/0x280 [ 2327.161131] ? find_held_lock+0x35/0x130 [ 2327.165219] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2327.170173] ? memcg_event_wake+0x230/0x230 [ 2327.174508] ? do_raw_spin_unlock+0x181/0x270 [ 2327.179020] ? _raw_spin_unlock+0x2d/0x50 [ 2327.183187] try_charge+0xec5/0x1490 [ 2327.186967] ? lock_downgrade+0x880/0x880 [ 2327.191158] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2327.196021] ? rcu_read_unlock+0x33/0x60 [ 2327.200088] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2327.204949] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2327.211033] mem_cgroup_try_charge+0x259/0x6b0 [ 2327.215631] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2327.220574] wp_page_copy+0x430/0x16a0 [ 2327.224485] ? follow_pfn+0x2a0/0x2a0 [ 2327.228312] ? do_raw_spin_unlock+0x181/0x270 [ 2327.232825] do_wp_page+0x57d/0x10b0 [ 2327.236560] ? lock_acquire+0x16f/0x3f0 [ 2327.240548] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2327.245496] ? kasan_check_write+0x14/0x20 [ 2327.249760] ? do_raw_spin_lock+0xd7/0x250 [ 2327.254027] __handle_mm_fault+0x2305/0x3f80 [ 2327.258460] ? copy_page_range+0x2030/0x2030 [ 2327.262910] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2327.267603] handle_mm_fault+0x1b5/0x690 [ 2327.271694] __do_page_fault+0x62a/0xe90 [ 2327.275797] ? vmalloc_fault+0x740/0x740 [ 2327.279885] ? trace_hardirqs_off_caller+0x65/0x220 [ 2327.284908] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2327.289953] ? page_fault+0x8/0x30 [ 2327.293514] do_page_fault+0x71/0x57d [ 2327.297394] ? page_fault+0x8/0x30 [ 2327.300974] page_fault+0x1e/0x30 [ 2327.304434] RIP: 0033:0x410398 [ 2327.307636] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 75 0c 4c 00 31 c0 e8 13 1b ff ff 31 ff e8 5c 17 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 22 66 00 [ 2327.326862] RSP: 002b:00007ffebaa313a0 EFLAGS: 00010246 [ 2327.332272] RAX: 000000009286098e RBX: 00000000c388343c RCX: 0000001b2fe20000 [ 2327.339571] RDX: 0000000000000000 RSI: 000000000000098e RDI: ffffffff9286098e [ 2327.346862] RBP: 000000000000000b R08: 000000009286098e R09: 0000000092860992 12:54:41 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xfc030000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2327.354155] R10: 00007ffebaa31540 R11: 0000000000000246 R12: 000000000075bfa8 [ 2327.361429] R13: 0000000080000000 R14: 00007fbcb056c008 R15: 000000000000000b [ 2327.406895] autofs4:pid:17314:validate_dev_ioctl: invalid path supplied for cmd(0x00009376) 12:54:41 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") 12:54:41 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2327.602572] Task in /syz0 killed as a result of limit of /syz0 [ 2327.624095] memory: usage 307164kB, limit 307200kB, failcnt 439790 [ 2327.650413] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2327.671224] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2327.684137] Memory cgroup stats for /syz0: cache:60KB rss:111820KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111824KB inactive_file:16KB active_file:16KB unevictable:0KB [ 2327.749006] Memory cgroup out of memory: Kill process 30319 (syz-executor.0) score 1106 or sacrifice child [ 2327.765344] autofs4:pid:17571:validate_dev_ioctl: invalid path supplied for cmd(0x00009376) [ 2327.789486] Killed process 30319 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2327.892638] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2327.907984] xt_hashlimit: overflow, try lower: 0/0 [ 2327.944514] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2327.967118] CPU: 0 PID: 17445 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2327.968796] xt_hashlimit: overflow, try lower: 0/0 [ 2327.975064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2327.975071] Call Trace: [ 2327.975092] dump_stack+0x197/0x210 [ 2327.975117] dump_header+0x15e/0xa55 [ 2327.999314] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2328.004555] ? ___ratelimit+0x60/0x595 [ 2328.008455] ? do_raw_spin_unlock+0x181/0x270 [ 2328.012974] oom_kill_process.cold+0x10/0x6ef [ 2328.017497] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2328.023051] ? task_will_free_mem+0x139/0x6e0 [ 2328.027565] out_of_memory+0x362/0x1330 [ 2328.031558] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2328.036775] ? oom_killer_disable+0x280/0x280 [ 2328.041284] ? find_held_lock+0x35/0x130 [ 2328.045374] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2328.050234] ? memcg_event_wake+0x230/0x230 [ 2328.054574] ? do_raw_spin_unlock+0x181/0x270 [ 2328.059089] ? _raw_spin_unlock+0x2d/0x50 [ 2328.063253] try_charge+0xec5/0x1490 [ 2328.066986] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2328.071850] ? lock_downgrade+0x880/0x880 [ 2328.076019] ? kasan_check_read+0x11/0x20 [ 2328.080191] memcg_kmem_charge_memcg+0x83/0x170 [ 2328.084878] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2328.089405] ? __isolate_free_page+0x4c0/0x4c0 [ 2328.094227] memcg_kmem_charge+0x13b/0x370 [ 2328.098505] __alloc_pages_nodemask+0x3c3/0x750 [ 2328.103188] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2328.108226] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2328.112829] ? trace_hardirqs_on+0x67/0x220 [ 2328.117172] copy_process.part.0+0x3e0/0x7a30 [ 2328.121680] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2328.126796] ? delayacct_end+0x5c/0x100 [ 2328.130785] ? __delayacct_freepages_end+0xe0/0x140 [ 2328.135818] ? __lock_acquire+0x6ee/0x49c0 [ 2328.140077] ? __cleanup_sighand+0x70/0x70 [ 2328.144327] ? mark_held_locks+0x100/0x100 [ 2328.148591] _do_fork+0x257/0xfd0 [ 2328.152181] ? fork_idle+0x1d0/0x1d0 [ 2328.155923] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2328.161820] ? kasan_check_read+0x11/0x20 [ 2328.166082] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2328.170858] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2328.175639] ? do_syscall_64+0x26/0x620 [ 2328.179627] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2328.184999] ? do_syscall_64+0x26/0x620 [ 2328.188992] __x64_sys_clone+0xbf/0x150 [ 2328.192980] do_syscall_64+0xfd/0x620 [ 2328.196814] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2328.202016] RIP: 0033:0x45dd19 [ 2328.205219] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2328.224241] RSP: 002b:00007fffa4b7b608 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2328.231972] RAX: ffffffffffffffda RBX: 00007f07e4398700 RCX: 000000000045dd19 12:54:42 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:42 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x700, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:42 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl(0xffffffffffffffff, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") 12:54:42 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:42 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl(0xffffffffffffffff, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") [ 2328.239256] RDX: 00007f07e43989d0 RSI: 00007f07e4397db0 RDI: 00000000003d0f00 [ 2328.246545] RBP: 00007fffa4b7b820 R08: 00007f07e4398700 R09: 00007f07e4398700 [ 2328.253999] R10: 00007f07e43989d0 R11: 0000000000000202 R12: 0000000000000000 [ 2328.261325] R13: 00007fffa4b7b6bf R14: 00007f07e43989c0 R15: 000000000075bfd4 12:54:42 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:42 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0xa00, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2328.476846] Task in /syz2 killed as a result of limit of /syz2 [ 2328.501411] memory: usage 307168kB, limit 307200kB, failcnt 212367 [ 2328.541502] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2328.585240] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2328.602798] xt_hashlimit: overflow, try lower: 0/0 12:54:42 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:42 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl(0xffffffffffffffff, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") [ 2328.615538] Memory cgroup stats for /syz2: cache:12KB rss:108940KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108944KB inactive_file:24KB active_file:28KB unevictable:0KB [ 2328.654535] xt_hashlimit: overflow, try lower: 0/0 [ 2328.878136] Memory cgroup out of memory: Kill process 21615 (syz-executor.2) score 1106 or sacrifice child [ 2328.893735] Killed process 21615 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2328.932692] oom_reaper: reaped process 21615 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 2328.997045] tcpmss_tg6_check: 8 callbacks suppressed [ 2328.997052] xt_TCPMSS: Only works on TCP SYN packets 12:54:43 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xffff1f00}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:43 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:43 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:43 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") 12:54:43 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x2000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:43 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:43 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") [ 2329.246780] autofs4:pid:18090:validate_dev_ioctl: invalid path supplied for cmd(0x00009376) [ 2329.267239] xt_hashlimit: overflow, try lower: 0/0 [ 2329.268031] xt_TCPMSS: Only works on TCP SYN packets [ 2329.330950] xt_hashlimit: overflow, try lower: 0/0 12:54:43 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:43 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2329.515917] xt_TCPMSS: Only works on TCP SYN packets [ 2329.554602] autofs4:pid:18321:validate_dev_ioctl: invalid path supplied for cmd(0x00009376) 12:54:43 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x3f00, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:43 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") 12:54:43 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:43 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xffffff7f}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2329.720549] xt_hashlimit: overflow, try lower: 0/0 12:54:44 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2329.766504] xt_TCPMSS: Only works on TCP SYN packets [ 2329.846776] xt_TCPMSS: Only works on TCP SYN packets 12:54:44 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2329.906895] autofs4:pid:18429:validate_dev_ioctl: invalid path supplied for cmd(0x00009376) 12:54:44 executing program 5: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") 12:54:44 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) sendfile(r0, 0xffffffffffffffff, 0x0, 0xa808) 12:54:44 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x4000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2330.099924] xt_hashlimit: overflow, try lower: 0/0 [ 2330.124550] autofs4:pid:18612:validate_dev_ioctl: invalid path supplied for cmd(0x00009376) 12:54:44 executing program 5: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") 12:54:44 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:44 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) sendfile(r0, 0xffffffffffffffff, 0x0, 0xa808) [ 2330.319139] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2330.367070] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2330.374024] CPU: 0 PID: 18416 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2330.381851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2330.391214] Call Trace: [ 2330.393814] dump_stack+0x197/0x210 [ 2330.397466] dump_header+0x15e/0xa55 [ 2330.401307] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2330.406423] ? ___ratelimit+0x60/0x595 [ 2330.410324] ? do_raw_spin_unlock+0x181/0x270 [ 2330.414840] oom_kill_process.cold+0x10/0x6ef [ 2330.419350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2330.424900] ? task_will_free_mem+0x139/0x6e0 [ 2330.429502] out_of_memory+0x362/0x1330 [ 2330.433504] ? lock_downgrade+0x880/0x880 [ 2330.437673] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2330.442798] ? oom_killer_disable+0x280/0x280 [ 2330.447310] ? find_held_lock+0x35/0x130 [ 2330.451390] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2330.456244] ? memcg_event_wake+0x230/0x230 [ 2330.460588] ? do_raw_spin_unlock+0x181/0x270 [ 2330.465104] ? _raw_spin_unlock+0x2d/0x50 [ 2330.469273] try_charge+0xec5/0x1490 [ 2330.473004] ? lock_downgrade+0x880/0x880 [ 2330.477175] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2330.482027] ? rcu_read_unlock+0x33/0x60 [ 2330.486107] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2330.490972] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2330.497059] mem_cgroup_try_charge+0x259/0x6b0 [ 2330.501665] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2330.506612] wp_page_copy+0x430/0x16a0 [ 2330.510523] ? follow_pfn+0x2a0/0x2a0 [ 2330.514353] ? do_raw_spin_unlock+0x181/0x270 [ 2330.518870] do_wp_page+0x57d/0x10b0 [ 2330.522600] ? lock_acquire+0x16f/0x3f0 [ 2330.526589] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2330.531274] ? kasan_check_write+0x14/0x20 [ 2330.535520] ? do_raw_spin_lock+0xd7/0x250 [ 2330.539780] __handle_mm_fault+0x2305/0x3f80 [ 2330.544202] ? copy_page_range+0x2030/0x2030 [ 2330.548642] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2330.553332] handle_mm_fault+0x1b5/0x690 [ 2330.557417] __do_page_fault+0x62a/0xe90 [ 2330.561493] ? vmalloc_fault+0x740/0x740 12:54:44 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2330.565590] ? trace_hardirqs_off_caller+0x65/0x220 [ 2330.570711] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2330.575660] ? page_fault+0x8/0x30 [ 2330.579222] do_page_fault+0x71/0x57d [ 2330.583031] ? page_fault+0x8/0x30 [ 2330.586586] page_fault+0x1e/0x30 [ 2330.590041] RIP: 0033:0x410398 [ 2330.593241] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 75 0c 4c 00 31 c0 e8 13 1b ff ff 31 ff e8 5c 17 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 22 66 00 [ 2330.612151] RSP: 002b:00007fffa4b7b670 EFLAGS: 00010246 [ 2330.617526] RAX: 0000000060ee87ea RBX: 00000000a709c79f RCX: 0000001b30320000 [ 2330.624798] RDX: 0000000000000000 RSI: 00000000000007ea RDI: ffffffff60ee87ea [ 2330.632065] RBP: 0000000000000005 R08: 0000000060ee87ea R09: 0000000060ee87ee [ 2330.639336] R10: 00007fffa4b7b810 R11: 0000000000000246 R12: 000000000075bfa8 [ 2330.646604] R13: 0000000080000000 R14: 00007f07e63ba008 R15: 0000000000000005 [ 2330.675413] Task in /syz2 killed as a result of limit of /syz2 [ 2330.682531] autofs4:pid:18745:validate_dev_ioctl: invalid path supplied for cmd(0x00009376) [ 2330.690988] memory: usage 307168kB, limit 307200kB, failcnt 212401 [ 2330.708675] xt_hashlimit: overflow, try lower: 0/0 [ 2330.713312] xt_TCPMSS: Only works on TCP SYN packets [ 2330.740806] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2330.780102] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:54:45 executing program 5: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") [ 2330.800196] Memory cgroup stats for /syz2: cache:12KB rss:108860KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108932KB inactive_file:0KB active_file:0KB unevictable:0KB 12:54:45 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) sendfile(r0, 0xffffffffffffffff, 0x0, 0xa808) [ 2331.044524] autofs4:pid:19023:validate_dev_ioctl: invalid path supplied for cmd(0x00009376) [ 2331.186760] Memory cgroup out of memory: Kill process 24041 (syz-executor.2) score 1106 or sacrifice child [ 2331.209257] Killed process 24041 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2331.280775] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2331.312356] xt_TCPMSS: Only works on TCP SYN packets [ 2331.327325] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2331.332840] CPU: 0 PID: 18742 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2331.340643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2331.350001] Call Trace: [ 2331.352598] dump_stack+0x197/0x210 [ 2331.356247] dump_header+0x15e/0xa55 [ 2331.359982] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2331.365109] ? ___ratelimit+0x60/0x595 [ 2331.369035] ? do_raw_spin_unlock+0x181/0x270 [ 2331.373550] oom_kill_process.cold+0x10/0x6ef [ 2331.378064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2331.383613] ? task_will_free_mem+0x139/0x6e0 [ 2331.388130] out_of_memory+0x362/0x1330 [ 2331.392120] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2331.397238] ? oom_killer_disable+0x280/0x280 [ 2331.401748] ? find_held_lock+0x35/0x130 [ 2331.405831] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2331.410683] ? memcg_event_wake+0x230/0x230 [ 2331.415020] ? do_raw_spin_unlock+0x181/0x270 [ 2331.419526] ? _raw_spin_unlock+0x2d/0x50 [ 2331.423684] try_charge+0xec5/0x1490 [ 2331.427417] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2331.432274] ? lock_downgrade+0x880/0x880 [ 2331.436436] ? kasan_check_read+0x11/0x20 [ 2331.440630] memcg_kmem_charge_memcg+0x83/0x170 [ 2331.445311] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2331.449819] ? __isolate_free_page+0x4c0/0x4c0 [ 2331.454412] memcg_kmem_charge+0x13b/0x370 [ 2331.458666] __alloc_pages_nodemask+0x3c3/0x750 [ 2331.463354] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2331.468389] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2331.472976] ? trace_hardirqs_on+0x67/0x220 [ 2331.477315] copy_process.part.0+0x3e0/0x7a30 [ 2331.481818] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2331.486932] ? delayacct_end+0x5c/0x100 [ 2331.490920] ? __delayacct_freepages_end+0xe0/0x140 [ 2331.495959] ? __lock_acquire+0x6ee/0x49c0 [ 2331.500216] ? __cleanup_sighand+0x70/0x70 [ 2331.504462] ? mark_held_locks+0x100/0x100 [ 2331.508723] _do_fork+0x257/0xfd0 [ 2331.512191] ? fork_idle+0x1d0/0x1d0 [ 2331.515921] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2331.521815] ? kasan_check_read+0x11/0x20 [ 2331.525973] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2331.530751] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2331.535517] ? do_syscall_64+0x26/0x620 [ 2331.539506] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2331.544875] ? do_syscall_64+0x26/0x620 [ 2331.548863] __x64_sys_clone+0xbf/0x150 [ 2331.552851] do_syscall_64+0xfd/0x620 [ 2331.556662] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2331.561854] RIP: 0033:0x45dd19 [ 2331.565055] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2331.583964] RSP: 002b:00007ffebaa31338 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2331.591693] RAX: ffffffffffffffda RBX: 00007fbcae54a700 RCX: 000000000045dd19 [ 2331.598978] RDX: 00007fbcae54a9d0 RSI: 00007fbcae549db0 RDI: 00000000003d0f00 [ 2331.606265] RBP: 00007ffebaa31550 R08: 00007fbcae54a700 R09: 00007fbcae54a700 [ 2331.613549] R10: 00007fbcae54a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2331.620828] R13: 00007ffebaa313ef R14: 00007fbcae54a9c0 R15: 000000000075bfd4 12:54:45 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xffffff80}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:45 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x6000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:45 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:45 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") 12:54:45 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) [ 2331.651925] Task in /syz0 killed as a result of limit of /syz0 [ 2331.671522] memory: usage 307164kB, limit 307200kB, failcnt 439848 [ 2331.713789] xt_TCPMSS: Only works on TCP SYN packets [ 2331.734998] xt_TCPMSS: Only works on TCP SYN packets [ 2331.736360] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2331.788135] autofs4:pid:19036:validate_dev_ioctl: invalid path supplied for cmd(0x00009376) [ 2331.799698] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:54:46 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) [ 2331.834492] Memory cgroup stats for /syz0: cache:60KB rss:111816KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111856KB inactive_file:4KB active_file:0KB unevictable:0KB 12:54:46 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") [ 2331.916997] Memory cgroup out of memory: Kill process 30940 (syz-executor.0) score 1106 or sacrifice child [ 2331.941186] Killed process 30940 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2332.024659] xt_TCPMSS: Only works on TCP SYN packets [ 2332.093610] xt_hashlimit: overflow, try lower: 0/0 [ 2332.119378] autofs4:pid:19300:validate_dev_ioctl: invalid path supplied for cmd(0x00009376) 12:54:46 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:46 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x7001, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:46 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:46 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:46 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") 12:54:46 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:46 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x4000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:46 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0xa802, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:46 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(0xffffffffffffffff, r0, 0x0, 0xa808) [ 2332.582400] autofs4:pid:19570:validate_dev_ioctl: invalid path supplied for cmd(0x00009376) [ 2332.610463] xt_hashlimit: overflow, try lower: 0/0 12:54:46 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:46 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") 12:54:47 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:47 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(0xffffffffffffffff, r0, 0x0, 0xa808) [ 2332.737870] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2332.797300] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2332.802731] CPU: 1 PID: 19599 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2332.810530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2332.819892] Call Trace: [ 2332.822579] dump_stack+0x197/0x210 [ 2332.826225] dump_header+0x15e/0xa55 [ 2332.829960] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2332.835071] ? ___ratelimit+0x60/0x595 [ 2332.838967] ? do_raw_spin_unlock+0x181/0x270 [ 2332.843473] oom_kill_process.cold+0x10/0x6ef [ 2332.848070] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2332.853618] ? task_will_free_mem+0x139/0x6e0 [ 2332.858133] out_of_memory+0x362/0x1330 [ 2332.862125] ? lock_downgrade+0x880/0x880 [ 2332.866397] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2332.871514] ? oom_killer_disable+0x280/0x280 [ 2332.876016] ? find_held_lock+0x35/0x130 [ 2332.880107] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2332.884965] ? memcg_event_wake+0x230/0x230 [ 2332.889303] ? do_raw_spin_unlock+0x181/0x270 [ 2332.893806] ? _raw_spin_unlock+0x2d/0x50 [ 2332.897965] try_charge+0xec5/0x1490 [ 2332.901705] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2332.906560] ? lock_downgrade+0x880/0x880 [ 2332.910718] ? kasan_check_read+0x11/0x20 [ 2332.914882] memcg_kmem_charge_memcg+0x83/0x170 [ 2332.919650] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2332.924165] ? __isolate_free_page+0x4c0/0x4c0 [ 2332.928761] memcg_kmem_charge+0x13b/0x370 [ 2332.933010] __alloc_pages_nodemask+0x3c3/0x750 [ 2332.937698] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2332.942727] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2332.947315] ? trace_hardirqs_on+0x67/0x220 [ 2332.951657] copy_process.part.0+0x3e0/0x7a30 [ 2332.956162] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2332.961277] ? delayacct_end+0x5c/0x100 [ 2332.965266] ? __delayacct_freepages_end+0xe0/0x140 [ 2332.970299] ? __lock_acquire+0x6ee/0x49c0 [ 2332.974557] ? __cleanup_sighand+0x70/0x70 [ 2332.978808] ? mark_held_locks+0x100/0x100 [ 2332.983070] _do_fork+0x257/0xfd0 [ 2332.986540] ? fork_idle+0x1d0/0x1d0 [ 2332.990274] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2332.996168] ? kasan_check_read+0x11/0x20 [ 2333.000329] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2333.005104] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2333.009868] ? do_syscall_64+0x26/0x620 [ 2333.013854] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2333.019228] ? do_syscall_64+0x26/0x620 [ 2333.023223] __x64_sys_clone+0xbf/0x150 [ 2333.027208] do_syscall_64+0xfd/0x620 [ 2333.031022] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2333.036217] RIP: 0033:0x45dd19 [ 2333.039424] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2333.058333] RSP: 002b:00007fffa4b7b608 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2333.066056] RAX: ffffffffffffffda RBX: 00007f07e4398700 RCX: 000000000045dd19 [ 2333.073339] RDX: 00007f07e43989d0 RSI: 00007f07e4397db0 RDI: 00000000003d0f00 [ 2333.080619] RBP: 00007fffa4b7b820 R08: 00007f07e4398700 R09: 00007f07e4398700 [ 2333.087904] R10: 00007f07e43989d0 R11: 0000000000000202 R12: 0000000000000000 12:54:47 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") 12:54:47 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") [ 2333.095184] R13: 00007fffa4b7b6bf R14: 00007f07e43989c0 R15: 000000000075bfd4 [ 2333.107519] Task in /syz2 killed as a result of limit of /syz2 [ 2333.137385] memory: usage 307132kB, limit 307200kB, failcnt 212443 [ 2333.158529] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2333.185874] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:54:47 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:47 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:47 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x40000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2333.204053] Memory cgroup stats for /syz2: cache:12KB rss:108860KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108956KB inactive_file:0KB active_file:4KB unevictable:0KB [ 2333.237291] Memory cgroup out of memory: Kill process 19026 (syz-executor.2) score 1106 or sacrifice child [ 2333.294722] Killed process 19026 (syz-executor.2) total-vm:72852kB, anon-rss:168kB, file-rss:35724kB, shmem-rss:0kB 12:54:47 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x100000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:47 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(0xffffffffffffffff, r0, 0x0, 0xa808) 12:54:47 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") 12:54:47 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2333.576249] hashlimit_mt_check_common: 2 callbacks suppressed [ 2333.576259] xt_hashlimit: overflow, try lower: 0/0 12:54:47 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:47 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") 12:54:47 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:48 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x1fffff, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:48 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x200000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:48 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0x8000040000009376, &(0x7f0000000140)="01000000000000001801") 12:54:48 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2334.021230] tcpmss_tg6_check: 8 callbacks suppressed [ 2334.021238] xt_TCPMSS: Only works on TCP SYN packets [ 2334.061333] xt_hashlimit: overflow, try lower: 0/0 [ 2334.134016] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2334.177311] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2334.187477] xt_TCPMSS: Only works on TCP SYN packets [ 2334.263983] CPU: 1 PID: 20360 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2334.271829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2334.281191] Call Trace: [ 2334.283813] dump_stack+0x197/0x210 [ 2334.287472] dump_header+0x15e/0xa55 [ 2334.291206] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2334.296329] ? ___ratelimit+0x60/0x595 [ 2334.300235] ? do_raw_spin_unlock+0x181/0x270 [ 2334.304754] oom_kill_process.cold+0x10/0x6ef [ 2334.309266] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2334.314857] ? task_will_free_mem+0x139/0x6e0 [ 2334.318021] xt_TCPMSS: Only works on TCP SYN packets [ 2334.319371] out_of_memory+0x362/0x1330 [ 2334.319396] ? lock_downgrade+0x880/0x880 [ 2334.332596] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2334.337715] ? oom_killer_disable+0x280/0x280 [ 2334.342366] ? find_held_lock+0x35/0x130 [ 2334.346455] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2334.351319] ? memcg_event_wake+0x230/0x230 [ 2334.355787] ? do_raw_spin_unlock+0x181/0x270 [ 2334.360295] ? _raw_spin_unlock+0x2d/0x50 [ 2334.364458] try_charge+0xec5/0x1490 [ 2334.368190] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2334.373048] ? lock_downgrade+0x880/0x880 [ 2334.377217] ? kasan_check_read+0x11/0x20 [ 2334.381387] memcg_kmem_charge_memcg+0x83/0x170 [ 2334.386068] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2334.390581] ? __isolate_free_page+0x4c0/0x4c0 [ 2334.395182] memcg_kmem_charge+0x13b/0x370 [ 2334.399436] __alloc_pages_nodemask+0x3c3/0x750 [ 2334.404127] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2334.409163] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2334.413760] ? trace_hardirqs_on+0x67/0x220 [ 2334.418107] copy_process.part.0+0x3e0/0x7a30 [ 2334.422615] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2334.427856] ? delayacct_end+0x5c/0x100 [ 2334.431864] ? __delayacct_freepages_end+0xe0/0x140 [ 2334.436897] ? __lock_acquire+0x6ee/0x49c0 [ 2334.441150] ? __cleanup_sighand+0x70/0x70 [ 2334.445396] ? mark_held_locks+0x100/0x100 [ 2334.449660] _do_fork+0x257/0xfd0 [ 2334.453133] ? fork_idle+0x1d0/0x1d0 [ 2334.456907] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2334.462844] ? kasan_check_read+0x11/0x20 [ 2334.467011] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2334.471890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2334.476661] ? do_syscall_64+0x26/0x620 [ 2334.480646] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2334.486027] ? do_syscall_64+0x26/0x620 [ 2334.490023] __x64_sys_clone+0xbf/0x150 [ 2334.494023] do_syscall_64+0xfd/0x620 [ 2334.497848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2334.503177] RIP: 0033:0x45dd19 [ 2334.506383] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2334.525407] RSP: 002b:00007ffebaa31338 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2334.533134] RAX: ffffffffffffffda RBX: 00007fbcae54a700 RCX: 000000000045dd19 [ 2334.540420] RDX: 00007fbcae54a9d0 RSI: 00007fbcae549db0 RDI: 00000000003d0f00 [ 2334.547704] RBP: 00007ffebaa31550 R08: 00007fbcae54a700 R09: 00007fbcae54a700 [ 2334.554979] R10: 00007fbcae54a9d0 R11: 0000000000000202 R12: 0000000000000000 12:54:48 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x300000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:48 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) [ 2334.562259] R13: 00007ffebaa313ef R14: 00007fbcae54a9c0 R15: 000000000075bfd4 12:54:48 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2334.616476] Task in /syz0 killed as a result of limit of /syz0 12:54:48 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x0, &(0x7f0000000140)="01000000000000001801") 12:54:48 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x400000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2334.695138] memory: usage 307152kB, limit 307200kB, failcnt 439872 [ 2334.726585] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2334.742097] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2334.757429] Memory cgroup stats for /syz0: cache:60KB rss:111816KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111844KB inactive_file:8KB active_file:4KB unevictable:0KB [ 2334.802387] Memory cgroup out of memory: Kill process 31066 (syz-executor.0) score 1106 or sacrifice child [ 2334.813203] Killed process 31066 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:54:49 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:49 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x1000000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:49 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:49 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x0, &(0x7f0000000140)="01000000000000001801") 12:54:49 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2335.013585] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 2335.050373] xt_TCPMSS: Only works on TCP SYN packets [ 2335.074323] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2335.101507] CPU: 1 PID: 8120 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2335.106498] xt_hashlimit: overflow, try lower: 0/0 [ 2335.109285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2335.123671] Call Trace: [ 2335.126396] dump_stack+0x197/0x210 [ 2335.130060] dump_header+0x15e/0xa55 [ 2335.133792] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2335.138909] ? ___ratelimit+0x60/0x595 [ 2335.142810] ? do_raw_spin_unlock+0x181/0x270 [ 2335.147325] oom_kill_process.cold+0x10/0x6ef [ 2335.151845] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2335.157418] ? task_will_free_mem+0x139/0x6e0 [ 2335.162041] out_of_memory+0x362/0x1330 [ 2335.166033] ? lock_downgrade+0x880/0x880 [ 2335.170198] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2335.175322] ? oom_killer_disable+0x280/0x280 [ 2335.179835] ? find_held_lock+0x35/0x130 [ 2335.183924] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2335.188789] ? memcg_event_wake+0x230/0x230 [ 2335.193144] ? do_raw_spin_unlock+0x181/0x270 [ 2335.197662] ? _raw_spin_unlock+0x2d/0x50 [ 2335.201830] try_charge+0xec5/0x1490 [ 2335.205574] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2335.210442] ? lock_downgrade+0x880/0x880 [ 2335.214611] ? kasan_check_read+0x11/0x20 [ 2335.218778] memcg_kmem_charge_memcg+0x83/0x170 [ 2335.223461] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2335.227971] ? __isolate_free_page+0x4c0/0x4c0 [ 2335.232571] memcg_kmem_charge+0x13b/0x370 [ 2335.236838] __alloc_pages_nodemask+0x3c3/0x750 [ 2335.241545] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2335.246579] ? find_held_lock+0x35/0x130 [ 2335.250660] ? copy_page_range+0x13b3/0x2030 [ 2335.255083] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2335.260640] alloc_pages_current+0x107/0x210 [ 2335.265078] pte_alloc_one+0x1b/0x1a0 [ 2335.268894] __pte_alloc+0x2a/0x360 [ 2335.272537] copy_page_range+0x16d0/0x2030 [ 2335.276818] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 2335.281687] ? __vma_link_rb+0x279/0x370 [ 2335.285799] copy_process.part.0+0x543e/0x7a30 [ 2335.290427] ? __cleanup_sighand+0x70/0x70 [ 2335.294710] _do_fork+0x257/0xfd0 [ 2335.298192] ? fork_idle+0x1d0/0x1d0 [ 2335.301935] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2335.306714] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2335.311496] ? do_syscall_64+0x26/0x620 [ 2335.315490] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2335.320872] ? do_syscall_64+0x26/0x620 [ 2335.324871] __x64_sys_clone+0xbf/0x150 [ 2335.328867] do_syscall_64+0xfd/0x620 [ 2335.332693] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2335.337900] RIP: 0033:0x45991a [ 2335.341109] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2335.360150] RSP: 002b:00007fffa4b7b8a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2335.367882] RAX: ffffffffffffffda RBX: 00007fffa4b7b8a0 RCX: 000000000045991a 12:54:49 executing program 3: dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:49 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x2000000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2335.375165] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2335.382446] RBP: 00007fffa4b7b8e0 R08: 0000000000000001 R09: 000000000149f940 [ 2335.389838] R10: 000000000149fc10 R11: 0000000000000246 R12: 0000000000000001 [ 2335.397121] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffa4b7b930 12:54:49 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2335.426961] xt_hashlimit: overflow, try lower: 0/0 12:54:49 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x0, &(0x7f0000000140)="01000000000000001801") [ 2335.566022] Task in /syz2 killed as a result of limit of /syz2 [ 2335.597459] xt_TCPMSS: Only works on TCP SYN packets [ 2335.608572] memory: usage 307200kB, limit 307200kB, failcnt 212512 12:54:49 executing program 3: dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) [ 2335.614918] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2335.646453] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2335.674960] Memory cgroup stats for /syz2: cache:12KB rss:108820KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108936KB inactive_file:0KB active_file:4KB unevictable:0KB 12:54:50 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2335.750480] Memory cgroup out of memory: Kill process 25484 (syz-executor.2) score 1106 or sacrifice child [ 2335.804116] Killed process 25484 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2335.862670] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 2335.916370] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2335.921794] CPU: 0 PID: 8115 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2335.929513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2335.938887] Call Trace: [ 2335.941490] dump_stack+0x197/0x210 [ 2335.945139] dump_header+0x15e/0xa55 [ 2335.948867] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2335.954081] ? ___ratelimit+0x60/0x595 [ 2335.957979] ? do_raw_spin_unlock+0x181/0x270 [ 2335.962493] oom_kill_process.cold+0x10/0x6ef [ 2335.967005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2335.974465] ? task_will_free_mem+0x139/0x6e0 [ 2335.978986] out_of_memory+0x362/0x1330 [ 2335.982973] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2335.988093] ? oom_killer_disable+0x280/0x280 [ 2335.992599] ? find_held_lock+0x35/0x130 [ 2335.996720] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2336.001582] ? memcg_event_wake+0x230/0x230 [ 2336.005919] ? do_raw_spin_unlock+0x181/0x270 [ 2336.010431] ? _raw_spin_unlock+0x2d/0x50 [ 2336.014596] try_charge+0xec5/0x1490 [ 2336.018335] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2336.023207] ? lock_downgrade+0x880/0x880 [ 2336.027375] ? kasan_check_read+0x11/0x20 [ 2336.031544] memcg_kmem_charge_memcg+0x83/0x170 [ 2336.036234] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2336.040747] ? __isolate_free_page+0x4c0/0x4c0 [ 2336.045347] memcg_kmem_charge+0x13b/0x370 [ 2336.049606] __alloc_pages_nodemask+0x3c3/0x750 [ 2336.054298] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2336.059423] ? find_held_lock+0x35/0x130 [ 2336.063511] ? copy_page_range+0x13b3/0x2030 [ 2336.067932] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2336.073590] alloc_pages_current+0x107/0x210 [ 2336.078022] pte_alloc_one+0x1b/0x1a0 [ 2336.081838] __pte_alloc+0x2a/0x360 [ 2336.085481] copy_page_range+0x16d0/0x2030 [ 2336.089763] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 2336.094619] ? __vma_link_rb+0x279/0x370 [ 2336.098698] copy_process.part.0+0x543e/0x7a30 [ 2336.103343] ? __cleanup_sighand+0x70/0x70 [ 2336.107663] _do_fork+0x257/0xfd0 [ 2336.111142] ? fork_idle+0x1d0/0x1d0 [ 2336.114877] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2336.119646] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2336.124415] ? do_syscall_64+0x26/0x620 [ 2336.128403] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2336.133780] ? do_syscall_64+0x26/0x620 [ 2336.137792] __x64_sys_clone+0xbf/0x150 [ 2336.141787] do_syscall_64+0xfd/0x620 [ 2336.145608] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2336.150808] RIP: 0033:0x45991a [ 2336.154016] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2336.173027] RSP: 002b:00007ffebaa315d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2336.180754] RAX: ffffffffffffffda RBX: 00007ffebaa315d0 RCX: 000000000045991a [ 2336.188041] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2336.195319] RBP: 00007ffebaa31610 R08: 0000000000000001 R09: 000000000135f940 [ 2336.202599] R10: 000000000135fc10 R11: 0000000000000246 R12: 0000000000000001 [ 2336.209877] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffebaa31660 [ 2336.227306] Task in /syz0 killed as a result of limit of /syz0 [ 2336.241041] xt_TCPMSS: Only works on TCP SYN packets [ 2336.247715] memory: usage 307200kB, limit 307200kB, failcnt 439903 [ 2336.261770] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2336.277920] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2336.308184] Memory cgroup stats for /syz0: cache:60KB rss:111816KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111844KB inactive_file:8KB active_file:8KB unevictable:0KB [ 2336.340228] Memory cgroup out of memory: Kill process 2015 (syz-executor.0) score 1106 or sacrifice child [ 2336.351410] xt_TCPMSS: Only works on TCP SYN packets [ 2336.370491] Killed process 2015 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2336.406922] xt_TCPMSS: Only works on TCP SYN packets [ 2336.448679] xt_hashlimit: overflow, try lower: 0/0 12:54:50 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x500000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:50 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x3000000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:50 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, 0x0) 12:54:50 executing program 3: dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:50 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2336.492827] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2336.556609] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2336.562371] xt_TCPMSS: Only works on TCP SYN packets [ 2336.571473] CPU: 0 PID: 21282 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2336.579300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2336.588659] Call Trace: [ 2336.591258] dump_stack+0x197/0x210 [ 2336.594899] dump_header+0x15e/0xa55 [ 2336.598730] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2336.603869] ? ___ratelimit+0x60/0x595 [ 2336.607769] ? do_raw_spin_unlock+0x181/0x270 [ 2336.612304] oom_kill_process.cold+0x10/0x6ef [ 2336.616887] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2336.622452] ? task_will_free_mem+0x139/0x6e0 [ 2336.626966] out_of_memory+0x362/0x1330 [ 2336.630958] ? lock_downgrade+0x880/0x880 [ 2336.635124] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2336.640249] ? oom_killer_disable+0x280/0x280 [ 2336.644755] ? find_held_lock+0x35/0x130 [ 2336.648841] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2336.653698] ? memcg_event_wake+0x230/0x230 [ 2336.658035] ? do_raw_spin_unlock+0x181/0x270 [ 2336.662545] ? _raw_spin_unlock+0x2d/0x50 [ 2336.666709] try_charge+0xec5/0x1490 [ 2336.670443] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2336.675302] ? lock_downgrade+0x880/0x880 [ 2336.680564] ? kasan_check_read+0x11/0x20 [ 2336.684751] memcg_kmem_charge_memcg+0x83/0x170 [ 2336.689447] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2336.693963] ? __isolate_free_page+0x4c0/0x4c0 [ 2336.698567] memcg_kmem_charge+0x13b/0x370 [ 2336.702823] __alloc_pages_nodemask+0x3c3/0x750 [ 2336.707511] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2336.712549] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2336.717154] ? trace_hardirqs_on+0x67/0x220 [ 2336.721507] copy_process.part.0+0x3e0/0x7a30 [ 2336.726030] ? mark_held_locks+0x100/0x100 [ 2336.730285] ? __might_fault+0x12b/0x1e0 [ 2336.734460] ? __cleanup_sighand+0x70/0x70 [ 2336.738715] ? lock_downgrade+0x880/0x880 [ 2336.742907] _do_fork+0x257/0xfd0 [ 2336.746383] ? fork_idle+0x1d0/0x1d0 [ 2336.750120] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2336.754892] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2336.759661] ? do_syscall_64+0x26/0x620 [ 2336.763654] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2336.769169] ? do_syscall_64+0x26/0x620 [ 2336.773166] __x64_sys_clone+0xbf/0x150 [ 2336.777166] do_syscall_64+0xfd/0x620 [ 2336.780982] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2336.786180] RIP: 0033:0x45b349 12:54:51 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, 0x0) [ 2336.789381] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2336.808332] RSP: 002b:00007fbcae56ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2336.816061] RAX: ffffffffffffffda RBX: 00007fbcae56b6d4 RCX: 000000000045b349 [ 2336.823370] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000008100 [ 2336.830660] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2336.837940] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2336.845223] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c [ 2336.897857] xt_TCPMSS: Only works on TCP SYN packets 12:54:51 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:51 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x4000000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2336.947922] Task in /syz0 killed as a result of limit of /syz0 [ 2336.969644] memory: usage 307188kB, limit 307200kB, failcnt 439922 [ 2336.993917] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2337.018888] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2337.044765] Memory cgroup stats for /syz0: cache:60KB rss:111816KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111828KB inactive_file:8KB active_file:8KB unevictable:0KB [ 2337.115847] Memory cgroup out of memory: Kill process 2035 (syz-executor.0) score 1106 or sacrifice child [ 2337.162680] Killed process 2035 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2337.291511] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2337.348209] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2337.353934] CPU: 0 PID: 21272 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2337.361743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2337.371204] Call Trace: [ 2337.373820] dump_stack+0x197/0x210 [ 2337.377476] dump_header+0x15e/0xa55 [ 2337.381208] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2337.386324] ? ___ratelimit+0x60/0x595 [ 2337.390240] ? do_raw_spin_unlock+0x181/0x270 [ 2337.394764] oom_kill_process.cold+0x10/0x6ef [ 2337.399285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2337.404843] ? task_will_free_mem+0x139/0x6e0 [ 2337.409364] out_of_memory+0x362/0x1330 [ 2337.413485] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2337.418603] ? oom_killer_disable+0x280/0x280 [ 2337.423119] ? find_held_lock+0x35/0x130 [ 2337.427210] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2337.432073] ? memcg_event_wake+0x230/0x230 [ 2337.436424] ? do_raw_spin_unlock+0x181/0x270 [ 2337.440937] ? _raw_spin_unlock+0x2d/0x50 [ 2337.445238] try_charge+0xc6e/0x1490 [ 2337.448988] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2337.453851] ? lock_downgrade+0x880/0x880 [ 2337.458020] ? kasan_check_read+0x11/0x20 [ 2337.462187] memcg_kmem_charge_memcg+0x83/0x170 [ 2337.466873] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2337.471393] ? __isolate_free_page+0x4c0/0x4c0 [ 2337.476111] memcg_kmem_charge+0x13b/0x370 [ 2337.480369] __alloc_pages_nodemask+0x3c3/0x750 [ 2337.485082] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2337.490119] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2337.494724] ? trace_hardirqs_on+0x67/0x220 [ 2337.499177] copy_process.part.0+0x3e0/0x7a30 [ 2337.503749] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2337.508869] ? delayacct_end+0x5c/0x100 [ 2337.512866] ? __delayacct_freepages_end+0xe0/0x140 [ 2337.517919] ? __lock_acquire+0x6ee/0x49c0 [ 2337.522181] ? __cleanup_sighand+0x70/0x70 [ 2337.526443] ? mark_held_locks+0x100/0x100 [ 2337.530708] _do_fork+0x257/0xfd0 [ 2337.534198] ? fork_idle+0x1d0/0x1d0 [ 2337.537952] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2337.543856] ? kasan_check_read+0x11/0x20 [ 2337.548016] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2337.552789] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2337.557559] ? do_syscall_64+0x26/0x620 [ 2337.561579] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2337.567561] ? do_syscall_64+0x26/0x620 [ 2337.571559] __x64_sys_clone+0xbf/0x150 [ 2337.575645] do_syscall_64+0xfd/0x620 [ 2337.579468] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2337.584663] RIP: 0033:0x45dd19 [ 2337.587870] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2337.606786] RSP: 002b:00007ffebaa31338 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2337.614503] RAX: ffffffffffffffda RBX: 00007fbcae54a700 RCX: 000000000045dd19 [ 2337.621788] RDX: 00007fbcae54a9d0 RSI: 00007fbcae549db0 RDI: 00000000003d0f00 [ 2337.629083] RBP: 00007ffebaa31550 R08: 00007fbcae54a700 R09: 00007fbcae54a700 [ 2337.636367] R10: 00007fbcae54a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2337.643651] R13: 00007ffebaa313ef R14: 00007fbcae54a9c0 R15: 000000000075bfd4 [ 2337.658024] Task in /syz0 killed as a result of limit of /syz0 [ 2337.665204] memory: usage 306832kB, limit 307200kB, failcnt 439922 [ 2337.672525] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2337.682749] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2337.689846] Memory cgroup stats for /syz0: cache:60KB rss:111676KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111704KB inactive_file:8KB active_file:8KB unevictable:0KB [ 2337.712310] Memory cgroup out of memory: Kill process 3842 (syz-executor.0) score 1106 or sacrifice child [ 2337.722935] Killed process 3842 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2337.816772] xt_hashlimit: overflow, try lower: 0/0 12:54:52 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:52 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:52 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x600000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:52 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:52 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, 0x0) 12:54:52 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x5000000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:52 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x700000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:52 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)) 12:54:52 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:52 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:52 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)) 12:54:52 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x6000000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:52 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2338.185399] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 2338.225111] xt_hashlimit: overflow, try lower: 0/0 [ 2338.263019] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2338.306420] CPU: 0 PID: 8120 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2338.314178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2338.323545] Call Trace: [ 2338.326158] dump_stack+0x197/0x210 [ 2338.329813] dump_header+0x15e/0xa55 [ 2338.333547] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2338.338663] ? ___ratelimit+0x60/0x595 [ 2338.342558] ? do_raw_spin_unlock+0x181/0x270 [ 2338.347237] oom_kill_process.cold+0x10/0x6ef [ 2338.351751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2338.357300] ? task_will_free_mem+0x139/0x6e0 [ 2338.361822] out_of_memory+0x362/0x1330 [ 2338.365816] ? lock_downgrade+0x880/0x880 [ 2338.369975] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2338.375093] ? oom_killer_disable+0x280/0x280 [ 2338.379603] ? find_held_lock+0x35/0x130 [ 2338.383685] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2338.388676] ? memcg_event_wake+0x230/0x230 [ 2338.393014] ? do_raw_spin_unlock+0x181/0x270 [ 2338.397522] ? _raw_spin_unlock+0x2d/0x50 [ 2338.401693] try_charge+0xec5/0x1490 [ 2338.405429] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2338.410288] ? lock_downgrade+0x880/0x880 [ 2338.414567] ? kasan_check_read+0x11/0x20 [ 2338.418732] memcg_kmem_charge_memcg+0x83/0x170 [ 2338.423411] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2338.428025] ? __isolate_free_page+0x4c0/0x4c0 [ 2338.432627] memcg_kmem_charge+0x13b/0x370 [ 2338.436876] __alloc_pages_nodemask+0x3c3/0x750 [ 2338.441566] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2338.446601] ? find_held_lock+0x35/0x130 [ 2338.450679] ? copy_page_range+0x13b3/0x2030 [ 2338.455103] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2338.460660] alloc_pages_current+0x107/0x210 [ 2338.465081] pte_alloc_one+0x1b/0x1a0 [ 2338.468889] __pte_alloc+0x2a/0x360 [ 2338.472702] copy_page_range+0x16d0/0x2030 [ 2338.476965] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 2338.481836] ? __vma_link_rb+0x279/0x370 [ 2338.485916] copy_process.part.0+0x543e/0x7a30 [ 2338.490570] ? __cleanup_sighand+0x70/0x70 [ 2338.494860] _do_fork+0x257/0xfd0 [ 2338.498421] ? fork_idle+0x1d0/0x1d0 [ 2338.502155] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2338.506948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2338.511714] ? do_syscall_64+0x26/0x620 [ 2338.515696] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2338.521072] ? do_syscall_64+0x26/0x620 [ 2338.525073] __x64_sys_clone+0xbf/0x150 [ 2338.529060] do_syscall_64+0xfd/0x620 [ 2338.532876] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2338.538130] RIP: 0033:0x45991a [ 2338.541345] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2338.560283] RSP: 002b:00007fffa4b7b8a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2338.568016] RAX: ffffffffffffffda RBX: 00007fffa4b7b8a0 RCX: 000000000045991a [ 2338.575296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2338.582583] RBP: 00007fffa4b7b8e0 R08: 0000000000000001 R09: 000000000149f940 [ 2338.589868] R10: 000000000149fc10 R11: 0000000000000246 R12: 0000000000000001 [ 2338.597150] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffa4b7b930 12:54:52 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)) [ 2338.640958] xt_hashlimit: overflow, try lower: 0/0 12:54:52 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:52 executing program 3: perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:53 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="0100000000") 12:54:53 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x7000000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2338.826575] Task in /syz2 killed as a result of limit of /syz2 [ 2338.832932] memory: usage 307200kB, limit 307200kB, failcnt 212578 [ 2338.956920] xt_hashlimit: overflow, try lower: 0/0 [ 2338.989314] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2339.018973] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2339.047846] Memory cgroup stats for /syz2: cache:12KB rss:108928KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108924KB inactive_file:4KB active_file:4KB unevictable:0KB [ 2339.088394] Memory cgroup out of memory: Kill process 26406 (syz-executor.2) score 1106 or sacrifice child [ 2339.099048] Killed process 26406 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2339.224295] tcpmss_tg6_check: 5 callbacks suppressed [ 2339.224303] xt_TCPMSS: Only works on TCP SYN packets [ 2339.270159] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2339.329220] xt_TCPMSS: Only works on TCP SYN packets [ 2339.346838] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2339.364471] CPU: 0 PID: 22221 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2339.372305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2339.381682] Call Trace: [ 2339.384295] dump_stack+0x197/0x210 [ 2339.387944] dump_header+0x15e/0xa55 [ 2339.391670] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2339.396799] ? ___ratelimit+0x60/0x595 [ 2339.400713] ? do_raw_spin_unlock+0x181/0x270 [ 2339.405513] oom_kill_process.cold+0x10/0x6ef [ 2339.410027] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2339.415584] ? task_will_free_mem+0x139/0x6e0 [ 2339.420106] out_of_memory+0x362/0x1330 [ 2339.424112] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2339.429288] ? oom_killer_disable+0x280/0x280 [ 2339.433794] ? find_held_lock+0x35/0x130 [ 2339.437875] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2339.442723] ? memcg_event_wake+0x230/0x230 [ 2339.447067] ? do_raw_spin_unlock+0x181/0x270 [ 2339.451574] ? _raw_spin_unlock+0x2d/0x50 [ 2339.455737] try_charge+0xec5/0x1490 [ 2339.455974] xt_TCPMSS: Only works on TCP SYN packets [ 2339.459466] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2339.459487] ? lock_downgrade+0x880/0x880 [ 2339.459505] ? kasan_check_read+0x11/0x20 [ 2339.459530] memcg_kmem_charge_memcg+0x83/0x170 [ 2339.459546] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2339.459567] ? __isolate_free_page+0x4c0/0x4c0 [ 2339.491534] memcg_kmem_charge+0x13b/0x370 [ 2339.495797] __alloc_pages_nodemask+0x3c3/0x750 [ 2339.500603] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2339.505649] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2339.510242] ? trace_hardirqs_on+0x67/0x220 [ 2339.514582] copy_process.part.0+0x3e0/0x7a30 [ 2339.519096] ? mark_held_locks+0x100/0x100 [ 2339.523351] ? __might_fault+0x12b/0x1e0 [ 2339.527441] ? __cleanup_sighand+0x70/0x70 [ 2339.531697] ? lock_downgrade+0x880/0x880 [ 2339.535879] _do_fork+0x257/0xfd0 [ 2339.539350] ? fork_idle+0x1d0/0x1d0 [ 2339.543076] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2339.548194] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2339.552957] ? do_syscall_64+0x26/0x620 [ 2339.556944] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2339.562317] ? do_syscall_64+0x26/0x620 [ 2339.566313] __x64_sys_clone+0xbf/0x150 [ 2339.570314] do_syscall_64+0xfd/0x620 [ 2339.574139] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2339.579335] RIP: 0033:0x45b349 [ 2339.582541] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2339.601458] RSP: 002b:00007fbcae56ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2339.609183] RAX: ffffffffffffffda RBX: 00007fbcae56b6d4 RCX: 000000000045b349 [ 2339.616467] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000008100 12:54:53 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xa00000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:53 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:53 executing program 3: perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:53 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="0100000000") 12:54:53 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0xa000000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:53 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="0100000000") [ 2339.623746] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2339.631024] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2339.638308] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c 12:54:54 executing program 3: perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) [ 2339.754030] Task in /syz0 killed as a result of limit of /syz0 [ 2339.772235] xt_TCPMSS: Only works on TCP SYN packets [ 2339.779356] memory: usage 307196kB, limit 307200kB, failcnt 439944 12:54:54 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2339.836786] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2339.866621] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2339.878069] Memory cgroup stats for /syz0: cache:60KB rss:111624KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111832KB inactive_file:8KB active_file:12KB unevictable:0KB [ 2339.920762] Memory cgroup out of memory: Kill process 9589 (syz-executor.0) score 1106 or sacrifice child [ 2340.046416] xt_TCPMSS: Only works on TCP SYN packets [ 2340.053598] Killed process 9589 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2340.162857] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2340.179267] xt_TCPMSS: Only works on TCP SYN packets [ 2340.228416] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2340.245665] CPU: 0 PID: 22219 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2340.253500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2340.262868] Call Trace: [ 2340.265472] dump_stack+0x197/0x210 [ 2340.269122] dump_header+0x15e/0xa55 [ 2340.272850] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2340.277964] ? ___ratelimit+0x60/0x595 [ 2340.281859] ? do_raw_spin_unlock+0x181/0x270 [ 2340.286464] oom_kill_process.cold+0x10/0x6ef [ 2340.290975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2340.296518] ? task_will_free_mem+0x139/0x6e0 [ 2340.301029] out_of_memory+0x362/0x1330 [ 2340.305017] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2340.310132] ? oom_killer_disable+0x280/0x280 [ 2340.314639] ? find_held_lock+0x35/0x130 [ 2340.318720] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2340.323571] ? memcg_event_wake+0x230/0x230 [ 2340.327909] ? do_raw_spin_unlock+0x181/0x270 [ 2340.332417] ? _raw_spin_unlock+0x2d/0x50 [ 2340.336577] try_charge+0xc6e/0x1490 [ 2340.340309] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2340.345166] ? lock_downgrade+0x880/0x880 [ 2340.349325] ? kasan_check_read+0x11/0x20 [ 2340.353485] memcg_kmem_charge_memcg+0x83/0x170 [ 2340.358171] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2340.362685] ? __isolate_free_page+0x4c0/0x4c0 [ 2340.367282] memcg_kmem_charge+0x13b/0x370 [ 2340.371532] __alloc_pages_nodemask+0x3c3/0x750 [ 2340.376220] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2340.381342] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2340.385936] ? trace_hardirqs_on+0x67/0x220 [ 2340.390278] copy_process.part.0+0x3e0/0x7a30 [ 2340.394795] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2340.399909] ? delayacct_end+0x5c/0x100 [ 2340.403898] ? __delayacct_freepages_end+0xe0/0x140 [ 2340.408933] ? __lock_acquire+0x6ee/0x49c0 [ 2340.413189] ? __cleanup_sighand+0x70/0x70 [ 2340.417441] ? mark_held_locks+0x100/0x100 [ 2340.421705] _do_fork+0x257/0xfd0 [ 2340.425172] ? fork_idle+0x1d0/0x1d0 [ 2340.428921] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2340.434818] ? kasan_check_read+0x11/0x20 [ 2340.438976] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2340.443741] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2340.448512] ? do_syscall_64+0x26/0x620 [ 2340.452494] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2340.457867] ? do_syscall_64+0x26/0x620 [ 2340.461865] __x64_sys_clone+0xbf/0x150 [ 2340.465859] do_syscall_64+0xfd/0x620 [ 2340.469685] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2340.474964] RIP: 0033:0x45dd19 [ 2340.478164] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2340.497072] RSP: 002b:00007ffebaa31338 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2340.504792] RAX: ffffffffffffffda RBX: 00007fbcae54a700 RCX: 000000000045dd19 [ 2340.512071] RDX: 00007fbcae54a9d0 RSI: 00007fbcae549db0 RDI: 00000000003d0f00 [ 2340.519694] RBP: 00007ffebaa31550 R08: 00007fbcae54a700 R09: 00007fbcae54a700 [ 2340.526967] R10: 00007fbcae54a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2340.534241] R13: 00007ffebaa313ef R14: 00007fbcae54a9c0 R15: 000000000075bfd4 [ 2340.566437] Task in /syz0 killed as a result of limit of /syz0 [ 2340.572507] memory: usage 306876kB, limit 307200kB, failcnt 439944 [ 2340.609551] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2340.643295] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2340.653308] Memory cgroup stats for /syz0: cache:60KB rss:111624KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111708KB inactive_file:8KB active_file:12KB unevictable:0KB [ 2340.726876] Memory cgroup out of memory: Kill process 17616 (syz-executor.0) score 1106 or sacrifice child [ 2340.737325] Killed process 17616 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:54:55 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:55 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x20000000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:55 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="0100000000000000") 12:54:55 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:55 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x1401000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2340.770299] xt_hashlimit: overflow, try lower: 0/0 12:54:55 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2340.849618] xt_TCPMSS: Only works on TCP SYN packets [ 2340.867950] xt_TCPMSS: Only works on TCP SYN packets 12:54:55 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="0100000000000000") 12:54:55 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) [ 2341.054379] xt_TCPMSS: Only works on TCP SYN packets [ 2341.068856] xt_hashlimit: overflow, try lower: 0/0 12:54:55 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:55 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="0100000000000000") 12:54:55 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2341.185490] xt_TCPMSS: Only works on TCP SYN packets 12:54:55 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x3f000000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:55 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:55 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x1701000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:55 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="010000000000000018") [ 2341.362552] xt_hashlimit: overflow, try lower: 0/0 [ 2341.436236] xt_hashlimit: overflow, try lower: 0/0 12:54:55 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:55 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="010000000000000018") 12:54:55 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:56 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:56 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x40000000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2341.798857] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2341.829486] xt_hashlimit: overflow, try lower: 0/0 12:54:56 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2341.891098] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2341.916849] CPU: 1 PID: 23167 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2341.924690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2341.934049] Call Trace: [ 2341.936658] dump_stack+0x197/0x210 [ 2341.940310] dump_header+0x15e/0xa55 [ 2341.944046] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2341.949163] ? ___ratelimit+0x60/0x595 [ 2341.953063] ? do_raw_spin_unlock+0x181/0x270 [ 2341.957574] oom_kill_process.cold+0x10/0x6ef [ 2341.962085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2341.967720] ? task_will_free_mem+0x139/0x6e0 [ 2341.972243] out_of_memory+0x362/0x1330 [ 2341.976240] ? lock_downgrade+0x880/0x880 [ 2341.980401] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2341.985515] ? oom_killer_disable+0x280/0x280 [ 2341.990020] ? find_held_lock+0x35/0x130 [ 2341.994102] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2341.998955] ? memcg_event_wake+0x230/0x230 [ 2342.003294] ? do_raw_spin_unlock+0x181/0x270 [ 2342.007806] ? _raw_spin_unlock+0x2d/0x50 [ 2342.011968] try_charge+0xec5/0x1490 [ 2342.015702] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2342.020561] ? lock_downgrade+0x880/0x880 [ 2342.024722] ? kasan_check_read+0x11/0x20 [ 2342.028888] memcg_kmem_charge_memcg+0x83/0x170 [ 2342.033573] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2342.038085] ? __isolate_free_page+0x4c0/0x4c0 [ 2342.042680] memcg_kmem_charge+0x13b/0x370 [ 2342.046929] __alloc_pages_nodemask+0x3c3/0x750 [ 2342.051614] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2342.056646] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2342.061236] ? trace_hardirqs_on+0x67/0x220 [ 2342.065575] copy_process.part.0+0x3e0/0x7a30 [ 2342.070084] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2342.075201] ? delayacct_end+0x5c/0x100 [ 2342.079191] ? __delayacct_freepages_end+0xe0/0x140 [ 2342.084226] ? __lock_acquire+0x6ee/0x49c0 [ 2342.088486] ? __cleanup_sighand+0x70/0x70 [ 2342.092735] ? mark_held_locks+0x100/0x100 [ 2342.096996] _do_fork+0x257/0xfd0 [ 2342.100499] ? fork_idle+0x1d0/0x1d0 [ 2342.104231] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2342.110132] ? kasan_check_read+0x11/0x20 [ 2342.114297] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2342.119062] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2342.123837] ? do_syscall_64+0x26/0x620 [ 2342.127830] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2342.133202] ? do_syscall_64+0x26/0x620 [ 2342.137192] __x64_sys_clone+0xbf/0x150 [ 2342.141179] do_syscall_64+0xfd/0x620 [ 2342.144992] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2342.150184] RIP: 0033:0x45dd19 [ 2342.153386] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2342.172300] RSP: 002b:00007fffa4b7b608 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2342.180020] RAX: ffffffffffffffda RBX: 00007f07e4398700 RCX: 000000000045dd19 12:54:56 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:56 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x8000040000009376, &(0x7f0000000140)="010000000000000018") [ 2342.187295] RDX: 00007f07e43989d0 RSI: 00007f07e4397db0 RDI: 00000000003d0f00 [ 2342.194570] RBP: 00007fffa4b7b820 R08: 00007f07e4398700 R09: 00007f07e4398700 [ 2342.201847] R10: 00007f07e43989d0 R11: 0000000000000202 R12: 0000000000000000 [ 2342.209121] R13: 00007fffa4b7b6bf R14: 00007f07e43989c0 R15: 000000000075bfd4 12:54:56 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:56 executing program 5: sched_setattr(0x0, 0x0, 0x0) mmap(&(0x7f0000004000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) write$P9_RWALK(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[], 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000780)=ANY=[@ANYBLOB="0100000000000000000000000400"]) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0x0, 0x10}) [ 2342.359696] Task in /syz2 killed as a result of limit of /syz2 [ 2342.367562] memory: usage 307156kB, limit 307200kB, failcnt 212651 [ 2342.375071] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2342.405855] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2342.414370] Memory cgroup stats for /syz2: cache:12KB rss:108924KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108912KB inactive_file:4KB active_file:8KB unevictable:0KB [ 2342.502686] Memory cgroup out of memory: Kill process 30118 (syz-executor.2) score 1106 or sacrifice child [ 2342.539116] Killed process 30118 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:54:56 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x2000000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:56 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x60000000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:56 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:56 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:56 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x2, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, [0x2e]}, 0x3c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0x28, &(0x7f00000000c0)={0x0, 0x0}}, 0x10) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={r1, 0x0, 0x8}, 0xc) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000080)={r2, 0x0, 0x0}, 0x1c) [ 2342.648007] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 2342.696532] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2342.702239] CPU: 1 PID: 23420 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2342.710047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2342.719411] Call Trace: [ 2342.722013] dump_stack+0x197/0x210 [ 2342.725657] dump_header+0x15e/0xa55 [ 2342.729391] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2342.734511] ? ___ratelimit+0x60/0x595 [ 2342.738416] ? do_raw_spin_unlock+0x181/0x270 [ 2342.742948] oom_kill_process.cold+0x10/0x6ef [ 2342.747462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2342.753127] ? task_will_free_mem+0x139/0x6e0 [ 2342.757748] out_of_memory+0x362/0x1330 [ 2342.761753] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2342.766869] ? oom_killer_disable+0x280/0x280 [ 2342.771379] ? find_held_lock+0x35/0x130 [ 2342.775472] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2342.780331] ? memcg_event_wake+0x230/0x230 [ 2342.784668] ? do_raw_spin_unlock+0x181/0x270 [ 2342.789287] ? _raw_spin_unlock+0x2d/0x50 [ 2342.793456] try_charge+0xec5/0x1490 [ 2342.797191] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2342.802055] ? lock_downgrade+0x880/0x880 [ 2342.806220] ? kasan_check_read+0x11/0x20 [ 2342.810392] memcg_kmem_charge_memcg+0x83/0x170 [ 2342.815078] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2342.819594] ? __isolate_free_page+0x4c0/0x4c0 [ 2342.824187] memcg_kmem_charge+0x13b/0x370 [ 2342.828441] __alloc_pages_nodemask+0x3c3/0x750 [ 2342.833128] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2342.838176] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2342.843730] alloc_pages_current+0x107/0x210 [ 2342.848152] pte_alloc_one+0x1b/0x1a0 [ 2342.851965] __pte_alloc+0x2a/0x360 [ 2342.855609] __handle_mm_fault+0x340b/0x3f80 [ 2342.860040] ? copy_page_range+0x2030/0x2030 [ 2342.864491] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2342.869181] handle_mm_fault+0x1b5/0x690 [ 2342.873274] __do_page_fault+0x62a/0xe90 [ 2342.877364] ? vmalloc_fault+0x740/0x740 [ 2342.881448] ? trace_hardirqs_off_caller+0x65/0x220 [ 2342.886479] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2342.891424] ? page_fault+0x8/0x30 [ 2342.894984] do_page_fault+0x71/0x57d [ 2342.898796] ? page_fault+0x8/0x30 [ 2342.902350] page_fault+0x1e/0x30 [ 2342.905809] RIP: 0033:0x442661 [ 2342.909017] Code: 2e 0f 1f 84 00 00 00 00 00 48 81 fa 00 04 00 00 77 77 89 d1 c1 e9 05 74 60 ff c9 48 8b 06 4c 8b 46 08 4c 8b 4e 10 4c 8b 56 18 <48> 89 07 4c 89 47 08 4c 89 4f 10 4c 89 57 18 48 8d 76 20 48 8d 7f [ 2342.927933] RSP: 002b:00007ffebaa31468 EFLAGS: 00010246 [ 2342.933348] RAX: 0000000000776172 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 2342.940634] RDX: 0000000000000020 RSI: 0000000000760110 RDI: 0000000020000100 12:54:57 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x70010000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:57 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2342.947918] RBP: 00000000007600f0 R08: 0000000000000000 R09: 0000000000000000 [ 2342.955205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20 [ 2342.962488] R13: 000000000023bcba R14: 00000000007600f8 R15: 000000000075bf2c [ 2343.046485] Task in /syz0 killed as a result of limit of /syz0 [ 2343.078730] memory: usage 307168kB, limit 307200kB, failcnt 439959 [ 2343.117708] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2343.141865] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2343.164984] Memory cgroup stats for /syz0: cache:60KB rss:111748KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111808KB inactive_file:12KB active_file:12KB unevictable:0KB [ 2343.219423] Memory cgroup out of memory: Kill process 23095 (syz-executor.0) score 1106 or sacrifice child [ 2343.373112] Killed process 23095 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2343.449709] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2343.467271] xt_hashlimit: overflow, try lower: 0/0 [ 2343.481406] xt_hashlimit: overflow, try lower: 0/0 [ 2343.493590] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2343.503192] CPU: 0 PID: 23972 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2343.511019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2343.520384] Call Trace: [ 2343.522998] dump_stack+0x197/0x210 [ 2343.526655] dump_header+0x15e/0xa55 [ 2343.530384] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2343.535511] ? ___ratelimit+0x60/0x595 [ 2343.539409] ? do_raw_spin_unlock+0x181/0x270 [ 2343.543922] oom_kill_process.cold+0x10/0x6ef [ 2343.548442] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2343.553988] ? task_will_free_mem+0x139/0x6e0 [ 2343.558513] out_of_memory+0x362/0x1330 [ 2343.562508] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2343.567620] ? oom_killer_disable+0x280/0x280 [ 2343.572123] ? find_held_lock+0x35/0x130 [ 2343.576232] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2343.581097] ? memcg_event_wake+0x230/0x230 [ 2343.585445] ? do_raw_spin_unlock+0x181/0x270 [ 2343.589959] ? _raw_spin_unlock+0x2d/0x50 [ 2343.594121] try_charge+0xec5/0x1490 [ 2343.597845] ? lock_downgrade+0x880/0x880 [ 2343.602014] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2343.606876] ? rcu_read_unlock+0x33/0x60 [ 2343.610947] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2343.615796] ? __pte_alloc+0x1bf/0x360 [ 2343.619697] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2343.625777] mem_cgroup_try_charge+0x259/0x6b0 [ 2343.630374] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2343.635334] __handle_mm_fault+0x1e50/0x3f80 [ 2343.639775] ? copy_page_range+0x2030/0x2030 [ 2343.644226] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2343.648913] handle_mm_fault+0x1b5/0x690 [ 2343.652999] __do_page_fault+0x62a/0xe90 [ 2343.657082] ? vmalloc_fault+0x740/0x740 [ 2343.661161] ? trace_hardirqs_off_caller+0x65/0x220 [ 2343.666205] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2343.671151] ? page_fault+0x8/0x30 [ 2343.674705] do_page_fault+0x71/0x57d [ 2343.678515] ? page_fault+0x8/0x30 [ 2343.682066] page_fault+0x1e/0x30 [ 2343.685523] RIP: 0033:0x442661 12:54:58 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:58 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x80ffffff, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:58 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:58 executing program 5: r0 = creat(&(0x7f00000004c0)='./bus\x00', 0x0) io_setup(0x8, &(0x7f0000000200)=0x0) io_submit(r1, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x3, 0x1, 0x0, r0, &(0x7f0000000000), 0x10000}]) 12:54:58 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2343.688747] Code: 2e 0f 1f 84 00 00 00 00 00 48 81 fa 00 04 00 00 77 77 89 d1 c1 e9 05 74 60 ff c9 48 8b 06 4c 8b 46 08 4c 8b 4e 10 4c 8b 56 18 <48> 89 07 4c 89 47 08 4c 89 4f 10 4c 89 57 18 48 8d 76 20 48 8d 7f [ 2343.707659] RSP: 002b:00007fffa4b7b738 EFLAGS: 00010246 [ 2343.713039] RAX: 0000000000776172 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 2343.720320] RDX: 0000000000000020 RSI: 0000000000760110 RDI: 0000000020000100 [ 2343.727687] RBP: 00000000007600f0 R08: 0000000000000000 R09: 0000000000000000 [ 2343.734972] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20 [ 2343.742253] R13: 000000000023bf95 R14: 00000000007600f8 R15: 000000000075bf2c [ 2343.776501] Task in /syz2 killed as a result of limit of /syz2 [ 2343.791819] memory: usage 307164kB, limit 307200kB, failcnt 212667 [ 2343.816758] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2343.850007] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2343.882670] Memory cgroup stats for /syz2: cache:12KB rss:108924KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108896KB inactive_file:4KB active_file:8KB unevictable:0KB [ 2343.963184] Memory cgroup out of memory: Kill process 23324 (syz-executor.2) score 1106 or sacrifice child [ 2344.008226] Killed process 23324 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35732kB, shmem-rss:0kB [ 2344.077976] xt_hashlimit: overflow, try lower: 0/0 [ 2344.154988] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 12:54:58 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x3401000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:58 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:54:58 executing program 5: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x2, 0x0, &(0x7f0000000080)) 12:54:58 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:54:58 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0xa8020000, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2344.234057] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2344.247246] CPU: 0 PID: 24457 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2344.255074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2344.264442] Call Trace: [ 2344.267045] dump_stack+0x197/0x210 [ 2344.270685] dump_header+0x15e/0xa55 [ 2344.274428] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2344.279547] ? ___ratelimit+0x60/0x595 [ 2344.283456] ? do_raw_spin_unlock+0x181/0x270 [ 2344.287975] oom_kill_process.cold+0x10/0x6ef [ 2344.292487] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2344.298051] ? task_will_free_mem+0x139/0x6e0 [ 2344.302574] out_of_memory+0x362/0x1330 [ 2344.306573] ? lock_downgrade+0x880/0x880 [ 2344.310741] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2344.315967] ? oom_killer_disable+0x280/0x280 [ 2344.320487] ? find_held_lock+0x35/0x130 [ 2344.324584] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2344.329458] ? memcg_event_wake+0x230/0x230 [ 2344.333798] ? do_raw_spin_unlock+0x181/0x270 [ 2344.338314] ? _raw_spin_unlock+0x2d/0x50 [ 2344.342484] try_charge+0xec5/0x1490 [ 2344.346234] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2344.351097] ? lock_downgrade+0x880/0x880 [ 2344.355282] ? kasan_check_read+0x11/0x20 [ 2344.359460] memcg_kmem_charge_memcg+0x83/0x170 [ 2344.364163] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2344.368682] ? __isolate_free_page+0x4c0/0x4c0 [ 2344.373309] memcg_kmem_charge+0x13b/0x370 [ 2344.377568] __alloc_pages_nodemask+0x3c3/0x750 [ 2344.382267] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2344.387306] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2344.391900] ? trace_hardirqs_on+0x67/0x220 [ 2344.396289] copy_process.part.0+0x3e0/0x7a30 [ 2344.400822] ? mark_held_locks+0x100/0x100 [ 2344.405086] ? __might_fault+0x12b/0x1e0 [ 2344.409171] ? __cleanup_sighand+0x70/0x70 [ 2344.413421] ? lock_downgrade+0x880/0x880 [ 2344.417604] _do_fork+0x257/0xfd0 [ 2344.421078] ? fork_idle+0x1d0/0x1d0 [ 2344.424822] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2344.429591] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2344.434362] ? do_syscall_64+0x26/0x620 [ 2344.438354] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2344.443733] ? do_syscall_64+0x26/0x620 [ 2344.447733] __x64_sys_clone+0xbf/0x150 [ 2344.451731] do_syscall_64+0xfd/0x620 [ 2344.455553] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2344.460861] RIP: 0033:0x45b349 [ 2344.464070] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2344.483941] RSP: 002b:00007fbcae56ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2344.491671] RAX: ffffffffffffffda RBX: 00007fbcae56b6d4 RCX: 000000000045b349 [ 2344.498960] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000008100 [ 2344.506247] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2344.513528] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2344.520814] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c 12:54:58 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r2 = dup2(r0, r0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) close(r0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = gettid() setsockopt$sock_timeval(r3, 0x1, 0x15, &(0x7f0000000000)={0x77359400}, 0x10) tkill(r4, 0x1000000000016) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) tkill(r1, 0x1000000000013) [ 2344.599588] tcpmss_tg6_check: 9 callbacks suppressed [ 2344.599595] xt_TCPMSS: Only works on TCP SYN packets 12:54:58 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) [ 2345.024247] Task in /syz0 killed as a result of limit of /syz0 [ 2345.034243] memory: usage 307192kB, limit 307200kB, failcnt 439999 [ 2345.076604] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2345.083638] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2345.090685] Memory cgroup stats for /syz0: cache:60KB rss:111748KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111808KB inactive_file:12KB active_file:16KB unevictable:0KB [ 2345.112250] Memory cgroup out of memory: Kill process 26140 (syz-executor.0) score 1106 or sacrifice child [ 2345.123294] Killed process 26140 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2345.161964] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2345.187296] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2345.198590] CPU: 1 PID: 24340 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2345.206405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2345.215795] Call Trace: [ 2345.218401] dump_stack+0x197/0x210 [ 2345.222049] dump_header+0x15e/0xa55 [ 2345.225785] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2345.230905] ? ___ratelimit+0x60/0x595 [ 2345.234803] ? do_raw_spin_unlock+0x181/0x270 [ 2345.239322] oom_kill_process.cold+0x10/0x6ef [ 2345.243836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2345.249383] ? task_will_free_mem+0x139/0x6e0 [ 2345.253989] out_of_memory+0x362/0x1330 [ 2345.257983] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2345.263105] ? oom_killer_disable+0x280/0x280 [ 2345.267631] ? find_held_lock+0x35/0x130 [ 2345.271725] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2345.276610] ? memcg_event_wake+0x230/0x230 [ 2345.281054] ? do_raw_spin_unlock+0x181/0x270 [ 2345.285563] ? _raw_spin_unlock+0x2d/0x50 [ 2345.289730] try_charge+0xc6e/0x1490 [ 2345.293467] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2345.298327] ? lock_downgrade+0x880/0x880 [ 2345.302497] ? kasan_check_read+0x11/0x20 [ 2345.306674] memcg_kmem_charge_memcg+0x83/0x170 [ 2345.311364] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2345.315880] ? __isolate_free_page+0x4c0/0x4c0 [ 2345.320480] memcg_kmem_charge+0x13b/0x370 [ 2345.324744] __alloc_pages_nodemask+0x3c3/0x750 [ 2345.329444] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2345.334482] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2345.339084] ? trace_hardirqs_on+0x67/0x220 [ 2345.343430] copy_process.part.0+0x3e0/0x7a30 [ 2345.347952] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2345.353075] ? delayacct_end+0x5c/0x100 [ 2345.357070] ? __delayacct_freepages_end+0xe0/0x140 [ 2345.362101] ? __lock_acquire+0x6ee/0x49c0 [ 2345.366456] ? __cleanup_sighand+0x70/0x70 [ 2345.370734] ? mark_held_locks+0x100/0x100 [ 2345.374999] _do_fork+0x257/0xfd0 [ 2345.378474] ? fork_idle+0x1d0/0x1d0 [ 2345.382219] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2345.388119] ? kasan_check_read+0x11/0x20 [ 2345.392288] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2345.397055] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2345.401831] ? do_syscall_64+0x26/0x620 [ 2345.405815] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2345.411198] ? do_syscall_64+0x26/0x620 [ 2345.415191] __x64_sys_clone+0xbf/0x150 [ 2345.419189] do_syscall_64+0xfd/0x620 [ 2345.423011] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2345.428211] RIP: 0033:0x45dd19 [ 2345.431413] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2345.450342] RSP: 002b:00007ffebaa31338 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2345.458068] RAX: ffffffffffffffda RBX: 00007fbcae54a700 RCX: 000000000045dd19 [ 2345.465356] RDX: 00007fbcae54a9d0 RSI: 00007fbcae549db0 RDI: 00000000003d0f00 [ 2345.472635] RBP: 00007ffebaa31550 R08: 00007fbcae54a700 R09: 00007fbcae54a700 [ 2345.479914] R10: 00007fbcae54a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2345.487193] R13: 00007ffebaa313ef R14: 00007fbcae54a9c0 R15: 000000000075bfd4 [ 2345.499451] Task in /syz0 killed as a result of limit of /syz0 [ 2345.507661] memory: usage 306904kB, limit 307200kB, failcnt 439999 [ 2345.515422] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2345.525647] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2345.542507] Memory cgroup stats for /syz0: cache:60KB rss:111748KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111684KB inactive_file:12KB active_file:16KB unevictable:0KB [ 2345.566506] Memory cgroup out of memory: Kill process 27959 (syz-executor.0) score 1106 or sacrifice child [ 2345.577444] Killed process 27959 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2345.615565] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2345.631692] xt_hashlimit: overflow, try lower: 0/0 [ 2345.631798] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2345.644627] CPU: 0 PID: 24646 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2345.652446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2345.661805] Call Trace: [ 2345.664403] dump_stack+0x197/0x210 [ 2345.668043] dump_header+0x15e/0xa55 [ 2345.671882] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2345.676998] ? ___ratelimit+0x60/0x595 [ 2345.680896] ? do_raw_spin_unlock+0x181/0x270 [ 2345.685408] oom_kill_process.cold+0x10/0x6ef [ 2345.689927] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2345.695481] ? task_will_free_mem+0x139/0x6e0 [ 2345.700004] out_of_memory+0x362/0x1330 [ 2345.704003] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2345.709123] ? oom_killer_disable+0x280/0x280 [ 2345.713665] ? find_held_lock+0x35/0x130 [ 2345.717749] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2345.722616] ? memcg_event_wake+0x230/0x230 [ 2345.726952] ? do_raw_spin_unlock+0x181/0x270 [ 2345.731461] ? _raw_spin_unlock+0x2d/0x50 [ 2345.735618] try_charge+0xec5/0x1490 [ 2345.739447] ? lock_downgrade+0x880/0x880 [ 2345.743622] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2345.748473] ? rcu_read_unlock+0x33/0x60 [ 2345.752548] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2345.757404] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2345.763487] mem_cgroup_try_charge+0x259/0x6b0 [ 2345.768095] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2345.773058] wp_page_copy+0x430/0x16a0 [ 2345.776968] ? follow_pfn+0x2a0/0x2a0 [ 2345.780786] ? do_raw_spin_unlock+0x181/0x270 [ 2345.785292] do_wp_page+0x57d/0x10b0 [ 2345.789029] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2345.793818] ? kasan_check_write+0x14/0x20 [ 2345.798066] ? do_raw_spin_lock+0xd7/0x250 [ 2345.802339] __handle_mm_fault+0x2305/0x3f80 [ 2345.806765] ? copy_page_range+0x2030/0x2030 [ 2345.811196] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2345.815884] handle_mm_fault+0x1b5/0x690 [ 2345.820096] __do_page_fault+0x62a/0xe90 [ 2345.824176] ? vmalloc_fault+0x740/0x740 [ 2345.828246] ? trace_hardirqs_off_caller+0x65/0x220 [ 2345.833281] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2345.838222] ? page_fault+0x8/0x30 [ 2345.841777] do_page_fault+0x71/0x57d [ 2345.845592] ? page_fault+0x8/0x30 [ 2345.849158] page_fault+0x1e/0x30 [ 2345.852703] RIP: 0033:0x40db08 [ 2345.855912] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 d8 2c 00 00 8b 05 02 a5 32 00 48 8b 15 73 4b 66 00 83 c0 01 <89> 05 f2 a4 32 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 2345.874827] RSP: 002b:00007fffa4b7b6d0 EFLAGS: 00010202 [ 2345.880197] RAX: 0000000000000001 RBX: 0000001b2f320014 RCX: 0000001b30320000 [ 2345.887476] RDX: 0000001b2f320000 RSI: 000000000000116f RDI: ffffffff0f39316e [ 2345.894757] RBP: 0000001b2f320018 R08: 000000000f39316e R09: 000000000f393172 [ 2345.902039] R10: 00007fffa4b7b810 R11: 0000000000000246 R12: 0000001b2f32001c [ 2345.909377] R13: 000000000023c744 R14: 000000000075bf20 R15: 000000000075bf2c 12:55:00 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:00 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:00 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0xffff1f00, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:00 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = dup2(r0, r0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) close(r0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x0, 0x0, 0x0, 0x0, {}, [@BATADV_ATTR_GW_MODE={0x5}]}, 0x1c}}, 0x0) tkill(r2, 0x1000000000016) 12:55:00 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) [ 2345.922325] Task in /syz2 killed as a result of limit of /syz2 [ 2345.935544] memory: usage 307168kB, limit 307200kB, failcnt 212676 [ 2345.945421] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2345.999657] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2346.017023] Memory cgroup stats for /syz2: cache:12KB rss:108924KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108892KB inactive_file:8KB active_file:4KB unevictable:0KB [ 2346.043138] xt_TCPMSS: Only works on TCP SYN packets [ 2346.150294] Memory cgroup out of memory: Kill process 24499 (syz-executor.2) score 1106 or sacrifice child [ 2346.228670] Killed process 24499 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35732kB, shmem-rss:0kB [ 2346.309961] xt_hashlimit: overflow, try lower: 0/0 [ 2346.342754] xt_TCPMSS: Only works on TCP SYN packets [ 2346.424967] xt_TCPMSS: Only works on TCP SYN packets 12:55:00 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x3e00000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:00 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:00 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:55:00 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000000)=""/11, 0x7103) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = dup(r0) ioctl$BLKROTATIONAL(r1, 0x127e, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r2, 0x1000000000016) 12:55:00 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0xffffff7f, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:00 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2346.569191] xt_TCPMSS: Only works on TCP SYN packets [ 2346.581033] xt_hashlimit: overflow, try lower: 0/0 [ 2346.603303] xt_TCPMSS: Only works on TCP SYN packets [ 2346.650455] xt_hashlimit: overflow, try lower: 0/0 12:55:01 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:55:01 executing program 5: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000180)='threaded\x00', 0x2d1ee37) clone(0x20001000104, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000000)='dax\x00', 0x0, 0x0) getpid() 12:55:01 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2346.805793] xt_TCPMSS: Only works on TCP SYN packets 12:55:01 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0xffffff80, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:01 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x3f00000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:01 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:01 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) [ 2347.112196] xt_TCPMSS: Only works on TCP SYN packets [ 2347.127979] xt_hashlimit: overflow, try lower: 0/0 12:55:01 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:01 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x4000000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:01 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:01 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xffffffa8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:01 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) [ 2347.445694] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2347.516950] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2347.527368] CPU: 1 PID: 25570 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2347.535310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2347.544671] Call Trace: [ 2347.547271] dump_stack+0x197/0x210 [ 2347.550920] dump_header+0x15e/0xa55 [ 2347.555177] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2347.560317] ? ___ratelimit+0x60/0x595 [ 2347.564216] ? do_raw_spin_unlock+0x181/0x270 [ 2347.568862] oom_kill_process.cold+0x10/0x6ef [ 2347.573384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2347.578930] ? task_will_free_mem+0x139/0x6e0 [ 2347.583446] out_of_memory+0x362/0x1330 [ 2347.587437] ? lock_downgrade+0x880/0x880 [ 2347.591653] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2347.596770] ? oom_killer_disable+0x280/0x280 [ 2347.601272] ? find_held_lock+0x35/0x130 [ 2347.605353] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2347.610211] ? memcg_event_wake+0x230/0x230 [ 2347.614564] ? do_raw_spin_unlock+0x181/0x270 [ 2347.619071] ? _raw_spin_unlock+0x2d/0x50 [ 2347.623235] try_charge+0xec5/0x1490 [ 2347.626962] ? lock_downgrade+0x880/0x880 [ 2347.631125] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2347.635979] ? rcu_read_unlock+0x33/0x60 [ 2347.640053] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2347.644918] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2347.650997] mem_cgroup_try_charge+0x259/0x6b0 [ 2347.655600] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2347.660543] wp_page_copy+0x430/0x16a0 [ 2347.664452] ? follow_pfn+0x2a0/0x2a0 [ 2347.668269] ? do_raw_spin_unlock+0x181/0x270 [ 2347.672786] do_wp_page+0x57d/0x10b0 [ 2347.676538] ? lock_acquire+0x16f/0x3f0 [ 2347.680531] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2347.685217] ? kasan_check_write+0x14/0x20 [ 2347.689467] ? do_raw_spin_lock+0xd7/0x250 [ 2347.693725] __handle_mm_fault+0x2305/0x3f80 [ 2347.698158] ? copy_page_range+0x2030/0x2030 [ 2347.702600] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2347.707297] handle_mm_fault+0x1b5/0x690 [ 2347.711385] __do_page_fault+0x62a/0xe90 [ 2347.715473] ? vmalloc_fault+0x740/0x740 [ 2347.719669] ? trace_hardirqs_off_caller+0x65/0x220 [ 2347.724700] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2347.729642] ? page_fault+0x8/0x30 [ 2347.733204] do_page_fault+0x71/0x57d [ 2347.737020] ? page_fault+0x8/0x30 [ 2347.740573] page_fault+0x1e/0x30 [ 2347.744078] RIP: 0033:0x410398 [ 2347.747277] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 75 0c 4c 00 31 c0 e8 13 1b ff ff 31 ff e8 5c 17 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 22 66 00 12:55:02 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) [ 2347.766220] RSP: 002b:00007ffebaa313a0 EFLAGS: 00010246 [ 2347.771697] RAX: 0000000060ee87ea RBX: 00000000a709c79f RCX: 0000001b2fe20000 [ 2347.779067] RDX: 0000000000000000 RSI: 00000000000007ea RDI: ffffffff60ee87ea [ 2347.786356] RBP: 0000000000000005 R08: 0000000060ee87ea R09: 0000000060ee87ee [ 2347.793635] R10: 00007ffebaa31540 R11: 0000000000000246 R12: 000000000075bfa8 [ 2347.800919] R13: 0000000080000000 R14: 00007fbcb056c008 R15: 0000000000000005 [ 2347.902723] xt_TCPMSS: Only works on TCP SYN packets 12:55:02 executing program 5: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000180)='threaded\x00', 0x2d1ee37) clone(0x20001000104, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000000)='dax\x00', 0x0, 0x0) getpid() 12:55:02 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2348.037091] xt_TCPMSS: Only works on TCP SYN packets 12:55:02 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) [ 2348.147937] Task in /syz0 killed as a result of limit of /syz0 [ 2348.157168] memory: usage 307168kB, limit 307200kB, failcnt 440023 [ 2348.184350] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 12:55:02 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2348.200848] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2348.226977] Memory cgroup stats for /syz0: cache:60KB rss:111744KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111768KB inactive_file:12KB active_file:20KB unevictable:0KB 12:55:02 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:02 executing program 5: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000180)='threaded\x00', 0x2d1ee37) clone(0x20001000104, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000000)='dax\x00', 0x0, 0x0) getpid() [ 2348.295151] Memory cgroup out of memory: Kill process 29865 (syz-executor.0) score 1106 or sacrifice child [ 2348.332345] Killed process 29865 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2348.447818] xt_hashlimit: overflow, try lower: 0/0 [ 2348.456590] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 2348.504274] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2348.536723] CPU: 1 PID: 8120 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2348.544525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2348.553908] Call Trace: [ 2348.556511] dump_stack+0x197/0x210 [ 2348.560157] dump_header+0x15e/0xa55 [ 2348.563885] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2348.569009] ? ___ratelimit+0x60/0x595 [ 2348.572908] ? do_raw_spin_unlock+0x181/0x270 [ 2348.577490] oom_kill_process.cold+0x10/0x6ef [ 2348.582019] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2348.587570] ? task_will_free_mem+0x139/0x6e0 [ 2348.592099] out_of_memory+0x362/0x1330 [ 2348.596097] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2348.601210] ? oom_killer_disable+0x280/0x280 [ 2348.605717] ? find_held_lock+0x35/0x130 [ 2348.609797] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2348.614653] ? memcg_event_wake+0x230/0x230 [ 2348.618999] ? do_raw_spin_unlock+0x181/0x270 [ 2348.623511] ? _raw_spin_unlock+0x2d/0x50 [ 2348.627676] try_charge+0xec5/0x1490 [ 2348.631848] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2348.636719] ? lock_downgrade+0x880/0x880 [ 2348.640893] ? kasan_check_read+0x11/0x20 [ 2348.645062] memcg_kmem_charge_memcg+0x83/0x170 [ 2348.649869] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2348.654454] ? __isolate_free_page+0x4c0/0x4c0 [ 2348.659176] memcg_kmem_charge+0x13b/0x370 [ 2348.663547] __alloc_pages_nodemask+0x3c3/0x750 [ 2348.668228] ? should_fail+0x14d/0x85c [ 2348.672141] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2348.677173] ? find_held_lock+0x35/0x130 [ 2348.681269] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2348.686821] alloc_pages_current+0x107/0x210 [ 2348.691257] pte_alloc_one+0x1b/0x1a0 [ 2348.695069] __pte_alloc+0x2a/0x360 [ 2348.698714] copy_page_range+0x16d0/0x2030 [ 2348.702991] ? vma_compute_subtree_gap+0x158/0x230 [ 2348.707937] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 2348.712792] ? __vma_link_rb+0x279/0x370 [ 2348.716879] copy_process.part.0+0x543e/0x7a30 [ 2348.721504] ? __cleanup_sighand+0x70/0x70 [ 2348.725767] _do_fork+0x257/0xfd0 [ 2348.729244] ? fork_idle+0x1d0/0x1d0 [ 2348.732981] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2348.737749] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2348.742612] ? do_syscall_64+0x26/0x620 [ 2348.746600] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2348.752166] ? do_syscall_64+0x26/0x620 [ 2348.756158] __x64_sys_clone+0xbf/0x150 [ 2348.760151] do_syscall_64+0xfd/0x620 [ 2348.763966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2348.769165] RIP: 0033:0x45991a [ 2348.772385] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2348.791299] RSP: 002b:00007fffa4b7b8a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2348.799019] RAX: ffffffffffffffda RBX: 00007fffa4b7b8a0 RCX: 000000000045991a [ 2348.806299] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2348.813590] RBP: 00007fffa4b7b8e0 R08: 0000000000000001 R09: 000000000149f940 [ 2348.820877] R10: 000000000149fc10 R11: 0000000000000246 R12: 0000000000000001 [ 2348.828162] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffa4b7b930 [ 2348.841375] xt_hashlimit: overflow, try lower: 0/0 12:55:03 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2348.860860] Task in /syz2 killed as a result of limit of /syz2 [ 2348.868495] memory: usage 307200kB, limit 307200kB, failcnt 212713 [ 2348.876692] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2348.917202] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2348.940010] Memory cgroup stats for /syz2: cache:12KB rss:108780KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108904KB inactive_file:8KB active_file:4KB unevictable:0KB [ 2349.013473] Memory cgroup out of memory: Kill process 30868 (syz-executor.2) score 1106 or sacrifice child [ 2349.041338] Killed process 30868 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2349.195918] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2349.276778] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2349.282696] CPU: 0 PID: 26209 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2349.290515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2349.299884] Call Trace: [ 2349.302491] dump_stack+0x197/0x210 [ 2349.306138] dump_header+0x15e/0xa55 [ 2349.309872] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2349.314993] ? ___ratelimit+0x60/0x595 [ 2349.318894] ? do_raw_spin_unlock+0x181/0x270 [ 2349.323412] oom_kill_process.cold+0x10/0x6ef [ 2349.328050] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2349.333602] ? task_will_free_mem+0x139/0x6e0 [ 2349.338129] out_of_memory+0x362/0x1330 [ 2349.342121] ? lock_downgrade+0x880/0x880 [ 2349.346279] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2349.351403] ? oom_killer_disable+0x280/0x280 [ 2349.355913] ? find_held_lock+0x35/0x130 [ 2349.360035] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2349.364911] ? memcg_event_wake+0x230/0x230 [ 2349.369253] ? do_raw_spin_unlock+0x181/0x270 [ 2349.373765] ? _raw_spin_unlock+0x2d/0x50 [ 2349.377931] try_charge+0xec5/0x1490 [ 2349.381676] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2349.386538] ? lock_downgrade+0x880/0x880 [ 2349.390705] ? kasan_check_read+0x11/0x20 [ 2349.394888] memcg_kmem_charge_memcg+0x83/0x170 [ 2349.399572] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2349.404112] ? __isolate_free_page+0x4c0/0x4c0 [ 2349.408716] memcg_kmem_charge+0x13b/0x370 [ 2349.412974] __alloc_pages_nodemask+0x3c3/0x750 [ 2349.417671] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2349.422705] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2349.427306] ? trace_hardirqs_on+0x67/0x220 [ 2349.431658] copy_process.part.0+0x3e0/0x7a30 [ 2349.436183] ? mark_held_locks+0x100/0x100 [ 2349.440439] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2349.445211] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2349.449992] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2349.454690] ? retint_kernel+0x2d/0x2d [ 2349.458604] ? __cleanup_sighand+0x70/0x70 [ 2349.462858] ? retint_kernel+0x2d/0x2d [ 2349.466764] ? _do_fork+0x1e8/0xfd0 [ 2349.470409] _do_fork+0x257/0xfd0 [ 2349.473884] ? fork_idle+0x1d0/0x1d0 [ 2349.477621] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2349.482392] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2349.487164] ? do_syscall_64+0x26/0x620 [ 2349.491151] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2349.496528] ? do_syscall_64+0x26/0x620 [ 2349.500520] __x64_sys_clone+0xbf/0x150 [ 2349.504525] do_syscall_64+0xfd/0x620 [ 2349.508477] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2349.513676] RIP: 0033:0x45b349 [ 2349.516883] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2349.535801] RSP: 002b:00007fbcae56ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2349.544045] RAX: ffffffffffffffda RBX: 00007fbcae56b6d4 RCX: 000000000045b349 [ 2349.551337] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000008100 [ 2349.558627] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2349.565911] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2349.573196] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c [ 2349.697071] tcpmss_tg6_check: 2 callbacks suppressed [ 2349.697078] xt_TCPMSS: Only works on TCP SYN packets [ 2349.746856] Task in /syz0 killed as a result of limit of /syz0 [ 2349.753514] memory: usage 307172kB, limit 307200kB, failcnt 440063 [ 2349.775291] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 12:55:04 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x6000000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:04 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:55:04 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:04 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2349.797985] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2349.815527] Memory cgroup stats for /syz0: cache:60KB rss:111744KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111756KB inactive_file:20KB active_file:16KB unevictable:0KB [ 2349.904233] xt_TCPMSS: Only works on TCP SYN packets 12:55:04 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x3, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:04 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0xa808) 12:55:04 executing program 5: creat(0x0, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, 0x0) openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0) getpid() creat(0x0, 0x0) fchownat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, 0x0) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/ipv6_route\x00') pread64(r0, 0x0, 0x0, 0x516000) [ 2350.097297] Memory cgroup out of memory: Kill process 32346 (syz-executor.0) score 1106 or sacrifice child [ 2350.114443] Killed process 32346 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2350.138716] xt_TCPMSS: Only works on TCP SYN packets 12:55:04 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2350.270796] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2350.288401] xt_TCPMSS: Only works on TCP SYN packets [ 2350.440404] xt_TCPMSS: Only works on TCP SYN packets 12:55:04 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, 0x0) sendfile(r0, r1, 0x0, 0xa808) 12:55:04 executing program 5: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae91, 0x0) r0 = syz_open_procfs(0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) getsockname$packet(r0, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000006c0)=0x14) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') r1 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) io_setup(0x0, &(0x7f0000000740)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, 0x0}]) r5 = socket(0x1000000000000010, 0x2, 0x0) write(r5, &(0x7f0000000380)="24000000580001000000f4f9002304000a04f511080001000201009f0800028001000000", 0x24) 12:55:04 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x4, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2350.552844] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2350.567477] CPU: 1 PID: 26205 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2350.575314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2350.584683] Call Trace: [ 2350.587293] dump_stack+0x197/0x210 [ 2350.590935] dump_header+0x15e/0xa55 [ 2350.594666] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2350.599787] ? ___ratelimit+0x60/0x595 [ 2350.603694] ? do_raw_spin_unlock+0x181/0x270 [ 2350.608204] oom_kill_process.cold+0x10/0x6ef [ 2350.612724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2350.618276] ? task_will_free_mem+0x139/0x6e0 [ 2350.622792] out_of_memory+0x362/0x1330 [ 2350.626782] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2350.631902] ? oom_killer_disable+0x280/0x280 [ 2350.636407] ? find_held_lock+0x35/0x130 [ 2350.640499] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2350.645352] ? memcg_event_wake+0x230/0x230 [ 2350.649695] ? do_raw_spin_unlock+0x181/0x270 [ 2350.654208] ? _raw_spin_unlock+0x2d/0x50 [ 2350.658368] try_charge+0xc6e/0x1490 [ 2350.662109] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2350.666983] ? lock_downgrade+0x880/0x880 [ 2350.671156] ? kasan_check_read+0x11/0x20 [ 2350.675321] memcg_kmem_charge_memcg+0x83/0x170 [ 2350.680013] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2350.684537] ? __isolate_free_page+0x4c0/0x4c0 [ 2350.689135] memcg_kmem_charge+0x13b/0x370 [ 2350.693503] __alloc_pages_nodemask+0x3c3/0x750 [ 2350.698187] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2350.703245] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2350.707839] ? trace_hardirqs_on+0x67/0x220 [ 2350.712178] copy_process.part.0+0x3e0/0x7a30 [ 2350.716701] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2350.721831] ? delayacct_end+0x5c/0x100 [ 2350.725821] ? __delayacct_freepages_end+0xe0/0x140 [ 2350.730858] ? __lock_acquire+0x6ee/0x49c0 [ 2350.735114] ? __cleanup_sighand+0x70/0x70 [ 2350.739369] ? mark_held_locks+0x100/0x100 [ 2350.743645] _do_fork+0x257/0xfd0 [ 2350.747114] ? fork_idle+0x1d0/0x1d0 [ 2350.750877] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2350.756791] ? kasan_check_read+0x11/0x20 [ 2350.760965] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2350.765741] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2350.770542] ? do_syscall_64+0x26/0x620 [ 2350.774538] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2350.779920] ? do_syscall_64+0x26/0x620 [ 2350.783929] __x64_sys_clone+0xbf/0x150 [ 2350.787921] do_syscall_64+0xfd/0x620 [ 2350.791865] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2350.797102] RIP: 0033:0x45dd19 [ 2350.800308] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2350.819315] RSP: 002b:00007ffebaa31338 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2350.827048] RAX: ffffffffffffffda RBX: 00007fbcae54a700 RCX: 000000000045dd19 [ 2350.834335] RDX: 00007fbcae54a9d0 RSI: 00007fbcae549db0 RDI: 00000000003d0f00 [ 2350.841624] RBP: 00007ffebaa31550 R08: 00007fbcae54a700 R09: 00007fbcae54a700 [ 2350.848917] R10: 00007fbcae54a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2350.856204] R13: 00007ffebaa313ef R14: 00007fbcae54a9c0 R15: 000000000075bfd4 [ 2350.867684] Task in /syz0 killed as a result of limit of /syz0 [ 2350.904516] memory: usage 306884kB, limit 307200kB, failcnt 440063 [ 2350.937566] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2350.998558] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2351.028436] Memory cgroup stats for /syz0: cache:60KB rss:111744KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111632KB inactive_file:20KB active_file:16KB unevictable:0KB [ 2351.062042] Memory cgroup out of memory: Kill process 712 (syz-executor.0) score 1106 or sacrifice child [ 2351.088269] xt_TCPMSS: Only works on TCP SYN packets [ 2351.096921] Killed process 712 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2351.187953] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2351.220038] xt_hashlimit: overflow, try lower: 0/0 [ 2351.255642] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2351.278702] CPU: 1 PID: 26425 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2351.286529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2351.295898] Call Trace: [ 2351.298511] dump_stack+0x197/0x210 [ 2351.302150] dump_header+0x15e/0xa55 [ 2351.305875] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2351.310983] ? ___ratelimit+0x60/0x595 [ 2351.314876] ? do_raw_spin_unlock+0x181/0x270 [ 2351.319395] oom_kill_process.cold+0x10/0x6ef [ 2351.323901] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2351.329432] ? task_will_free_mem+0x139/0x6e0 [ 2351.333946] out_of_memory+0x362/0x1330 [ 2351.337918] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2351.343025] ? oom_killer_disable+0x280/0x280 [ 2351.347525] ? find_held_lock+0x35/0x130 [ 2351.351599] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2351.356439] ? memcg_event_wake+0x230/0x230 [ 2351.360767] ? do_raw_spin_unlock+0x181/0x270 [ 2351.365264] ? _raw_spin_unlock+0x2d/0x50 [ 2351.369420] try_charge+0xec5/0x1490 [ 2351.373156] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2351.378000] ? lock_downgrade+0x880/0x880 [ 2351.382163] ? kasan_check_read+0x11/0x20 [ 2351.386317] memcg_kmem_charge_memcg+0x83/0x170 [ 2351.390991] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2351.395481] ? __isolate_free_page+0x4c0/0x4c0 [ 2351.400055] memcg_kmem_charge+0x13b/0x370 [ 2351.404281] __alloc_pages_nodemask+0x3c3/0x750 [ 2351.408943] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2351.413952] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2351.418649] ? trace_hardirqs_on+0x67/0x220 [ 2351.422973] copy_process.part.0+0x3e0/0x7a30 [ 2351.427477] ? mark_held_locks+0x100/0x100 [ 2351.431710] ? __might_fault+0x12b/0x1e0 [ 2351.435783] ? __cleanup_sighand+0x70/0x70 [ 2351.440015] ? lock_downgrade+0x880/0x880 [ 2351.444166] _do_fork+0x257/0xfd0 [ 2351.447639] ? fork_idle+0x1d0/0x1d0 [ 2351.451355] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2351.456117] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2351.460873] ? do_syscall_64+0x26/0x620 [ 2351.464852] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2351.470267] ? do_syscall_64+0x26/0x620 [ 2351.474259] __x64_sys_clone+0xbf/0x150 [ 2351.478235] do_syscall_64+0xfd/0x620 [ 2351.482054] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2351.487240] RIP: 0033:0x45b349 [ 2351.490439] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2351.509454] RSP: 002b:00007f07e43b8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2351.517161] RAX: ffffffffffffffda RBX: 00007f07e43b96d4 RCX: 000000000045b349 [ 2351.524441] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000008100 [ 2351.531711] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2351.538982] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2351.546254] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c 12:55:05 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2351.637688] Task in /syz2 killed as a result of limit of /syz2 [ 2351.643933] memory: usage 307192kB, limit 307200kB, failcnt 212758 [ 2351.650922] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2351.678035] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2351.702788] Memory cgroup stats for /syz2: cache:12KB rss:108780KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108904KB inactive_file:12KB active_file:4KB unevictable:0KB [ 2351.727700] Memory cgroup out of memory: Kill process 31536 (syz-executor.2) score 1106 or sacrifice child [ 2351.744580] Killed process 31536 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2351.766959] xt_hashlimit: overflow, try lower: 0/0 [ 2351.934826] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2351.967331] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2351.990554] CPU: 0 PID: 26423 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2351.998401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2352.007762] Call Trace: [ 2352.010377] dump_stack+0x197/0x210 [ 2352.014022] dump_header+0x15e/0xa55 [ 2352.017751] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2352.022876] ? ___ratelimit+0x60/0x595 [ 2352.026775] ? do_raw_spin_unlock+0x181/0x270 [ 2352.031287] oom_kill_process.cold+0x10/0x6ef [ 2352.035906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2352.041456] ? task_will_free_mem+0x139/0x6e0 [ 2352.045968] out_of_memory+0x362/0x1330 [ 2352.049975] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2352.055207] ? oom_killer_disable+0x280/0x280 [ 2352.059717] ? find_held_lock+0x35/0x130 [ 2352.063814] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2352.068683] ? memcg_event_wake+0x230/0x230 [ 2352.073128] ? do_raw_spin_unlock+0x181/0x270 [ 2352.077646] ? _raw_spin_unlock+0x2d/0x50 [ 2352.081809] try_charge+0xc6e/0x1490 [ 2352.085555] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2352.090532] ? lock_downgrade+0x880/0x880 [ 2352.094705] ? kasan_check_read+0x11/0x20 [ 2352.098882] memcg_kmem_charge_memcg+0x83/0x170 [ 2352.103572] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2352.108091] ? __isolate_free_page+0x4c0/0x4c0 [ 2352.112776] memcg_kmem_charge+0x13b/0x370 [ 2352.117053] __alloc_pages_nodemask+0x3c3/0x750 [ 2352.121741] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2352.127281] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2352.131886] ? trace_hardirqs_on+0x67/0x220 [ 2352.136207] copy_process.part.0+0x3e0/0x7a30 [ 2352.140700] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2352.145797] ? delayacct_end+0x5c/0x100 [ 2352.149769] ? __delayacct_freepages_end+0xe0/0x140 [ 2352.154782] ? __lock_acquire+0x6ee/0x49c0 [ 2352.159029] ? __cleanup_sighand+0x70/0x70 [ 2352.163266] ? mark_held_locks+0x100/0x100 [ 2352.167502] _do_fork+0x257/0xfd0 [ 2352.170952] ? fork_idle+0x1d0/0x1d0 [ 2352.174662] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2352.181492] ? kasan_check_read+0x11/0x20 [ 2352.185639] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2352.190394] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2352.195140] ? do_syscall_64+0x26/0x620 [ 2352.199115] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2352.204474] ? do_syscall_64+0x26/0x620 [ 2352.208443] __x64_sys_clone+0xbf/0x150 [ 2352.212408] do_syscall_64+0xfd/0x620 [ 2352.216201] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2352.221378] RIP: 0033:0x45dd19 [ 2352.224561] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2352.243476] RSP: 002b:00007fffa4b7b608 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2352.251194] RAX: ffffffffffffffda RBX: 00007f07e4398700 RCX: 000000000045dd19 [ 2352.258466] RDX: 00007f07e43989d0 RSI: 00007f07e4397db0 RDI: 00000000003d0f00 [ 2352.265733] RBP: 00007fffa4b7b820 R08: 00007f07e4398700 R09: 00007f07e4398700 [ 2352.272997] R10: 00007f07e43989d0 R11: 0000000000000202 R12: 0000000000000000 [ 2352.280264] R13: 00007fffa4b7b6bf R14: 00007f07e43989c0 R15: 000000000075bfd4 [ 2352.338416] Task in /syz2 killed as a result of limit of /syz2 [ 2352.344860] memory: usage 306872kB, limit 307200kB, failcnt 212758 [ 2352.362061] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2352.369445] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2352.381389] Memory cgroup stats for /syz2: cache:12KB rss:108780KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108784KB inactive_file:12KB active_file:4KB unevictable:0KB [ 2352.416106] Memory cgroup out of memory: Kill process 31959 (syz-executor.2) score 1106 or sacrifice child 12:55:06 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x7001000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:06 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:06 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, 0x0) sendfile(r0, r1, 0x0, 0xa808) 12:55:06 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x5, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:06 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2352.435920] Killed process 31959 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2352.459291] oom_reaper: reaped process 31959 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 2352.550606] xt_TCPMSS: Only works on TCP SYN packets [ 2352.579159] xt_hashlimit: overflow, try lower: 0/0 12:55:06 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, 0x0) sendfile(r0, r1, 0x0, 0xa808) 12:55:06 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:06 executing program 5: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) ptrace$getregs(0xc, r1, 0x0, &(0x7f0000000040)=""/15) 12:55:06 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:07 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x6, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2352.840448] xt_TCPMSS: Only works on TCP SYN packets 12:55:07 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(0xffffffffffffffff, r1, 0x0, 0xa808) 12:55:07 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x80ffffff00000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2352.961867] xt_hashlimit: overflow, try lower: 0/0 [ 2353.072537] xt_TCPMSS: Only works on TCP SYN packets [ 2353.100791] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 12:55:07 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:07 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(0xffffffffffffffff, r1, 0x0, 0xa808) [ 2353.180247] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2353.254841] CPU: 1 PID: 27125 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2353.262706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2353.272106] Call Trace: [ 2353.274716] dump_stack+0x197/0x210 [ 2353.278459] dump_header+0x15e/0xa55 [ 2353.282192] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2353.287307] ? ___ratelimit+0x60/0x595 [ 2353.291211] ? do_raw_spin_unlock+0x181/0x270 [ 2353.295727] oom_kill_process.cold+0x10/0x6ef [ 2353.300242] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2353.305825] ? task_will_free_mem+0x139/0x6e0 [ 2353.310656] out_of_memory+0x362/0x1330 [ 2353.314660] ? lock_downgrade+0x880/0x880 [ 2353.318831] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2353.323955] ? oom_killer_disable+0x280/0x280 [ 2353.328465] ? find_held_lock+0x35/0x130 [ 2353.332556] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2353.337419] ? memcg_event_wake+0x230/0x230 [ 2353.341759] ? do_raw_spin_unlock+0x181/0x270 [ 2353.346271] ? _raw_spin_unlock+0x2d/0x50 [ 2353.350440] try_charge+0xec5/0x1490 [ 2353.354180] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2353.359047] ? lock_downgrade+0x880/0x880 [ 2353.363215] ? kasan_check_read+0x11/0x20 [ 2353.367493] memcg_kmem_charge_memcg+0x83/0x170 [ 2353.372181] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2353.376698] ? __isolate_free_page+0x4c0/0x4c0 [ 2353.381298] memcg_kmem_charge+0x13b/0x370 [ 2353.385586] __alloc_pages_nodemask+0x3c3/0x750 [ 2353.390281] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2353.395321] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2353.399924] ? trace_hardirqs_on+0x67/0x220 [ 2353.404274] copy_process.part.0+0x3e0/0x7a30 [ 2353.408792] ? mark_held_locks+0x100/0x100 [ 2353.413049] ? __might_fault+0x12b/0x1e0 [ 2353.417144] ? __cleanup_sighand+0x70/0x70 [ 2353.421399] ? lock_downgrade+0x880/0x880 [ 2353.425575] _do_fork+0x257/0xfd0 [ 2353.429051] ? fork_idle+0x1d0/0x1d0 [ 2353.432789] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2353.437565] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2353.442335] ? do_syscall_64+0x26/0x620 [ 2353.446321] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2353.451704] ? do_syscall_64+0x26/0x620 [ 2353.455705] __x64_sys_clone+0xbf/0x150 [ 2353.459695] do_syscall_64+0xfd/0x620 [ 2353.463519] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2353.468717] RIP: 0033:0x45b349 [ 2353.471924] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2353.491102] RSP: 002b:00007fbcae56ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2353.498828] RAX: ffffffffffffffda RBX: 00007fbcae56b6d4 RCX: 000000000045b349 [ 2353.506134] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000008100 [ 2353.513796] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2353.521253] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2353.528690] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c 12:55:07 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x7, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2353.601956] xt_TCPMSS: Only works on TCP SYN packets 12:55:08 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(0xffffffffffffffff, r1, 0x0, 0xa808) 12:55:08 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x8a03000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:08 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0xa, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2354.387393] Task in /syz0 killed as a result of limit of /syz0 [ 2354.393756] memory: usage 307160kB, limit 307200kB, failcnt 440113 [ 2354.417083] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2354.424368] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2354.437889] Memory cgroup stats for /syz0: cache:60KB rss:111740KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111808KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2354.486915] Memory cgroup out of memory: Kill process 1233 (syz-executor.0) score 1106 or sacrifice child [ 2354.505468] Killed process 1233 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2354.566205] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2354.607770] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2354.613747] CPU: 0 PID: 27124 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2354.621557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2354.630915] Call Trace: [ 2354.633534] dump_stack+0x197/0x210 [ 2354.637211] dump_header+0x15e/0xa55 [ 2354.641049] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2354.646160] ? ___ratelimit+0x60/0x595 [ 2354.650057] ? do_raw_spin_unlock+0x181/0x270 [ 2354.654567] oom_kill_process.cold+0x10/0x6ef [ 2354.659077] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2354.664706] ? task_will_free_mem+0x139/0x6e0 [ 2354.669217] out_of_memory+0x362/0x1330 [ 2354.674163] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2354.679276] ? oom_killer_disable+0x280/0x280 [ 2354.683778] ? find_held_lock+0x35/0x130 [ 2354.687857] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2354.692707] ? memcg_event_wake+0x230/0x230 [ 2354.697045] ? do_raw_spin_unlock+0x181/0x270 [ 2354.701555] ? _raw_spin_unlock+0x2d/0x50 [ 2354.705735] try_charge+0xc6e/0x1490 [ 2354.709472] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2354.714330] ? lock_downgrade+0x880/0x880 [ 2354.718501] ? kasan_check_read+0x11/0x20 [ 2354.722688] memcg_kmem_charge_memcg+0x83/0x170 [ 2354.727366] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2354.731961] ? __isolate_free_page+0x4c0/0x4c0 [ 2354.736558] memcg_kmem_charge+0x13b/0x370 [ 2354.740822] __alloc_pages_nodemask+0x3c3/0x750 [ 2354.745511] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2354.750552] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2354.755146] ? trace_hardirqs_on+0x67/0x220 [ 2354.759493] copy_process.part.0+0x3e0/0x7a30 [ 2354.764007] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2354.769118] ? delayacct_end+0x5c/0x100 [ 2354.773104] ? __delayacct_freepages_end+0xe0/0x140 [ 2354.778134] ? __lock_acquire+0x6ee/0x49c0 [ 2354.782390] ? __cleanup_sighand+0x70/0x70 [ 2354.786637] ? mark_held_locks+0x100/0x100 [ 2354.790893] _do_fork+0x257/0xfd0 [ 2354.794361] ? fork_idle+0x1d0/0x1d0 [ 2354.798091] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2354.803992] ? kasan_check_read+0x11/0x20 [ 2354.808149] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2354.812913] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2354.817674] ? do_syscall_64+0x26/0x620 [ 2354.821654] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2354.827021] ? do_syscall_64+0x26/0x620 [ 2354.831007] __x64_sys_clone+0xbf/0x150 [ 2354.835000] do_syscall_64+0xfd/0x620 [ 2354.838815] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2354.844007] RIP: 0033:0x45dd19 [ 2354.847213] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2354.866245] RSP: 002b:00007ffebaa31338 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2354.873969] RAX: ffffffffffffffda RBX: 00007fbcae54a700 RCX: 000000000045dd19 [ 2354.881288] RDX: 00007fbcae54a9d0 RSI: 00007fbcae549db0 RDI: 00000000003d0f00 [ 2354.888564] RBP: 00007ffebaa31550 R08: 00007fbcae54a700 R09: 00007fbcae54a700 [ 2354.895836] R10: 00007fbcae54a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2354.903107] R13: 00007ffebaa313ef R14: 00007fbcae54a9c0 R15: 000000000075bfd4 [ 2355.095242] Task in /syz0 killed as a result of limit of /syz0 [ 2355.102199] memory: usage 306876kB, limit 307200kB, failcnt 440113 [ 2355.109905] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2355.123473] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2355.136242] Memory cgroup stats for /syz0: cache:60KB rss:111740KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111684KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2355.176878] Memory cgroup out of memory: Kill process 3657 (syz-executor.0) score 1106 or sacrifice child [ 2355.190273] Killed process 3657 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2355.217999] oom_reaper: reaped process 3657 (syz-executor.0), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 12:55:10 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2356.130045] xt_hashlimit: overflow, try lower: 0/0 [ 2356.151745] xt_hashlimit: overflow, try lower: 0/0 12:55:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@ipv4_delrule={0x1c, 0x21, 0x523}, 0x1c}}, 0x0) 12:55:11 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:11 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, 0xffffffffffffffff, 0x0, 0xa808) 12:55:11 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xa802000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:11 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x60, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:11 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2357.400463] tcpmss_tg6_check: 5 callbacks suppressed [ 2357.400471] xt_TCPMSS: Only works on TCP SYN packets [ 2357.413713] xt_hashlimit: overflow, try lower: 0/0 [ 2357.431906] xt_TCPMSS: Only works on TCP SYN packets 12:55:11 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:11 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:11 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, 0xffffffffffffffff, 0x0, 0xa808) 12:55:11 executing program 5: socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x803, 0x2) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c) sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x1aa, 0x0}}], 0x400000000000107, 0x0) [ 2357.623702] xt_TCPMSS: Only works on TCP SYN packets [ 2357.767329] xt_hashlimit: overflow, try lower: 0/0 12:55:12 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x170, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:12 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xc403000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2357.802743] xt_hashlimit: overflow, try lower: 0/0 12:55:12 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:12 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, 0xffffffffffffffff, 0x0, 0xa808) [ 2358.048455] xt_TCPMSS: Only works on TCP SYN packets [ 2358.115319] xt_TCPMSS: Only works on TCP SYN packets 12:55:12 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2358.164776] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2358.248495] xt_hashlimit: overflow, try lower: 0/0 [ 2358.270915] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2358.304923] xt_hashlimit: overflow, try lower: 0/0 [ 2358.323029] CPU: 0 PID: 28132 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2358.330862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2358.340229] Call Trace: [ 2358.342921] dump_stack+0x197/0x210 [ 2358.346599] dump_header+0x15e/0xa55 [ 2358.350341] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2358.355459] ? ___ratelimit+0x60/0x595 [ 2358.359494] ? do_raw_spin_unlock+0x181/0x270 [ 2358.364006] oom_kill_process.cold+0x10/0x6ef 12:55:12 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x2a8, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2358.368545] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2358.374715] ? task_will_free_mem+0x139/0x6e0 [ 2358.379241] out_of_memory+0x362/0x1330 [ 2358.383242] ? lock_downgrade+0x880/0x880 [ 2358.387429] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2358.392556] ? oom_killer_disable+0x280/0x280 [ 2358.397086] ? find_held_lock+0x35/0x130 [ 2358.401178] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2358.406048] ? memcg_event_wake+0x230/0x230 [ 2358.410398] ? do_raw_spin_unlock+0x181/0x270 [ 2358.414907] ? _raw_spin_unlock+0x2d/0x50 [ 2358.419530] try_charge+0xec5/0x1490 [ 2358.423279] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2358.428137] ? lock_downgrade+0x880/0x880 [ 2358.432325] ? kasan_check_read+0x11/0x20 [ 2358.436505] memcg_kmem_charge_memcg+0x83/0x170 [ 2358.441195] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2358.445746] ? __isolate_free_page+0x4c0/0x4c0 [ 2358.450343] memcg_kmem_charge+0x13b/0x370 [ 2358.454606] __alloc_pages_nodemask+0x3c3/0x750 [ 2358.459306] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2358.464341] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2358.468937] ? trace_hardirqs_on+0x67/0x220 [ 2358.473299] copy_process.part.0+0x3e0/0x7a30 [ 2358.477810] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2358.482925] ? delayacct_end+0x5c/0x100 [ 2358.486919] ? __delayacct_freepages_end+0xe0/0x140 [ 2358.491951] ? __lock_acquire+0x6ee/0x49c0 [ 2358.496224] ? __cleanup_sighand+0x70/0x70 [ 2358.500479] ? mark_held_locks+0x100/0x100 [ 2358.504859] _do_fork+0x257/0xfd0 [ 2358.508344] ? fork_idle+0x1d0/0x1d0 [ 2358.512092] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2358.518001] ? kasan_check_read+0x11/0x20 [ 2358.522166] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2358.526948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2358.531835] ? do_syscall_64+0x26/0x620 [ 2358.535830] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2358.541205] ? do_syscall_64+0x26/0x620 [ 2358.545207] __x64_sys_clone+0xbf/0x150 [ 2358.549290] do_syscall_64+0xfd/0x620 [ 2358.553113] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2358.558334] RIP: 0033:0x45dd19 [ 2358.561564] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2358.580487] RSP: 002b:00007fffa4b7b608 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2358.588214] RAX: ffffffffffffffda RBX: 00007f07e4398700 RCX: 000000000045dd19 [ 2358.595710] RDX: 00007f07e43989d0 RSI: 00007f07e4397db0 RDI: 00000000003d0f00 [ 2358.603090] RBP: 00007fffa4b7b820 R08: 00007f07e4398700 R09: 00007f07e4398700 [ 2358.610462] R10: 00007f07e43989d0 R11: 0000000000000202 R12: 0000000000000000 12:55:12 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2358.617752] R13: 00007fffa4b7b6bf R14: 00007f07e43989c0 R15: 000000000075bfd4 [ 2358.724672] xt_TCPMSS: Only works on TCP SYN packets [ 2358.746422] Task in /syz2 killed as a result of limit of /syz2 [ 2358.752853] memory: usage 307128kB, limit 307200kB, failcnt 212801 12:55:13 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0x0) [ 2358.788125] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2358.816074] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2358.845327] Memory cgroup stats for /syz2: cache:12KB rss:108912KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108908KB inactive_file:4KB active_file:0KB unevictable:0KB [ 2358.911502] Memory cgroup out of memory: Kill process 32441 (syz-executor.2) score 1106 or sacrifice child [ 2358.925502] Killed process 32441 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2358.941234] xt_TCPMSS: Only works on TCP SYN packets 12:55:13 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2359.032192] xt_hashlimit: overflow, try lower: 0/0 12:55:13 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:13 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0x0) [ 2359.482619] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2359.557260] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2359.592712] CPU: 1 PID: 28672 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2359.600553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2359.609919] Call Trace: [ 2359.612548] dump_stack+0x197/0x210 [ 2359.616197] dump_header+0x15e/0xa55 [ 2359.619933] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2359.625064] ? ___ratelimit+0x60/0x595 [ 2359.628966] ? do_raw_spin_unlock+0x181/0x270 [ 2359.633484] oom_kill_process.cold+0x10/0x6ef [ 2359.638105] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2359.643671] ? task_will_free_mem+0x139/0x6e0 [ 2359.648197] out_of_memory+0x362/0x1330 [ 2359.652194] ? lock_downgrade+0x880/0x880 [ 2359.656373] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2359.661499] ? oom_killer_disable+0x280/0x280 [ 2359.666032] ? find_held_lock+0x35/0x130 [ 2359.670235] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2359.675104] ? memcg_event_wake+0x230/0x230 [ 2359.679450] ? do_raw_spin_unlock+0x181/0x270 [ 2359.683963] ? _raw_spin_unlock+0x2d/0x50 [ 2359.688130] try_charge+0xec5/0x1490 [ 2359.691867] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2359.696734] ? lock_downgrade+0x880/0x880 [ 2359.700899] ? kasan_check_read+0x11/0x20 [ 2359.705081] memcg_kmem_charge_memcg+0x83/0x170 [ 2359.709775] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2359.714297] ? __isolate_free_page+0x4c0/0x4c0 [ 2359.718904] memcg_kmem_charge+0x13b/0x370 [ 2359.723165] __alloc_pages_nodemask+0x3c3/0x750 [ 2359.728380] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2359.733424] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2359.738028] ? trace_hardirqs_on+0x67/0x220 [ 2359.742373] copy_process.part.0+0x3e0/0x7a30 [ 2359.746896] ? mark_held_locks+0x100/0x100 [ 2359.751178] ? __might_fault+0x12b/0x1e0 [ 2359.755270] ? __cleanup_sighand+0x70/0x70 [ 2359.759643] ? lock_downgrade+0x880/0x880 [ 2359.764088] _do_fork+0x257/0xfd0 [ 2359.767586] ? fork_idle+0x1d0/0x1d0 [ 2359.771330] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2359.776110] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2359.780900] ? do_syscall_64+0x26/0x620 [ 2359.784891] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2359.790271] ? do_syscall_64+0x26/0x620 [ 2359.794265] __x64_sys_clone+0xbf/0x150 [ 2359.798275] do_syscall_64+0xfd/0x620 [ 2359.802205] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2359.807499] RIP: 0033:0x45b349 [ 2359.810793] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2359.830237] RSP: 002b:00007fbcae56ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2359.837966] RAX: ffffffffffffffda RBX: 00007fbcae56b6d4 RCX: 000000000045b349 [ 2359.845251] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000008100 [ 2359.852562] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2359.859848] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2359.867230] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c [ 2359.878131] Task in /syz0 killed as a result of limit of /syz0 [ 2359.884192] memory: usage 307192kB, limit 307200kB, failcnt 440158 [ 2359.893092] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2359.901726] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2359.918816] Memory cgroup stats for /syz0: cache:60KB rss:111584KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111768KB inactive_file:4KB active_file:8KB unevictable:0KB [ 2359.996383] Memory cgroup out of memory: Kill process 5292 (syz-executor.0) score 1106 or sacrifice child [ 2360.027805] Killed process 5292 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2360.091934] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2360.126048] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2360.155640] CPU: 1 PID: 28661 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2360.163671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2360.173229] Call Trace: [ 2360.175852] dump_stack+0x197/0x210 [ 2360.179518] dump_header+0x15e/0xa55 [ 2360.183269] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2360.188395] ? ___ratelimit+0x60/0x595 [ 2360.192319] ? do_raw_spin_unlock+0x181/0x270 [ 2360.196846] oom_kill_process.cold+0x10/0x6ef [ 2360.201367] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2360.206925] ? task_will_free_mem+0x139/0x6e0 [ 2360.211442] out_of_memory+0x362/0x1330 [ 2360.215438] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2360.220562] ? oom_killer_disable+0x280/0x280 [ 2360.225078] ? find_held_lock+0x35/0x130 [ 2360.229169] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2360.234042] ? memcg_event_wake+0x230/0x230 [ 2360.238392] ? do_raw_spin_unlock+0x181/0x270 [ 2360.242912] ? _raw_spin_unlock+0x2d/0x50 [ 2360.247193] try_charge+0xc6e/0x1490 [ 2360.250929] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2360.255791] ? lock_downgrade+0x880/0x880 [ 2360.259966] ? kasan_check_read+0x11/0x20 [ 2360.264146] memcg_kmem_charge_memcg+0x83/0x170 [ 2360.268922] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2360.273436] ? __isolate_free_page+0x4c0/0x4c0 [ 2360.278244] memcg_kmem_charge+0x13b/0x370 [ 2360.282627] __alloc_pages_nodemask+0x3c3/0x750 [ 2360.287324] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2360.292362] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2360.296971] ? trace_hardirqs_on+0x67/0x220 [ 2360.301314] copy_process.part.0+0x3e0/0x7a30 [ 2360.305830] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2360.310953] ? delayacct_end+0x5c/0x100 [ 2360.314977] ? __delayacct_freepages_end+0xe0/0x140 [ 2360.320008] ? __lock_acquire+0x6ee/0x49c0 [ 2360.324268] ? __cleanup_sighand+0x70/0x70 [ 2360.328525] ? mark_held_locks+0x100/0x100 [ 2360.332902] _do_fork+0x257/0xfd0 [ 2360.336441] ? fork_idle+0x1d0/0x1d0 [ 2360.340198] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2360.346103] ? kasan_check_read+0x11/0x20 [ 2360.350290] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2360.355068] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2360.359952] ? do_syscall_64+0x26/0x620 [ 2360.364059] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2360.369449] ? do_syscall_64+0x26/0x620 [ 2360.373449] __x64_sys_clone+0xbf/0x150 [ 2360.377442] do_syscall_64+0xfd/0x620 [ 2360.381270] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2360.386476] RIP: 0033:0x45dd19 [ 2360.389689] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2360.408646] RSP: 002b:00007ffebaa31338 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2360.416370] RAX: ffffffffffffffda RBX: 00007fbcae54a700 RCX: 000000000045dd19 [ 2360.423960] RDX: 00007fbcae54a9d0 RSI: 00007fbcae549db0 RDI: 00000000003d0f00 [ 2360.431344] RBP: 00007ffebaa31550 R08: 00007fbcae54a700 R09: 00007fbcae54a700 [ 2360.438620] R10: 00007fbcae54a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2360.445895] R13: 00007ffebaa313ef R14: 00007fbcae54a9c0 R15: 000000000075bfd4 [ 2360.457778] Task in /syz0 killed as a result of limit of /syz0 [ 2360.463884] memory: usage 306904kB, limit 307200kB, failcnt 440158 [ 2360.480630] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2360.499738] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2360.518342] Memory cgroup stats for /syz0: cache:60KB rss:111584KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111644KB inactive_file:8KB active_file:4KB unevictable:0KB [ 2360.542122] Memory cgroup out of memory: Kill process 7935 (syz-executor.0) score 1106 or sacrifice child [ 2360.554793] Killed process 7935 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2361.837460] IPVS: ftp: loaded support on port[0] = 21 [ 2362.045298] chnl_net:caif_netlink_parms(): no params data found [ 2362.122961] bridge0: port 1(bridge_slave_0) entered blocking state [ 2362.145347] bridge0: port 1(bridge_slave_0) entered disabled state [ 2362.166105] device bridge_slave_0 entered promiscuous mode [ 2362.176189] bridge0: port 2(bridge_slave_1) entered blocking state [ 2362.183183] bridge0: port 2(bridge_slave_1) entered disabled state [ 2362.193197] device bridge_slave_1 entered promiscuous mode [ 2362.219266] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2362.229581] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2362.272246] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2362.286271] team0: Port device team_slave_0 added [ 2362.304155] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2362.317825] team0: Port device team_slave_1 added [ 2362.361961] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2362.376381] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2362.414310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2362.439149] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2362.445415] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2362.479136] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2362.502794] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 2362.521709] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 2362.619764] device hsr_slave_0 entered promiscuous mode [ 2362.656966] device hsr_slave_1 entered promiscuous mode [ 2362.697556] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 2362.705271] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 2362.889904] bridge0: port 2(bridge_slave_1) entered blocking state [ 2362.896476] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2362.903150] bridge0: port 1(bridge_slave_0) entered blocking state [ 2362.909599] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2363.033700] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 2363.045960] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2363.064237] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2363.093184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2363.108262] bridge0: port 1(bridge_slave_0) entered disabled state [ 2363.121061] bridge0: port 2(bridge_slave_1) entered disabled state [ 2363.141185] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2363.165065] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 2363.172088] 8021q: adding VLAN 0 to HW filter on device team0 [ 2363.185589] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 2363.193392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2363.203453] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2363.212238] bridge0: port 1(bridge_slave_0) entered blocking state [ 2363.218732] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2363.231148] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 2363.240021] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2363.249788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2363.270407] bridge0: port 2(bridge_slave_1) entered blocking state [ 2363.276849] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2363.297539] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 2363.307433] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2363.318164] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 2363.327607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2363.340138] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 2363.347496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2363.358561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2363.372110] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 2363.381034] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2363.389964] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2363.398447] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2363.411070] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 2363.418981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2363.428508] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2363.440378] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 2363.448049] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2363.455982] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2363.467716] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 2363.474028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2363.506227] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 2363.529293] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 2363.536003] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2363.553917] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2363.570668] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2363.685658] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 2363.713006] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 2363.731062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 2363.748267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2363.875515] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 2363.885629] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 2363.904819] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 2363.930429] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 2363.946212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 2363.956667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2363.978039] device veth0_vlan entered promiscuous mode [ 2363.987188] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2363.995107] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2364.007131] device veth1_vlan entered promiscuous mode [ 2364.013560] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 2364.039778] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 2364.058830] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 2364.082680] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 2364.098781] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2364.107476] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2364.115154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 2364.125822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2364.167796] device veth0_macvtap entered promiscuous mode [ 2364.174303] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 2364.196333] device veth1_macvtap entered promiscuous mode [ 2364.238081] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 2364.262159] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 2364.282074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2364.300539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.322224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2364.335433] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.355443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2364.375505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.386010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2364.405298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.414880] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2364.433992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.445588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2364.456436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.465623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2364.475547] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.484902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2364.494799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.505646] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 2364.513382] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2364.520828] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2364.528795] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 2364.537000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2364.547604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2364.558401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.568670] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2364.578805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.588501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2364.598619] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.608589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2364.625900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.637600] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2364.647796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.657499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2364.668055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.677920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2364.687969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.698098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2364.708102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2364.719974] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 2364.727726] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2364.735054] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2364.743931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 12:55:20 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60fe01, 0x8) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 12:55:20 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x300, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:20 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xc601000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:20 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:20 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') sendfile(r0, r1, 0x0, 0x0) 12:55:20 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:20 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2365.993490] xt_TCPMSS: Only works on TCP SYN packets [ 2366.011811] xt_TCPMSS: Only works on TCP SYN packets 12:55:20 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040)='gtp\x00') sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r1, 0x1, 0x0, 0x0, {}, [@GTPA_VERSION={0x8}, @GTPA_LINK={0x8}, @GTPA_PEER_ADDRESS={0x8}, @GTPA_MS_ADDRESS={0x8, 0x5, @remote}]}, 0x34}}, 0x0) 12:55:20 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xdc03000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:20 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:20 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x500, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:20 executing program 5: mkdir(0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb58}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0xa, &(0x7f0000000540)=0x2000000000000074, 0x86a) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6) sendto$inet(r1, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write(r1, &(0x7f00000001c0)="ee0107200c9f8fbf5ca312794d57d7c84858f6d02ac7044478a1ceaba80c756a581354e1c3bc0f39ab71266531e5c6b4d607559441a2a1492bc86146e4a205b0b8db310441cf08c043a775bb5e3a82dbc589f50c52e15266c634790cab6745980751ca698dbd91bc", 0x7f37) syz_genetlink_get_family_id$ipvs(0x0) [ 2366.243983] xt_hashlimit: overflow, try lower: 0/0 [ 2366.270081] xt_hashlimit: overflow, try lower: 0/0 12:55:20 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_FONT(r0, 0x4b60, &(0x7f00000000c0)=""/163) 12:55:20 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2366.462048] xt_TCPMSS: Only works on TCP SYN packets [ 2366.527321] xt_TCPMSS: Only works on TCP SYN packets [ 2366.533475] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2366.601101] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2366.633995] CPU: 0 PID: 28951 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 12:55:20 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2366.641854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2366.649843] xt_hashlimit: overflow, try lower: 0/0 [ 2366.651734] Call Trace: [ 2366.651758] dump_stack+0x197/0x210 [ 2366.651781] dump_header+0x15e/0xa55 [ 2366.667348] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2366.672460] ? ___ratelimit+0x60/0x595 [ 2366.676357] ? do_raw_spin_unlock+0x181/0x270 [ 2366.680880] oom_kill_process.cold+0x10/0x6ef [ 2366.685393] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2366.690952] ? task_will_free_mem+0x139/0x6e0 [ 2366.695560] out_of_memory+0x362/0x1330 [ 2366.699572] ? lock_downgrade+0x880/0x880 [ 2366.704372] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2366.709590] ? oom_killer_disable+0x280/0x280 [ 2366.714212] ? find_held_lock+0x35/0x130 [ 2366.718303] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2366.723288] ? memcg_event_wake+0x230/0x230 [ 2366.727639] ? do_raw_spin_unlock+0x181/0x270 [ 2366.732153] ? _raw_spin_unlock+0x2d/0x50 [ 2366.736318] try_charge+0xec5/0x1490 [ 2366.740230] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2366.745112] ? lock_downgrade+0x880/0x880 [ 2366.749293] ? kasan_check_read+0x11/0x20 [ 2366.753487] memcg_kmem_charge_memcg+0x83/0x170 [ 2366.758181] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2366.762696] ? __isolate_free_page+0x4c0/0x4c0 [ 2366.767299] memcg_kmem_charge+0x13b/0x370 [ 2366.771567] __alloc_pages_nodemask+0x3c3/0x750 [ 2366.776780] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2366.781838] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2366.786438] ? trace_hardirqs_on+0x67/0x220 [ 2366.790964] copy_process.part.0+0x3e0/0x7a30 [ 2366.795480] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 12:55:21 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='lowerdir=.:file0']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000100)=""/230, 0xe6) socket$nl_netfilter(0x10, 0x3, 0xc) [ 2366.800686] ? delayacct_end+0x5c/0x100 [ 2366.804729] ? __delayacct_freepages_end+0xe0/0x140 [ 2366.809965] ? __lock_acquire+0x6ee/0x49c0 [ 2366.814255] ? __cleanup_sighand+0x70/0x70 [ 2366.818530] ? mark_held_locks+0x100/0x100 [ 2366.822888] _do_fork+0x257/0xfd0 [ 2366.826410] ? fork_idle+0x1d0/0x1d0 [ 2366.830173] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2366.836073] ? kasan_check_read+0x11/0x20 [ 2366.840354] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2366.845230] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2366.850006] ? do_syscall_64+0x26/0x620 [ 2366.854168] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2366.859550] ? do_syscall_64+0x26/0x620 [ 2366.863630] __x64_sys_clone+0xbf/0x150 [ 2366.867722] do_syscall_64+0xfd/0x620 [ 2366.871547] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2366.876743] RIP: 0033:0x45dd19 [ 2366.879952] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 12:55:21 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x600, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2366.898967] RSP: 002b:00007fffa4b7b608 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2366.906867] RAX: ffffffffffffffda RBX: 00007f07e43b9700 RCX: 000000000045dd19 [ 2366.914150] RDX: 00007f07e43b99d0 RSI: 00007f07e43b8db0 RDI: 00000000003d0f00 [ 2366.921432] RBP: 00007fffa4b7b820 R08: 00007f07e43b9700 R09: 00007f07e43b9700 [ 2366.928817] R10: 00007f07e43b99d0 R11: 0000000000000202 R12: 0000000000000000 [ 2366.936096] R13: 00007fffa4b7b6bf R14: 00007f07e43b99c0 R15: 000000000075bf2c 12:55:21 executing program 5: write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x2000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x4, r2}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 12:55:21 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2367.108190] Task in /syz2 killed as a result of limit of /syz2 [ 2367.127536] memory: usage 307188kB, limit 307200kB, failcnt 212831 [ 2367.155257] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2367.184993] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2367.208766] Memory cgroup stats for /syz2: cache:12KB rss:108912KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108972KB inactive_file:4KB active_file:4KB unevictable:0KB [ 2367.235945] xt_TCPMSS: Only works on TCP SYN packets [ 2367.268459] Memory cgroup out of memory: Kill process 28934 (syz-executor.2) score 1106 or sacrifice child 12:55:21 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x700, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2367.313850] Killed process 28934 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35732kB, shmem-rss:0kB [ 2367.418993] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 2367.493650] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2367.500412] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 2367.511852] CPU: 0 PID: 8115 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2367.519697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2367.529063] Call Trace: [ 2367.531666] dump_stack+0x197/0x210 [ 2367.535318] dump_header+0x15e/0xa55 [ 2367.539050] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2367.544176] ? ___ratelimit+0x60/0x595 [ 2367.548074] ? do_raw_spin_unlock+0x181/0x270 [ 2367.552593] oom_kill_process.cold+0x10/0x6ef [ 2367.557111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2367.562670] ? task_will_free_mem+0x139/0x6e0 [ 2367.567216] out_of_memory+0x362/0x1330 [ 2367.571217] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2367.576334] ? oom_killer_disable+0x280/0x280 [ 2367.580842] ? find_held_lock+0x35/0x130 [ 2367.584931] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2367.589874] ? memcg_event_wake+0x230/0x230 [ 2367.592925] xt_TCPMSS: Only works on TCP SYN packets [ 2367.594207] ? do_raw_spin_unlock+0x181/0x270 [ 2367.594229] ? _raw_spin_unlock+0x2d/0x50 [ 2367.607967] try_charge+0xec5/0x1490 [ 2367.611710] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2367.616658] ? lock_downgrade+0x880/0x880 [ 2367.620831] ? kasan_check_read+0x11/0x20 [ 2367.625000] memcg_kmem_charge_memcg+0x83/0x170 [ 2367.629689] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2367.634201] ? __isolate_free_page+0x4c0/0x4c0 [ 2367.638889] memcg_kmem_charge+0x13b/0x370 [ 2367.643325] __alloc_pages_nodemask+0x3c3/0x750 [ 2367.648095] ? __lock_is_held+0xb6/0x140 [ 2367.652179] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2367.657234] ? find_held_lock+0x35/0x130 [ 2367.661311] ? find_held_lock+0x35/0x130 [ 2367.665390] ? copy_page_range+0x13b3/0x2030 [ 2367.669816] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2367.675455] alloc_pages_current+0x107/0x210 [ 2367.679916] pte_alloc_one+0x1b/0x1a0 [ 2367.683731] __pte_alloc+0x2a/0x360 [ 2367.687558] copy_page_range+0x16d0/0x2030 [ 2367.691839] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 2367.696698] ? __vma_link_rb+0x279/0x370 [ 2367.700778] copy_process.part.0+0x543e/0x7a30 [ 2367.705407] ? __cleanup_sighand+0x70/0x70 [ 2367.709774] _do_fork+0x257/0xfd0 [ 2367.713257] ? fork_idle+0x1d0/0x1d0 [ 2367.717099] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2367.722015] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2367.726786] ? do_syscall_64+0x26/0x620 [ 2367.730775] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2367.736152] ? do_syscall_64+0x26/0x620 12:55:22 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xe803000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:22 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:22 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='lowerdir=.:file0']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000100)=""/230, 0xe6) socket$nl_netfilter(0x10, 0x3, 0xc) [ 2367.737908] syz-executor.5 (29367) used greatest stack depth: 20944 bytes left [ 2367.740258] __x64_sys_clone+0xbf/0x150 [ 2367.740282] do_syscall_64+0xfd/0x620 [ 2367.755423] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2367.760758] RIP: 0033:0x45991a [ 2367.764242] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2367.783325] RSP: 002b:00007ffebaa315d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2367.791042] RAX: ffffffffffffffda RBX: 00007ffebaa315d0 RCX: 000000000045991a [ 2367.798321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2367.805851] RBP: 00007ffebaa31610 R08: 0000000000000001 R09: 000000000135f940 [ 2367.813159] R10: 000000000135fc10 R11: 0000000000000246 R12: 0000000000000001 [ 2367.820437] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffebaa31660 12:55:22 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'kw(tnepres-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000019840)=[{&(0x7f00000002c0)=""/223, 0xdf}], 0x1}}], 0x2, 0x0, 0x0) [ 2367.856514] Task in /syz0 killed as a result of limit of /syz0 [ 2367.866755] memory: usage 307200kB, limit 307200kB, failcnt 440193 [ 2367.885008] xt_TCPMSS: Only works on TCP SYN packets 12:55:22 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0xa00, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2368.056543] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2368.063518] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2368.108053] Memory cgroup stats for /syz0: cache:60KB rss:111716KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111740KB inactive_file:4KB active_file:8KB unevictable:0KB [ 2368.160202] xt_TCPMSS: Only works on TCP SYN packets [ 2368.201951] Memory cgroup out of memory: Kill process 9004 (syz-executor.0) score 1106 or sacrifice child 12:55:22 executing program 5: r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKBSZGET(r0, 0x80081270, 0x0) [ 2368.249355] Killed process 9004 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2368.366503] xt_TCPMSS: Only works on TCP SYN packets [ 2368.578512] xt_hashlimit: overflow, try lower: 0/0 [ 2368.614361] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2368.633015] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2368.641666] CPU: 0 PID: 29813 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2368.649492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2368.659551] Call Trace: [ 2368.662160] dump_stack+0x197/0x210 [ 2368.666067] dump_header+0x15e/0xa55 [ 2368.669893] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2368.675011] ? ___ratelimit+0x60/0x595 [ 2368.678918] ? do_raw_spin_unlock+0x181/0x270 [ 2368.683447] oom_kill_process.cold+0x10/0x6ef [ 2368.687964] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2368.694480] ? task_will_free_mem+0x139/0x6e0 [ 2368.699014] out_of_memory+0x362/0x1330 [ 2368.703043] ? lock_downgrade+0x880/0x880 [ 2368.707269] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2368.712409] ? oom_killer_disable+0x280/0x280 [ 2368.717042] ? find_held_lock+0x35/0x130 [ 2368.721132] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2368.725996] ? memcg_event_wake+0x230/0x230 [ 2368.730650] ? do_raw_spin_unlock+0x181/0x270 [ 2368.735441] ? _raw_spin_unlock+0x2d/0x50 [ 2368.739787] try_charge+0xec5/0x1490 [ 2368.743539] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2368.748517] ? lock_downgrade+0x880/0x880 [ 2368.753475] ? kasan_check_read+0x11/0x20 [ 2368.757643] memcg_kmem_charge_memcg+0x83/0x170 [ 2368.762449] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2368.766971] ? __isolate_free_page+0x4c0/0x4c0 [ 2368.771581] memcg_kmem_charge+0x13b/0x370 [ 2368.775853] __alloc_pages_nodemask+0x3c3/0x750 [ 2368.780546] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2368.785600] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2368.790195] ? trace_hardirqs_on+0x67/0x220 [ 2368.794549] copy_process.part.0+0x3e0/0x7a30 [ 2368.799185] ? mark_held_locks+0x100/0x100 [ 2368.803451] ? __might_fault+0x12b/0x1e0 [ 2368.807658] ? __cleanup_sighand+0x70/0x70 [ 2368.811921] ? lock_downgrade+0x880/0x880 [ 2368.816108] _do_fork+0x257/0xfd0 [ 2368.819609] ? fork_idle+0x1d0/0x1d0 [ 2368.823478] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2368.828258] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2368.833039] ? do_syscall_64+0x26/0x620 [ 2368.837037] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2368.842416] ? do_syscall_64+0x26/0x620 [ 2368.846445] __x64_sys_clone+0xbf/0x150 [ 2368.850454] do_syscall_64+0xfd/0x620 [ 2368.854281] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2368.859604] RIP: 0033:0x45b349 [ 2368.862806] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2368.881765] RSP: 002b:00007fbcae56ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2368.889487] RAX: ffffffffffffffda RBX: 00007fbcae56b6d4 RCX: 000000000045b349 [ 2368.896771] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000008100 [ 2368.904055] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2368.911334] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2368.918621] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c [ 2368.946067] Task in /syz0 killed as a result of limit of /syz0 [ 2368.976156] memory: usage 307184kB, limit 307200kB, failcnt 440218 [ 2369.019342] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2369.045939] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:55:23 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2369.064442] Memory cgroup stats for /syz0: cache:60KB rss:111716KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111728KB inactive_file:4KB active_file:8KB unevictable:0KB [ 2369.086904] Memory cgroup out of memory: Kill process 12730 (syz-executor.0) score 1106 or sacrifice child [ 2369.098161] Killed process 12730 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:55:23 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xf803000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:23 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:23 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 12:55:23 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f0000000000)={0x200, 0x0, &(0x7f00000004c0)="b5e6c25af6f309147a2ddae385530f981cc27a7a3e9f9d4a0c1238626fbbf3ecf50feecb383e98e0b2fb669d7acb2620946a5c80cb077c8abbce62aca2b46d2e9c534172dba1888a09a066e7a5e618f0184859f4060e4c544045cea0e3ea53316328a60abac5b99d42505c091399152716ffe4c3ba7718799087b794d23d374042b4ab8377ee05118294f3e76c3f494878a8c270e141d0a992b0d442a0d92be2a5a6468c33ed06ae5ef20190975054a9db9397d1f00f0277c3a02519f76896c484e8806bfa7d5c67b2f218b2d450d1613632a43f53626ba3c88304cf92d2b964329fdef371653f000000ac3673f75ec656f203cd832fbbdb23aa836998a84a86d1747edefe0c6b808992ee18469a5b9eeefeb3324058673730e09f4b5c3c235ec39eb65004dfd81daa40964599d5297b6fdd7626b96f382989ada371eb134061b089d5574edb1558d2675af9ae7cb0fe16501bef10fa0677cfb6ce0c2e0ba5f67290b8beb94f0fac9823e42443620d53895cf6695096c008dadd5f3d14bbaad0474bfb014995df0a970d655d7ff10381d8bb3be3139a4d33c6c21ce142cd54a17b7b1b9b89af2b3632b0d24602989c7474f570816112e356eb1af84c3b316c97cfb61f5eef4e2a9b37211c108e3871b92ec11f89fbcc7a1f47206d57a41f46cf84514cdf2fea7e994682ece0346e5b9b8035cb284b266a42818a9e2d5d776bd10f43829f5913e1481c1f9399e6fdcc88c34700314e5b53941b2ae540a1d2600c91dbfe88d7901811a288a24f76b17b000a7f6cfea9b5e6bd8c0afe2e7f1e9cb93acf318fee289dbfb6e301f8af99262c7c660a5d786222b66c79e8ac39c69e66e5d9aa11e34c0e80a4a99954603da3c1b9ec0bf75e57991bbed18654df374e036378272fa8e9767304417bd9093bdb3e3ba3ccc709c51f9ad9fab90811ec1f9fd5192dd42caac2c85abd6cead47021aad5036c7b0050b63156ca009d1bff2b461ab025a747230ce551588397b37adad508c7bb23efb5ee4dc578b36dda45967800ddfcb33a08d997ed68bf7746c22e20009411491ac58cb960510141c7c2ff1651d4c935821a010400004765050072af5b8ba4e941388b027cc2507143b3fbaeaac2068734ddb9907233973f361a51ea4233e095a75735213015ae9fe873de644083019b39407225dee4f2ac3d9db5bfaa03c16a394d99a0fa1ffb45096ae3e3ac485a912f4795648d64980beb6a4a843f6143f5f691839b67606f3d10d73775445b5416202909b3bee0d99ee19ee012ff20a7b366ec4a9c8bc810fa1aa31f1df20233f46884c2eb36f0f0093d108c13f30ea239d8cd6d512ffca3932a70b9819c8f602594183fa9545c948550c106228a03068538c790229fce92b5c36fb4135fc8884c34e05147506ea8bd5931c534a3bfd01b4aa7eb8fe300"}) 12:55:23 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x2000, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2369.196097] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2369.218248] xt_TCPMSS: Only works on TCP SYN packets 12:55:23 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket(0x10, 0x80002, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe8697071") setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0xb8, 0xb8, 0x0, 0x0, 0xb8, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xb8}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2}}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@remote, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 12:55:23 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) [ 2369.308225] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2369.357528] CPU: 0 PID: 29822 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2369.365378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2369.374738] Call Trace: [ 2369.377337] dump_stack+0x197/0x210 [ 2369.380982] dump_header+0x15e/0xa55 [ 2369.384710] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2369.390194] ? ___ratelimit+0x60/0x595 [ 2369.394089] ? do_raw_spin_unlock+0x181/0x270 [ 2369.404072] oom_kill_process.cold+0x10/0x6ef [ 2369.408585] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2369.414131] ? task_will_free_mem+0x139/0x6e0 [ 2369.418640] out_of_memory+0x362/0x1330 [ 2369.422631] ? lock_downgrade+0x880/0x880 [ 2369.426785] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2369.431894] ? oom_killer_disable+0x280/0x280 [ 2369.436396] ? find_held_lock+0x35/0x130 [ 2369.440475] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2369.445334] ? memcg_event_wake+0x230/0x230 [ 2369.449672] ? do_raw_spin_unlock+0x181/0x270 [ 2369.454181] ? _raw_spin_unlock+0x2d/0x50 [ 2369.458342] try_charge+0xec5/0x1490 [ 2369.462079] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2369.466936] ? lock_downgrade+0x880/0x880 [ 2369.471113] ? kasan_check_read+0x11/0x20 [ 2369.475282] memcg_kmem_charge_memcg+0x83/0x170 [ 2369.479970] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2369.484493] ? __isolate_free_page+0x4c0/0x4c0 [ 2369.489094] memcg_kmem_charge+0x13b/0x370 [ 2369.493356] __alloc_pages_nodemask+0x3c3/0x750 [ 2369.498047] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2369.503087] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2369.507689] ? trace_hardirqs_on+0x67/0x220 [ 2369.512042] copy_process.part.0+0x3e0/0x7a30 [ 2369.516552] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2369.521671] ? delayacct_end+0x5c/0x100 [ 2369.525667] ? __delayacct_freepages_end+0xe0/0x140 [ 2369.530695] ? __lock_acquire+0x6ee/0x49c0 [ 2369.535055] ? __cleanup_sighand+0x70/0x70 [ 2369.539301] ? mark_held_locks+0x100/0x100 [ 2369.543563] _do_fork+0x257/0xfd0 [ 2369.547050] ? fork_idle+0x1d0/0x1d0 [ 2369.550784] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2369.556679] ? kasan_check_read+0x11/0x20 [ 2369.560839] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2369.565602] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2369.570367] ? do_syscall_64+0x26/0x620 [ 2369.574352] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2369.579723] ? do_syscall_64+0x26/0x620 [ 2369.583714] __x64_sys_clone+0xbf/0x150 [ 2369.587702] do_syscall_64+0xfd/0x620 [ 2369.591527] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2369.596735] RIP: 0033:0x45dd19 [ 2369.599930] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2369.618837] RSP: 002b:00007fffa4b7b608 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2369.626552] RAX: ffffffffffffffda RBX: 00007f07e43b9700 RCX: 000000000045dd19 [ 2369.633825] RDX: 00007f07e43b99d0 RSI: 00007f07e43b8db0 RDI: 00000000003d0f00 [ 2369.641111] RBP: 00007fffa4b7b820 R08: 00007f07e43b9700 R09: 00007f07e43b9700 [ 2369.648391] R10: 00007f07e43b99d0 R11: 0000000000000202 R12: 0000000000000000 12:55:23 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2369.655666] R13: 00007fffa4b7b6bf R14: 00007f07e43b99c0 R15: 000000000075bf2c [ 2369.728275] Task in /syz2 killed as a result of limit of /syz2 [ 2369.757893] xt_hashlimit: overflow, try lower: 0/0 12:55:24 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 12:55:24 executing program 5: r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f00000000c0)) [ 2369.774052] memory: usage 307188kB, limit 307200kB, failcnt 212868 [ 2369.807491] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2369.826919] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:55:24 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x3f00, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2369.846827] Memory cgroup stats for /syz2: cache:12KB rss:108760KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108972KB inactive_file:0KB active_file:8KB unevictable:0KB [ 2369.926860] Memory cgroup out of memory: Kill process 1667 (syz-executor.2) score 1106 or sacrifice child [ 2369.956868] Killed process 1667 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2370.072180] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2370.117903] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2370.141282] CPU: 0 PID: 29913 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2370.149109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2370.158473] Call Trace: [ 2370.161075] dump_stack+0x197/0x210 [ 2370.164716] dump_header+0x15e/0xa55 [ 2370.168444] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2370.173560] ? ___ratelimit+0x60/0x595 [ 2370.177463] ? do_raw_spin_unlock+0x181/0x270 [ 2370.181969] oom_kill_process.cold+0x10/0x6ef [ 2370.186497] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2370.192044] ? task_will_free_mem+0x139/0x6e0 [ 2370.196560] out_of_memory+0x362/0x1330 [ 2370.200721] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2370.205834] ? oom_killer_disable+0x280/0x280 [ 2370.210348] ? find_held_lock+0x35/0x130 [ 2370.214429] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2370.219278] ? memcg_event_wake+0x230/0x230 [ 2370.223603] ? do_raw_spin_unlock+0x181/0x270 [ 2370.228113] ? _raw_spin_unlock+0x2d/0x50 [ 2370.232262] try_charge+0xec5/0x1490 [ 2370.235987] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2370.240837] ? lock_downgrade+0x880/0x880 [ 2370.245008] ? kasan_check_read+0x11/0x20 [ 2370.249161] memcg_kmem_charge_memcg+0x83/0x170 [ 2370.253825] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2370.258331] ? __isolate_free_page+0x4c0/0x4c0 [ 2370.262919] memcg_kmem_charge+0x13b/0x370 [ 2370.267163] __alloc_pages_nodemask+0x3c3/0x750 [ 2370.271826] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2370.276838] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2370.281441] ? trace_hardirqs_on+0x67/0x220 [ 2370.285774] copy_process.part.0+0x3e0/0x7a30 [ 2370.290276] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2370.295383] ? delayacct_end+0x5c/0x100 [ 2370.299441] ? __delayacct_freepages_end+0xe0/0x140 [ 2370.304478] ? __lock_acquire+0x6ee/0x49c0 [ 2370.308721] ? __cleanup_sighand+0x70/0x70 [ 2370.312953] ? mark_held_locks+0x100/0x100 [ 2370.317199] _do_fork+0x257/0xfd0 [ 2370.320656] ? fork_idle+0x1d0/0x1d0 [ 2370.324374] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2370.330255] ? kasan_check_read+0x11/0x20 [ 2370.334918] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2370.339672] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2370.344429] ? do_syscall_64+0x26/0x620 [ 2370.348409] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2370.353771] ? do_syscall_64+0x26/0x620 [ 2370.357849] __x64_sys_clone+0xbf/0x150 [ 2370.361819] do_syscall_64+0xfd/0x620 [ 2370.365617] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2370.371072] RIP: 0033:0x45dd19 [ 2370.374263] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2370.393258] RSP: 002b:00007ffebaa31338 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2370.401025] RAX: ffffffffffffffda RBX: 00007fbcae54a700 RCX: 000000000045dd19 [ 2370.408303] RDX: 00007fbcae54a9d0 RSI: 00007fbcae549db0 RDI: 00000000003d0f00 [ 2370.415570] RBP: 00007ffebaa31550 R08: 00007fbcae54a700 R09: 00007fbcae54a700 [ 2370.422840] R10: 00007fbcae54a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2370.430202] R13: 00007ffebaa313ef R14: 00007fbcae54a9c0 R15: 000000000075bfd4 [ 2370.553642] Task in /syz0 killed as a result of limit of /syz0 [ 2370.598778] memory: usage 307156kB, limit 307200kB, failcnt 440252 [ 2370.605218] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2370.635888] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2370.646786] Memory cgroup stats for /syz0: cache:60KB rss:111704KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111724KB inactive_file:4KB active_file:8KB unevictable:0KB [ 2370.668081] Memory cgroup out of memory: Kill process 14050 (syz-executor.0) score 1106 or sacrifice child [ 2370.678516] Killed process 14050 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:55:25 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:25 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:25 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xfa03000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:25 executing program 5: r0 = creat(&(0x7f0000001c00)='./bus\x00', 0x0) r1 = socket(0x2, 0x803, 0xff) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r2 = dup(r1) r3 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) ftruncate(r0, 0x800fe) sendfile(r2, r3, 0x0, 0x800000000026) 12:55:25 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 12:55:25 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x4000, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2370.725707] xt_hashlimit: overflow, try lower: 0/0 [ 2370.810732] audit: type=1804 audit(1579870525.093:140): pid=30329 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir860066031/syzkaller.wjJHmZ/9/bus" dev="sda1" ino=18493 res=1 [ 2370.870402] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 12:55:25 executing program 5: io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x112}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@dev, 0x100}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000010c0)=""/183, 0xb7}, {0x0}], 0x4, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 2370.921639] audit: type=1804 audit(1579870525.143:141): pid=30403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir860066031/syzkaller.wjJHmZ/9/bus" dev="sda1" ino=18493 res=1 12:55:25 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 12:55:25 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2370.978488] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2371.015623] CPU: 0 PID: 30323 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2371.023465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2371.032825] Call Trace: [ 2371.035428] dump_stack+0x197/0x210 [ 2371.039073] dump_header+0x15e/0xa55 [ 2371.042804] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2371.047967] ? ___ratelimit+0x60/0x595 [ 2371.051862] ? do_raw_spin_unlock+0x181/0x270 [ 2371.056384] oom_kill_process.cold+0x10/0x6ef [ 2371.060898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2371.066448] ? task_will_free_mem+0x139/0x6e0 [ 2371.070991] out_of_memory+0x362/0x1330 [ 2371.074999] ? lock_downgrade+0x880/0x880 [ 2371.079155] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2371.084265] ? oom_killer_disable+0x280/0x280 [ 2371.088773] ? find_held_lock+0x35/0x130 [ 2371.092861] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2371.097718] ? memcg_event_wake+0x230/0x230 [ 2371.102145] ? do_raw_spin_unlock+0x181/0x270 [ 2371.106654] ? _raw_spin_unlock+0x2d/0x50 [ 2371.110814] try_charge+0xec5/0x1490 [ 2371.114551] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2371.119507] ? lock_downgrade+0x880/0x880 [ 2371.123670] ? kasan_check_read+0x11/0x20 [ 2371.127836] memcg_kmem_charge_memcg+0x83/0x170 [ 2371.132519] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2371.137027] ? __isolate_free_page+0x4c0/0x4c0 [ 2371.141624] memcg_kmem_charge+0x13b/0x370 [ 2371.145973] __alloc_pages_nodemask+0x3c3/0x750 [ 2371.150667] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2371.155704] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2371.160295] ? trace_hardirqs_on+0x67/0x220 [ 2371.164638] copy_process.part.0+0x3e0/0x7a30 [ 2371.169153] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2371.174277] ? delayacct_end+0x5c/0x100 [ 2371.178272] ? __delayacct_freepages_end+0xe0/0x140 [ 2371.183414] ? __lock_acquire+0x6ee/0x49c0 [ 2371.187687] ? __cleanup_sighand+0x70/0x70 [ 2371.191934] ? mark_held_locks+0x100/0x100 [ 2371.196296] _do_fork+0x257/0xfd0 [ 2371.199766] ? fork_idle+0x1d0/0x1d0 [ 2371.204448] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2371.210349] ? kasan_check_read+0x11/0x20 [ 2371.214512] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2371.219278] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2371.224046] ? do_syscall_64+0x26/0x620 [ 2371.228029] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2371.233401] ? do_syscall_64+0x26/0x620 [ 2371.237489] __x64_sys_clone+0xbf/0x150 [ 2371.241478] do_syscall_64+0xfd/0x620 [ 2371.245294] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2371.250487] RIP: 0033:0x45dd19 [ 2371.253789] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2371.272695] RSP: 002b:00007fffa4b7b608 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2371.280417] RAX: ffffffffffffffda RBX: 00007f07e43b9700 RCX: 000000000045dd19 [ 2371.287698] RDX: 00007f07e43b99d0 RSI: 00007f07e43b8db0 RDI: 00000000003d0f00 [ 2371.294979] RBP: 00007fffa4b7b820 R08: 00007f07e43b9700 R09: 00007f07e43b9700 [ 2371.302258] R10: 00007f07e43b99d0 R11: 0000000000000202 R12: 0000000000000000 [ 2371.309538] R13: 00007fffa4b7b6bf R14: 00007f07e43b99c0 R15: 000000000075bf2c 12:55:25 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000040)=0xdf8, 0x215) bind$inet6(r0, &(0x7f0000f67fe4)={0xa, 0x4e20}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) [ 2371.334193] xt_hashlimit: overflow, try lower: 0/0 12:55:25 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:25 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x6000, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2371.376431] Task in /syz2 killed as a result of limit of /syz2 [ 2371.404395] memory: usage 307192kB, limit 307200kB, failcnt 212898 12:55:25 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) [ 2371.519423] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2371.548858] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2371.573573] Memory cgroup stats for /syz2: cache:12KB rss:108892KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108976KB inactive_file:0KB active_file:8KB unevictable:0KB [ 2371.616479] tcpmss_tg6_check: 4 callbacks suppressed [ 2371.616486] xt_TCPMSS: Only works on TCP SYN packets [ 2371.636099] xt_TCPMSS: Only works on TCP SYN packets [ 2371.671521] xt_hashlimit: overflow, try lower: 0/0 12:55:26 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000140)=0x8000000010000006, 0x4) setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f00000001c0)=0x2, 0x4) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0xfffffefffbfffffe, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, &(0x7f0000000000)=0xfffffffffffffee9) [ 2371.856943] Memory cgroup out of memory: Kill process 3088 (syz-executor.2) score 1106 or sacrifice child [ 2371.885853] Killed process 3088 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2371.945499] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2372.027223] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2372.052227] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2372.064585] CPU: 1 PID: 30594 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2372.072509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2372.081871] Call Trace: [ 2372.084484] dump_stack+0x197/0x210 [ 2372.088133] dump_header+0x15e/0xa55 [ 2372.091859] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2372.096987] ? ___ratelimit+0x60/0x595 [ 2372.100883] ? do_raw_spin_unlock+0x181/0x270 [ 2372.105395] oom_kill_process.cold+0x10/0x6ef [ 2372.109921] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2372.115493] ? task_will_free_mem+0x139/0x6e0 [ 2372.120024] out_of_memory+0x362/0x1330 [ 2372.124031] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2372.129156] ? oom_killer_disable+0x280/0x280 [ 2372.133663] ? find_held_lock+0x35/0x130 [ 2372.137853] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2372.142713] ? memcg_event_wake+0x230/0x230 [ 2372.147065] ? do_raw_spin_unlock+0x181/0x270 [ 2372.151573] ? _raw_spin_unlock+0x2d/0x50 [ 2372.155734] try_charge+0xec5/0x1490 [ 2372.159481] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2372.164349] ? lock_downgrade+0x880/0x880 [ 2372.168511] ? kasan_check_read+0x11/0x20 [ 2372.172681] memcg_kmem_charge_memcg+0x83/0x170 [ 2372.177370] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2372.181881] ? __isolate_free_page+0x4c0/0x4c0 [ 2372.187263] memcg_kmem_charge+0x13b/0x370 [ 2372.191527] __alloc_pages_nodemask+0x3c3/0x750 [ 2372.196214] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2372.201246] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2372.205875] ? trace_hardirqs_on+0x67/0x220 [ 2372.210217] copy_process.part.0+0x3e0/0x7a30 [ 2372.214739] ? mark_held_locks+0x100/0x100 [ 2372.218998] ? __might_fault+0x12b/0x1e0 [ 2372.223082] ? __cleanup_sighand+0x70/0x70 [ 2372.227335] ? lock_downgrade+0x880/0x880 [ 2372.231519] _do_fork+0x257/0xfd0 [ 2372.234989] ? fork_idle+0x1d0/0x1d0 [ 2372.238724] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2372.243602] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2372.248369] ? do_syscall_64+0x26/0x620 [ 2372.252354] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2372.257737] ? do_syscall_64+0x26/0x620 [ 2372.261734] __x64_sys_clone+0xbf/0x150 [ 2372.265724] do_syscall_64+0xfd/0x620 [ 2372.269539] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2372.274737] RIP: 0033:0x45b349 [ 2372.278061] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2372.296972] RSP: 002b:00007fbcae56ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2372.304708] RAX: ffffffffffffffda RBX: 00007fbcae56b6d4 RCX: 000000000045b349 [ 2372.311996] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000008100 [ 2372.319279] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2372.326560] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2372.333938] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c [ 2372.365458] Task in /syz0 killed as a result of limit of /syz0 12:55:26 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xfc03000000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:26 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 12:55:26 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x7001, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:26 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2372.398297] memory: usage 307196kB, limit 307200kB, failcnt 440277 [ 2372.426906] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 12:55:26 executing program 5: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = dup(r0) read(r1, &(0x7f0000000780)=""/4096, 0x8539) write$FUSE_DIRENT(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="3800000000000000020000000000000007000000000c000000ca001cf6fdedb2fa1ba800e8ffff2d5c7d2b766d6e65743000000000000000"], 0x38) [ 2372.448152] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2372.470035] Memory cgroup stats for /syz0: cache:60KB rss:111704KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111732KB inactive_file:8KB active_file:8KB unevictable:0KB 12:55:26 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}}) [ 2372.497287] Memory cgroup out of memory: Kill process 15800 (syz-executor.0) score 1106 or sacrifice child [ 2372.503072] xt_TCPMSS: Only works on TCP SYN packets [ 2372.534864] Killed process 15800 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2372.661964] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 12:55:27 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2372.709511] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2372.731034] xt_TCPMSS: Only works on TCP SYN packets [ 2372.783124] CPU: 0 PID: 30588 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2372.790957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2372.800403] Call Trace: [ 2372.803036] dump_stack+0x197/0x210 [ 2372.806704] dump_header+0x15e/0xa55 [ 2372.808653] 9pnet: Insufficient options for proto=fd [ 2372.810430] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2372.810445] ? ___ratelimit+0x60/0x595 [ 2372.810463] ? do_raw_spin_unlock+0x181/0x270 [ 2372.829064] oom_kill_process.cold+0x10/0x6ef [ 2372.833580] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2372.839131] ? task_will_free_mem+0x139/0x6e0 [ 2372.843646] out_of_memory+0x362/0x1330 [ 2372.847638] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2372.852759] ? oom_killer_disable+0x280/0x280 [ 2372.857444] ? find_held_lock+0x35/0x130 [ 2372.861533] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2372.866456] ? memcg_event_wake+0x230/0x230 [ 2372.870818] ? do_raw_spin_unlock+0x181/0x270 [ 2372.875331] ? _raw_spin_unlock+0x2d/0x50 [ 2372.879553] try_charge+0xc6e/0x1490 12:55:27 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}}) [ 2372.883285] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2372.888158] ? lock_downgrade+0x880/0x880 [ 2372.892323] ? kasan_check_read+0x11/0x20 [ 2372.896549] memcg_kmem_charge_memcg+0x83/0x170 [ 2372.901237] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2372.905765] ? __isolate_free_page+0x4c0/0x4c0 [ 2372.910369] memcg_kmem_charge+0x13b/0x370 [ 2372.914624] __alloc_pages_nodemask+0x3c3/0x750 [ 2372.919353] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2372.924411] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2372.929011] ? trace_hardirqs_on+0x67/0x220 [ 2372.933356] copy_process.part.0+0x3e0/0x7a30 [ 2372.937869] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2372.943182] ? delayacct_end+0x5c/0x100 [ 2372.947176] ? __delayacct_freepages_end+0xe0/0x140 [ 2372.952204] ? __lock_acquire+0x6ee/0x49c0 [ 2372.956475] ? __cleanup_sighand+0x70/0x70 [ 2372.960725] ? mark_held_locks+0x100/0x100 [ 2372.964993] _do_fork+0x257/0xfd0 [ 2372.968481] ? fork_idle+0x1d0/0x1d0 [ 2372.972216] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2372.978113] ? kasan_check_read+0x11/0x20 [ 2372.982276] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2372.987048] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2372.991824] ? do_syscall_64+0x26/0x620 [ 2372.995822] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2373.001199] ? do_syscall_64+0x26/0x620 [ 2373.005196] __x64_sys_clone+0xbf/0x150 [ 2373.009189] do_syscall_64+0xfd/0x620 [ 2373.013008] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2373.018207] RIP: 0033:0x45dd19 [ 2373.021410] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2373.040318] RSP: 002b:00007ffebaa31338 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2373.048040] RAX: ffffffffffffffda RBX: 00007fbcae54a700 RCX: 000000000045dd19 [ 2373.055415] RDX: 00007fbcae54a9d0 RSI: 00007fbcae549db0 RDI: 00000000003d0f00 [ 2373.062694] RBP: 00007ffebaa31550 R08: 00007fbcae54a700 R09: 00007fbcae54a700 [ 2373.069973] R10: 00007fbcae54a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2373.077250] R13: 00007ffebaa313ef R14: 00007fbcae54a9c0 R15: 000000000075bfd4 [ 2373.235559] Task in /syz0 killed as a result of limit of /syz0 [ 2373.246225] 9pnet: Insufficient options for proto=fd [ 2373.249768] memory: usage 306876kB, limit 307200kB, failcnt 440277 [ 2373.306897] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2373.314222] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2373.330913] Memory cgroup stats for /syz0: cache:60KB rss:111704KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111608KB inactive_file:8KB active_file:8KB unevictable:0KB [ 2373.366255] Memory cgroup out of memory: Kill process 17041 (syz-executor.0) score 1106 or sacrifice child [ 2373.389493] Killed process 17041 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:55:27 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:27 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xffff1f0000000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:27 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0xa802, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:27 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno'}}) 12:55:27 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) io_setup(0x20000000002, &(0x7f0000000240)=0x0) io_submit(r1, 0x1, &(0x7f0000000780)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) tkill(0x0, 0x0) 12:55:27 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2373.521978] xt_hashlimit: overflow, try lower: 0/0 [ 2373.602403] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2373.613476] 9pnet: Insufficient options for proto=fd [ 2373.622430] xt_TCPMSS: Only works on TCP SYN packets [ 2373.635556] xt_TCPMSS: Only works on TCP SYN packets [ 2373.646447] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2373.652274] CPU: 0 PID: 31249 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2373.660091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2373.669445] Call Trace: [ 2373.672047] dump_stack+0x197/0x210 [ 2373.675692] dump_header+0x15e/0xa55 [ 2373.679419] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2373.684540] ? ___ratelimit+0x60/0x595 [ 2373.688438] ? do_raw_spin_unlock+0x181/0x270 [ 2373.692946] oom_kill_process.cold+0x10/0x6ef [ 2373.697462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2373.703010] ? task_will_free_mem+0x139/0x6e0 [ 2373.707529] out_of_memory+0x362/0x1330 [ 2373.711516] ? lock_downgrade+0x880/0x880 [ 2373.715674] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2373.720785] ? oom_killer_disable+0x280/0x280 [ 2373.725298] ? find_held_lock+0x35/0x130 [ 2373.729390] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2373.734249] ? memcg_event_wake+0x230/0x230 [ 2373.738597] ? do_raw_spin_unlock+0x181/0x270 [ 2373.743102] ? _raw_spin_unlock+0x2d/0x50 [ 2373.747264] try_charge+0xec5/0x1490 [ 2373.751006] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2373.755867] ? lock_downgrade+0x880/0x880 [ 2373.760033] ? kasan_check_read+0x11/0x20 [ 2373.764374] memcg_kmem_charge_memcg+0x83/0x170 [ 2373.769086] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2373.773608] ? __isolate_free_page+0x4c0/0x4c0 [ 2373.778211] memcg_kmem_charge+0x13b/0x370 [ 2373.782465] __alloc_pages_nodemask+0x3c3/0x750 [ 2373.787253] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2373.792291] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2373.796884] ? trace_hardirqs_on+0x67/0x220 12:55:28 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet(0x2, 0x3, 0x800000000000b) r1 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r1, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 12:55:28 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2373.801221] copy_process.part.0+0x3e0/0x7a30 [ 2373.805729] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2373.810845] ? delayacct_end+0x5c/0x100 [ 2373.814833] ? __delayacct_freepages_end+0xe0/0x140 [ 2373.819864] ? __lock_acquire+0x6ee/0x49c0 [ 2373.824124] ? __cleanup_sighand+0x70/0x70 [ 2373.828374] ? mark_held_locks+0x100/0x100 [ 2373.832664] _do_fork+0x257/0xfd0 [ 2373.836134] ? fork_idle+0x1d0/0x1d0 [ 2373.839868] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2373.845766] ? kasan_check_read+0x11/0x20 [ 2373.849929] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2373.854700] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2373.859468] ? do_syscall_64+0x26/0x620 [ 2373.863458] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2373.868832] ? do_syscall_64+0x26/0x620 [ 2373.872826] __x64_sys_clone+0xbf/0x150 [ 2373.876818] do_syscall_64+0xfd/0x620 [ 2373.880646] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2373.885843] RIP: 0033:0x45dd19 [ 2373.889043] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2373.907956] RSP: 002b:00007fffa4b7b608 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2373.915680] RAX: ffffffffffffffda RBX: 00007f07e43b9700 RCX: 000000000045dd19 [ 2373.922964] RDX: 00007f07e43b99d0 RSI: 00007f07e43b8db0 RDI: 00000000003d0f00 [ 2373.930248] RBP: 00007fffa4b7b820 R08: 00007f07e43b9700 R09: 00007f07e43b9700 [ 2373.937529] R10: 00007f07e43b99d0 R11: 0000000000000202 R12: 0000000000000000 [ 2373.944912] R13: 00007fffa4b7b6bf R14: 00007f07e43b99c0 R15: 000000000075bf2c 12:55:28 executing program 5: 12:55:28 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x40000, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2374.083304] xt_hashlimit: overflow, try lower: 0/0 12:55:28 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:28 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet(0x2, 0x3, 0x800000000000b) r1 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r1, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 2374.133140] Task in /syz2 killed as a result of limit of /syz2 [ 2374.163459] memory: usage 307192kB, limit 307200kB, failcnt 212933 12:55:28 executing program 5: [ 2374.188522] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2374.209599] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2374.228391] Memory cgroup stats for /syz2: cache:12KB rss:108892KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108976KB inactive_file:8KB active_file:0KB unevictable:0KB [ 2374.275096] Memory cgroup out of memory: Kill process 5544 (syz-executor.2) score 1106 or sacrifice child [ 2374.323674] Killed process 5544 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2374.409434] xt_hashlimit: overflow, try lower: 0/0 [ 2374.409653] xt_TCPMSS: Only works on TCP SYN packets [ 2374.472178] xt_TCPMSS: Only works on TCP SYN packets 12:55:30 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xffffff7f00000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:30 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:30 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet(0x2, 0x3, 0x800000000000b) r1 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r1, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 12:55:30 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:30 executing program 5: 12:55:30 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x1fffff, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:30 executing program 5: 12:55:30 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r1 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r1, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 2375.844775] xt_hashlimit: overflow, try lower: 0/0 12:55:30 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2375.920056] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2375.964223] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2375.979622] CPU: 1 PID: 31762 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2375.987542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2375.996905] Call Trace: [ 2375.999512] dump_stack+0x197/0x210 [ 2376.003164] dump_header+0x15e/0xa55 [ 2376.006895] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2376.012007] ? ___ratelimit+0x60/0x595 [ 2376.015899] ? do_raw_spin_unlock+0x181/0x270 [ 2376.020406] oom_kill_process.cold+0x10/0x6ef [ 2376.024920] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2376.030472] ? task_will_free_mem+0x139/0x6e0 [ 2376.034988] out_of_memory+0x362/0x1330 [ 2376.038979] ? lock_downgrade+0x880/0x880 [ 2376.043145] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2376.048266] ? oom_killer_disable+0x280/0x280 [ 2376.052770] ? find_held_lock+0x35/0x130 [ 2376.056854] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2376.061712] ? memcg_event_wake+0x230/0x230 [ 2376.066049] ? do_raw_spin_unlock+0x181/0x270 [ 2376.070554] ? _raw_spin_unlock+0x2d/0x50 [ 2376.074716] try_charge+0xec5/0x1490 [ 2376.078538] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2376.083398] ? lock_downgrade+0x880/0x880 [ 2376.087564] ? kasan_check_read+0x11/0x20 [ 2376.091732] memcg_kmem_charge_memcg+0x83/0x170 [ 2376.096426] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2376.100943] ? __isolate_free_page+0x4c0/0x4c0 [ 2376.105542] memcg_kmem_charge+0x13b/0x370 [ 2376.108687] xt_TCPMSS: Only works on TCP SYN packets [ 2376.109800] __alloc_pages_nodemask+0x3c3/0x750 [ 2376.109820] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2376.109842] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2376.129207] ? trace_hardirqs_on+0x67/0x220 [ 2376.133560] copy_process.part.0+0x3e0/0x7a30 [ 2376.138075] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2376.143199] ? delayacct_end+0x5c/0x100 [ 2376.147269] ? __delayacct_freepages_end+0xe0/0x140 [ 2376.152305] ? __lock_acquire+0x6ee/0x49c0 [ 2376.156557] ? __cleanup_sighand+0x70/0x70 [ 2376.160806] ? mark_held_locks+0x100/0x100 [ 2376.165068] _do_fork+0x257/0xfd0 [ 2376.168542] ? fork_idle+0x1d0/0x1d0 [ 2376.172280] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2376.178176] ? kasan_check_read+0x11/0x20 [ 2376.182336] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2376.187101] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2376.191870] ? do_syscall_64+0x26/0x620 [ 2376.195850] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2376.201218] ? do_syscall_64+0x26/0x620 [ 2376.205213] __x64_sys_clone+0xbf/0x150 [ 2376.209194] do_syscall_64+0xfd/0x620 [ 2376.213001] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2376.218204] RIP: 0033:0x45dd19 [ 2376.221405] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2376.240422] RSP: 002b:00007ffebaa31338 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2376.248151] RAX: ffffffffffffffda RBX: 00007fbcae54a700 RCX: 000000000045dd19 [ 2376.255460] RDX: 00007fbcae54a9d0 RSI: 00007fbcae549db0 RDI: 00000000003d0f00 12:55:30 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2376.262852] RBP: 00007ffebaa31550 R08: 00007fbcae54a700 R09: 00007fbcae54a700 [ 2376.270136] R10: 00007fbcae54a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2376.277413] R13: 00007ffebaa313ef R14: 00007fbcae54a9c0 R15: 000000000075bfd4 [ 2376.287297] Task in /syz0 killed as a result of limit of /syz0 [ 2376.293409] memory: usage 307192kB, limit 307200kB, failcnt 440302 [ 2376.300045] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2376.307001] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:55:30 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r1 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r1, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 2376.354365] Memory cgroup stats for /syz0: cache:60KB rss:111688KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111732KB inactive_file:8KB active_file:8KB unevictable:0KB 12:55:30 executing program 5: [ 2376.436423] Memory cgroup out of memory: Kill process 17129 (syz-executor.0) score 1106 or sacrifice child [ 2376.490194] Killed process 17129 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2376.536565] xt_TCPMSS: Only works on TCP SYN packets [ 2376.657374] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2376.743766] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2376.781893] CPU: 1 PID: 31790 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2376.789822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2376.799188] Call Trace: [ 2376.801795] dump_stack+0x197/0x210 [ 2376.805453] dump_header+0x15e/0xa55 [ 2376.809183] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2376.814391] ? ___ratelimit+0x60/0x595 [ 2376.818290] ? do_raw_spin_unlock+0x181/0x270 [ 2376.822810] oom_kill_process.cold+0x10/0x6ef [ 2376.827328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2376.832967] ? task_will_free_mem+0x139/0x6e0 [ 2376.837485] out_of_memory+0x362/0x1330 [ 2376.841489] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2376.846615] ? oom_killer_disable+0x280/0x280 [ 2376.851118] ? find_held_lock+0x35/0x130 [ 2376.855238] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2376.860187] ? memcg_event_wake+0x230/0x230 [ 2376.864537] ? do_raw_spin_unlock+0x181/0x270 [ 2376.869051] ? _raw_spin_unlock+0x2d/0x50 [ 2376.873221] try_charge+0xc6e/0x1490 [ 2376.876962] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2376.881828] ? lock_downgrade+0x880/0x880 [ 2376.885993] ? kasan_check_read+0x11/0x20 [ 2376.890271] memcg_kmem_charge_memcg+0x83/0x170 [ 2376.894956] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2376.899477] ? __isolate_free_page+0x4c0/0x4c0 [ 2376.904104] memcg_kmem_charge+0x13b/0x370 [ 2376.908384] __alloc_pages_nodemask+0x3c3/0x750 [ 2376.913080] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2376.920327] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2376.924931] ? trace_hardirqs_on+0x67/0x220 [ 2376.929279] copy_process.part.0+0x3e0/0x7a30 [ 2376.933911] ? mark_held_locks+0x100/0x100 [ 2376.938165] ? __might_fault+0x12b/0x1e0 [ 2376.942248] ? __cleanup_sighand+0x70/0x70 [ 2376.946494] ? lock_downgrade+0x880/0x880 [ 2376.950674] _do_fork+0x257/0xfd0 [ 2376.954143] ? fork_idle+0x1d0/0x1d0 [ 2376.957871] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2376.962641] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2376.967409] ? do_syscall_64+0x26/0x620 [ 2376.971392] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2376.976769] ? do_syscall_64+0x26/0x620 [ 2376.980933] __x64_sys_clone+0xbf/0x150 [ 2376.984921] do_syscall_64+0xfd/0x620 [ 2376.988738] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2376.993929] RIP: 0033:0x45b349 [ 2376.997128] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2377.016045] RSP: 002b:00007fbcae56ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2377.023771] RAX: ffffffffffffffda RBX: 00007fbcae56b6d4 RCX: 000000000045b349 [ 2377.031051] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000008100 [ 2377.038331] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2377.045608] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2377.052899] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c [ 2377.493115] Task in /syz0 killed as a result of limit of /syz0 [ 2377.530169] memory: usage 306968kB, limit 307200kB, failcnt 440302 [ 2377.553154] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2377.570953] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2377.584334] Memory cgroup stats for /syz0: cache:60KB rss:111688KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111624KB inactive_file:8KB active_file:8KB unevictable:0KB [ 2377.627246] Memory cgroup out of memory: Kill process 18135 (syz-executor.0) score 1106 or sacrifice child [ 2377.647249] Killed process 18135 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2377.676683] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2377.726744] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 2377.736420] CPU: 1 PID: 31898 Comm: syz-executor.2 Not tainted 4.19.98-syzkaller #0 [ 2377.744237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2377.753725] Call Trace: [ 2377.756322] dump_stack+0x197/0x210 [ 2377.759966] dump_header+0x15e/0xa55 [ 2377.763698] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2377.768989] ? ___ratelimit+0x60/0x595 [ 2377.772883] ? do_raw_spin_unlock+0x181/0x270 [ 2377.777387] oom_kill_process.cold+0x10/0x6ef [ 2377.781902] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2377.787453] ? task_will_free_mem+0x139/0x6e0 [ 2377.791963] out_of_memory+0x362/0x1330 [ 2377.795958] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2377.801075] ? oom_killer_disable+0x280/0x280 [ 2377.805580] ? find_held_lock+0x35/0x130 [ 2377.809675] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2377.814536] ? memcg_event_wake+0x230/0x230 [ 2377.818885] ? do_raw_spin_unlock+0x181/0x270 [ 2377.823397] ? _raw_spin_unlock+0x2d/0x50 [ 2377.827562] try_charge+0xec5/0x1490 [ 2377.831300] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2377.836165] ? lock_downgrade+0x880/0x880 [ 2377.840327] ? kasan_check_read+0x11/0x20 [ 2377.844499] memcg_kmem_charge_memcg+0x83/0x170 [ 2377.849185] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2377.853700] ? __isolate_free_page+0x4c0/0x4c0 [ 2377.858296] memcg_kmem_charge+0x13b/0x370 [ 2377.862574] __alloc_pages_nodemask+0x3c3/0x750 [ 2377.867267] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2377.872320] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2377.876916] ? trace_hardirqs_on+0x67/0x220 [ 2377.881255] copy_process.part.0+0x3e0/0x7a30 [ 2377.885768] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2377.890885] ? delayacct_end+0x5c/0x100 [ 2377.894872] ? __delayacct_freepages_end+0xe0/0x140 [ 2377.899906] ? __lock_acquire+0x6ee/0x49c0 [ 2377.904165] ? __cleanup_sighand+0x70/0x70 [ 2377.908422] ? mark_held_locks+0x100/0x100 [ 2377.912691] _do_fork+0x257/0xfd0 [ 2377.916171] ? fork_idle+0x1d0/0x1d0 [ 2377.919911] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2377.925935] ? kasan_check_read+0x11/0x20 [ 2377.930101] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2377.934877] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2377.939645] ? do_syscall_64+0x26/0x620 [ 2377.943633] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2377.949007] ? do_syscall_64+0x26/0x620 [ 2377.953044] __x64_sys_clone+0xbf/0x150 [ 2377.957040] do_syscall_64+0xfd/0x620 [ 2377.960856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2377.966048] RIP: 0033:0x45dd19 [ 2377.969255] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2377.988166] RSP: 002b:00007fffa4b7b608 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2377.995885] RAX: ffffffffffffffda RBX: 00007f07e43b9700 RCX: 000000000045dd19 [ 2378.003168] RDX: 00007f07e43b99d0 RSI: 00007f07e43b8db0 RDI: 00000000003d0f00 [ 2378.010547] RBP: 00007fffa4b7b820 R08: 00007f07e43b9700 R09: 00007f07e43b9700 [ 2378.017828] R10: 00007f07e43b99d0 R11: 0000000000000202 R12: 0000000000000000 [ 2378.025234] R13: 00007fffa4b7b6bf R14: 00007f07e43b99c0 R15: 000000000075bf2c [ 2378.037535] Task in /syz2 killed as a result of limit of /syz2 [ 2378.056215] memory: usage 307192kB, limit 307200kB, failcnt 212963 [ 2378.088357] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2378.126937] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2378.141287] Memory cgroup stats for /syz2: cache:12KB rss:108892KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108976KB inactive_file:0KB active_file:8KB unevictable:0KB [ 2378.183809] Memory cgroup out of memory: Kill process 10072 (syz-executor.2) score 1106 or sacrifice child [ 2378.199470] Killed process 10072 (syz-executor.2) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2383.234033] xt_TCPMSS: Only works on TCP SYN packets 12:55:37 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0xffffffff00000000}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:37 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:37 executing program 5: 12:55:37 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:37 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r1 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r1, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 12:55:37 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x1000000, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:37 executing program 5: [ 2383.370822] xt_hashlimit: overflow, try lower: 0/0 12:55:37 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:37 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:38 executing program 5: [ 2383.699222] xt_hashlimit: overflow, try lower: 0/0 [ 2383.725443] xt_hashlimit: overflow, try lower: 0/0 12:55:38 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:55:38 executing program 5: [ 2383.952411] xt_hashlimit: overflow, try lower: 0/0 [ 2384.555433] xt_TCPMSS: Only works on TCP SYN packets [ 2384.562438] xt_TCPMSS: Only works on TCP SYN packets [ 2384.576411] xt_TCPMSS: Only works on TCP SYN packets 12:56:13 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x0, 0x2}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:56:13 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:56:13 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 12:56:13 executing program 5: 12:56:13 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:56:13 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x2000000, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:56:13 executing program 5: [ 2419.543392] xt_hashlimit: overflow, try lower: 0/0 12:56:13 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2419.810488] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 2419.852221] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2419.871695] CPU: 0 PID: 8115 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2419.879449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2419.888820] Call Trace: [ 2419.891431] dump_stack+0x197/0x210 [ 2419.895104] dump_header+0x15e/0xa55 [ 2419.898852] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2419.903972] ? ___ratelimit+0x60/0x595 [ 2419.907876] ? do_raw_spin_unlock+0x181/0x270 [ 2419.912393] oom_kill_process.cold+0x10/0x6ef [ 2419.916911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2419.922469] ? task_will_free_mem+0x139/0x6e0 [ 2419.926988] out_of_memory+0x362/0x1330 [ 2419.930989] ? lock_downgrade+0x880/0x880 [ 2419.935159] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2419.940283] ? oom_killer_disable+0x280/0x280 [ 2419.944807] ? find_held_lock+0x35/0x130 [ 2419.948977] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2419.953835] ? memcg_event_wake+0x230/0x230 [ 2419.958178] ? do_raw_spin_unlock+0x181/0x270 [ 2419.962690] ? _raw_spin_unlock+0x2d/0x50 [ 2419.966859] try_charge+0xec5/0x1490 [ 2419.970603] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2419.975466] ? lock_downgrade+0x880/0x880 [ 2419.979652] ? kasan_check_read+0x11/0x20 [ 2419.983842] memcg_kmem_charge_memcg+0x83/0x170 [ 2419.988528] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2419.993075] ? __isolate_free_page+0x4c0/0x4c0 [ 2419.997679] memcg_kmem_charge+0x13b/0x370 [ 2420.001933] __alloc_pages_nodemask+0x3c3/0x750 [ 2420.006635] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2420.011670] ? find_held_lock+0x35/0x130 [ 2420.015743] ? copy_page_range+0x13b3/0x2030 [ 2420.020166] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2420.025727] alloc_pages_current+0x107/0x210 [ 2420.030159] pte_alloc_one+0x1b/0x1a0 [ 2420.033981] __pte_alloc+0x2a/0x360 [ 2420.037621] copy_page_range+0x16d0/0x2030 [ 2420.041896] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 2420.046758] ? __vma_link_rb+0x279/0x370 [ 2420.050843] copy_process.part.0+0x543e/0x7a30 [ 2420.055469] ? __cleanup_sighand+0x70/0x70 [ 2420.059844] _do_fork+0x257/0xfd0 [ 2420.063319] ? fork_idle+0x1d0/0x1d0 [ 2420.067058] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2420.073137] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2420.077912] ? do_syscall_64+0x26/0x620 [ 2420.081958] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2420.087339] ? do_syscall_64+0x26/0x620 [ 2420.091338] __x64_sys_clone+0xbf/0x150 [ 2420.095332] do_syscall_64+0xfd/0x620 [ 2420.099166] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2420.104366] RIP: 0033:0x45991a [ 2420.107565] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2420.126476] RSP: 002b:00007ffebaa315d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2420.134200] RAX: ffffffffffffffda RBX: 00007ffebaa315d0 RCX: 000000000045991a [ 2420.141479] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 12:56:14 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:56:14 executing program 5: [ 2420.148762] RBP: 00007ffebaa31610 R08: 0000000000000001 R09: 000000000135f940 [ 2420.156040] R10: 000000000135fc10 R11: 0000000000000246 R12: 0000000000000001 [ 2420.163322] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffebaa31660 [ 2420.180851] Task in /syz0 killed as a result of limit of /syz0 [ 2420.201645] memory: usage 307200kB, limit 307200kB, failcnt 440342 [ 2420.222016] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2420.259885] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2420.293910] Memory cgroup stats for /syz0: cache:60KB rss:111636KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111752KB inactive_file:0KB active_file:0KB unevictable:0KB 12:56:14 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 12:56:14 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000080)={0x0, 0xffffffffffffff7c, &(0x7f00000bfff0)={&(0x7f0000000240)=ANY=[@ANYBLOB="b8000000190001000000000000000000ff020000000000000000000000000001e000000100000000000000000000000000000080000000000a003000000000000d45a504b3cfe73962c43cd9e1b3b96094bee8af1927c145ff59de8d32552f", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000"/112], 0xb8}}, 0x0) [ 2420.410390] Memory cgroup out of memory: Kill process 23153 (syz-executor.0) score 1106 or sacrifice child [ 2420.453374] Killed process 23153 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2420.686935] xt_hashlimit: overflow, try lower: 0/0 [ 2421.668245] xt_TCPMSS: Only works on TCP SYN packets [ 2421.672074] xt_TCPMSS: Only works on TCP SYN packets [ 2500.593622] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2500.606645] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2500.627325] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2500.634167] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2500.669286] device bridge_slave_1 left promiscuous mode [ 2500.675070] bridge0: port 2(bridge_slave_1) entered disabled state [ 2500.731312] device bridge_slave_0 left promiscuous mode [ 2500.738180] bridge0: port 1(bridge_slave_0) entered disabled state [ 2500.771482] device veth1_macvtap left promiscuous mode [ 2500.784210] device veth0_macvtap left promiscuous mode [ 2500.794959] device veth1_vlan left promiscuous mode [ 2500.808594] device veth0_vlan left promiscuous mode [ 2501.147152] device hsr_slave_1 left promiscuous mode [ 2501.176090] device hsr_slave_0 left promiscuous mode [ 2501.250641] team0 (unregistering): Port device team_slave_1 removed [ 2501.296030] team0 (unregistering): Port device team_slave_0 removed [ 2501.324841] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 2501.393084] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 2501.526014] bond0 (unregistering): Released all slaves 12:57:35 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x0, 0x3}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:57:35 executing program 5: socket$inet6(0xa, 0x80003, 0x6b) r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000080000003500000000000000850000000500000095000000"], &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x2b) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0xe, 0x0, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x8000}, 0x28) 12:57:35 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:57:35 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:57:35 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 12:57:36 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x3000000, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2501.786018] xt_TCPMSS: Only works on TCP SYN packets [ 2501.804799] xt_hashlimit: overflow, try lower: 0/0 12:57:36 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {}, {}, {}, {}, {}, {}, {0x8}, {}, {0x0, 0x0, 0x5d}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xff}]}}) clock_nanosleep(0x0, 0x0, &(0x7f00000000c0), 0x0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000040)={0x0, 0x10000}) [ 2501.887542] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2501.930528] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2501.958031] CPU: 1 PID: 617 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2501.965699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2501.975059] Call Trace: [ 2501.977668] dump_stack+0x197/0x210 [ 2501.981310] dump_header+0x15e/0xa55 [ 2501.985146] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2501.990263] ? ___ratelimit+0x60/0x595 [ 2501.994157] ? do_raw_spin_unlock+0x181/0x270 [ 2501.998669] oom_kill_process.cold+0x10/0x6ef [ 2502.003180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2502.008730] ? task_will_free_mem+0x139/0x6e0 [ 2502.013245] out_of_memory+0x362/0x1330 [ 2502.017246] ? lock_downgrade+0x880/0x880 [ 2502.021405] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2502.026557] ? oom_killer_disable+0x280/0x280 [ 2502.031079] ? find_held_lock+0x35/0x130 [ 2502.035161] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2502.040017] ? memcg_event_wake+0x230/0x230 [ 2502.044360] ? do_raw_spin_unlock+0x181/0x270 [ 2502.048967] ? _raw_spin_unlock+0x2d/0x50 [ 2502.053131] try_charge+0xec5/0x1490 [ 2502.056864] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2502.061717] ? lock_downgrade+0x880/0x880 [ 2502.065882] ? kasan_check_read+0x11/0x20 [ 2502.070050] memcg_kmem_charge_memcg+0x83/0x170 [ 2502.074744] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2502.079257] ? __isolate_free_page+0x4c0/0x4c0 [ 2502.083849] memcg_kmem_charge+0x13b/0x370 [ 2502.088100] __alloc_pages_nodemask+0x3c3/0x750 [ 2502.092798] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2502.097832] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2502.102428] ? trace_hardirqs_on+0x67/0x220 [ 2502.106765] copy_process.part.0+0x3e0/0x7a30 [ 2502.111277] ? mark_held_locks+0x100/0x100 [ 2502.115532] ? __might_fault+0x12b/0x1e0 [ 2502.119628] ? __cleanup_sighand+0x70/0x70 [ 2502.123886] ? lock_downgrade+0x880/0x880 [ 2502.128069] _do_fork+0x257/0xfd0 [ 2502.131542] ? fork_idle+0x1d0/0x1d0 [ 2502.135280] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2502.140046] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2502.144856] ? do_syscall_64+0x26/0x620 [ 2502.148843] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2502.154219] ? do_syscall_64+0x26/0x620 [ 2502.158298] __x64_sys_clone+0xbf/0x150 [ 2502.162289] do_syscall_64+0xfd/0x620 [ 2502.166109] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2502.171323] RIP: 0033:0x45b349 [ 2502.174528] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2502.193435] RSP: 002b:00007fbcae56ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2502.201154] RAX: ffffffffffffffda RBX: 00007fbcae56b6d4 RCX: 000000000045b349 [ 2502.208434] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000008100 [ 2502.215711] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2502.222991] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2502.230265] R13: 0000000000000070 R14: 00000000004c1bc4 R15: 000000000075bf2c 12:57:36 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:57:36 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getrandom(&(0x7f0000000380)=""/114, 0x72, 0x2) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x8000000000000200) msgget$private(0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) clock_gettime(0x0, &(0x7f00000000c0)) 12:57:36 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r1 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r1, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r1}}) [ 2502.576922] Task in /syz0 killed as a result of limit of /syz0 [ 2502.583448] memory: usage 307136kB, limit 307200kB, failcnt 440429 12:57:36 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2502.623835] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2502.657994] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2502.687291] Memory cgroup stats for /syz0: cache:60KB rss:111768KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111860KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2502.755260] Memory cgroup out of memory: Kill process 25768 (syz-executor.0) score 1106 or sacrifice child [ 2502.805447] Killed process 25768 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB 12:57:37 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r1 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r1, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r1}}) [ 2503.116953] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2503.169747] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 2503.195447] CPU: 0 PID: 610 Comm: syz-executor.0 Not tainted 4.19.98-syzkaller #0 [ 2503.203204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2503.212674] Call Trace: [ 2503.215273] dump_stack+0x197/0x210 [ 2503.218927] dump_header+0x15e/0xa55 [ 2503.222664] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2503.227778] ? ___ratelimit+0x60/0x595 [ 2503.231676] ? do_raw_spin_unlock+0x181/0x270 [ 2503.236188] oom_kill_process.cold+0x10/0x6ef [ 2503.240700] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2503.246252] ? task_will_free_mem+0x139/0x6e0 [ 2503.250774] out_of_memory+0x362/0x1330 [ 2503.254764] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2503.259883] ? oom_killer_disable+0x280/0x280 [ 2503.264393] ? find_held_lock+0x35/0x130 [ 2503.268477] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2503.273332] ? memcg_event_wake+0x230/0x230 [ 2503.277680] ? do_raw_spin_unlock+0x181/0x270 [ 2503.282182] ? _raw_spin_unlock+0x2d/0x50 [ 2503.286348] try_charge+0xc6e/0x1490 [ 2503.290083] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2503.294950] ? lock_downgrade+0x880/0x880 [ 2503.299118] ? kasan_check_read+0x11/0x20 [ 2503.303292] memcg_kmem_charge_memcg+0x83/0x170 [ 2503.307987] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2503.312604] ? __isolate_free_page+0x4c0/0x4c0 [ 2503.317202] memcg_kmem_charge+0x13b/0x370 [ 2503.321457] __alloc_pages_nodemask+0x3c3/0x750 [ 2503.326148] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2503.331185] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2503.335779] ? trace_hardirqs_on+0x67/0x220 [ 2503.340122] copy_process.part.0+0x3e0/0x7a30 [ 2503.344634] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2503.351485] ? delayacct_end+0x5c/0x100 [ 2503.355586] ? __delayacct_freepages_end+0xe0/0x140 [ 2503.360633] ? __lock_acquire+0x6ee/0x49c0 [ 2503.364885] ? __cleanup_sighand+0x70/0x70 [ 2503.369151] ? mark_held_locks+0x100/0x100 [ 2503.373412] _do_fork+0x257/0xfd0 [ 2503.376883] ? fork_idle+0x1d0/0x1d0 [ 2503.380624] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2503.386541] ? kasan_check_read+0x11/0x20 [ 2503.390711] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2503.395487] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2503.400687] ? do_syscall_64+0x26/0x620 [ 2503.404679] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2503.410059] ? do_syscall_64+0x26/0x620 [ 2503.414047] __x64_sys_clone+0xbf/0x150 [ 2503.418039] do_syscall_64+0xfd/0x620 [ 2503.421853] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2503.427049] RIP: 0033:0x45dd19 [ 2503.430525] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2503.449784] RSP: 002b:00007ffebaa31338 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2503.457499] RAX: ffffffffffffffda RBX: 00007fbcae54a700 RCX: 000000000045dd19 [ 2503.469121] RDX: 00007fbcae54a9d0 RSI: 00007fbcae549db0 RDI: 00000000003d0f00 [ 2503.476513] RBP: 00007ffebaa31550 R08: 00007fbcae54a700 R09: 00007fbcae54a700 [ 2503.483796] R10: 00007fbcae54a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2503.491077] R13: 00007ffebaa313ef R14: 00007fbcae54a9c0 R15: 000000000075bfd4 [ 2503.826379] Task in /syz0 killed as a result of limit of /syz0 [ 2503.835366] memory: usage 306804kB, limit 307200kB, failcnt 440429 [ 2503.863126] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2503.897011] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2503.916994] Memory cgroup stats for /syz0: cache:60KB rss:111768KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111732KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2503.986784] Memory cgroup out of memory: Kill process 29188 (syz-executor.0) score 1106 or sacrifice child [ 2504.017484] Killed process 29188 (syz-executor.0) total-vm:72720kB, anon-rss:160kB, file-rss:35728kB, shmem-rss:0kB [ 2504.761611] IPVS: ftp: loaded support on port[0] = 21 [ 2504.876869] chnl_net:caif_netlink_parms(): no params data found [ 2504.940685] bridge0: port 1(bridge_slave_0) entered blocking state [ 2504.955808] bridge0: port 1(bridge_slave_0) entered disabled state [ 2504.964775] device bridge_slave_0 entered promiscuous mode [ 2504.984385] bridge0: port 2(bridge_slave_1) entered blocking state [ 2504.996274] bridge0: port 2(bridge_slave_1) entered disabled state [ 2505.025703] device bridge_slave_1 entered promiscuous mode [ 2505.071917] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2505.092256] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2505.143651] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2505.155514] team0: Port device team_slave_0 added [ 2505.171914] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2505.185988] team0: Port device team_slave_1 added [ 2505.215687] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2505.231200] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2505.267037] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2505.290218] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2505.303775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2505.339728] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2505.362417] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 2505.378037] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 2505.449636] device hsr_slave_0 entered promiscuous mode [ 2505.486905] device hsr_slave_1 entered promiscuous mode [ 2505.527433] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 2505.534972] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 2505.724926] bridge0: port 2(bridge_slave_1) entered blocking state [ 2505.731365] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2505.738052] bridge0: port 1(bridge_slave_0) entered blocking state [ 2505.744526] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2505.771750] IPVS: ftp: loaded support on port[0] = 21 [ 2505.855196] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 2505.865756] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2505.910042] bridge0: port 1(bridge_slave_0) entered disabled state [ 2505.935786] bridge0: port 2(bridge_slave_1) entered disabled state [ 2505.944856] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2505.977481] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2505.998037] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 2506.017610] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2506.025715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2506.054795] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 2506.074858] 8021q: adding VLAN 0 to HW filter on device team0 [ 2506.107585] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 2506.114850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2506.123810] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2506.144413] bridge0: port 1(bridge_slave_0) entered blocking state [ 2506.150858] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2506.175382] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 2506.196040] chnl_net:caif_netlink_parms(): no params data found [ 2506.210866] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2506.227311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2506.235896] bridge0: port 2(bridge_slave_1) entered blocking state [ 2506.242326] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2506.262812] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 2506.275615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2506.292176] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 2506.300162] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2506.321346] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 2506.329765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2506.338524] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2506.357108] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 2506.366823] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2506.374079] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2506.383783] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2506.405184] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 2506.413104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2506.422145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2506.442497] bridge0: port 1(bridge_slave_0) entered blocking state [ 2506.459962] bridge0: port 1(bridge_slave_0) entered disabled state [ 2506.487384] device bridge_slave_0 entered promiscuous mode [ 2506.498663] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 2506.509875] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2506.522105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2506.543898] bridge0: port 2(bridge_slave_1) entered blocking state [ 2506.551042] bridge0: port 2(bridge_slave_1) entered disabled state [ 2506.560042] device bridge_slave_1 entered promiscuous mode [ 2506.569898] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 2506.576104] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2506.617502] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 2506.639787] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2506.657489] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 2506.675641] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2506.687764] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2506.694641] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2506.705602] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2506.727610] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2506.735496] team0: Port device team_slave_0 added [ 2506.744326] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2506.762852] team0: Port device team_slave_1 added [ 2506.787651] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2506.794187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2506.820187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2506.843427] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2506.854119] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2506.880179] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2506.892504] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 2506.905235] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 2506.989878] device hsr_slave_0 entered promiscuous mode [ 2507.007346] device hsr_slave_1 entered promiscuous mode [ 2507.047805] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 2507.055406] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 2507.083949] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 2507.124231] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 2507.155029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 2507.177754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2507.330413] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 2507.339630] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 2507.358106] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 2507.371789] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 2507.389461] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 2507.397909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 2507.411381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2507.439302] device veth0_vlan entered promiscuous mode [ 2507.466948] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2507.474299] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2507.492590] device veth1_vlan entered promiscuous mode [ 2507.517245] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 2507.555534] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 2507.610361] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 2507.631471] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2507.642435] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 2507.650798] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2507.659924] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2507.668466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 2507.676900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2507.688727] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2507.698393] device veth0_macvtap entered promiscuous mode [ 2507.704849] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 2507.719359] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 2507.732099] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2507.740577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2507.748360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2507.760666] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 2507.767659] 8021q: adding VLAN 0 to HW filter on device team0 [ 2507.776521] device veth1_macvtap entered promiscuous mode [ 2507.783229] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 2507.804518] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 2507.814603] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 2507.832552] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 2507.841031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2507.853851] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2507.868096] bridge0: port 1(bridge_slave_0) entered blocking state [ 2507.874473] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2507.887275] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 2507.899570] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 2507.920503] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 2507.936243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2507.944573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2507.953776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2507.962033] bridge0: port 2(bridge_slave_1) entered blocking state [ 2507.968467] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2507.977728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2507.989427] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 2507.997206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2508.007370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2508.028346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.045037] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2508.066039] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.086095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2508.097457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.107026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2508.117437] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.127061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2508.137672] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.148961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2508.159138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.169119] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2508.179415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.189666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2508.199839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.214212] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 2508.221898] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2508.234827] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 2508.255905] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 2508.269358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2508.289890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2508.302848] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2508.326176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2508.337736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.347562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2508.357902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.367820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2508.378023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.387891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2508.398126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.407921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2508.418036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.436654] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2508.463074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.478695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2508.499994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.515864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2508.538888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2508.568048] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 2508.575119] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2508.601282] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 2508.616935] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2508.624374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2508.647419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2508.655585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2508.678701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2508.730204] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 2508.745140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2508.755772] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2508.780283] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 2508.807250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2508.815257] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2508.843260] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 2508.849945] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2508.871838] xt_TCPMSS: Only works on TCP SYN packets 12:57:43 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x0, 0x4}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:57:43 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:57:43 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r1 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r1, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r1}}) 12:57:43 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:57:43 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getrandom(&(0x7f0000000380)=""/114, 0x72, 0x2) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x8000000000000200) msgget$private(0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) clock_gettime(0x0, &(0x7f00000000c0)) [ 2508.899447] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 2508.920856] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 2508.928589] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2508.935490] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2509.010814] xt_TCPMSS: Only works on TCP SYN packets [ 2509.015772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2509.098083] xt_hashlimit: overflow, try lower: 0/0 [ 2509.195401] xt_TCPMSS: Only works on TCP SYN packets [ 2509.302188] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 2509.325832] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 2509.377594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 2509.408469] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2509.487523] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 2509.494984] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 2509.512183] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 2509.543989] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 2509.553890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 2509.575031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2509.600004] device veth0_vlan entered promiscuous mode [ 2509.607202] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2509.614178] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2509.640925] device veth1_vlan entered promiscuous mode [ 2509.648499] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 2509.661901] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 2509.684501] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 2509.698803] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 2509.705850] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2509.714825] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2509.725498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 2509.750755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2509.768630] device veth0_macvtap entered promiscuous mode [ 2509.774835] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 2509.803840] device veth1_macvtap entered promiscuous mode [ 2509.810740] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 2509.823858] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 2509.837525] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 2509.847933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2509.858038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2509.867789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2509.877916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2509.887880] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2509.898460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2509.908030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2509.918031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2509.927772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2509.937764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2509.947127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2509.957772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2509.976650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2509.996374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2510.005740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2510.025183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2510.034899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2510.061248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2510.081984] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 2510.100049] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2510.115366] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2510.137633] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 2510.144874] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 2510.153128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2510.166169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2510.176631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2510.185948] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2510.196098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2510.205478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2510.215430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2510.224963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2510.235728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2510.246084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2510.256174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2510.265909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2510.285589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2510.295361] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2510.315224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2510.324788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2510.345444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2510.365528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2510.386396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2510.408026] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 2510.415087] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2510.433082] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2510.445927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2512.371604] xt_TCPMSS: Only works on TCP SYN packets 12:58:59 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x4000000, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:58:59 executing program 3: r0 = open(0x0, 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 12:58:59 executing program 5: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getrandom(&(0x7f0000000380)=""/114, 0x72, 0x2) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x8000000000000200) msgget$private(0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) clock_gettime(0x0, &(0x7f00000000c0)) 12:58:59 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:58:59 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x0, 0x5}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:58:59 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2585.437811] xt_hashlimit: overflow, try lower: 0/0 12:58:59 executing program 3: r0 = open(0x0, 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) [ 2585.468937] xt_TCPMSS: Only works on TCP SYN packets [ 2585.488653] xt_hashlimit: overflow, try lower: 0/0 12:58:59 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x0, 0x6}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:58:59 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:58:59 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 12:59:00 executing program 3: r0 = open(0x0, 0x40c5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) [ 2585.837556] xt_hashlimit: overflow, try lower: 0/0 [ 2585.890454] xt_hashlimit: overflow, try lower: 0/0 [ 2585.937135] xt_TCPMSS: Only works on TCP SYN packets 12:59:00 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2586.110966] xt_TCPMSS: Only works on TCP SYN packets [ 2586.173558] xt_hashlimit: overflow, try lower: 0/0 [ 2588.265877] IPVS: ftp: loaded support on port[0] = 21 [ 2589.320964] chnl_net:caif_netlink_parms(): no params data found [ 2589.753882] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2589.770831] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2589.795179] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2589.806084] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2589.826864] device bridge_slave_1 left promiscuous mode [ 2589.832407] bridge0: port 2(bridge_slave_1) entered disabled state [ 2589.907929] device bridge_slave_0 left promiscuous mode [ 2589.913517] bridge0: port 1(bridge_slave_0) entered disabled state [ 2589.992575] device veth1_macvtap left promiscuous mode [ 2590.007389] device veth0_macvtap left promiscuous mode [ 2590.017165] device veth1_vlan left promiscuous mode [ 2590.031480] device veth0_vlan left promiscuous mode [ 2601.031926] device hsr_slave_1 left promiscuous mode [ 2601.081380] device hsr_slave_0 left promiscuous mode [ 2601.133558] team0 (unregistering): Port device team_slave_1 removed [ 2601.159200] team0 (unregistering): Port device team_slave_0 removed [ 2601.179042] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 2601.232342] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 2601.331792] bond0 (unregistering): Released all slaves [ 2601.429376] bridge0: port 1(bridge_slave_0) entered blocking state [ 2601.435826] bridge0: port 1(bridge_slave_0) entered disabled state [ 2601.445309] device bridge_slave_0 entered promiscuous mode [ 2601.454887] bridge0: port 2(bridge_slave_1) entered blocking state [ 2601.463212] bridge0: port 2(bridge_slave_1) entered disabled state [ 2601.472307] device bridge_slave_1 entered promiscuous mode [ 2601.496126] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2601.509097] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2601.535171] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2601.543154] team0: Port device team_slave_0 added [ 2601.551738] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2601.560736] team0: Port device team_slave_1 added [ 2601.633148] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2601.650664] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2601.690556] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2601.722720] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2601.734098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2601.780642] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2601.804500] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 2601.834336] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 2601.920986] device hsr_slave_0 entered promiscuous mode [ 2602.015815] device hsr_slave_1 entered promiscuous mode [ 2602.058632] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 2602.076826] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 2602.293740] bridge0: port 2(bridge_slave_1) entered blocking state [ 2602.300181] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2602.306905] bridge0: port 1(bridge_slave_0) entered blocking state [ 2602.313753] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2602.418091] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 2602.424220] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2602.437676] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2602.449833] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 2602.459058] bridge0: port 1(bridge_slave_0) entered disabled state [ 2602.467025] bridge0: port 2(bridge_slave_1) entered disabled state [ 2602.475523] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2602.518228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2602.525459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2602.550751] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 2602.559081] 8021q: adding VLAN 0 to HW filter on device team0 [ 2602.581099] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 2602.591305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2602.618688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2602.656708] bridge0: port 1(bridge_slave_0) entered blocking state [ 2602.663111] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2602.689553] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 2602.717081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2602.725876] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2602.758664] bridge0: port 2(bridge_slave_1) entered blocking state [ 2602.765065] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2602.800555] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 2602.816783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2602.832178] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 2602.847821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2602.896731] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 2602.903952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2602.936861] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2602.954496] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2603.000230] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 2603.021321] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 2603.046704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2603.055014] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2603.077345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2603.085077] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2603.120955] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 2603.147099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2603.155027] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2603.190266] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 2603.197574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2603.260612] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 2603.289362] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 2603.295858] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2603.303023] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2603.333279] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2603.520206] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 2603.557327] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 2603.564885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 2603.577580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2603.751119] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 2603.771361] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 2603.789976] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 2603.831688] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 2603.855885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 2603.865394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2603.900462] device veth0_vlan entered promiscuous mode [ 2603.909406] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2603.917815] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2603.934294] device veth1_vlan entered promiscuous mode [ 2603.942669] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 2603.956879] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 2603.981258] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 2603.992997] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 2604.001837] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2604.011658] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2604.021114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 2604.030818] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2604.044165] device veth0_macvtap entered promiscuous mode [ 2604.053697] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 2604.070088] device veth1_macvtap entered promiscuous mode [ 2604.077469] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 2604.092438] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 2604.108200] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 2604.122847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2604.133182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.143392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2604.154170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.168152] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2604.179512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.189766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2604.200208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.210104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2604.221542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.231659] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2604.242583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.253199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2604.265014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.275208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2604.285758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.296059] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2604.311321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.337920] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 2604.346057] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2604.370245] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2604.387897] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 2604.395650] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 2604.418761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2604.439601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2604.451199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.462141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2604.474152] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.485705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2604.497049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.507715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2604.518383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.528358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2604.540249] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.550260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2604.562116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.572415] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2604.583678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.594104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2604.604455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.614327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2604.625560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2604.638782] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 2604.646801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2604.655208] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2604.665145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2606.880459] xt_TCPMSS: Only works on TCP SYN packets 13:00:59 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x5000000, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:00:59 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 13:00:59 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:00:59 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:00:59 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x0, 0x7}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:00:59 executing program 5: clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="4800000000000000140100000100"/24, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00'/154], @ANYBLOB="0503080000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/44], @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00'/67], @ANYBLOB='C\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00'/180], @ANYBLOB="c600000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f00000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[], @ANYBLOB="ffff070000000000", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB='\x00'/42], @ANYBLOB='*\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f00000003c0)=ANY=[], @ANYBLOB='M\x00\x00\x00\x00\x00'], @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00`\x00'/24], 0x48}, 0x0) 13:00:59 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) [ 2705.048143] xt_TCPMSS: Only works on TCP SYN packets [ 2705.056978] xt_hashlimit: overflow, try lower: 0/0 [ 2705.077738] xt_TCPMSS: Only works on TCP SYN packets [ 2705.087468] rdma_op 00000000e2535304 conn xmit_rdma (null) 13:00:59 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2705.132115] rdma_op 00000000c79e168b conn xmit_rdma (null) 13:00:59 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x404}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0, 0x0, 0x0, 0xfffffec5}}], 0x1, 0x0, 0x0) r0 = getpid() signalfd4(0xffffffffffffffff, &(0x7f0000000100), 0x8, 0x800) sched_setscheduler(r0, 0x5, &(0x7f00000002c0)) clone(0x22004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$USERIO_CMD_REGISTER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x40}, 0x2) exit(0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='status\x00') ptrace$pokeuser(0x6, r0, 0x10001, 0x8) preadv(r1, &(0x7f00000017c0), 0x1b4, 0x0) getpid() syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000080)="59d5aedb713cda90e8340e9dde95228720019aa2c0abe114c243636c4e7029ea893619eb4df168d10b7ffb609f97fedd660b332516d87a01", 0x38) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 13:00:59 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x0, 0xa}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:00:59 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 13:00:59 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2705.433949] xt_hashlimit: overflow, try lower: 0/0 [ 2705.495079] xt_hashlimit: overflow, try lower: 0/0 [ 2705.598336] xt_TCPMSS: Only works on TCP SYN packets [ 2708.192555] IPVS: ftp: loaded support on port[0] = 21 [ 2709.115813] chnl_net:caif_netlink_parms(): no params data found [ 2709.151693] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2709.158679] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2709.169680] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2709.177015] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2709.188662] device bridge_slave_1 left promiscuous mode [ 2709.195307] bridge0: port 2(bridge_slave_1) entered disabled state [ 2709.247648] device bridge_slave_0 left promiscuous mode [ 2709.253185] bridge0: port 1(bridge_slave_0) entered disabled state [ 2709.312651] device veth1_macvtap left promiscuous mode [ 2709.318159] device veth0_macvtap left promiscuous mode [ 2709.323512] device veth1_vlan left promiscuous mode [ 2709.329266] device veth0_vlan left promiscuous mode [ 2711.189672] device hsr_slave_1 left promiscuous mode [ 2711.231842] device hsr_slave_0 left promiscuous mode [ 2711.284071] team0 (unregistering): Port device team_slave_1 removed [ 2711.298144] team0 (unregistering): Port device team_slave_0 removed [ 2711.313436] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 2711.362433] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 2711.479569] bond0 (unregistering): Released all slaves [ 2711.575329] bridge0: port 1(bridge_slave_0) entered blocking state [ 2711.585001] bridge0: port 1(bridge_slave_0) entered disabled state [ 2711.606683] device bridge_slave_0 entered promiscuous mode [ 2711.620794] bridge0: port 2(bridge_slave_1) entered blocking state [ 2711.636427] bridge0: port 2(bridge_slave_1) entered disabled state [ 2711.644172] device bridge_slave_1 entered promiscuous mode [ 2711.673223] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2711.684064] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2711.714508] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2711.722698] team0: Port device team_slave_0 added [ 2711.730146] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2711.740350] team0: Port device team_slave_1 added [ 2711.821465] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2711.836544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2711.896448] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2711.919272] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2711.925566] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2711.987778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2712.008219] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 2712.026863] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 2712.110058] device hsr_slave_0 entered promiscuous mode [ 2712.147146] device hsr_slave_1 entered promiscuous mode [ 2712.227581] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 2712.235380] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 2712.470028] bridge0: port 2(bridge_slave_1) entered blocking state [ 2712.476467] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2712.582140] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 2712.593180] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2712.615974] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2712.656316] bridge0: port 2(bridge_slave_1) entered disabled state [ 2712.668679] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2712.693249] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 2712.726892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2712.734137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2712.756381] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 2712.762497] 8021q: adding VLAN 0 to HW filter on device team0 [ 2712.785704] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 2712.805421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2712.819638] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2712.836813] bridge0: port 1(bridge_slave_0) entered blocking state [ 2712.843329] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2712.900154] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 2712.908594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2712.939191] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2712.947118] bridge0: port 2(bridge_slave_1) entered blocking state [ 2712.953480] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2712.990475] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 2712.997999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2713.014031] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 2713.029209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2713.050508] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 2713.085700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2713.094470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2713.127531] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2713.138021] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 2713.167276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2713.175552] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2713.195387] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 2713.203324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2713.213059] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2713.240264] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 2713.247789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2713.256916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2713.267848] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 2713.274067] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2713.320396] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 2713.339130] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 2713.345539] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2713.354336] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2713.382372] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2713.560563] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 2713.612391] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 2713.636738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 2713.644917] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2713.804378] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 2713.824041] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 2713.832623] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 2713.868683] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 2713.875572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 2713.888278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2713.899099] device veth0_vlan entered promiscuous mode [ 2713.922571] device veth1_vlan entered promiscuous mode [ 2713.947541] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 2713.954421] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2713.962858] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2713.977448] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2713.988747] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 2714.013704] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 2714.029230] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 2714.036758] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2714.044488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 2714.054912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2714.079970] device veth0_macvtap entered promiscuous mode [ 2714.095418] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 2714.116704] device veth1_macvtap entered promiscuous mode [ 2714.123118] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 2714.154475] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 2714.181627] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 2714.202964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2714.226374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.235527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2714.245823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.255439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2714.266051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.275972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2714.287364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.297290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2714.307793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.317341] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2714.327826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.337473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2714.348396] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.358013] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2714.368513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.378412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2714.389162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.401483] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 2714.409608] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2714.421056] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2714.436894] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 2714.444452] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 2714.454286] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2714.465705] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2714.476906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.486823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2714.497523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.507137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2714.517824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.527692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2714.539497] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.550479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2714.561096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.570671] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2714.581335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.591113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2714.601656] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.611637] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2714.621951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.631889] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2714.642127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2714.654300] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 2714.661919] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2714.670320] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2714.679500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2717.072610] xt_TCPMSS: Only works on TCP SYN packets 13:03:10 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x6000000, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:03:10 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x0, 0x3e}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:03:10 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:03:10 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 13:03:10 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:03:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x404}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0, 0x0, 0x0, 0xfffffec5}}], 0x1, 0x0, 0x0) r0 = getpid() signalfd4(0xffffffffffffffff, &(0x7f0000000100), 0x8, 0x800) sched_setscheduler(r0, 0x5, &(0x7f00000002c0)) clone(0x22004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$USERIO_CMD_REGISTER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x40}, 0x2) exit(0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='status\x00') ptrace$pokeuser(0x6, r0, 0x10001, 0x8) preadv(r1, &(0x7f00000017c0), 0x1b4, 0x0) getpid() syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000080)="59d5aedb713cda90e8340e9dde95228720019aa2c0abe114c243636c4e7029ea893619eb4df168d10b7ffb609f97fedd660b332516d87a01", 0x38) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) [ 2836.423573] xt_hashlimit: overflow, try lower: 0/0 [ 2836.466628] xt_TCPMSS: Only works on TCP SYN packets [ 2836.486170] xt_hashlimit: overflow, try lower: 0/0 [ 2836.575526] xt_TCPMSS: Only works on TCP SYN packets 13:03:10 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:03:10 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:03:11 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x0, 0x60}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2836.909805] xt_hashlimit: overflow, try lower: 0/0 [ 2836.977698] xt_hashlimit: overflow, try lower: 0/0 [ 2836.985276] xt_TCPMSS: Only works on TCP SYN packets [ 2837.070730] xt_TCPMSS: Only works on TCP SYN packets [ 2837.169279] batman_adv: batadv0: Interface deactivated: batadv_slave_0 13:03:11 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 2837.210504] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2837.249827] xt_TCPMSS: Only works on TCP SYN packets 13:03:11 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:03:11 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) [ 2837.267830] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2837.315687] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2837.379220] device bridge_slave_1 left promiscuous mode [ 2837.384918] bridge0: port 2(bridge_slave_1) entered disabled state [ 2837.417152] xt_hashlimit: overflow, try lower: 0/0 [ 2837.507901] device bridge_slave_0 left promiscuous mode [ 2837.513436] bridge0: port 1(bridge_slave_0) entered disabled state [ 2837.596896] device veth1_macvtap left promiscuous mode [ 2837.618666] device veth0_macvtap left promiscuous mode [ 2837.624312] device veth1_vlan left promiscuous mode [ 2837.656450] device veth0_vlan left promiscuous mode [ 2838.114196] device hsr_slave_1 left promiscuous mode [ 2838.152094] device hsr_slave_0 left promiscuous mode [ 2838.217329] team0 (unregistering): Port device team_slave_1 removed [ 2838.251474] team0 (unregistering): Port device team_slave_0 removed [ 2838.284993] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 2838.353172] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 2838.492349] bond0 (unregistering): Released all slaves [ 2839.394273] IPVS: ftp: loaded support on port[0] = 21 [ 2839.634451] chnl_net:caif_netlink_parms(): no params data found [ 2839.722099] bridge0: port 1(bridge_slave_0) entered blocking state [ 2839.728694] bridge0: port 1(bridge_slave_0) entered disabled state [ 2839.737243] device bridge_slave_0 entered promiscuous mode [ 2839.748974] bridge0: port 2(bridge_slave_1) entered blocking state [ 2839.755768] bridge0: port 2(bridge_slave_1) entered disabled state [ 2839.765414] device bridge_slave_1 entered promiscuous mode [ 2839.791774] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2839.803173] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2839.839875] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2839.857765] team0: Port device team_slave_0 added [ 2839.864477] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2839.897979] team0: Port device team_slave_1 added [ 2839.924148] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2839.931596] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2839.957719] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2839.974677] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2839.981579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2840.007393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2840.038384] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 2840.057408] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 2840.169715] device hsr_slave_0 entered promiscuous mode [ 2840.207132] device hsr_slave_1 entered promiscuous mode [ 2840.247634] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 2840.255241] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 2840.449893] bridge0: port 2(bridge_slave_1) entered blocking state [ 2840.456376] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2840.463066] bridge0: port 1(bridge_slave_0) entered blocking state [ 2840.469519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2840.560139] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 2840.567558] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2840.582074] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2840.594013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2840.604079] bridge0: port 1(bridge_slave_0) entered disabled state [ 2840.646732] bridge0: port 2(bridge_slave_1) entered disabled state [ 2840.659529] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2840.682770] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 2840.707582] 8021q: adding VLAN 0 to HW filter on device team0 [ 2840.723144] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 2840.732913] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2840.744011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2840.752305] bridge0: port 1(bridge_slave_0) entered blocking state [ 2840.758827] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2840.771041] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 2840.782732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2840.805252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2840.826880] bridge0: port 2(bridge_slave_1) entered blocking state [ 2840.833401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2840.869806] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 2840.888797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2840.917471] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 2840.924895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2840.942760] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 2840.966891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2840.975272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2840.991862] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 2841.018002] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2841.025529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2841.046752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2841.058765] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 2841.081284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2841.090048] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2841.101465] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 2841.113122] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2841.123601] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2841.135724] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 2841.143485] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2841.185220] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 2841.195860] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 2841.205338] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2841.214273] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2841.232435] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2841.313352] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 2841.325884] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 2841.333866] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 2841.344974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2841.428407] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 2841.435942] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 2841.444913] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 2841.463958] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 2841.470968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 2841.481047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2841.493011] device veth0_vlan entered promiscuous mode [ 2841.501523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2841.511159] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2841.527348] device veth1_vlan entered promiscuous mode [ 2841.534620] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 2841.551806] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 2841.572345] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 2841.585464] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 2841.598673] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2841.608165] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2841.617334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 2841.627302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2841.639999] device veth0_macvtap entered promiscuous mode [ 2841.648226] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 2841.663182] device veth1_macvtap entered promiscuous mode [ 2841.670518] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 2841.685443] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 2841.701924] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 2841.712915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2841.723566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2841.733406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2841.744178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2841.754996] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2841.765362] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2841.775479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2841.796245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2841.823363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2841.842009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2841.863298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2841.881439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2841.904943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2841.925522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2841.946986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2841.969325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2841.988983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2842.012144] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2842.036131] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 2842.043556] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2842.051506] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2842.061715] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 2842.080944] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 2842.102646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2842.127987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2842.140912] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2842.151289] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2842.161672] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2842.171269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2842.182095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2842.191833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2842.202712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2842.212454] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2842.223773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2842.233442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2842.244415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2842.254665] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2842.265030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2842.276212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2842.290463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2842.300424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2842.311268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2842.323924] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 2842.331933] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2842.339662] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2842.349996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2845.424581] xt_TCPMSS: Only works on TCP SYN packets [ 2845.486455] xt_TCPMSS: Only works on TCP SYN packets 13:08:11 executing program 1: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x9, 0x3ffc, 0x9, 0x1, 0x5, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0xbfc7, 0x8b93, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x7000000, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:08:11 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x0, 0x114}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:08:11 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:08:11 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x404}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0, 0x0, 0x0, 0xfffffec5}}], 0x1, 0x0, 0x0) r0 = getpid() signalfd4(0xffffffffffffffff, &(0x7f0000000100), 0x8, 0x800) sched_setscheduler(r0, 0x5, &(0x7f00000002c0)) clone(0x22004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$USERIO_CMD_REGISTER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x40}, 0x2) exit(0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='status\x00') ptrace$pokeuser(0x6, r0, 0x10001, 0x8) preadv(r1, &(0x7f00000017c0), 0x1b4, 0x0) getpid() syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000080)="59d5aedb713cda90e8340e9dde95228720019aa2c0abe114c243636c4e7029ea893619eb4df168d10b7ffb609f97fedd660b332516d87a01", 0x38) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 13:08:11 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:08:11 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x800000000000b) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000860], 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000c30000000000000000000000ffffffff010000001d0000000000000000006d6f6e645f736c6176655f31000000007663616e30000000000000000000000073797a6b616c6c65723000000000000062707130000000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000b0000000e80000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000001000000000000736e6101000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000effffff00000000"]}, 0x1f0) r2 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf32(r2, &(0x7f0000000480)=ANY=[], 0xf5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) [ 3137.598331] xt_hashlimit: overflow, try lower: 0/0 [ 3137.634340] xt_TCPMSS: Only works on TCP SYN packets [ 3137.641756] xt_hashlimit: overflow, try lower: 0/0 13:08:12 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:08:12 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x0, 0x117}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:08:12 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 3138.015386] xt_TCPMSS: Only works on TCP SYN packets [ 3138.021890] xt_TCPMSS: Only works on TCP SYN packets [ 3138.060092] xt_hashlimit: overflow, try lower: 0/0 13:08:12 executing program 0: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x9, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1]}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 3138.162469] xt_TCPMSS: Only works on TCP SYN packets [ 3138.294575] xt_hashlimit: overflow, try lower: 0/0 13:08:12 executing program 4: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}, {0x0, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc36, 0xbfc7, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 13:08:12 executing program 2: clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x170, 0x170, 0x170, 0x0, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0x148, 0x170, 0x0, {0x0, 0x134}, [@common=@dst={{0x48, 'dst\x00'}, {0x4, 0x0, 0x0, [0x8a, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x2, 0x3, 0x2c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0xd}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth0_to_batadv\x00', {0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x9, 0xa6}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@ipv6header={{0x28, 'ipv6header\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) [ 3138.342288] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3138.363687] xt_hashlimit: overflow, try lower: 0/0 [ 3138.381293] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3138.443708] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3138.512912] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3138.545348] device bridge_slave_1 left promiscuous mode [ 3138.579968] bridge0: port 2(bridge_slave_1) entered disabled state [ 3138.625700] xt_TCPMSS: Only works on TCP SYN packets [ 3138.658801] device bridge_slave_0 left promiscuous mode [ 3138.678072] bridge0: port 1(bridge_slave_0) entered disabled state [ 3138.785431] device veth1_macvtap left promiscuous mode [ 3138.789211] xt_TCPMSS: Only works on TCP SYN packets [ 3138.801223] device veth0_macvtap left promiscuous mode [ 3138.820004] device veth1_vlan left promiscuous mode [ 3138.845690] device veth0_vlan left promiscuous mode [ 3139.290138] device hsr_slave_1 left promiscuous mode [ 3139.346965] device hsr_slave_0 left promiscuous mode [ 3139.412756] team0 (unregistering): Port device team_slave_1 removed [ 3139.444485] team0 (unregistering): Port device team_slave_0 removed [ 3139.475256] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 3139.536467] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 3139.689369] bond0 (unregistering): Released all slaves [ 3140.594155] IPVS: ftp: loaded support on port[0] = 21 [ 3140.785914] chnl_net:caif_netlink_parms(): no params data found [ 3140.852708] bridge0: port 1(bridge_slave_0) entered blocking state [ 3140.859919] bridge0: port 1(bridge_slave_0) entered disabled state [ 3140.869169] device bridge_slave_0 entered promiscuous mode [ 3140.878726] bridge0: port 2(bridge_slave_1) entered blocking state [ 3140.897874] bridge0: port 2(bridge_slave_1) entered disabled state [ 3140.905779] device bridge_slave_1 entered promiscuous mode [ 3140.963172] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3140.973673] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3140.999046] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 3141.008215] team0: Port device team_slave_0 added [ 3141.015728] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 3141.025835] team0: Port device team_slave_1 added [ 3141.053617] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3141.060064] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3141.085931] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3141.106192] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3141.126379] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3141.205581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3141.239369] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 3141.267839] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 3141.359808] device hsr_slave_0 entered promiscuous mode [ 3141.397165] device hsr_slave_1 entered promiscuous mode [ 3141.437516] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 3141.445317] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 3141.659419] bridge0: port 2(bridge_slave_1) entered blocking state [ 3141.665818] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3141.672535] bridge0: port 1(bridge_slave_0) entered blocking state [ 3141.678937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3141.822826] bridge0: port 1(bridge_slave_0) entered disabled state [ 3141.842773] bridge0: port 2(bridge_slave_1) entered disabled state [ 3141.862024] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3141.873721] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 3141.887580] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 3141.893971] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3141.903713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3141.921598] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 3141.928639] 8021q: adding VLAN 0 to HW filter on device team0 [ 3141.942285] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 3141.950605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3141.961165] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3141.969589] bridge0: port 1(bridge_slave_0) entered blocking state [ 3141.976107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3141.988448] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 3142.007938] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3142.016261] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3142.037456] bridge0: port 2(bridge_slave_1) entered blocking state [ 3142.043847] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3142.070615] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 3142.078357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3142.100149] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 3142.117022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3142.129458] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 3142.137972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3142.148327] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3142.164944] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 3142.172260] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3142.181860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3142.191997] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3142.204550] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 3142.212726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3142.225509] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3142.245190] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 3142.270693] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3142.279325] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3142.300375] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 3142.312859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3142.364784] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 3142.389432] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 3142.395938] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 3142.404039] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 3142.421765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3142.541509] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 3142.565930] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 3142.589404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 3142.608515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 3142.691713] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 3142.717715] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 3142.725231] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 3142.754190] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 3142.771876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 3142.793047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 3142.816477] device veth0_vlan entered promiscuous mode [ 3142.838877] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 3142.856850] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 3142.874833] device veth1_vlan entered promiscuous mode [ 3142.924092] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 3142.953181] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 3142.970173] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 3142.982284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 3143.006068] device veth0_macvtap entered promiscuous mode [ 3143.025589] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 3143.051704] device veth1_macvtap entered promiscuous mode [ 3143.071166] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 3143.094008] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 3143.119305] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 3143.142327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 3143.163843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.175639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 3143.202953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.224423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 3143.236429] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.245812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 3143.255862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.265432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 3143.275406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.284868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 3143.298126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.308161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 3143.318516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.328838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 3143.339534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.350492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 3143.360739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.373578] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 3143.381781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 3143.390080] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 3143.399290] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 3143.408172] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 3143.418401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 3143.430527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 3143.441324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.451361] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 3143.461578] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.470932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 3143.481653] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.491138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 3143.501436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.511172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 3143.521292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.530794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 3143.540909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.550448] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 3143.560881] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.570571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 3143.581244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.590938] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 3143.601905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3143.616058] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 3143.624178] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 3143.632387] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 3143.642511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 3147.638577] xt_TCPMSS: Only works on TCP SYN packets [ 3147.644291] xt_TCPMSS: Only works on TCP SYN packets [ 3294.057324] INFO: task syz-executor.1:2535 blocked for more than 140 seconds. [ 3294.064658] Not tainted 4.19.98-syzkaller #0 [ 3294.084732] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3294.096196] syz-executor.1 D27720 2535 2513 0x00000006 [ 3294.126366] Call Trace: [ 3294.129018] __schedule+0x866/0x1dc0 [ 3294.132738] ? __lock_is_held+0xb6/0x140 [ 3294.139339] ? firmware_map_remove+0x1a7/0x1a7 [ 3294.166381] ? mark_held_locks+0x100/0x100 [ 3294.166404] schedule+0x92/0x1c0 [ 3294.166419] schedule_timeout+0x8c8/0xfc0 [ 3294.166434] ? wait_for_completion+0x294/0x440 [ 3294.166450] ? find_held_lock+0x35/0x130 [ 3294.166463] ? usleep_range+0x170/0x170 [ 3294.166482] ? mark_held_locks+0xb1/0x100 [ 3294.166501] ? _raw_spin_unlock_irq+0x28/0x90 [ 3294.166519] ? wait_for_completion+0x294/0x440 [ 3294.236396] ? _raw_spin_unlock_irq+0x28/0x90 [ 3294.240946] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3294.245557] ? trace_hardirqs_on+0x67/0x220 [ 3294.276495] wait_for_completion+0x29c/0x440 [ 3294.280977] ? wait_for_completion_interruptible+0x4b0/0x4b0 [ 3294.316391] ? wake_up_q+0x100/0x100 [ 3294.320150] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3294.324851] ? trace_hardirqs_on+0x67/0x220 [ 3294.345715] __flush_work+0x49f/0x870 [ 3294.350201] ? insert_work+0x3a0/0x3a0 [ 3294.354394] ? flush_workqueue_prep_pwqs+0x590/0x590 [ 3294.372355] ? __cancel_work_timer+0x1d3/0x520 [ 3294.382803] ? cancel_delayed_work_sync+0x1b/0x20 [ 3294.404005] ? __cancel_work_timer+0x1d3/0x520 [ 3294.409185] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3294.413955] ? trace_hardirqs_on+0x67/0x220 [ 3294.425095] __cancel_work_timer+0x3bf/0x520 [ 3294.435078] ? mutex_trylock+0x1e0/0x1e0 [ 3294.445167] ? try_to_grab_pending+0x710/0x710 [ 3294.467727] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3294.472882] ? ___ratelimit+0x60/0x595 [ 3294.488597] ? tcpmss_tg6_check.cold+0x5/0x3e [ 3294.493148] ? tcpmss_tg6_check+0x23f/0x35c [ 3294.504984] ? tcpmss_tg4+0x2b0/0x2b0 [ 3294.514639] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3294.532006] cancel_delayed_work_sync+0x1b/0x20 [ 3294.538305] htable_put+0x15f/0x220 [ 3294.543471] ? hashlimit_mt_destroy_v2+0x70/0x70 [ 3294.563153] hashlimit_mt_destroy_v1+0x50/0x70 [ 3294.568365] cleanup_match+0xde/0x170 [ 3294.572491] ? icmp6_checkentry+0xa0/0xa0 [ 3294.581438] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3294.596395] find_check_entry.isra.0+0x4da/0x9d0 [ 3294.601200] ? lock_downgrade+0x880/0x880 [ 3294.605369] ? __do_replace+0x930/0x930 [ 3294.623296] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3294.633402] ? kvfree+0x61/0x70 [ 3294.643216] translate_table+0xd15/0x1860 [ 3294.654608] ? alloc_counters.isra.0+0x690/0x690 [ 3294.666410] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3294.672005] ? _copy_from_user+0xdd/0x150 [ 3294.688759] do_ip6t_set_ctl+0x2ef/0x498 [ 3294.692897] ? compat_do_ip6t_set_ctl+0x160/0x160 [ 3294.713117] ? mutex_unlock+0xd/0x10 [ 3294.723025] ? nf_sockopt_find.constprop.0+0x226/0x290 [ 3294.736417] nf_setsockopt+0x77/0xd0 [ 3294.740450] ipv6_setsockopt+0x13e/0x170 [ 3294.744536] tcp_setsockopt+0x8f/0xe0 [ 3294.760049] sock_common_setsockopt+0x94/0xd0 [ 3294.764596] __sys_setsockopt+0x17a/0x280 [ 3294.775386] ? kernel_accept+0x310/0x310 [ 3294.787438] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3294.793366] ? do_syscall_64+0x26/0x620 [ 3294.806432] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3294.811850] ? do_syscall_64+0x26/0x620 [ 3294.815840] __x64_sys_setsockopt+0xbe/0x150 [ 3294.831702] do_syscall_64+0xfd/0x620 [ 3294.835553] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3294.845696] RIP: 0033:0x45b349 [ 3294.857464] Code: Bad RIP value. [ 3294.862033] RSP: 002b:00007fbbff22cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 3294.884375] RAX: ffffffffffffffda RBX: 00007fbbff22d6d4 RCX: 000000000045b349 [ 3294.897697] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 3294.905265] RBP: 000000000075bf20 R08: 00000000000003d8 R09: 0000000000000000 [ 3294.923860] R10: 0000000020000100 R11: 0000000000000246 R12: 00000000ffffffff [ 3294.934377] R13: 00000000000009d7 R14: 00000000004d3f88 R15: 000000000075bf2c [ 3294.954110] [ 3294.954110] Showing all locks held in the system: [ 3294.963199] 1 lock held by khungtaskd/1082: [ 3294.975875] #0: 0000000004889e69 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e [ 3294.998265] 1 lock held by khugepaged/1089: [ 3295.002628] #0: 0000000049387c7d (pcpu_drain_mutex){+.+.}, at: drain_all_pages+0x4d/0x570 [ 3295.020353] 1 lock held by udevd/3775: [ 3295.026979] 2 locks held by rs:main Q:Reg/7946: [ 3295.031912] 1 lock held by rsyslogd/7948: [ 3295.036056] #0: 00000000b2641654 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 3295.056577] 2 locks held by getty/8071: [ 3295.061082] #0: 000000002dfaa48c (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3295.082401] #1: 00000000d39c2b82 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3295.098745] 2 locks held by getty/8072: [ 3295.103205] #0: 00000000ed3ff435 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3295.122553] #1: 000000009b97812e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3295.143958] 2 locks held by getty/8073: [ 3295.154142] #0: 000000000aa858cd (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3295.174748] #1: 000000000893713e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3295.196808] 2 locks held by getty/8074: [ 3295.200977] #0: 00000000bc8613f4 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3295.215965] #1: 00000000a814d141 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3295.225731] 2 locks held by getty/8075: [ 3295.237047] #0: 000000006ff3d851 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3295.245332] #1: 0000000004a69269 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3295.263893] 2 locks held by getty/8076: [ 3295.270073] #0: 00000000b0e53d2f (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3295.286130] #1: 0000000016db197d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3295.304870] 2 locks held by getty/8077: [ 3295.310603] #0: 00000000ca5aa79c (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3295.330880] #1: 000000009a2a6347 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3295.358480] 2 locks held by kworker/0:1/1067: [ 3295.363380] 1 lock held by syz-executor.1/2535: [ 3295.375669] #0: 000000006ce5ba02 (hashlimit_mutex){+.+.}, at: htable_put+0x21/0x220 [ 3295.396362] [ 3295.398020] ============================================= [ 3295.398020] [ 3295.405054] NMI backtrace for cpu 1 [ 3295.408848] CPU: 1 PID: 1082 Comm: khungtaskd Not tainted 4.19.98-syzkaller #0 [ 3295.416298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3295.425649] Call Trace: [ 3295.428251] dump_stack+0x197/0x210 [ 3295.431912] nmi_cpu_backtrace.cold+0x63/0xa4 [ 3295.436429] ? lapic_can_unplug_cpu.cold+0x47/0x47 [ 3295.441375] nmi_trigger_cpumask_backtrace+0x1b0/0x1f8 [ 3295.446673] arch_trigger_cpumask_backtrace+0x14/0x20 [ 3295.451881] watchdog+0x9df/0xee0 [ 3295.455366] kthread+0x354/0x420 [ 3295.458755] ? reset_hung_task_detector+0x30/0x30 [ 3295.464041] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3295.469594] ret_from_fork+0x24/0x30 [ 3295.474185] Sending NMI from CPU 1 to CPUs 0: [ 3295.479084] NMI backtrace for cpu 0 [ 3295.479091] CPU: 0 PID: 1067 Comm: kworker/0:1 Not tainted 4.19.98-syzkaller #0 [ 3295.479098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3295.479103] Workqueue: events_power_efficient htable_gc [ 3295.479110] RIP: 0010:match_held_lock+0xb/0x500 [ 3295.479124] Code: ff e8 89 3a 51 00 e9 b3 fe ff ff 48 c7 c7 a8 5c f2 88 e8 d8 39 51 00 e9 1d ff ff ff 0f 1f 00 48 b8 00 00 00 00 00 fc ff df 55 <48> 89 e5 41 57 41 56 41 55 41 54 53 48 89 fb 48 83 c7 10 48 89 fa [ 3295.479128] RSP: 0018:ffff88804a977be0 EFLAGS: 00000002 [ 3295.479136] RAX: dffffc0000000000 RBX: ffff888090f7e440 RCX: ffff888090f7ecc0 [ 3295.479142] RDX: 0000000000000000 RSI: ffffffff88f95be0 RDI: ffff888090f7ece8 [ 3295.479148] RBP: ffff88804a977c30 R08: ffff888090f7e440 R09: ffff888090f7ed08 [ 3295.479154] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff88f95be0 [ 3295.479160] R13: ffffed10121efd97 R14: 0000000000000001 R15: ffff888090f7ece8 [ 3295.479166] FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 3295.479171] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3295.479177] CR2: 0000000001fe0000 CR3: 0000000095a19000 CR4: 00000000001406f0 [ 3295.479183] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3295.479189] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 3295.479192] Call Trace: [ 3295.479196] ? __lock_is_held+0xb6/0x140 [ 3295.479200] lock_is_held_type+0x110/0x210 [ 3295.479203] ___might_sleep+0x1f4/0x2b0 [ 3295.479208] htable_selective_cleanup+0x22c/0x330 [ 3295.479211] ? select_all+0x10/0x10 [ 3295.479214] htable_gc+0x26/0xc0 [ 3295.479219] ? rcu_read_lock_sched_held+0x110/0x130 [ 3295.479223] process_one_work+0x989/0x1750 [ 3295.479227] ? pwq_dec_nr_in_flight+0x320/0x320 [ 3295.479230] ? lock_acquire+0x16f/0x3f0 [ 3295.479234] ? kasan_check_write+0x14/0x20 [ 3295.479238] ? do_raw_spin_lock+0xd7/0x250 [ 3295.479242] worker_thread+0x98/0xe40 [ 3295.479245] kthread+0x354/0x420 [ 3295.479249] ? process_one_work+0x1750/0x1750 [ 3295.479254] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3295.479257] ret_from_fork+0x24/0x30 [ 3295.480821] Kernel panic - not syncing: hung_task: blocked tasks [ 3295.687115] CPU: 1 PID: 1082 Comm: khungtaskd Not tainted 4.19.98-syzkaller #0 [ 3295.694476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3295.703837] Call Trace: [ 3295.706454] dump_stack+0x197/0x210 [ 3295.710104] panic+0x26a/0x50e [ 3295.713314] ? __warn_printk+0xf3/0xf3 [ 3295.717211] ? lapic_can_unplug_cpu.cold+0x47/0x47 [ 3295.722163] ? ___preempt_schedule+0x16/0x18 [ 3295.726678] ? nmi_trigger_cpumask_backtrace+0x165/0x1f8 [ 3295.732152] ? nmi_trigger_cpumask_backtrace+0x1c1/0x1f8 [ 3295.737628] ? nmi_trigger_cpumask_backtrace+0x1cb/0x1f8 [ 3295.743094] ? nmi_trigger_cpumask_backtrace+0x165/0x1f8 [ 3295.748560] watchdog+0x9f0/0xee0 [ 3295.752037] kthread+0x354/0x420 [ 3295.755432] ? reset_hung_task_detector+0x30/0x30 [ 3295.760301] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3295.765851] ret_from_fork+0x24/0x30 [ 3295.771253] Kernel Offset: disabled [ 3295.774965] Rebooting in 86400 seconds..