0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:17 executing program 1: r0 = getpid() syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r2, r1) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) 16:57:17 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x2000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:17 executing program 5: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:17 executing program 1: r0 = getpid() syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r2, r1) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 16:57:17 executing program 5: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:17 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:17 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x3f00], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:17 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000060000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:17 executing program 1: r0 = getpid() syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r2, r1) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) 16:57:17 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r2 = getpid() r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r4, r3, 0x16, &(0x7f0000000100)) ptrace(0x10, r3) ptrace$pokeuser(0x6, r4, 0x388, 0xb8) ptrace$pokeuser(0x6, r2, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2892.875002][T32241] xt_check_target: 7 callbacks suppressed [ 2892.875016][T32241] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:18 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x20, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:18 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000070000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:18 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:18 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x4000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:18 executing program 1: r0 = getpid() syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r2, r1) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) 16:57:18 executing program 5: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2893.100379][ T9266] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2893.163604][ T9266] CPU: 0 PID: 9266 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 2893.172342][ T9266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2893.182427][ T9266] Call Trace: [ 2893.185745][ T9266] dump_stack+0x197/0x210 [ 2893.190098][ T9266] dump_header+0x10b/0x82d [ 2893.194534][ T9266] ? oom_kill_process+0x94/0x420 [ 2893.199505][ T9266] oom_kill_process.cold+0x10/0x15 [ 2893.204644][ T9266] out_of_memory+0x334/0x13c0 [ 2893.209523][ T9266] ? find_held_lock+0x35/0x130 [ 2893.214311][ T9266] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2893.220147][ T9266] ? oom_killer_disable+0x280/0x280 [ 2893.225412][ T9266] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2893.231236][ T9266] ? memcg_oom_wake_function+0x700/0x700 [ 2893.236901][ T9266] ? do_raw_spin_unlock+0x178/0x270 [ 2893.240612][T32256] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2893.242265][ T9266] ? _raw_spin_unlock+0x28/0x40 [ 2893.242289][ T9266] try_charge+0xf76/0x14d0 [ 2893.242314][ T9266] ? find_held_lock+0x35/0x130 [ 2893.264539][ T9266] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2893.270109][ T9266] ? get_mem_cgroup_from_mm+0x139/0x310 [ 2893.275706][ T9266] ? find_held_lock+0x35/0x130 [ 2893.280495][ T9266] ? get_mem_cgroup_from_mm+0x139/0x310 [ 2893.286073][ T9266] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2893.291853][ T9266] ? memcg_kmem_put_cache+0x1a0/0x1a0 [ 2893.297258][ T9266] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2893.303265][ T9266] __memcg_kmem_charge+0x13a/0x3a0 [ 2893.308409][ T9266] __alloc_pages_nodemask+0x4f5/0x910 [ 2893.312071][T32266] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2893.313797][ T9266] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2893.313812][ T9266] ? copy_page_range+0x10b2/0x20b0 [ 2893.313829][ T9266] ? copy_page_range+0x10b2/0x20b0 [ 2893.313851][ T9266] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2893.313869][ T9266] alloc_pages_current+0x107/0x210 [ 2893.313889][ T9266] pte_alloc_one+0x1b/0x1a0 [ 2893.313904][ T9266] __pte_alloc+0x20/0x310 [ 2893.313922][ T9266] copy_page_range+0x1616/0x20b0 [ 2893.313959][ T9266] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2893.370886][ T9266] ? __rb_insert_augmented+0x20c/0xd90 [ 2893.376372][ T9266] ? validate_mm_rb+0xa3/0xc0 [ 2893.381078][ T9266] ? __vma_link_rb+0x5ad/0x770 [ 2893.385968][ T9266] dup_mm+0xa67/0x1430 [ 2893.390067][ T9266] ? vm_area_dup+0x170/0x170 [ 2893.394687][ T9266] ? debug_mutex_init+0x2d/0x60 [ 2893.399639][ T9266] copy_process+0x2ad6/0x7230 [ 2893.404430][ T9266] ? __kasan_check_read+0x11/0x20 [ 2893.409539][ T9266] ? mark_lock+0xc2/0x1220 [ 2893.413954][ T9266] ? do_raw_spin_unlock+0x178/0x270 [ 2893.419374][ T9266] ? __cleanup_sighand+0xc0/0xc0 [ 2893.424405][ T9266] ? __might_fault+0x12b/0x1e0 [ 2893.429160][ T9266] ? __might_fault+0x12b/0x1e0 [ 2893.433928][ T9266] _do_fork+0x146/0x1090 [ 2893.438163][ T9266] ? copy_init_mm+0x20/0x20 [ 2893.442663][ T9266] ? __kasan_check_read+0x11/0x20 [ 2893.447696][ T9266] ? _copy_to_user+0x118/0x160 [ 2893.452460][ T9266] __x64_sys_clone+0x19a/0x260 [ 2893.457913][ T9266] ? __ia32_sys_vfork+0xd0/0xd0 [ 2893.462956][ T9266] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2893.468426][ T9266] ? trace_hardirqs_on+0x67/0x240 [ 2893.473544][ T9266] do_syscall_64+0xfa/0x790 [ 2893.478148][ T9266] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2893.484037][ T9266] RIP: 0033:0x458e1a [ 2893.487930][ T9266] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 16:57:18 executing program 1: getpid() syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) 16:57:18 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x4800], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2893.507609][ T9266] RSP: 002b:00007ffc81522390 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2893.516101][ T9266] RAX: ffffffffffffffda RBX: 00007ffc81522390 RCX: 0000000000458e1a [ 2893.524070][ T9266] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2893.532038][ T9266] RBP: 00007ffc815223d0 R08: 0000000000000001 R09: 00000000028b8940 [ 2893.540095][ T9266] R10: 00000000028b8c10 R11: 0000000000000246 R12: 0000000000000001 [ 2893.548152][ T9266] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc81522420 16:57:18 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000110000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2893.696667][T32277] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:18 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2893.739845][ T9266] memory: usage 307200kB, limit 307200kB, failcnt 3204 [ 2893.749325][ T9266] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2893.757517][ T9266] Memory cgroup stats for /syz2: [ 2893.757668][ T9266] anon 255705088 [ 2893.757668][ T9266] file 131072 [ 2893.757668][ T9266] kernel_stack 8331264 [ 2893.757668][ T9266] slab 15970304 [ 2893.757668][ T9266] sock 0 [ 2893.757668][ T9266] shmem 122880 [ 2893.757668][ T9266] file_mapped 0 [ 2893.757668][ T9266] file_dirty 0 [ 2893.757668][ T9266] file_writeback 0 [ 2893.757668][ T9266] anon_thp 211812352 [ 2893.757668][ T9266] inactive_anon 135168 [ 2893.757668][ T9266] active_anon 255619072 [ 2893.757668][ T9266] inactive_file 65536 [ 2893.757668][ T9266] active_file 135168 [ 2893.757668][ T9266] unevictable 0 [ 2893.757668][ T9266] slab_reclaimable 3108864 [ 2893.757668][ T9266] slab_unreclaimable 12861440 [ 2893.757668][ T9266] pgfault 177837 [ 2893.757668][ T9266] pgmajfault 0 [ 2893.757668][ T9266] workingset_refault 627 [ 2893.757668][ T9266] workingset_activate 264 [ 2893.757668][ T9266] workingset_nodereclaim 0 [ 2893.757668][ T9266] pgrefill 11722 [ 2893.757668][ T9266] pgscan 47460 [ 2893.757668][ T9266] pgsteal 2016 [ 2893.855515][T32281] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:19 executing program 1: getpid() syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) dup2(0xffffffffffffffff, r0) 16:57:19 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2894.026599][ T9266] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31957,uid=0 [ 2894.060201][ T9266] Memory cgroup out of memory: Killed process 31957 (syz-executor.2) total-vm:72584kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 16:57:19 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x4c00], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:19 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = socket(0x10, 0x803, 0x0) sendto(r2, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f00000006c0)=""/58, 0x3a}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/153, 0x99}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000000600)=""/184, 0xb8}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) r4 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket(0x10, 0x803, 0x0) sendto(r5, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) getsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f0000000140)=""/190, &(0x7f0000000280)=0xbe) bind$xdp(0xffffffffffffffff, &(0x7f0000000080)={0x2c, 0x8, r3, 0x2c, r4}, 0x10) r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 2894.356151][T32306] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:19 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:19 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000200000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:19 executing program 1: getpid() syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) dup2(0xffffffffffffffff, r0) 16:57:19 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2894.434733][T32319] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:19 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x6000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:19 executing program 1: getpid() syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) dup2(0xffffffffffffffff, r0) 16:57:19 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000003f0000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:20 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) 16:57:20 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2894.922111][T32343] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2895.007693][T32359] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:20 executing program 1: getpid() syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r0, 0xffffffffffffffff) 16:57:20 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:20 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) 16:57:20 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x6800], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:20 executing program 1: getpid() syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r0, 0xffffffffffffffff) 16:57:20 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000400000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:20 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:20 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x32201, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1010, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x18813, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) ptrace$peekuser(0x3, r0, 0x9) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$cgroup_ro(r4, &(0x7f00000000c0)='pids.current\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000100)={0x0, 0xae, 0x4, 0x73a5}, &(0x7f0000000140)=0x10) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000000180)={r6, 0x7}, 0x8) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r7 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x0, 0x200000) getpid() r8 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r7, 0x6, 0x3, &(0x7f00000001c0), &(0x7f0000000200)=0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x10002, 0x0, 0x0, 0x2000, &(0x7f000000c000/0x2000)=nil}) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:20 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) 16:57:20 executing program 1: getpid() syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r0, 0xffffffffffffffff) [ 2895.561263][T32387] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:20 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000880000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:20 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = syz_open_dev$vcsu(&(0x7f0000000080)='/dev/vcsu#\x00', 0x9, 0x509a00) getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f00000000c0)=0x1, &(0x7f0000000100)=0x4) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = socket(0x10, 0x803, 0x0) sendto(r5, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) r6 = socket(0x10, 0x803, 0x0) sendto(r6, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r6, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newlink={0x68, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x48, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0x34, 0x2, [@IFLA_GRE_LOCAL={0x14, 0x6, @local}, @IFLA_GRE_REMOTE={0x14, 0x7, @local}, @gre_common_policy=[@IFLA_GRE_LINK={0x8}]]}}}]}, 0x68}}, 0x0) r8 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x800, 0x0) r9 = socket(0x10, 0x803, 0x0) sendto(r9, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r9, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) poll(&(0x7f0000000180)=[{r5, 0x442}, {r6, 0x2000}, {r7, 0x8}, {r8, 0x81c2}, {r2, 0x5484}, {r9, 0x2}], 0x6, 0x10000) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) arch_prctl$ARCH_GET_GS(0x1004, &(0x7f0000000040)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:20 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x6c00], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2895.757637][T32393] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2895.838835][T32393] CPU: 1 PID: 32393 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 2895.847656][T32393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2895.857825][T32393] Call Trace: [ 2895.861146][T32393] dump_stack+0x197/0x210 [ 2895.865507][T32393] dump_header+0x10b/0x82d [ 2895.870162][T32393] ? oom_kill_process+0x94/0x420 [ 2895.875295][T32393] oom_kill_process.cold+0x10/0x15 [ 2895.880540][T32393] out_of_memory+0x334/0x13c0 [ 2895.885412][T32393] ? find_held_lock+0x35/0x130 [ 2895.890202][T32393] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2895.896032][T32393] ? oom_killer_disable+0x280/0x280 [ 2895.901261][T32393] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2895.906835][T32393] ? memcg_oom_wake_function+0x700/0x700 [ 2895.912486][T32393] ? do_raw_spin_unlock+0x178/0x270 [ 2895.917807][T32393] ? _raw_spin_unlock+0x28/0x40 [ 2895.922786][T32393] try_charge+0xf76/0x14d0 [ 2895.927215][T32393] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2895.932794][T32393] ? percpu_ref_tryget+0x102/0x230 [ 2895.937998][T32393] ? rcu_read_lock_held+0x9c/0xb0 [ 2895.943037][T32393] ? __kasan_check_read+0x11/0x20 [ 2895.948301][T32393] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2895.953848][T32393] mem_cgroup_try_charge+0x136/0x590 [ 2895.959146][T32393] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2895.964812][T32393] __handle_mm_fault+0x1f1f/0x3da0 [ 2895.969933][T32393] ? vm_iomap_memory+0x1a0/0x1a0 [ 2895.974964][T32393] ? handle_mm_fault+0x292/0xa50 [ 2895.979905][T32393] ? handle_mm_fault+0x7a0/0xa50 [ 2895.984880][T32393] ? __kasan_check_read+0x11/0x20 [ 2895.989907][T32393] handle_mm_fault+0x3b2/0xa50 [ 2895.994898][T32393] __do_page_fault+0x536/0xd80 [ 2895.999792][T32393] do_page_fault+0x38/0x590 [ 2896.004300][T32393] page_fault+0x39/0x40 [ 2896.008532][T32393] RIP: 0033:0x41203f [ 2896.012420][T32393] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2896.032281][T32393] RSP: 002b:00007ffc81522140 EFLAGS: 00010206 [ 2896.038614][T32393] RAX: 00007ff591a24000 RBX: 0000000000020000 RCX: 000000000045a89a [ 2896.046928][T32393] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2896.055727][T32393] RBP: 00007ffc81522220 R08: ffffffffffffffff R09: 0000000000000000 [ 2896.063740][T32393] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc81522310 [ 2896.071891][T32393] R13: 00007ff591a44700 R14: 0000000000000000 R15: 000000000075bf2c 16:57:21 executing program 1: getpid() r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) [ 2896.084633][T32393] memory: usage 307200kB, limit 307200kB, failcnt 3246 [ 2896.091727][T32393] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2896.099387][T32393] Memory cgroup stats for /syz2: [ 2896.099510][T32393] anon 256012288 [ 2896.099510][T32393] file 131072 [ 2896.099510][T32393] kernel_stack 8368128 [ 2896.099510][T32393] slab 15646720 [ 2896.099510][T32393] sock 0 [ 2896.099510][T32393] shmem 122880 [ 2896.099510][T32393] file_mapped 0 [ 2896.099510][T32393] file_dirty 0 [ 2896.099510][T32393] file_writeback 0 [ 2896.099510][T32393] anon_thp 211812352 16:57:21 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2896.099510][T32393] inactive_anon 135168 [ 2896.099510][T32393] active_anon 255926272 [ 2896.099510][T32393] inactive_file 65536 [ 2896.099510][T32393] active_file 135168 [ 2896.099510][T32393] unevictable 0 [ 2896.099510][T32393] slab_reclaimable 3108864 [ 2896.099510][T32393] slab_unreclaimable 12537856 [ 2896.099510][T32393] pgfault 178167 [ 2896.099510][T32393] pgmajfault 0 [ 2896.099510][T32393] workingset_refault 627 [ 2896.099510][T32393] workingset_activate 264 [ 2896.099510][T32393] workingset_nodereclaim 0 [ 2896.099510][T32393] pgrefill 12021 [ 2896.099510][T32393] pgscan 47758 [ 2896.099510][T32393] pgsteal 2049 [ 2896.302950][T32393] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32379,uid=0 16:57:21 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2896.350946][T32393] Memory cgroup out of memory: Killed process 32379 (syz-executor.2) total-vm:72584kB, anon-rss:2208kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 16:57:21 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000200000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:21 executing program 1: getpid() r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) 16:57:21 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:21 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x7400], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:21 executing program 1: getpid() r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) 16:57:21 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:22 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:22 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x10001, 0x0) r5 = socket(0x10, 0x803, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000400)='/dev/vga_arbiter\x00', 0x101000, 0x0) r6 = socket(0x10, 0x803, 0x0) sendto(r6, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r6, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) getsockname$packet(r6, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r5, 0x84, 0x6c, &(0x7f0000000080)={0x0, 0xd6, "dc42dfd1078c7135803a2a6745384a8af75d3675af85a67693b07856ea1c1c82645d9daa5a524cf5d2e1486afedcafb1cc7fe9bf666ed1aa94c91ce8620eb6a34c1ad7859fd782cc82e7e048df8316c129b30b7b73a245f32de7a391129d7458760a9360f71bc83619836626ff54f54602c3f7cb5c05b4f7a6e5c7e03796bc20e38caaac3c6f183713eeb8056b88fdba3d280f139754b88214f4e0467e889bf05dbc5153a341662cc25849cbb998bd2d87202a9b9475d7b457c7bbdc597ecedf17d92fda8c139000ece86a7dec0dfe5e0b8251559544"}, &(0x7f0000000180)=0xde) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f00000001c0)={r7, 0x100, 0x3, [0x0, 0x3, 0x7]}, 0xe) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:22 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x7a00], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:22 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) 16:57:22 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000002000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:22 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:22 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:22 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:22 executing program 1: syz_open_dev$sndmidi(0x0, 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) 16:57:22 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x8800], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:22 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000001000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:22 executing program 1: syz_open_dev$sndmidi(0x0, 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) 16:57:22 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:23 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) llistxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/75, 0x4b) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:23 executing program 1: syz_open_dev$sndmidi(0x0, 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) 16:57:23 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:23 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:23 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x200000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:23 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000002000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:23 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:23 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) 16:57:23 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:23 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2898.235480][T32554] xt_check_target: 9 callbacks suppressed [ 2898.235491][T32554] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2898.378358][T32578] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:23 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000003000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:23 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) 16:57:24 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:24 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x1000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:24 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:24 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:24 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) 16:57:24 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000004000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2898.980768][T32609] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:24 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) [ 2899.070709][T32625] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:24 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:24 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x2000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:24 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000005000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:24 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:24 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) [ 2899.523173][T32643] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:24 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r2 = socket(0x10, 0x803, 0x0) sendto(r2, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x9, 0x3, 0x330, 0x0, 0x0, 0x130, 0x260, 0x0, 0x260, 0x260, 0x260, 0x260, 0x260, 0x3, &(0x7f0000000080), {[{{@ipv6={@local, @dev={0xfe, 0x80, [], 0x23}, [0xffffff00, 0xff, 0xffffffff], [0xffffffff, 0xffffff00, 0xff, 0xff], 'veth0_to_hsr\x00', 'syzkaller1\x00', {0xff}, {0xff}, 0x2b, 0x3f, 0x0, 0xe2}, 0x0, 0xc8, 0x130}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x3, 0x5, 0x1000, 0xffffff6f, 'snmp\x00', 'syz0\x00', 0x3ff}}}, {{@uncond, 0x0, 0xc8, 0x130}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x2, 0xfff, 0x5, 0x1000, 'netbios-ns\x00', 'syz1\x00', 0xfffffffffffffffc}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x390) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x200, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg\x00', 0x61500, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:24 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(0x0, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:24 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:24 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000006000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:24 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) [ 2899.603274][T32661] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:24 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x3000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:25 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(0x0, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:25 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000007000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:25 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) 16:57:25 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2900.089540][T32687] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:25 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(0x0, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2900.166478][T32698] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:25 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x4000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2900.446405][T32713] ptrace attach of "/root/syz-executor.2"[32704] was attempted by "/root/syz-executor.2"[32713] [ 2900.551961][T32718] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:25 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x161140, 0x0) faccessat(r3, &(0x7f0000000080)='./file0\x00', 0x40, 0x1800) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:25 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000feffff07000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:25 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:25 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) 16:57:25 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2900.625278][T32725] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:25 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x5000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:25 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:26 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r1, r0) 16:57:26 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:26 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000011000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:26 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:26 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x6000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:26 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:26 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:26 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000003f000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:26 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:26 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(r1, r0) 16:57:26 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:26 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:26 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x7000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:26 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(r1, r0) 16:57:26 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000040000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:27 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:27 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:27 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$PPPIOCSFLAGS1(r5, 0x40047459, &(0x7f0000000440)=0x203000) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KDFONTOP_SET(r3, 0x4b72, &(0x7f0000000280)={0x0, 0x1, 0x1a, 0x17, 0x1a, &(0x7f0000000540)="904ed45967de5485e26833d280805da4cba81ae5e99a7e3feb6ec97e7b3e914ce8a61117053a232e0f780dc536d6a38d6251756838e6b4e57e4f0f6d6f4c6abb02661111d19d71f1eb71e90bdfdc7aea91e116fbc72b27c95f8862eea5701381969d1d3519ede847596cca569cdbeecdc7a0f80b50ae10a2d2e4cd6d0967c7aad4c23d6237e70489253010f384cdd46e4a5e51d9e75390863e3d2b6e59be813ca32a7535c6f465a373012fb5334431f359cf882cbbda8b718ec0fa8bedf51824121ff80eff21f9ae72e384b89815d708a773dcc72002cceffb819b337423168c2e1b401c5248c2d336f2c62ca0ee7d7b5c742f40ba657b79cc29bde88021bc6ff0c7b3b2c37615fd913b33817941043776edaac5712cbe391c28e93618d145bae72cfd4da07704dfd5f760f2b98a1878c629519a1a4ff6207e03ea28112b9783f6883f7d5196fbd6153b65c67d2f1d6b18df521fa5efcb891be1e34ad5af8735dc800bfce9ed55a89da44f6fbf5e564c5a433d604b49c73f84ef2942520f11e84b7ace9adece25b40f52a0a27774d4a1add91127024066ddabcdffb028c7cf54c39384d88e3fab0f9a0cc01115774e43d52ad5be6e9ec0f540bbdd0fb05a058ed347842bfd0465e5a07a1f38dddf1dc0e80926d8fc2bcdf1a75a9c2018d7c7a3625fdfb6271c3cb963e19667b62a8b493d885acc71f25ef859c13e62e00aa6cf75b75c491eb8ddfe9cab8bde9d871bf62e7909785e5e445689b315981d14d7128d4649fb9cea87118dbef3bb644b7afb4881c26a8577cc792e13fb72b5dc21256bdd586a881d5fde00dca6479480c141db5e666549532708fc1dc79258fd78aebaec39b9fef974adf24eb363cb335453ddf665f597682d41166723caae51aa3ef36c5b429b6e78d6b791b46018f69c7339c1e2078192b3a3041fc00feee230d708bfebe3c47432514e95d9df8ca3b26035da8e4b03b5080a97fcfb658129f8e4e1f260efac56e619620a117aea9f27cd2ecc53d4d90da738ca6ee729a0a58af183256b5ebf01b5f322b84e21eeed461201b439c70ab7a27af78e4ff02638662f74b2be21c1d695d1fa887772a712fdff9efde41724a92a6cbe963678d4b5ac2d1627870999570cb63a0e6badaef51c7f856a0e69fd68d9829229f268df7bd7a817889d15b3484b036cf4409b6132587d9a9b1d12cf03962b07bdc4266850f0b2098f102adc5e51b844309e40d35d34ef9b64b2aae6bc3391d6db85cb3511ee3c80db44066d9c4703397759dd54c7c9716844067592928ef6daa2b9c68bb07a92fc793e339d7c69c8df69e63d3e0c4d49b65ade90d28ffd4e3232dfae8f13d88ee041d77839595ea5afe66cbac4d77653281e53ab3873956a088b4d648afc887347fd6631a3ffc2b68a6a115f9e744638cb944d6d9e26df61c1216876e8be410a"}) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000c000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$KVM_SET_SREGS(r9, 0x4138ae84, &(0x7f0000000040)={{0x100000, 0xa002, 0x10, 0x2, 0x6, 0xc0, 0x7, 0x1f, 0x34, 0x5, 0x3, 0xff}, {0x100000, 0x0, 0x9, 0x7, 0x30, 0x7, 0x3, 0x20, 0x3, 0x73, 0xda, 0x1}, {0x2, 0x1, 0x3, 0x5, 0x7, 0xcb, 0x3, 0x6, 0x80, 0x5, 0x6, 0x8}, {0x3000, 0x0, 0xc, 0x80, 0x7, 0x5, 0x1f, 0xff, 0x3f, 0x6, 0x3}, {0x15005, 0x10000, 0x4, 0x40, 0xfc, 0x8f, 0x1, 0x2, 0xf8, 0x6, 0x40, 0x4}, {0x1000, 0xf000, 0xb, 0x3a, 0xa2, 0x1f, 0x0, 0x1f, 0xd, 0x20, 0x4, 0x7f}, {0x2, 0xf000, 0xd, 0x81, 0x81, 0x3, 0x3f, 0xff, 0x60, 0x0, 0x80, 0x21}, {0x1000, 0x0, 0x2c0ac9008f166edf, 0xff, 0x92, 0x9, 0x7, 0x2, 0x80, 0x9, 0x1f, 0x80}, {0x1, 0x2b251d0d5948486}, {0xa001, 0xf000}, 0x20000000, 0x0, 0x10000, 0x20100, 0x2, 0x0, 0x2000, [0x4, 0x6, 0xdaec, 0x33]}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r11 = dup(r10) memfd_create(&(0x7f0000000400)='\x00', 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) write$evdev(r11, &(0x7f00000001c0)=[{{0x0, 0x7530}, 0x3, 0x101, 0x3f}, {{}, 0x5f460563407151b, 0x5, 0x6}, {{r12, r13/1000+30000}, 0x11, 0x3}], 0x48) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:27 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup2(r1, r0) 16:57:27 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x7fffffe], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2902.213733][ T367] syz-executor.2 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 16:57:27 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:27 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000088000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2902.314060][ T367] CPU: 0 PID: 367 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 2902.322627][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2902.332701][ T367] Call Trace: [ 2902.336003][ T367] dump_stack+0x197/0x210 [ 2902.340336][ T367] dump_header+0x10b/0x82d [ 2902.344772][ T367] ? oom_kill_process+0x94/0x420 [ 2902.349743][ T367] oom_kill_process.cold+0x10/0x15 [ 2902.354880][ T367] out_of_memory+0x334/0x13c0 [ 2902.359592][ T367] ? find_held_lock+0x35/0x130 16:57:27 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r0) [ 2902.364384][ T367] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2902.370203][ T367] ? oom_killer_disable+0x280/0x280 [ 2902.375439][ T367] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2902.381019][ T367] ? memcg_oom_wake_function+0x700/0x700 [ 2902.386856][ T367] ? do_raw_spin_unlock+0x178/0x270 [ 2902.392076][ T367] ? _raw_spin_unlock+0x28/0x40 [ 2902.396962][ T367] try_charge+0xf76/0x14d0 [ 2902.401402][ T367] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2902.408384][ T367] ? cache_grow_begin+0x122/0xc60 [ 2902.413435][ T367] ? find_held_lock+0x35/0x130 [ 2902.418240][ T367] ? cache_grow_begin+0x122/0xc60 [ 2902.423289][ T367] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2902.428943][ T367] ? lock_downgrade+0x920/0x920 [ 2902.433816][ T367] ? memcg_kmem_put_cache+0x1a0/0x1a0 [ 2902.439206][ T367] ? __kasan_check_read+0x11/0x20 [ 2902.444453][ T367] cache_grow_begin+0x5e8/0xc60 [ 2902.449423][ T367] ? __sanitizer_cov_trace_const_cmp1+0x11/0x20 [ 2902.455688][ T367] ? mempolicy_slab_node+0x139/0x390 [ 2902.460998][ T367] fallback_alloc+0x1f8/0x2d0 [ 2902.465790][ T367] ____cache_alloc_node+0x1bc/0x1d0 [ 2902.471009][ T367] ? trace_hardirqs_off+0x62/0x240 [ 2902.476145][ T367] kmem_cache_alloc+0x1ef/0x710 [ 2902.481204][ T367] ? ratelimit_state_init+0xb0/0xb0 [ 2902.486426][ T367] ext4_alloc_inode+0x1f/0x640 [ 2902.491322][ T367] ? ratelimit_state_init+0xb0/0xb0 [ 2902.496701][ T367] alloc_inode+0x68/0x1e0 [ 2902.501057][ T367] new_inode_pseudo+0x19/0xf0 [ 2902.505754][ T367] new_inode+0x1f/0x40 [ 2902.509930][ T367] __ext4_new_inode+0x3d5/0x4f30 [ 2902.514904][ T367] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2902.521171][ T367] ? __dquot_initialize+0x525/0xd80 [ 2902.526963][ T367] ? ext4_free_inode+0x1490/0x1490 [ 2902.532109][ T367] ? dqget+0x10d0/0x10d0 [ 2902.536391][ T367] ? apparmor_task_setrlimit+0x970/0x970 [ 2902.542082][ T367] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2902.547838][ T367] ext4_symlink+0x4b7/0xf50 [ 2902.552388][ T367] ? ext4_orphan_del+0xa80/0xa80 [ 2902.557355][ T367] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 16:57:27 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r0) [ 2902.563658][ T367] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2902.570024][ T367] ? security_inode_permission+0xcb/0x100 [ 2902.575859][ T367] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2902.582201][ T367] ? security_inode_symlink+0xdb/0x110 [ 2902.587805][ T367] vfs_symlink+0x373/0x5a0 [ 2902.592252][ T367] do_symlinkat+0x22b/0x290 [ 2902.596962][ T367] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 2902.602744][ T367] ? __ia32_sys_unlink+0x50/0x50 [ 2902.607718][ T367] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2902.613219][ T367] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2902.619318][ T367] ? do_syscall_64+0x26/0x790 [ 2902.624026][ T367] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2902.629354][ T367] __x64_sys_symlink+0x59/0x80 [ 2902.634152][ T367] do_syscall_64+0xfa/0x790 [ 2902.638774][ T367] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2902.644681][ T367] RIP: 0033:0x45a577 16:57:27 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000007fffffe000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2902.648596][ T367] Code: 0f 1f 00 b8 5c 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 6d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 4d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2902.668354][ T367] RSP: 002b:00007ffc815223d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000058 [ 2902.676895][ T367] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045a577 [ 2902.684899][ T367] RDX: 00007ffc81522473 RSI: 00000000004c02c9 RDI: 00007ffc81522460 [ 2902.693003][ T367] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000013 [ 2902.700999][ T367] R10: 0000000000000075 R11: 0000000000000206 R12: 0000000000000000 [ 2902.709181][ T367] R13: 00007ffc81522410 R14: 0000000000000000 R15: 00007ffc81522420 16:57:27 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x100080, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0xe9, 0x80800) renameat(r3, &(0x7f0000000080)='./file0\x00', r4, &(0x7f0000000140)='./file0\x00') r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x9529, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x80], 0x0, 0x240000}) ioctl$KVM_RUN(r5, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:28 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2902.942726][ T367] memory: usage 307200kB, limit 307200kB, failcnt 3271 [ 2902.960424][ T367] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2903.017384][ T367] Memory cgroup stats for /syz2: [ 2903.017512][ T367] anon 254930944 [ 2903.017512][ T367] file 131072 [ 2903.017512][ T367] kernel_stack 8626176 [ 2903.017512][ T367] slab 15122432 [ 2903.017512][ T367] sock 0 [ 2903.017512][ T367] shmem 122880 [ 2903.017512][ T367] file_mapped 0 [ 2903.017512][ T367] file_dirty 0 [ 2903.017512][ T367] file_writeback 0 [ 2903.017512][ T367] anon_thp 209715200 [ 2903.017512][ T367] inactive_anon 135168 [ 2903.017512][ T367] active_anon 254930944 [ 2903.017512][ T367] inactive_file 0 [ 2903.017512][ T367] active_file 0 [ 2903.017512][ T367] unevictable 0 [ 2903.017512][ T367] slab_reclaimable 3108864 [ 2903.017512][ T367] slab_unreclaimable 12013568 [ 2903.017512][ T367] pgfault 179322 [ 2903.017512][ T367] pgmajfault 0 [ 2903.017512][ T367] workingset_refault 660 [ 2903.017512][ T367] workingset_activate 264 [ 2903.017512][ T367] workingset_nodereclaim 0 [ 2903.017512][ T367] pgrefill 12721 [ 2903.017512][ T367] pgscan 48489 [ 2903.017512][ T367] pgsteal 2082 [ 2903.131975][ T367] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31637,uid=0 [ 2903.162618][ T367] Memory cgroup out of memory: Killed process 31637 (syz-executor.2) total-vm:72584kB, anon-rss:2208kB, file-rss:35788kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 16:57:28 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:28 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r0) 16:57:28 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x11000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:28 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:28 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:28 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000002000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:28 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r0, 0xffffffffffffffff) [ 2903.437107][ T430] xt_check_target: 8 callbacks suppressed [ 2903.437128][ T430] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2903.509295][ T440] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:28 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:28 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x20000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:28 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000020000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2903.852938][ T452] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2903.863511][ T452] CPU: 1 PID: 452 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 2903.872155][ T452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2903.872164][ T452] Call Trace: [ 2903.872196][ T452] dump_stack+0x197/0x210 [ 2903.872216][ T452] dump_header+0x10b/0x82d [ 2903.872227][ T452] ? oom_kill_process+0x94/0x420 [ 2903.872244][ T452] oom_kill_process.cold+0x10/0x15 [ 2903.872259][ T452] out_of_memory+0x334/0x13c0 [ 2903.872271][ T452] ? find_held_lock+0x35/0x130 [ 2903.872292][ T452] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2903.872308][ T452] ? oom_killer_disable+0x280/0x280 [ 2903.872335][ T452] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2903.872351][ T452] ? memcg_oom_wake_function+0x700/0x700 [ 2903.872380][ T452] ? do_raw_spin_unlock+0x178/0x270 [ 2903.909846][ T452] ? _raw_spin_unlock+0x28/0x40 [ 2903.926251][ T452] try_charge+0xf76/0x14d0 [ 2903.926280][ T452] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2903.926301][ T452] ? percpu_ref_tryget+0x102/0x230 [ 2903.943354][ T452] ? rcu_read_lock_held+0x9c/0xb0 [ 2903.943374][ T452] ? __kasan_check_read+0x11/0x20 [ 2903.943398][ T452] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2903.943417][ T452] mem_cgroup_try_charge+0x136/0x590 [ 2903.943436][ T452] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2903.943455][ T452] wp_page_copy+0x407/0x1560 [ 2903.943467][ T452] ? find_held_lock+0x35/0x130 [ 2903.943484][ T452] ? follow_pfn+0x2a0/0x2a0 [ 2903.943497][ T452] ? lock_downgrade+0x920/0x920 [ 2903.943514][ T452] ? swp_swapcount+0x540/0x540 [ 2903.943536][ T452] ? do_raw_spin_unlock+0x178/0x270 [ 2903.943553][ T452] do_wp_page+0x543/0x1540 [ 2903.943574][ T452] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 2903.943599][ T452] __handle_mm_fault+0x327b/0x3da0 [ 2903.943621][ T452] ? vm_iomap_memory+0x1a0/0x1a0 [ 2903.943636][ T452] ? handle_mm_fault+0x292/0xa50 [ 2903.943660][ T452] ? handle_mm_fault+0x7a0/0xa50 [ 2903.950905][ T461] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2903.953038][ T452] ? __kasan_check_read+0x11/0x20 [ 2903.953061][ T452] handle_mm_fault+0x3b2/0xa50 [ 2903.953085][ T452] __do_page_fault+0x536/0xd80 [ 2903.953112][ T452] do_page_fault+0x38/0x590 [ 2904.055640][ T461] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2904.059288][ T452] page_fault+0x39/0x40 [ 2904.091627][ T452] RIP: 0033:0x40d008 [ 2904.095919][ T452] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 d8 2c 00 00 8b 05 02 b0 32 00 48 8b 15 73 56 66 00 83 c0 01 <89> 05 f2 af 32 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 2904.115846][ T452] RSP: 002b:00007ffc815221c0 EFLAGS: 00010202 [ 2904.121939][ T452] RAX: 0000000000000001 RBX: 0000001b2ed20014 RCX: 0000001b2fd20000 [ 2904.130018][ T452] RDX: 0000001b2ed20000 RSI: 0000000000001406 RDI: fffffffffc629406 [ 2904.138004][ T452] RBP: 0000001b2ed20018 R08: 00000000fc629406 R09: 00000000fc62940a [ 2904.146160][ T452] R10: 00007ffc81522300 R11: 0000000000000246 R12: 0000001b2ed2001c [ 2904.154583][ T452] R13: 00000000002c4ece R14: 000000000075bf20 R15: 000000000075bf2c [ 2904.197832][ T452] memory: usage 307200kB, limit 307200kB, failcnt 3306 [ 2904.204973][ T452] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2904.211927][ T452] Memory cgroup stats for /syz2: [ 2904.212116][ T452] anon 254980096 [ 2904.212116][ T452] file 131072 [ 2904.212116][ T452] kernel_stack 8736768 [ 2904.212116][ T452] slab 14987264 [ 2904.212116][ T452] sock 0 [ 2904.212116][ T452] shmem 122880 [ 2904.212116][ T452] file_mapped 0 [ 2904.212116][ T452] file_dirty 0 [ 2904.212116][ T452] file_writeback 0 [ 2904.212116][ T452] anon_thp 209715200 [ 2904.212116][ T452] inactive_anon 135168 [ 2904.212116][ T452] active_anon 254980096 [ 2904.212116][ T452] inactive_file 0 [ 2904.212116][ T452] active_file 0 [ 2904.212116][ T452] unevictable 0 [ 2904.212116][ T452] slab_reclaimable 2973696 [ 2904.212116][ T452] slab_unreclaimable 12013568 [ 2904.212116][ T452] pgfault 179487 [ 2904.212116][ T452] pgmajfault 0 [ 2904.212116][ T452] workingset_refault 660 [ 2904.212116][ T452] workingset_activate 264 [ 2904.212116][ T452] workingset_nodereclaim 0 [ 2904.212116][ T452] pgrefill 13086 [ 2904.212116][ T452] pgscan 48853 [ 2904.212116][ T452] pgsteal 2082 16:57:29 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r0, 0xffffffffffffffff) 16:57:29 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:29 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000010000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:29 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0xfffffffe, 0x0, 0x100, 0x800000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:29 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x3f000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2904.374154][ T452] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=426,uid=0 [ 2904.389833][ T452] Memory cgroup out of memory: Killed process 426 (syz-executor.2) total-vm:72584kB, anon-rss:2208kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 16:57:29 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000020000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:29 executing program 1: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup2(r0, 0xffffffffffffffff) 16:57:29 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:29 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2904.628958][ T471] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2904.723554][ T500] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:29 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000030000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:30 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:30 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x40000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:30 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:30 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:30 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10000, 0x0, 0x0, 0x0, 0x100}, 0x0, 0x3, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$net_dm(&(0x7f0000000100)='NET_DM\x00') ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x8, 0x400) fcntl$getown(r3, 0x9) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x1, 0x100000002, 0x0, 0x0, 0x0, 0x3, 0x4ce, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x1], 0x0, 0x1}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r8 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r8, 0x89a1, &(0x7f0000000180)={@remote, 0x27}) r9 = socket(0x10, 0x803, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r10 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ioctl$KVM_CHECK_EXTENSION_VM(r10, 0xae03, 0xfffffffffffffffa) r11 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x208a40, 0xcae7e45f0f5de3fd) ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f00000000c0)={r11, 0x0, 0xfffff000, 0x1000}) 16:57:30 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000040000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:30 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:30 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:30 executing program 2: socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2905.231145][ T522] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:30 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000050000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:30 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2905.328933][ T540] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:30 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$vcsu(&(0x7f0000000140)='/dev/vcsu#\x00', 0x1000, 0x200) open_tree(r2, &(0x7f0000000180)='./file0\x00', 0x1400) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) pipe(&(0x7f0000000080)={0xffffffffffffffff}) bind$alg(r3, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha256\x00'}, 0x58) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) getitimer(0x0, &(0x7f0000000040)) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x1, 0x0, 0x2]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:30 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x48000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:30 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(0x0, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:30 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:30 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000060000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:30 executing program 2: socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:30 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r2 = getpid() r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r4, r3, 0x16, &(0x7f0000000100)) ptrace(0x10, r3) ptrace$pokeuser(0x6, r4, 0x388, 0xb8) ptrace$pokeuser(0x6, r2, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:30 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:30 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000070000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2905.782825][ T567] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2905.843482][ T584] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:31 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x4c000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:31 executing program 2: socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:31 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000110000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:31 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x400000, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2, 0x1]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:31 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:31 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r2 = getpid() r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r4, r3, 0x16, &(0x7f0000000100)) ptrace(0x10, r3) ptrace$pokeuser(0x6, r4, 0x388, 0xb8) ptrace$pokeuser(0x6, r2, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:31 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000003f0000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:31 executing program 2: syz_genetlink_get_family_id$tipc(0x0) socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:31 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x60000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:31 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000400000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:31 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r2 = getpid() r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r4, r3, 0x16, &(0x7f0000000100)) ptrace(0x10, r3) ptrace$pokeuser(0x6, r4, 0x388, 0xb8) ptrace$pokeuser(0x6, r2, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:31 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x68000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:31 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:31 executing program 2: syz_genetlink_get_family_id$tipc(0x0) socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:32 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000880000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:32 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket(0x10, 0x803, 0x0) sendto(r3, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) r4 = accept$nfc_llcp(r3, &(0x7f0000000040), &(0x7f00000000c0)=0x60) shutdown(r4, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x4, 0x0, 0x4, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:32 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x6c000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:32 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:32 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r2 = getpid() r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r4, r3, 0x16, &(0x7f0000000100)) ptrace(0x10, r3) ptrace$pokeuser(0x6, r4, 0x388, 0xb8) ptrace$pokeuser(0x6, r2, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:32 executing program 2: syz_genetlink_get_family_id$tipc(0x0) socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:32 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000007fffffe0000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:32 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:32 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r2 = getpid() r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r4, r3, 0x16, &(0x7f0000000100)) ptrace(0x10, r3) ptrace$pokeuser(0x6, r4, 0x388, 0xb8) ptrace$pokeuser(0x6, r2, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:32 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000ffffffff0000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:32 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:32 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x74000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:33 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000020000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:33 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:33 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:33 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:33 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:33 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x7a000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:33 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000030000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:33 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2908.454797][ T770] xt_check_target: 11 callbacks suppressed [ 2908.454810][ T770] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:33 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:33 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:33 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:33 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x88000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:33 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000040000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2908.941057][ T797] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:34 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:34 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2909.025156][ T808] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:34 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000050000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:34 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0xfeffff07], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2909.127592][ T796] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2909.212618][ T796] CPU: 0 PID: 796 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 2909.221578][ T796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2909.231665][ T796] Call Trace: [ 2909.235069][ T796] dump_stack+0x197/0x210 [ 2909.239415][ T796] dump_header+0x10b/0x82d [ 2909.243840][ T796] ? oom_kill_process+0x94/0x420 [ 2909.248953][ T796] oom_kill_process.cold+0x10/0x15 [ 2909.254135][ T796] out_of_memory+0x334/0x13c0 [ 2909.258818][ T796] ? find_held_lock+0x35/0x130 [ 2909.263702][ T796] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2909.269533][ T796] ? oom_killer_disable+0x280/0x280 [ 2909.274776][ T796] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2909.280416][ T796] ? memcg_oom_wake_function+0x700/0x700 [ 2909.286060][ T796] ? do_raw_spin_unlock+0x178/0x270 [ 2909.291268][ T796] ? _raw_spin_unlock+0x28/0x40 [ 2909.296124][ T796] try_charge+0xf76/0x14d0 [ 2909.300995][ T796] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2909.306713][ T796] ? percpu_ref_tryget+0x102/0x230 [ 2909.311952][ T796] ? rcu_read_lock_held+0x9c/0xb0 [ 2909.317048][ T796] ? __kasan_check_read+0x11/0x20 [ 2909.322255][ T796] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2909.327806][ T796] mem_cgroup_try_charge+0x136/0x590 [ 2909.333113][ T796] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2909.338839][ T796] wp_page_copy+0x407/0x1560 [ 2909.343616][ T796] ? find_held_lock+0x35/0x130 [ 2909.348735][ T796] ? follow_pfn+0x2a0/0x2a0 [ 2909.353241][ T796] ? lock_downgrade+0x920/0x920 [ 2909.358113][ T796] ? swp_swapcount+0x540/0x540 [ 2909.363317][ T796] ? do_raw_spin_unlock+0x178/0x270 [ 2909.368544][ T796] do_wp_page+0x543/0x1540 [ 2909.373169][ T796] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 2909.378602][ T796] __handle_mm_fault+0x327b/0x3da0 [ 2909.383725][ T796] ? vm_iomap_memory+0x1a0/0x1a0 [ 2909.389061][ T796] ? handle_mm_fault+0x292/0xa50 [ 2909.394023][ T796] ? handle_mm_fault+0x7a0/0xa50 [ 2909.399753][ T796] ? __kasan_check_read+0x11/0x20 [ 2909.404871][ T796] handle_mm_fault+0x3b2/0xa50 [ 2909.409647][ T796] __do_page_fault+0x536/0xd80 [ 2909.414422][ T796] do_page_fault+0x38/0x590 [ 2909.418939][ T796] page_fault+0x39/0x40 [ 2909.423101][ T796] RIP: 0033:0x40d008 [ 2909.427024][ T796] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 d8 2c 00 00 8b 05 02 b0 32 00 48 8b 15 73 56 66 00 83 c0 01 <89> 05 f2 af 32 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 2909.446800][ T796] RSP: 002b:00007ffc815221c0 EFLAGS: 00010202 [ 2909.452868][ T796] RAX: 0000000000000001 RBX: 0000001b2ed20014 RCX: 0000001b2fd20000 16:57:34 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:34 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2909.460953][ T796] RDX: 0000001b2ed20000 RSI: 0000000000001406 RDI: fffffffffc629406 [ 2909.468921][ T796] RBP: 0000001b2ed20018 R08: 00000000fc629406 R09: 00000000fc62940a [ 2909.476897][ T796] R10: 00007ffc81522300 R11: 0000000000000246 R12: 0000001b2ed2001c [ 2909.484880][ T796] R13: 00000000002c6312 R14: 000000000075bf20 R15: 000000000075bf2c [ 2909.573607][ T796] memory: usage 307200kB, limit 307200kB, failcnt 3370 [ 2909.590039][ T796] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 16:57:34 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) keyctl$chown(0x4, 0x0, r7, r8) write$P9_RSTATu(r5, &(0x7f0000000100)={0x64, 0x7d, 0x2, {{0x0, 0x4e, 0x20, 0x3, {0x40, 0x2}, 0x0, 0x9, 0x80000000, 0x3, 0x9, '(-nodev(!', 0x9, '/dev/kvm\x00', 0x0, '', 0x9, '/dev/kvm\x00'}, 0x1, ',', r6, r8, 0xee00}}, 0x64) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:34 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r2 = getpid() r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r4, r3, 0x16, &(0x7f0000000100)) ptrace(0x10, r3) ptrace$pokeuser(0x6, r4, 0x388, 0xb8) ptrace$pokeuser(0x6, r2, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2909.711255][ T796] Memory cgroup stats for /syz2: [ 2909.711386][ T796] anon 253767680 [ 2909.711386][ T796] file 131072 [ 2909.711386][ T796] kernel_stack 8957952 [ 2909.711386][ T796] slab 14860288 [ 2909.711386][ T796] sock 0 [ 2909.711386][ T796] shmem 122880 [ 2909.711386][ T796] file_mapped 0 [ 2909.711386][ T796] file_dirty 0 [ 2909.711386][ T796] file_writeback 0 [ 2909.711386][ T796] anon_thp 207618048 [ 2909.711386][ T796] inactive_anon 135168 [ 2909.711386][ T796] active_anon 253767680 [ 2909.711386][ T796] inactive_file 0 [ 2909.711386][ T796] active_file 0 [ 2909.711386][ T796] unevictable 0 [ 2909.711386][ T796] slab_reclaimable 2973696 [ 2909.711386][ T796] slab_unreclaimable 11886592 [ 2909.711386][ T796] pgfault 180411 [ 2909.711386][ T796] pgmajfault 0 [ 2909.711386][ T796] workingset_refault 693 [ 2909.711386][ T796] workingset_activate 297 [ 2909.711386][ T796] workingset_nodereclaim 0 [ 2909.711386][ T796] pgrefill 13517 [ 2909.711386][ T796] pgscan 49252 [ 2909.711386][ T796] pgsteal 2115 [ 2909.809704][ T796] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22856,uid=0 [ 2909.829489][ T796] Memory cgroup out of memory: Killed process 22856 (syz-executor.2) total-vm:72716kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 16:57:35 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000060000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2909.860972][ T833] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2909.949691][ T848] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:35 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:35 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:35 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:35 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x20000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:35 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000070000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:35 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:35 executing program 1: syz_genetlink_get_family_id$tipc(0x0) socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:35 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:35 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2910.339062][ T873] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2910.424427][ T886] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:36 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4ce, 0xffff, 0x0, 0x2], 0x0, 0x20000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:36 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000110000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:36 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x100000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:36 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:36 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:36 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:36 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:36 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2911.074031][ T919] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:36 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2911.176278][ T936] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:36 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x200000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:36 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000880000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:36 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2911.388687][ T923] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 16:57:36 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2, 0x0, 0x6, 0x9]}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x10200, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:36 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2911.581190][ T948] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:36 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:36 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000300000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:36 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x300000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:36 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:37 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:37 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000500000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:37 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:37 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:37 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x400000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:37 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:38 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000600000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:38 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:38 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:38 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x500000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:38 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:38 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000480)='/dev/qat_adf_ctl\x00', 0x2, 0x0) r4 = socket(0x10, 0x803, 0x0) sendto(r4, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r4, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x6c, &(0x7f0000000740)={0x0, 0xa1, "81bb78e9cf926c6ac7a204ef1ab731acc7189e81ce24cbc7c91659cba71bf7a89d7b57869c906a99847e2c1026da4ed849591c3b4ef2b7e41c7fe51880d3775ae43d2e4a1dd0e7efa9eb1394d8a7ed2e8f824069cf93d6b4921d7946df094d13ed0339510c6e647a730f720e9ee78ba53a06ee867e11f421ef95857ecb89c06d324197eed949b73b56edc71c7624821a426452f5c494e15cda7fa6e405eed4ca8c"}, &(0x7f0000000800)=0xa9) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f0000000840)={r5, 0xa0, "e81584b731235f388dbff29eb63cff23b9492341531fea1c22bcfbd8c9f3e4683528d12c636037fe41ccead3bbb2531decb65684f67b5be0d58c3700d8cd24ed4ceac3cd8ea15d7892156f161e4d438c38fb6baf8b8b0fb874c27d370c79f29c643705adffe5cc0d9a03605faed482180c5f1d395356eaa9805e8c3fb9548fb4bb7c401d675a0bf5bc16ac65d9f607fe332419ede5f5aa6465c2e164d0ffdd3f"}, &(0x7f0000000900)=0xa8) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4000000004ce, 0x0, 0x0, 0x2], 0x1000, 0x4000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x20000, 0x0) sendmsg$TIPC_NL_BEARER_GET(r7, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x6002}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x104, 0x0, 0x300, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0x98, 0x5, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8001}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}]}, @TIPC_NLA_NODE={0x4}, @TIPC_NLA_LINK={0x18, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}]}, @TIPC_NLA_NODE={0x24, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x524}]}]}, 0x104}, 0x1, 0x0, 0x0, 0x20002080}, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 2912.891395][ T9266] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2912.978049][ T9266] CPU: 1 PID: 9266 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 2912.986877][ T9266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2912.997175][ T9266] Call Trace: [ 2913.000494][ T9266] dump_stack+0x197/0x210 [ 2913.004853][ T9266] dump_header+0x10b/0x82d [ 2913.009300][ T9266] ? oom_kill_process+0x94/0x420 [ 2913.014358][ T9266] oom_kill_process.cold+0x10/0x15 [ 2913.019521][ T9266] out_of_memory+0x334/0x13c0 [ 2913.024221][ T9266] ? find_held_lock+0x35/0x130 [ 2913.029017][ T9266] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2913.034948][ T9266] ? oom_killer_disable+0x280/0x280 [ 2913.040365][ T9266] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2913.046029][ T9266] ? memcg_oom_wake_function+0x700/0x700 [ 2913.051796][ T9266] ? do_raw_spin_unlock+0x178/0x270 [ 2913.057141][ T9266] ? _raw_spin_unlock+0x28/0x40 [ 2913.062119][ T9266] try_charge+0xf76/0x14d0 [ 2913.066672][ T9266] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2913.072354][ T9266] ? percpu_ref_tryget+0x102/0x230 16:57:38 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2913.077501][ T9266] ? rcu_read_lock_held+0x9c/0xb0 [ 2913.082550][ T9266] ? __kasan_check_read+0x11/0x20 [ 2913.087602][ T9266] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2913.093277][ T9266] mem_cgroup_try_charge+0x136/0x590 [ 2913.098589][ T9266] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2913.104483][ T9266] wp_page_copy+0x407/0x1560 [ 2913.109100][ T9266] ? find_held_lock+0x35/0x130 [ 2913.113981][ T9266] ? follow_pfn+0x2a0/0x2a0 [ 2913.118527][ T9266] ? lock_downgrade+0x920/0x920 [ 2913.123399][ T9266] ? swp_swapcount+0x540/0x540 16:57:38 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2913.128206][ T9266] ? do_raw_spin_unlock+0x178/0x270 [ 2913.133431][ T9266] do_wp_page+0x543/0x1540 [ 2913.137859][ T9266] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 2913.143241][ T9266] __handle_mm_fault+0x327b/0x3da0 [ 2913.143261][ T9266] ? vm_iomap_memory+0x1a0/0x1a0 [ 2913.143274][ T9266] ? handle_mm_fault+0x292/0xa50 [ 2913.143296][ T9266] ? handle_mm_fault+0x7a0/0xa50 [ 2913.143313][ T9266] ? __kasan_check_read+0x11/0x20 [ 2913.143332][ T9266] handle_mm_fault+0x3b2/0xa50 [ 2913.173298][ T9266] __do_page_fault+0x536/0xd80 [ 2913.178107][ T9266] do_page_fault+0x38/0x590 [ 2913.182814][ T9266] page_fault+0x39/0x40 [ 2913.187073][ T9266] RIP: 0033:0x458f7a [ 2913.191159][ T9266] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 2913.210869][ T9266] RSP: 002b:00007ffc81522390 EFLAGS: 00010246 [ 2913.217053][ T9266] RAX: 0000000000000000 RBX: 00007ffc81522390 RCX: 0000000000458e1a 16:57:38 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000700000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2913.225182][ T9266] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a771a8 [ 2913.233181][ T9266] RBP: 00007ffc815223d0 R08: 0000000000000001 R09: 00000000028b8940 [ 2913.241178][ T9266] R10: 00000000028b8c10 R11: 0000000000000246 R12: 00000000000000ca [ 2913.249173][ T9266] R13: 0000000000001b33 R14: 0000000000000000 R15: 00007ffc81522420 [ 2913.359318][ T9266] memory: usage 307144kB, limit 307200kB, failcnt 3401 [ 2913.368378][ T9266] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2913.378279][ T9266] Memory cgroup stats for /syz2: [ 2913.378406][ T9266] anon 252317696 [ 2913.378406][ T9266] file 131072 [ 2913.378406][ T9266] kernel_stack 9142272 [ 2913.378406][ T9266] slab 14995456 [ 2913.378406][ T9266] sock 0 [ 2913.378406][ T9266] shmem 122880 [ 2913.378406][ T9266] file_mapped 0 [ 2913.378406][ T9266] file_dirty 0 [ 2913.378406][ T9266] file_writeback 0 [ 2913.378406][ T9266] anon_thp 205520896 [ 2913.378406][ T9266] inactive_anon 135168 [ 2913.378406][ T9266] active_anon 252317696 [ 2913.378406][ T9266] inactive_file 65536 [ 2913.378406][ T9266] active_file 0 [ 2913.378406][ T9266] unevictable 0 [ 2913.378406][ T9266] slab_reclaimable 2973696 [ 2913.378406][ T9266] slab_unreclaimable 12021760 [ 2913.378406][ T9266] pgfault 181005 [ 2913.378406][ T9266] pgmajfault 0 [ 2913.378406][ T9266] workingset_refault 693 [ 2913.378406][ T9266] workingset_activate 330 [ 2913.378406][ T9266] workingset_nodereclaim 0 [ 2913.378406][ T9266] pgrefill 14259 [ 2913.378406][ T9266] pgscan 50032 [ 2913.378406][ T9266] pgsteal 2115 [ 2913.486116][ T9266] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22825,uid=0 [ 2913.496888][ T1055] xt_check_target: 5 callbacks suppressed 16:57:38 executing program 5: socket$key(0xf, 0x3, 0x2) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:38 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2913.496901][ T1055] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2913.582689][ T9266] Memory cgroup out of memory: Killed process 22825 (syz-executor.2) total-vm:72716kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2913.613545][ T1087] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:38 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x600000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:38 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r2 = getpid() r3 = getpid() r4 = getpid() rt_tgsigqueueinfo(r4, r3, 0x16, &(0x7f0000000100)) ptrace(0x10, r3) ptrace$pokeuser(0x6, r4, 0x388, 0xb8) ptrace$pokeuser(0x6, r2, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2913.799493][ T1043] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2913.832205][ T1043] CPU: 0 PID: 1043 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 2913.840947][ T1043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2913.851197][ T1043] Call Trace: [ 2913.854520][ T1043] dump_stack+0x197/0x210 [ 2913.858919][ T1043] dump_header+0x10b/0x82d [ 2913.863460][ T1043] ? oom_kill_process+0x94/0x420 [ 2913.868463][ T1043] oom_kill_process.cold+0x10/0x15 [ 2913.873603][ T1043] out_of_memory+0x334/0x13c0 [ 2913.878399][ T1043] ? oom_killer_disable+0x280/0x280 [ 2913.883807][ T1043] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2913.890407][ T1043] ? memcg_oom_wake_function+0x700/0x700 [ 2913.896162][ T1043] ? do_raw_spin_unlock+0x178/0x270 [ 2913.901380][ T1043] ? _raw_spin_unlock+0x28/0x40 [ 2913.906520][ T1043] try_charge+0xa54/0x14d0 [ 2913.910955][ T1043] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2913.916952][ T1043] ? percpu_ref_tryget+0x102/0x230 [ 2913.922124][ T1043] ? rcu_read_lock_held+0x9c/0xb0 [ 2913.927344][ T1043] ? __kasan_check_read+0x11/0x20 [ 2913.932561][ T1043] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2913.938219][ T1043] mem_cgroup_try_charge+0x136/0x590 [ 2913.943651][ T1043] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2913.949473][ T1043] wp_page_copy+0x407/0x1560 [ 2913.954152][ T1043] ? find_held_lock+0x35/0x130 [ 2913.958925][ T1043] ? follow_pfn+0x2a0/0x2a0 [ 2913.963965][ T1043] ? lock_downgrade+0x920/0x920 [ 2913.969009][ T1043] ? swp_swapcount+0x540/0x540 [ 2913.974229][ T1043] ? do_raw_spin_unlock+0x178/0x270 [ 2913.979784][ T1043] do_wp_page+0x543/0x1540 [ 2913.984404][ T1043] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 2913.989880][ T1043] __handle_mm_fault+0x327b/0x3da0 [ 2913.995091][ T1043] ? vm_iomap_memory+0x1a0/0x1a0 [ 2914.000385][ T1043] ? handle_mm_fault+0x292/0xa50 [ 2914.005429][ T1043] ? handle_mm_fault+0x7a0/0xa50 [ 2914.010383][ T1043] ? __kasan_check_read+0x11/0x20 [ 2914.015635][ T1043] handle_mm_fault+0x3b2/0xa50 [ 2914.020444][ T1043] __do_page_fault+0x536/0xd80 [ 2914.025360][ T1043] do_page_fault+0x38/0x590 [ 2914.029995][ T1043] page_fault+0x39/0x40 [ 2914.034251][ T1043] RIP: 0033:0x458e4e [ 2914.038150][ T1043] Code: 00 00 85 c0 41 89 c5 0f 85 fc 00 00 00 64 8b 04 25 d0 02 00 00 41 39 c4 0f 84 12 02 00 00 48 8b 05 d7 fa 61 00 48 85 c0 74 04 <48> 83 00 04 64 8b 04 25 d0 02 00 00 64 89 04 25 d4 02 00 00 0f 31 [ 2914.057857][ T1043] RSP: 002b:00007ffc81522390 EFLAGS: 00010206 [ 2914.063927][ T1043] RAX: 0000000000a78428 RBX: 00007ffc81522390 RCX: 0000000000458e1a [ 2914.072381][ T1043] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2914.080527][ T1043] RBP: 00007ffc815223d0 R08: 0000000000000001 R09: 00000000028b8940 [ 2914.088624][ T1043] R10: 00000000028b8c10 R11: 0000000000000246 R12: 0000000000000001 [ 2914.096692][ T1043] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc81522420 [ 2914.187973][ T1102] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2914.224387][ T1043] memory: usage 304808kB, limit 307200kB, failcnt 3401 [ 2914.234799][ T1109] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2914.243786][ T1043] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2914.261096][ T1043] Memory cgroup stats for /syz2: [ 2914.261249][ T1043] anon 250195968 [ 2914.261249][ T1043] file 131072 [ 2914.261249][ T1043] kernel_stack 9105408 [ 2914.261249][ T1043] slab 14995456 [ 2914.261249][ T1043] sock 0 [ 2914.261249][ T1043] shmem 122880 [ 2914.261249][ T1043] file_mapped 0 [ 2914.261249][ T1043] file_dirty 0 [ 2914.261249][ T1043] file_writeback 0 [ 2914.261249][ T1043] anon_thp 203423744 [ 2914.261249][ T1043] inactive_anon 135168 [ 2914.261249][ T1043] active_anon 250195968 [ 2914.261249][ T1043] inactive_file 65536 [ 2914.261249][ T1043] active_file 0 [ 2914.261249][ T1043] unevictable 0 [ 2914.261249][ T1043] slab_reclaimable 2973696 [ 2914.261249][ T1043] slab_unreclaimable 12021760 [ 2914.261249][ T1043] pgfault 181005 [ 2914.261249][ T1043] pgmajfault 0 [ 2914.261249][ T1043] workingset_refault 693 [ 2914.261249][ T1043] workingset_activate 330 [ 2914.261249][ T1043] workingset_nodereclaim 0 [ 2914.261249][ T1043] pgrefill 14259 [ 2914.261249][ T1043] pgscan 50032 [ 2914.261249][ T1043] pgsteal 2115 [ 2914.422888][ T1043] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22802,uid=0 [ 2914.453465][ T1043] Memory cgroup out of memory: Killed process 22802 (syz-executor.2) total-vm:72716kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2914.484639][ T1112] oom_reaper: reaped process 22802 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2914.583032][ T1082] QAT: Invalid ioctl [ 2914.589610][ T1125] QAT: Invalid ioctl 16:57:39 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:39 executing program 5: socket$key(0xf, 0x3, 0x2) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:39 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000001100000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:39 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x700000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:39 executing program 1: socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:39 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r2, 0x4010ae74, &(0x7f0000000040)={0xfffffba9, 0x8, 0x81}) [ 2914.796490][ T1134] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:40 executing program 5: socket$key(0xf, 0x3, 0x2) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2914.856653][ T1146] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:40 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:40 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:40 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x1100000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:40 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000002000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:40 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:40 executing program 5: sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x3ef, 0x0) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2915.315624][ T1173] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:40 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2915.408735][ T1182] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:40 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0xc5b023d8f95545f1, &(0x7f0000000040)=0x2) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:40 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000003f00000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:40 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x2000000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:40 executing program 5: sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x3ef, 0x0) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:40 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:40 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:41 executing program 5: sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x3ef, 0x0) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2915.937036][ T1216] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:41 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000004000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:41 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2916.044942][ T1232] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:41 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x3f00000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:41 executing program 1: sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x3ef, 0x0) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:41 executing program 5: socket$key(0xf, 0x3, 0x2) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x3ef, 0x0) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:41 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x3, &(0x7f0000000380)=0xffffffff) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000080)="2ef40f79fb360f005c9667660f3266b9800000c00f326635000400000f30b8a7008ed0b82a010f00d89a0020f600b853008ed80f01ca", 0x36}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:41 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000008800000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:41 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:41 executing program 5: socket$key(0xf, 0x3, 0x2) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x3ef, 0x0) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:41 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x4000000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:41 executing program 1: socket$key(0xf, 0x3, 0x2) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x3ef, 0x0) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:41 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:42 executing program 5: socket$key(0xf, 0x3, 0x2) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x3ef, 0x0) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:42 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000002000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:42 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:42 executing program 1: socket$key(0xf, 0x3, 0x2) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x3ef, 0x0) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:42 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x4800000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:42 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r5 = socket(0x10, 0x803, 0x0) r6 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0xfffffffffffffffc, 0x10000) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r3, 0x8008ae9d, &(0x7f0000000400)=""/145) perf_event_open(&(0x7f0000000140)={0x51ecf4f5533347ce, 0x70, 0x0, 0x1, 0x9, 0x2, 0x0, 0x6, 0xe8028, 0x257b945d0831675, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x8000, 0x4, @perf_bp={&(0x7f00000000c0), 0xc191ab8040bd1419}, 0x8000, 0x4, 0x10001, 0x6, 0x55ef, 0x6, 0x401}, r0, 0x5, r2, 0x1) ioctl$KVM_PPC_ALLOCATE_HTAB(r6, 0xc004aea7, &(0x7f0000000080)=0xf47) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) recvmsg(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f00000006c0)=@can={0x1d, 0x0}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000280)=""/56, 0x38}, {&(0x7f0000000740)=""/153, 0x99}], 0x2}, 0x0) sendmsg$xdp(r5, &(0x7f0000001dc0)={&(0x7f0000000880)={0x2c, 0xee1ee6496d987ae9, r7, 0x23}, 0x10, &(0x7f0000001d40)=[{&(0x7f00000008c0)="67c889d2348a33110aab0f9b241a1e5ebfd9c92a2b992620c72db04b26e66c6e876a7bcc575e02260a8c0a8ef3b5dfeca483428b2baaeda75bce6eb2d55da6efc8ea4cde8a8bee92f50de2183df77c8a7807f618e3b829d252dd44c6356f4a7f01380e81ff832249cf11b0f8f496de7a44c27cb12daa42400814e7020c8035bdb83285dee19ce2871e4cd65db9780887117f88b0da2e1faaacd904187d76dabb3ea5bd2936cb69670560216bac781e9c84c3d5473ff9433ba1af6709e37174baf5010671987d56547c0432e6af5c3e60ae4fba3263b5af8aa39e1df1a1e43f76d8d7b5b6e2f1a73a899d5f2e2e307fafc7", 0xf1}, {&(0x7f00000009c0)="c3dd292b921f9a2886b9aec26accd2072e6046571c41580f3be9902491a59dbdda11f9d8a1227554d35aab23673f1ee7b74d3a8d51281196392f3eeabeef489b761760e57c1575f78d19d6d91258dfc56cc1c88a551c5aecb8311b8a6258cc09f707678c3069e8aa9774b4a47faa9565b746771ceb06aca9636801c9a4917c875498bdd50882bfea6e372ff974f75a7f54333af971e1eb5906d6268e00c7b23f34f35939fc069fd14df19139d2f6c9d1967311b338e75619fed7e5a46e0c0979e08906bec3ce32ada5e9d2ccb1b2fc9e84f400b2e010facfcecc1af402f5a41331fc9fdf577f4069f34dd548179e7972cb1ed6a81999f7cef50de58f3f9c9f79e2dca09e56b9f6b91b39bfe98652674c7a344555f639e6f8bdcf30ddaf62d2b0083dc879249c6cb274002f9910c70a43a8b50976d4d2900dac9cb863d82d21783033f06d0d984d076eefd9716a8b5c8f85efda15129d4e37ed277e423da117535b4884da08b7d37c7494228253ec2a01932b18713840050dc4b6d3737d49d4c1fede663f4a9b52d38fd0d78834205dd4e657bfc8611210b3a04e24d47db783852a42da95c7df94c1b6acc6ef784da63ccb23864f47de1edcc9c97b0941c80fad8ac04664907dad8b894856e7dc7c8d08fc02d3d5d074c726448463178e2e642949c73508c7c712064f0489d22788d486af1483bd2c2edcfae2fcd4e7c79f4f54a1eac983811eb27444d0c92334fdc6d6444b44a6ff7724a23139d544ad5b9aa646bd70e7055d43ca69328a25deb6d46b2e5f92447d56821b0eb361dee8cafa6df9583fad14f2c432f1eb13903b8de3046ad86e7a0a6cc67c38ed9fa089d739206daf1a6d35acc6d4f09be9e80f10a846b3a29fa01c60c60e6604b8b427f0aa05128c04ba93ad94d96870da3ab39c308c0f386cb8685b328b02cdba96787cbcd4eb463c3bded70a9dcd7627372c5c7cef46f2cd30b221cc4cf3d236284744569e4332afb7b93088b6517d6efbb4d72dc6f402dd316a3d2611f48b12fb785804e1a1b9d8db57905e355e747dd80ee8aeb95c84c0a6eab32119dd7692899ad9c80879084d7fc3cb002aeb7435a6dd9171e6c8b29e026bd838b04b2a7437303e76a65f4b0a07753125c98c040587f6a9fa1e9b467050f7ff2c129684278c1a83c90667ce3ee9c3bec07668e4fc787d623dc58cd00059460cc0ba40d67a532cda07c6e10a76c4330025e1b5f7d725f3f024b454b30511a71ba583a42078994be2c1b1837b1bc33d88133b0f959dc87c323453ba1c02d88d24ba407620d3b267d51561c0ffa67a50b663a07bdc3f2521d50c42c3c65c4fd92c0ef8c54bb965d843afd837cbcdd5e7869e40e1165589157245e9c95ca3e7f7be3d4d6c24f1ec4588982ca55a4127cdbc11b5e2cb14461bd52dea38618139ee6743ff838348fb8f916ed8fb371a87857f74d8c5a3650bd64115932bff57955de1a7c9f3667e776fec3ffba60e172f7f1963c2f9a11250b4bd4772a83320da7c3c586a4df01b94b55ad244e5d04f38180a057c161f564e15ee09781aea8b6b18a0b8a2723dccc318ccb6deb055548278f880048a09faaf50f2b04c1225b1763c58a3571b8b3b84818d976a72c59a0a6eeae50eb62e46574f1f4df01016c09919bfa322ef71748693769f2dabfaca17cb5257ac2c89b00e404bd97f392e7ab0e616329b8e1a7cc8fd5bf57af1de3491fc9f01ff93ae34c8758189637ad76be936ae94044599ca7d79bf775876cd1737958c97a6bd475ea4887515a7651112aa82ff4814839c618cc2d7aa1831759c6011f8051075abba75570c81b4cac868cda952cc68aafbccad4f2ddf59c6dbb610c5e697f8466162324e9db333fd8440816da62a584d0b9d8aa9b89fe92c800e776ada72b6decbc82a7c63132fc8a5773aeb3923e2f3a9a8f127ddf7838168694e3618caa316a8e3aa5589b27e914e57bf5bb0a9cc2ffe412aeec79810971c2d26a762222f5c2013312d7bac32b1e31592099bfc7c93ddbb61da1926b4be4f008357d9360c07ebeaf1e8d03c2bfeac5311238b0c9783a7dcdde94712ba89b0f3aeb10cf8e893654070b9210f4a2df7efdcada122a5200c4880aa36320ddf959aa97249eaa49ae36247afae12327579a6a45b50cd0ec791fac6799dd6d6a70b8b6260e6a0c3f0c2c18362cf1a6ddf8dc4758c20f0ca5c2f1093b807e4b980979e50534893ad7e0085e11f9517a9b56ac3aecf0333041c374da7bbe7c9588e3fab0d3d7e5b0c236152b860d6a3d74aaebafddfaed9f53927c658bcea3b0f67e32dfdb96011e88659b47f323d702383d9fdc730dee1be0a951f53979585598da87dd7d8bf72a26e414ef5e8353a4143b7f6a962ffcc6f1f78b4c98c00c09203011b2d9d0f18139bea2bd050e491409f49bb18240f7ca849d3af02bd9eafec81522fcc09a49096a17e562dd09a9324e03a26300654641373cee9c1fe508c810fc8015ec693b0d8d4666497a0f82643239f2eb368156bda160e69f6bd4edbbe2c3f9171f6b2fcf99778a03a12521c100522bc727992812ede6c8bbede57490b4c141fc1148d1f847990f88614426b5e90ec81d4ffe84dd847497dffa197ee8d77cda1583a67a9f14c7bdbd61dd08f2f6aa0ea2e0d8692dfa985ee15900aefd44de70eccf6e4be4fa1f49c1e653e9f06d7cfb0d74f85c8bce4520604ac129637fe3aeac2adc8d727206dc76ef04ac883ddcd2aea7d0317c0ae0bccf7ae871f67c2522f6184d4b6aa3be8a2312ca03088377b3b0767c0f20cbd44db52ad476713a80898f230efb392502d7e058c6f1d413ad9118a7db371c094e3a945f569aa2a400d61cd922884c0348700163daa833e65245b0afac30f43b590c83fb0c6ace5932423868d9e2272c500ff52c7f97ad96b8050b5fd024a80a074558982240da6c0f8d06e7f717a14931fdd45e0eea177023cf0cc6237333f91c111a2bc474f4af42a95f31de98ce8bca9902dadb3ca63071d71fda90875718346415573f3a7373af6034a14ad4982a16b0850e4aa78ce62125d9bece7af1b7fb187542549f71f9d7520031fe23347bd6a34269ac3bb4ca1c2e8b9c5e1ccf45f6e148255baa356c388db6868d90f3a2100c42cce515e6a157d4f0e0f5ecaefd202405f1c68af976b6578f56778a9786571c30e901e6beaeca5d0c9d011adbe287080159a11c9aae9b7b0ea49f055df01e3d8917b2faaeee237b7c3cd5f98a338e9508c16fd3c873f8052f81a12d6ab2de161182342064b2e4e3c479509476b467503bdf076e5fb2c9a4c5a598e99ecfef7a226241548ede1e629d6c3e385eee37ce1db966c70b13f049ab75f121008a6f558b19be38b73e923defe0889c3a3f626a04d7c8972f6a3988f68b0a5020de9238153a89003ac59f7687ddc96db28ef2d29e7a72db6c5e381d372280b6b28ac77379c9690a8880b1e4a1feb6dbb7a903b69d5be88513219421a23216fd3196f3b443153e4e90ef7adb6e8eefbb8b9bf0f155437bd25ac51244945f3ceae6be46e20a59dbb6e87671c3cc77b30358ecb6c76702026556924d7677e91a839cd2befdf70606295a67813a22ded61b003ebcddb87189a976d4111983b98830ad38bdb1a7d2d478674027b87b9b90c1f94ef09340f5f8a56af54c7406c37499c9898c47a902d0eb720d43d25c90dca4e2dcfa73c978fcf4089fb42b4bcff47a4b976e3931e8619aad5d69b0f947a6f56c6986e34097847c81e970da96b9d2bfb89a4f6786747f663dd77f44d8d6bfb26a2813fad0377b536c4a52965e8ef57ab6e47cc730ad649a4b901d34d36a95c4bfce9bd1af4e4e6db9db3a1126809785577232068178988ec58508b3fc32b96e0565fb190b825fa1b2404fbf7cb95377d5a24c860faffb08c88bfaebf352ca2e92d1d6bc246ef95db0cfd871f5ca9ae77f2f8ff931034db73f72c0d902d605e9d983c3f71342a03b9582f547b0b07fd9bd103affaa9d87704aceb9120a89a6373dcd5cc3a36e5dcdef2d97a70ef3263848406b317c42dcb7543552590117ee407c40918d914a2f6b9a1d885276fb963aa4f10a838b7c73abd23c0b205811b97eadda2c670aa1cc3a1ea56289429a7511a83a7fa86574c7e93f76dd3553f74e49641fea7b369dd2df28f78c34fa71b04e7249a2366d119c0a317aaceff28cb74468eeb28a8097646fbe4bd9c8aad48ba64f2f2426fb5d86f5ac5c0919f1af1cc1b4c9ec36ee4a0fb7f8ff0e0f3f0692da3ca7ae004384829a6741b6d78d46170606c884eb00827b6756f099220e84198ca96a5550859d6971de72b47a60bc96428072e62d45298860e8c394630b19c33770cd38071c5191312b005e63c6906bfb65be119043266fe2356d135d6147748cf574af672d8f25464460e1641eb1f67f14ff17c2437ea83349a1abca322b9b8b232b3e8893977379d31b57ab315d06966951deb2f51525ea7ff3459ee9e05266b76b8bd439df1a337a365dde14d35c6e5098cdb09e6e2a32ee8bfad408c88107d2f067938e077954dc7cd9e8d5d726931b6ccd6baf5a159499e595f8bfe6f702ebc727f472e23211cd180cc31051c9e80fd60264ce7fda18ef1d269fd3c45ed56bf42162bb6db03d9f6843e6d5eeb8fd0250a28e47cee7eed4c9d8155682c0cdfa739fb588652cc70764257c9ca448d95b453bf4aec40b235d0883dafb0841edc4c2896795ddb84de5e17790a5c487d8ad6be643897c0353816acfdb1d2a18319db24421304e3f286e204906a03b66176ecc30d3c616dcd6161cd2e72eb99975aea4f848c58135d7a61a7aaea03805650ee72251db33d3190cc863185ba126c3b6a44189507c8560b93905502880178024142f3f3297ad095111ed6cd14b0b94becbda49f37b158e6830d4fbebf718fd58648df8edad73137264cf50e46c01cb9425f058e822f5f7c0a515fe1a7965a4dd083e32963f1c40b72f914f6d857362228f7e77e98669099fbc527a97121dc2f5567f68008e3ce9352bad3e58863d2b46a4870fafd3d9196981a9da921dc729bcbcfe104cfcd4db12d12cd041284a97f87f6c274225c9a77f5622758a17da06a7a10977b1a595a14cf3f0b69748aec4705b7c39c80c167aa538424d1134301f0a129d44a3bba58618f752579ac9c81f71b41cb6713f98ab48da9743a3b50c29f884d23d725df22eab4a7d85c8637f763246fe4ea36c74fe195b3c29b8c79c9c81d84494bfb06ebacdcc867697ad1d0d04d37b4cbe57dde16a42760c1ec7ca2093c68e1dc8abae6f20040b172787724c2886ed11905127463eca0ff0adeb027b2d62e8e56e0e0d75eb1633ffee6cd01d0068dc6811b0728687150db612b9f3d40af0301ce603b947958a806b331829e0b35ce9fd7f89e319560f1473157f29489814103659b568630f0f8a69c19910a2f0e4a160f27f0e91e32fa43d321b005a7e0ad42a972c3ea8c495f5f639e8ed35fad913b4d561d3351990eac6954045b11522d9b408bffafb347d4d98cfd2022a92a9c815a9c082acfa4e63ef0be3931364bdb8cb8a8c52e5b3cca5824be5a2c0ec71fc681b2aabd81012eb235a503c2ce2288a87bab6bff668d9264943c0f93a4ec5f984d2eee8cceb16d336b20db48bd945a731638b3de40e4d39a4b5b84d78d58c1f53af0e835479aab2ab5f2cfc81335ae8b845636a241e91d26ba1d4bec92f7efc3951e37ec6aee0766c8005fcf4213f981effbeb9d3a86471df012e5eb29fd53a33880b9221787a867c525c1572454155c7aae29d557e2", 0x1000}, {&(0x7f00000019c0)="f274abd7e887cf8595fad391814fd94d3273dedbb2f1747a00ebfc5c1846f11c2a58d32d9fc82cdb0f025ce5517008d0847bbe29c7a311443125b0860b6df335cd27b9c659c327987d1c9548cee57efa6970bbee780ba15127e9ba58e171eb507467b9b92d0d50ae14423c23bd6323faa15ec4a61e5e9ae1da0cbf8dc00c9826c0914bc786e525293d121552eab2", 0x8e}, {&(0x7f0000001a80)="3e0035cdc0a9d40786501c44d7e6df07a2d363ff60c2860fc3676be9580ed69c1d235fda7c981b1912d2eaef7208b1edea33ec821999c24ca61838f4abb8b333e6130a16403abf9c0ae3c8325671e099d02f1d79c8c5676dda014162e6090a6cb5ef2791df2f2df367ab2258381adf3d4983e093252e628d238cc1f8e260de3f1926820576ddb0666c5885f5c04ebf1a3444e56979728f8129536eadf4a81cbc67988231a0968d17a47cb58e572439532387f3f7677a09e262ba1177539e4b2862b03a085d28c2ef044d85407481978b749fc9388f1bc8", 0xd7}, {&(0x7f0000001b80)="ec5325440c017a0e", 0x8}, {&(0x7f0000001bc0)="b7c272fece85831cc7c28975be723859acf1ff0e5e589b6d76ed2a1ba29df52225b028ecc55d27c43f6298fae72ad24f1b46dc3255f40383c7a41939d81e3f8b186a4b3e1fa336427dcc30c82cea7fa1fd4ac5d793d418a2a8adb4afb955752a95442e4b0ca6cb5940f5c3c78a006a", 0x6f}, {&(0x7f0000001c40)="ae28d9953665c191bbe18ec478ecdefe1a4c1ae515fc32658e434248e98719201629af46cd82ee0caf055cb88e1eaa85992f6575df1f9c7d292cac1d71c90cfce752d6478c5b884e1fea7657deea686e7b1e64dab6cae4ba02a79196d6d5d8174639bc035df51d4a", 0x68}, {&(0x7f0000001cc0)="db0854e22932b7ba9c6777e190c0d33999c1d7e2bdbdc295ced519c1b40a6a4f52baad091bb43e6e213244426f64d5a8ad61934bc7c5cfe420f68bed4c3d479e8615499ddd16b0", 0x47}], 0x8, 0x0, 0x0, 0x8d831aa2fa89685e}, 0x0) 16:57:42 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:42 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:42 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000020000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:42 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x4c00000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:42 executing program 1: socket$key(0xf, 0x3, 0x2) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x3ef, 0x0) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:43 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:43 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000010000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:43 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x6000000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:43 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:43 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2918.494418][ T1386] xt_check_target: 8 callbacks suppressed [ 2918.494434][ T1386] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:43 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2918.627767][ T1402] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:44 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000000040)=0x101) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:44 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:44 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000020000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:44 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x6800000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:44 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:44 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2919.158256][ T1423] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2919.235233][ T1435] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:44 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000030000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:44 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x6c00000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:44 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:44 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2919.691483][ T1454] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2919.787929][ T1468] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:45 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:45 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000040000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:45 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_SUBDEV_G_EDID(r4, 0xc0285628, &(0x7f00000000c0)={0x0, 0x8001, 0x39d, [], &(0x7f0000000080)}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:45 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:45 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x7400000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:45 executing program 1: socket$key(0xf, 0x3, 0x2) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x3ef, 0x0) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:45 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:45 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000050000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:45 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2920.777196][ T1518] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:46 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000060000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2920.901169][ T1533] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:46 executing program 1: socket$key(0xf, 0x3, 0x2) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x3ef, 0x0) r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:46 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x7a00000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:46 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:46 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:46 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r3 = getpid() r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) prlimit64(r3, 0x2, &(0x7f0000000040)={0x2, 0x7}, &(0x7f0000000080)) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 2921.404742][ T1513] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2921.470363][ T1552] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2921.531793][ T1513] CPU: 0 PID: 1513 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 2921.540874][ T1513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2921.551263][ T1513] Call Trace: [ 2921.554839][ T1513] dump_stack+0x197/0x210 [ 2921.559065][ T1567] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2921.559468][ T1513] dump_header+0x10b/0x82d [ 2921.573163][ T1513] ? oom_kill_process+0x94/0x420 [ 2921.578239][ T1513] oom_kill_process.cold+0x10/0x15 [ 2921.583822][ T1513] out_of_memory+0x334/0x13c0 [ 2921.588746][ T1513] ? find_held_lock+0x35/0x130 [ 2921.593624][ T1513] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2921.593643][ T1513] ? oom_killer_disable+0x280/0x280 [ 2921.593664][ T1513] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2921.593678][ T1513] ? memcg_oom_wake_function+0x700/0x700 [ 2921.593698][ T1513] ? do_raw_spin_unlock+0x178/0x270 [ 2921.593720][ T1513] ? _raw_spin_unlock+0x28/0x40 [ 2921.628000][ T1513] try_charge+0xf76/0x14d0 [ 2921.632739][ T1513] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2921.638504][ T1513] ? percpu_ref_tryget+0x102/0x230 [ 2921.643847][ T1513] ? rcu_read_lock_held+0x9c/0xb0 [ 2921.649257][ T1513] ? __kasan_check_read+0x11/0x20 [ 2921.654618][ T1513] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2921.660471][ T1513] mem_cgroup_try_charge+0x136/0x590 [ 2921.665839][ T1513] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2921.671778][ T1513] wp_page_copy+0x407/0x1560 [ 2921.676457][ T1513] ? find_held_lock+0x35/0x130 [ 2921.676481][ T1513] ? follow_pfn+0x2a0/0x2a0 [ 2921.676496][ T1513] ? lock_downgrade+0x920/0x920 [ 2921.676514][ T1513] ? swp_swapcount+0x540/0x540 [ 2921.676535][ T1513] ? do_raw_spin_unlock+0x178/0x270 [ 2921.676550][ T1513] do_wp_page+0x543/0x1540 [ 2921.676584][ T1513] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 2921.712864][ T1513] __handle_mm_fault+0x327b/0x3da0 [ 2921.719106][ T1513] ? vm_iomap_memory+0x1a0/0x1a0 [ 2921.724446][ T1513] ? handle_mm_fault+0x292/0xa50 [ 2921.730198][ T1513] ? handle_mm_fault+0x7a0/0xa50 [ 2921.735169][ T1513] ? __kasan_check_read+0x11/0x20 [ 2921.740600][ T1513] handle_mm_fault+0x3b2/0xa50 [ 2921.745408][ T1513] __do_page_fault+0x536/0xd80 [ 2921.750416][ T1513] do_page_fault+0x38/0x590 [ 2921.755353][ T1513] page_fault+0x39/0x40 [ 2921.759532][ T1513] RIP: 0033:0x401c29 [ 2921.763442][ T1513] Code: 00 48 83 ec 08 48 8b 15 6d 0a 67 00 48 8b 05 5e 0a 67 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 89 38 <48> 89 15 40 0a 67 00 48 83 c4 08 c3 48 89 c6 bf e0 c0 4c 00 31 c0 [ 2921.783325][ T1513] RSP: 002b:00007ffc815221e0 EFLAGS: 00010283 [ 2921.789515][ T1513] RAX: 0000001b2ed23210 RBX: 0000000000000005 RCX: 0000001b2fd20000 [ 2921.797665][ T1513] RDX: 0000001b2ed23214 RSI: 0000000000000000 RDI: 0000000000000003 [ 2921.805759][ T1513] RBP: 00000000000003e7 R08: 00000000fc629406 R09: 00000000fc62940a [ 2921.813756][ T1513] R10: 00007ffc81522300 R11: 0000000000000246 R12: 000000000075c9a0 [ 2921.821740][ T1513] R13: 000000000075c9a0 R14: 000000000075bf20 R15: 000000000075bfd4 [ 2921.849561][ T1513] memory: usage 307200kB, limit 307200kB, failcnt 3447 [ 2921.868112][ T1513] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2921.880337][ T1513] Memory cgroup stats for /syz2: [ 2921.880473][ T1513] anon 251146240 [ 2921.880473][ T1513] file 131072 [ 2921.880473][ T1513] kernel_stack 9437184 [ 2921.880473][ T1513] slab 15130624 [ 2921.880473][ T1513] sock 0 [ 2921.880473][ T1513] shmem 122880 [ 2921.880473][ T1513] file_mapped 0 [ 2921.880473][ T1513] file_dirty 0 [ 2921.880473][ T1513] file_writeback 0 [ 2921.880473][ T1513] anon_thp 203423744 [ 2921.880473][ T1513] inactive_anon 135168 [ 2921.880473][ T1513] active_anon 251146240 [ 2921.880473][ T1513] inactive_file 65536 [ 2921.880473][ T1513] active_file 0 [ 2921.880473][ T1513] unevictable 0 [ 2921.880473][ T1513] slab_reclaimable 2973696 [ 2921.880473][ T1513] slab_unreclaimable 12156928 [ 2921.880473][ T1513] pgfault 181896 [ 2921.880473][ T1513] pgmajfault 0 [ 2921.880473][ T1513] workingset_refault 693 [ 2921.880473][ T1513] workingset_activate 330 [ 2921.880473][ T1513] workingset_nodereclaim 0 [ 2921.880473][ T1513] pgrefill 14492 [ 2921.880473][ T1513] pgscan 50303 [ 2921.880473][ T1513] pgsteal 2115 [ 2921.987106][ T1513] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=1123,uid=0 [ 2922.012399][ T1513] Memory cgroup out of memory: Killed process 1123 (syz-executor.2) total-vm:72584kB, anon-rss:2208kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 16:57:47 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:47 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:47 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0x8800000000000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:47 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000070000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:47 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:47 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x2000, 0x0) ioctl$RTC_UIE_ON(r3, 0x7003) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:47 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2922.602234][ T1609] Unknown ioctl 28675 16:57:47 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:47 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:47 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000feffff070000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:48 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0xfeffff0700000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:48 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:48 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:48 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:48 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000110000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:48 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120, 0xffffffff00000000], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:48 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2923.532234][ T1673] xt_check_target: 5 callbacks suppressed [ 2923.532249][ T1673] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2923.648088][ T1612] Unknown ioctl 28675 16:57:48 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:48 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:48 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:48 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:48 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000003f0000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:48 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x2}, 0x0, 0x6, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xe) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) getpgid(r2) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x35b, 0x4, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x6, 0x0, 0x2]}) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f0000000180)={@remote, 0x27}) r6 = dup(r5) ioctl$TCSETSW(r6, 0x5403, &(0x7f0000000080)={0x0, 0x1, 0xae, 0x9, 0x1b, 0x1, 0xf8, 0x90, 0x2, 0xfffffffb}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$KVM_SET_LAPIC(r8, 0x4400ae8f, &(0x7f0000000540)={"38d59d5152c4f0dac94eccb2eae03b69298d003836a325207293b7be7e82ca18b4121bb0295a31391da810ffa42d8c1f2274e6d409a5315aecb21159cbe6f19ad119529235f46fd9ddd7706e2b9a98d2e1989c1dee3a6622f4c855b58268f6a40bcec4b6fb8e54a085ed8024526d0a2fcaf90f81241bc808aa721eb20fb06e1e1f06f98c2c2433e1d4c34d158aa699a8d5cdc593ec198426df226bbb2af1e2001adb15687ac16ec8ddc1bf50125163c9a0aa8f8aed6b46d0edb10336b00505f3d885ba354fba13d50b69da7192b9a5a4363086a5d0276693dae2bc419590ccb045388285d456bfe0fe5301bcfdc9dd4571650913441eff94462fac334e47174674a983190bdc9ba18a7f583bfe3c8c9fb72c1e72f405004f408249d52c83a3c591b8ccef7f8d8402cba4b4848f70ae355a752ce0433e60c10d9f12b20d1bc50fb80010303b00f48cd1ce556b57811f845f5b6b12d56bc336a26e6f1dacf35e45b5eced94a47108af905ef50e8cd05d5fe331c7b1be72b962c59230f479e4c0df13c0ad3dad3067eaab71e6f455448bd525d970314e1f91d5d255fdcb87ed88eec923fbf142767fb26454b4ae750a5fdd2d0c92ba0e90a5d580ab0503c1f014d90f4007f86d77ef7952184bfbf48e7b051dfd2c4c21ef450ca7c383710e0c90df65094c70e1e7e099c4879d2b8a912e160a94fc8f8089b2faab01c61387705075600bfe1332367b107c5d1245450908756c4bc73f0335da48ceb7d9a85784bae568103e3ad4f81ddf1b8a0a09a30bd0d30ad626c5c1a9f11369bff6c682d61eeeb6d1ea8068edd86f4cf1d9def96d9d720a929f14c0c63b98af8a9dc1c3e408585afdacbed6c5458d846e2059fee85d87d2b6242337c9927b42481d739056e81272ffe1f00befacd60bd592d4210503e254fa95b6e3df8b549cbdcbb2da47de5dee776ca625bef96eac43c328661fc06a866641e92ba899737bba0a36176baf6aabf1c28d4962302ac301d05771cb1fdfd21ec22c13357f9aeb71cb5aac62ac9a0c1689587155d11acff5d90d17a8b565ad2a9c3989650ebfbb2f43c71c6c9148f220fd7651ef5190bc6a52d865eb3af020f095eb7f780768c17f94c24b4afde0fb278116f9170ae6b2a8296c62fd28f116eeb50e623a8bf8c2d7cba09a70bb150b8d5bfb1b818af0676a7bf48f5f1c8f53c0e42e9f68811e9ef925282610b3121b8dacaaf15c68c61807c59cfe4f83bf84786fa0c4d715860fcd444cdda1adee3f9ea5a3b1bbcb5d20f7cdace43e8b43879edf252f6cb1ba761e889ff0e715bce3642ad1b6d76b5d22f2292234facc3eb85a894111e8f59bdd1c61701cc465755774fae55b345829d270c8960774cb939c72a3810002c5f5bcf3f5493c31ab32a07f5c705d7b202b0bd265219e3737d2747c48d878022ba36fccc060faa0967f"}) 16:57:49 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r2 = gettid() process_vm_writev(r2, &(0x7f0000000040)=[{&(0x7f0000000080)=""/248, 0xf8}], 0x1, &(0x7f0000121000), 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0xfffffffffffffffd}, 0x800, 0x3, 0x0, 0x0, 0x100, 0xda76}, r2, 0xffffffffffffffff, r1, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) r5 = gettid() process_vm_writev(r5, &(0x7f0000000040)=[{&(0x7f0000000080)=""/248, 0xf8}], 0x1, &(0x7f0000121000), 0x0, 0x0) timer_create(0x3, &(0x7f0000000180)={0x0, 0x3b, 0x3, @tid=r5}, &(0x7f00000001c0)=0x0) timer_settime(r6, 0x2, &(0x7f0000000200), &(0x7f0000000280)) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:49 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:49 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000400000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:49 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2923.981707][ T1698] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:49 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:49 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x2, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:49 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:49 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2924.376106][ T1728] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:49 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2924.444656][ T1744] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:49 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000880000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:49 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x3, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:49 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:49 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_SET_PIT2(r4, 0x4070aea0, &(0x7f0000000040)={[{0x80, 0x8, 0x1f, 0x2, 0x3, 0x20, 0x5, 0x7, 0x0, 0x40, 0x1f, 0x7f, 0x7}, {0x0, 0xa9f, 0x7, 0x5, 0x6, 0x5, 0x3, 0x80, 0xd3, 0x8, 0x1, 0x3f, 0x101}, {0x0, 0x5, 0x4, 0x71, 0x20, 0x1, 0x84, 0x0, 0x0, 0xe8, 0xbe, 0x1, 0x4}], 0x94ff}) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x7, 0x0, 0x2]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_GET_TSC_KHZ(r5, 0xaea3) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:49 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:49 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:50 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000007fffffe0000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:50 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:50 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2924.960181][ T1767] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2925.079238][ T1786] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:50 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x4, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:50 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x0, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:50 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x0, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:50 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000010000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:50 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2925.496283][ T1810] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:50 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x0, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2925.605027][ T1822] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:51 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000140)=0x2) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = syz_open_dev$vcsu(&(0x7f0000000040)='/dev/vcsu#\x00', 0x611c, 0x42aa40) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000080)=""/124, 0x1000, 0x1000, 0x32}, 0x18) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:51 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x0, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:51 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000020000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:51 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:51 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x5, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:51 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x0, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:51 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000200000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2926.143931][ T1848] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:51 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x0, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:51 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x0, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2926.241181][ T1879] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:51 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x6, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:51 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000100feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:51 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:51 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, 0x0) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:51 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x0, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:51 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000200feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:51 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:51 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x7, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:51 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:52 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, 0x0) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:52 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000300feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:52 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x0, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:52 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) 16:57:52 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000400feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:52 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x11, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:52 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) 16:57:52 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, 0x0) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:52 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000500feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:53 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0xfd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', 0x0, 0x8}, 0x10) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) getrandom(&(0x7f0000000100)=""/105, 0x69, 0x1) 16:57:53 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:53 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x48, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:53 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000600feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:53 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0xffffffffffffffff, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:53 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:53 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000700feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:53 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x4c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:53 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2928.232017][ T1989] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2928.332711][ T1989] CPU: 1 PID: 1989 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 2928.341448][ T1989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2928.351612][ T1989] Call Trace: [ 2928.354929][ T1989] dump_stack+0x197/0x210 [ 2928.359280][ T1989] dump_header+0x10b/0x82d [ 2928.363709][ T1989] ? oom_kill_process+0x94/0x420 [ 2928.368681][ T1989] oom_kill_process.cold+0x10/0x15 [ 2928.374134][ T1989] out_of_memory+0x334/0x13c0 [ 2928.378847][ T1989] ? find_held_lock+0x35/0x130 [ 2928.383773][ T1989] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2928.389601][ T1989] ? oom_killer_disable+0x280/0x280 [ 2928.394950][ T1989] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2928.400523][ T1989] ? memcg_oom_wake_function+0x700/0x700 [ 2928.406184][ T1989] ? do_raw_spin_unlock+0x178/0x270 [ 2928.411419][ T1989] ? _raw_spin_unlock+0x28/0x40 [ 2928.416306][ T1989] try_charge+0xf76/0x14d0 [ 2928.420847][ T1989] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2928.426431][ T1989] ? percpu_ref_tryget+0x102/0x230 [ 2928.431568][ T1989] ? rcu_read_lock_held+0x9c/0xb0 [ 2928.436615][ T1989] ? __kasan_check_read+0x11/0x20 [ 2928.441665][ T1989] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2928.447232][ T1989] mem_cgroup_try_charge+0x136/0x590 [ 2928.452537][ T1989] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2928.458188][ T1989] __handle_mm_fault+0x1f1f/0x3da0 [ 2928.463426][ T1989] ? vm_iomap_memory+0x1a0/0x1a0 [ 2928.468408][ T1989] ? handle_mm_fault+0x292/0xa50 [ 2928.473404][ T1989] ? handle_mm_fault+0x7a0/0xa50 [ 2928.478365][ T1989] ? __kasan_check_read+0x11/0x20 [ 2928.483577][ T1989] handle_mm_fault+0x3b2/0xa50 [ 2928.488373][ T1989] __do_page_fault+0x536/0xd80 [ 2928.493268][ T1989] do_page_fault+0x38/0x590 [ 2928.497810][ T1989] page_fault+0x39/0x40 [ 2928.501973][ T1989] RIP: 0033:0x41203f [ 2928.505884][ T1989] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2928.525500][ T1989] RSP: 002b:00007ffc81522140 EFLAGS: 00010206 16:57:53 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000001100feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2928.531585][ T1989] RAX: 00007ff591a03000 RBX: 0000000000020000 RCX: 000000000045a89a [ 2928.539563][ T1989] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2928.539578][ T1989] RBP: 00007ffc81522220 R08: ffffffffffffffff R09: 0000000000000000 [ 2928.555531][ T1989] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc81522310 [ 2928.563521][ T1989] R13: 00007ff591a23700 R14: 0000000000000001 R15: 000000000075bfd4 16:57:53 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:53 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x100000, 0x0) perf_event_open(&(0x7f0000000080)={0x4, 0x70, 0x23, 0x6, 0x7, 0x7, 0x0, 0x1, 0x70080, 0x9, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x6, 0x5, @perf_bp={&(0x7f0000000040), 0x4}, 0x100, 0x101, 0x9, 0x9, 0x516e, 0x1, 0x800}, 0x0, 0x7, r2, 0x2) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 2928.622238][ T2014] xt_check_target: 8 callbacks suppressed [ 2928.622252][ T2014] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:53 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:53 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000003f00feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2928.740112][ T2028] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2928.762814][ T1989] memory: usage 307200kB, limit 307200kB, failcnt 3460 16:57:53 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x60, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2928.799359][ T1989] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2928.905228][ T1989] Memory cgroup stats for /syz2: [ 2928.906939][ T1989] anon 249753600 [ 2928.906939][ T1989] file 0 [ 2928.906939][ T1989] kernel_stack 9621504 [ 2928.906939][ T1989] slab 15540224 [ 2928.906939][ T1989] sock 0 [ 2928.906939][ T1989] shmem 122880 [ 2928.906939][ T1989] file_mapped 0 [ 2928.906939][ T1989] file_dirty 0 [ 2928.906939][ T1989] file_writeback 0 [ 2928.906939][ T1989] anon_thp 201326592 [ 2928.906939][ T1989] inactive_anon 135168 [ 2928.906939][ T1989] active_anon 249753600 [ 2928.906939][ T1989] inactive_file 65536 [ 2928.906939][ T1989] active_file 126976 [ 2928.906939][ T1989] unevictable 0 [ 2928.906939][ T1989] slab_reclaimable 2973696 [ 2928.906939][ T1989] slab_unreclaimable 12566528 [ 2928.906939][ T1989] pgfault 183051 [ 2928.906939][ T1989] pgmajfault 0 [ 2928.906939][ T1989] workingset_refault 693 [ 2928.906939][ T1989] workingset_activate 330 [ 2928.906939][ T1989] workingset_nodereclaim 0 [ 2928.906939][ T1989] pgrefill 14793 [ 2928.906939][ T1989] pgscan 50643 [ 2928.906939][ T1989] pgsteal 2115 16:57:54 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2929.153453][ T2047] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2929.264347][ T2057] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2929.437796][ T1989] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22783,uid=0 [ 2929.459226][ T1989] Memory cgroup out of memory: Killed process 22783 (syz-executor.2) total-vm:72716kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2929.481086][ T1112] oom_reaper: reaped process 22783 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2929.597828][ T2002] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2929.619104][ T2002] CPU: 0 PID: 2002 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 2929.628979][ T2002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2929.628987][ T2002] Call Trace: [ 2929.629016][ T2002] dump_stack+0x197/0x210 [ 2929.629037][ T2002] dump_header+0x10b/0x82d [ 2929.629053][ T2002] oom_kill_process.cold+0x10/0x15 [ 2929.629070][ T2002] out_of_memory+0x334/0x13c0 [ 2929.629082][ T2002] ? find_held_lock+0x35/0x130 [ 2929.629104][ T2002] ? oom_killer_disable+0x280/0x280 [ 2929.647009][ T2002] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2929.647028][ T2002] ? memcg_oom_wake_function+0x700/0x700 [ 2929.647060][ T2002] try_charge+0xa54/0x14d0 [ 2929.687596][ T2002] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2929.693152][ T2002] ? get_mem_cgroup_from_mm+0x139/0x310 [ 2929.698704][ T2002] ? find_held_lock+0x35/0x130 [ 2929.703590][ T2002] ? get_mem_cgroup_from_mm+0x139/0x310 [ 2929.709141][ T2002] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2929.714677][ T2002] ? memcg_kmem_put_cache+0x1a0/0x1a0 [ 2929.720132][ T2002] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2929.725754][ T2002] __memcg_kmem_charge+0x13a/0x3a0 [ 2929.730867][ T2002] copy_process+0x79d/0x7230 [ 2929.735539][ T2002] ? __kasan_check_read+0x11/0x20 [ 2929.740565][ T2002] ? mark_lock+0xc2/0x1220 [ 2929.744980][ T2002] ? __cleanup_sighand+0xc0/0xc0 [ 2929.749933][ T2002] ? __might_fault+0x12b/0x1e0 [ 2929.754784][ T2002] ? __might_fault+0x12b/0x1e0 [ 2929.759538][ T2002] _do_fork+0x146/0x1090 [ 2929.763842][ T2002] ? copy_init_mm+0x20/0x20 [ 2929.768521][ T2002] ? __kasan_check_read+0x11/0x20 [ 2929.773618][ T2002] ? _copy_to_user+0x118/0x160 [ 2929.778371][ T2002] __x64_sys_clone+0x19a/0x260 [ 2929.783212][ T2002] ? __ia32_sys_vfork+0xd0/0xd0 [ 2929.788069][ T2002] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2929.793464][ T2002] ? trace_hardirqs_on+0x67/0x240 [ 2929.798495][ T2002] do_syscall_64+0xfa/0x790 [ 2929.803208][ T2002] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2929.809198][ T2002] RIP: 0033:0x45a849 [ 2929.813097][ T2002] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2929.832806][ T2002] RSP: 002b:00007ff591a43c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2929.841306][ T2002] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a849 [ 2929.849309][ T2002] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000100 [ 2929.857305][ T2002] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2929.865277][ T2002] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff591a446d4 [ 2929.873421][ T2002] R13: 00000000004c0f51 R14: 00000000004d4c08 R15: 00000000ffffffff [ 2929.892566][ T2002] memory: usage 304840kB, limit 307200kB, failcnt 3466 [ 2929.899586][ T2002] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2929.932594][ T2002] Memory cgroup stats for /syz2: [ 2929.932891][ T2002] anon 247635968 [ 2929.932891][ T2002] file 0 [ 2929.932891][ T2002] kernel_stack 9584640 [ 2929.932891][ T2002] slab 15540224 [ 2929.932891][ T2002] sock 0 [ 2929.932891][ T2002] shmem 122880 [ 2929.932891][ T2002] file_mapped 0 [ 2929.932891][ T2002] file_dirty 0 [ 2929.932891][ T2002] file_writeback 0 [ 2929.932891][ T2002] anon_thp 199229440 [ 2929.932891][ T2002] inactive_anon 135168 [ 2929.932891][ T2002] active_anon 247635968 [ 2929.932891][ T2002] inactive_file 65536 [ 2929.932891][ T2002] active_file 126976 [ 2929.932891][ T2002] unevictable 0 [ 2929.932891][ T2002] slab_reclaimable 2973696 [ 2929.932891][ T2002] slab_unreclaimable 12566528 [ 2929.932891][ T2002] pgfault 183051 [ 2929.932891][ T2002] pgmajfault 0 [ 2929.932891][ T2002] workingset_refault 693 [ 2929.932891][ T2002] workingset_activate 330 [ 2929.932891][ T2002] workingset_nodereclaim 0 [ 2929.932891][ T2002] pgrefill 14793 [ 2929.932891][ T2002] pgscan 50643 [ 2929.932891][ T2002] pgsteal 2115 [ 2930.031510][ T2002] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22747,uid=0 16:57:55 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0xffffffffffffffff, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:55 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000004000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2930.047293][ T2002] Memory cgroup out of memory: Killed process 22747 (syz-executor.2) total-vm:72716kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 16:57:55 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x68, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:55 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SOUND_PCM_READ_RATE(r0, 0x80045002, &(0x7f0000000080)) 16:57:55 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:55 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r3, 0x84, 0x7, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl$NBD_DISCONNECT(0xffffffffffffffff, 0xab08) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r6, 0x89a1, &(0x7f0000000180)={@remote, 0x27}) dup2(r6, r3) write$P9_ROPEN(r5, &(0x7f00000000c0)={0x18, 0x71, 0x2, {{0x0, 0x4, 0x7}, 0x200}}, 0x18) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:55 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000008800feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:55 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x10, 0x1000000000000002, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)="230000005e0081aee4050c00000f00000000a300001832e0b58bc609f6d81fe1a7db51", 0x23}], 0x1}, 0x0) 16:57:55 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:55 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0xffffffffffffffff, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2930.379269][ T2080] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2930.477016][ T2101] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:55 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000007fffffe00feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:55 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x6c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:55 executing program 1: r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x0, 0x2) ioctl$VIDIOC_G_PARM(r0, 0xc0cc5615, &(0x7f0000000000)={0x4, @output}) 16:57:55 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:55 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:55 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000ffffffff00feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:56 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2930.941916][ T2123] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2931.040393][ T2139] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:56 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0xc0080, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x2de, 0x0, 0x0, 0xffffffffffffff5e) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce]}) close(0xffffffffffffffff) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 16:57:56 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000200000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:56 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:56 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x74, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:56 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:56 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000011000/0x1000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0xefe0d9867d80c7df, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r3 = socket(0x10, 0x803, 0x0) sendto(r3, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000000140)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x22}}], 0x10) 16:57:56 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r2, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2931.516104][ T2153] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2931.595897][ T2171] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:56 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000300000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:56 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x7a, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:56 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:57 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:57 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0xffffffff, 0x2) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f0000000040)={0x0, 0x1, 0x6, 0x702}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000100)={[{0x8, 0x83, 0x3f, 0x3f, 0x3, 0x7, 0x5, 0xcb, 0x4, 0x1, 0x3f, 0x6, 0xfff}, {0x2, 0xfffe, 0x6, 0x46, 0x20, 0x81, 0x1, 0x3f, 0x9, 0x8, 0x0, 0x0, 0x8}, {0x81, 0x1, 0x38, 0x27, 0x3, 0x20, 0x1, 0x0, 0x7, 0xc0, 0x0, 0x3, 0x40}], 0x88}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:57 executing program 1: fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x800000003, 0xff) connect$inet6(r0, &(0x7f0000000000), 0x1c) creat(0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x2007fff) sendfile(r1, r2, 0x0, 0x8000fffffffe) 16:57:57 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:57 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x88, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:57 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000400000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:57 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:57 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:57 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f00000000c0)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x24) 16:57:57 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x300, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:57 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000500000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:58 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:58 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x0, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:59 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r4 = socket$packet(0x11, 0x3, 0x300) bind(r4, &(0x7f0000000040)=@in6={0xa, 0x4e20, 0x2, @rand_addr="a025975feea8a0061b993cb8032b79c0", 0x3}, 0x80) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f0000000180)={@remote, 0x27}) r6 = socket(0x10, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r7 = fcntl$dupfd(r5, 0x406, r6) ioctl$RTC_PLL_GET(r7, 0x80207011, &(0x7f0000000180)) r8 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0x100080, 0x0) getsockopt$IP_VS_SO_GET_VERSION(r8, 0x0, 0x480, &(0x7f0000000280), &(0x7f00000006c0)=0x40) fcntl$notify(r2, 0x402, 0x0) getpid() r9 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r10 = socket(0x10, 0x803, 0x0) sendto(r10, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r10, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) setsockopt$inet6_int(r10, 0x29, 0x1b3f8029dfc541d1, &(0x7f0000000140)=0x1, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) r11 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control\x00', 0x7be5c67462c1ee2e, 0x0) ioctl$IMSETDEVNAME(r11, 0x80184947, &(0x7f0000000100)={0x2, 'syz1\x00'}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:57:59 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:59 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x500, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:59 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x0, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:59 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000600000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:59 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f00000000c0)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x24) 16:57:59 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2934.264985][ T2290] xt_check_target: 6 callbacks suppressed [ 2934.264998][ T2290] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:59 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000700000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2934.312851][ T2298] ptrace attach of "/root/syz-executor.2"[2282] was attempted by "/root/syz-executor.2"[2298] [ 2934.387158][ T2311] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:57:59 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_SCRNMAP(r0, 0x4b4a, 0x0) 16:57:59 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x600, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:57:59 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:57:59 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x0, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2934.848468][ T2328] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2934.973784][ T2342] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:58:00 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:00 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000001100000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000000)=""/82, 0x52}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xffffffd4, 0x0, 0x0, 0x800e0084a) shutdown(r0, 0x0) r2 = socket$inet6_sctp(0x1c, 0x5, 0x84) poll(&(0x7f0000000100)=[{}, {r2}], 0x2, 0x800100000004b) shutdown(r1, 0x0) 16:58:00 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x700, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:00 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:00 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newlink={0x68, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x48, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0x34, 0x2, [@IFLA_GRE_LOCAL={0x14, 0x6, @local}, @IFLA_GRE_REMOTE={0x14, 0x7, @local}, @gre_common_policy=[@IFLA_GRE_LINK={0x8}]]}}}]}, 0x68}}, 0x0) r5 = socket(0x10, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r6 = fcntl$dupfd(r4, 0x406, r5) ioctl$RTC_IRQP_READ(r6, 0x8008700b, &(0x7f0000000040)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 2935.299609][ T2352] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:58:00 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2935.392764][ T2367] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:58:00 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x1100, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:00 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000008800000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2935.582293][ T2350] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2935.672999][ T2350] CPU: 0 PID: 2350 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 2935.681738][ T2350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2935.691815][ T2350] Call Trace: [ 2935.695136][ T2350] dump_stack+0x197/0x210 [ 2935.699494][ T2350] dump_header+0x10b/0x82d [ 2935.703930][ T2350] ? oom_kill_process+0x94/0x420 [ 2935.708899][ T2350] oom_kill_process.cold+0x10/0x15 [ 2935.714052][ T2350] out_of_memory+0x334/0x13c0 [ 2935.719012][ T2350] ? find_held_lock+0x35/0x130 [ 2935.723805][ T2350] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2935.729999][ T2350] ? oom_killer_disable+0x280/0x280 [ 2935.735237][ T2350] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2935.740815][ T2350] ? memcg_oom_wake_function+0x700/0x700 [ 2935.746511][ T2350] ? do_raw_spin_unlock+0x178/0x270 [ 2935.751920][ T2350] ? _raw_spin_unlock+0x28/0x40 [ 2935.756904][ T2350] try_charge+0xf76/0x14d0 [ 2935.761361][ T2350] ? find_held_lock+0x35/0x130 [ 2935.766168][ T2350] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2935.771738][ T2350] ? get_mem_cgroup_from_mm+0x139/0x310 [ 2935.777316][ T2350] ? find_held_lock+0x35/0x130 [ 2935.778333][ T2389] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2935.782109][ T2350] ? get_mem_cgroup_from_mm+0x139/0x310 [ 2935.782138][ T2350] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2935.782159][ T2350] ? memcg_kmem_put_cache+0x1a0/0x1a0 [ 2935.807160][ T2350] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2935.812846][ T2350] __memcg_kmem_charge+0x13a/0x3a0 [ 2935.817993][ T2350] copy_process+0x79d/0x7230 [ 2935.822700][ T2350] ? find_held_lock+0x35/0x130 [ 2935.827595][ T2350] ? __cleanup_sighand+0xc0/0xc0 [ 2935.832558][ T2350] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2935.838746][ T2350] ? __kasan_check_read+0x11/0x20 [ 2935.843977][ T2350] ? __lock_acquire+0x8a0/0x4a00 [ 2935.848948][ T2350] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2935.854961][ T2350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2935.861236][ T2350] ? debug_smp_processor_id+0x33/0x18a [ 2935.866944][ T2350] _do_fork+0x146/0x1090 [ 2935.871366][ T2350] ? copy_init_mm+0x20/0x20 [ 2935.875911][ T2350] ? lock_downgrade+0x920/0x920 [ 2935.880800][ T2350] __x64_sys_clone+0x19a/0x260 [ 2935.885622][ T2350] ? __ia32_sys_vfork+0xd0/0xd0 [ 2935.890493][ T2350] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 2935.893018][ T2394] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2935.896396][ T2350] ? mem_cgroup_handle_over_high+0x21b/0x2a0 [ 2935.896426][ T2350] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2935.896445][ T2350] ? trace_hardirqs_on+0x67/0x240 [ 2935.896466][ T2350] do_syscall_64+0xfa/0x790 [ 2935.896488][ T2350] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2935.896500][ T2350] RIP: 0033:0x45d219 [ 2935.896524][ T2350] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2935.955232][ T2350] RSP: 002b:00007ffd510d2a78 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2935.963674][ T2350] RAX: ffffffffffffffda RBX: 00007fb49b8d7700 RCX: 000000000045d219 16:58:00 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2935.971678][ T2350] RDX: 00007fb49b8d79d0 RSI: 00007fb49b8d6db0 RDI: 00000000003d0f00 [ 2935.979805][ T2350] RBP: 00007ffd510d2c90 R08: 00007fb49b8d7700 R09: 00007fb49b8d7700 [ 2935.987827][ T2350] R10: 00007fb49b8d79d0 R11: 0000000000000202 R12: 0000000000000000 [ 2935.995847][ T2350] R13: 00007ffd510d2b2f R14: 00007fb49b8d79c0 R15: 000000000075c124 [ 2936.013069][ T2350] memory: usage 307200kB, limit 307200kB, failcnt 6704 [ 2936.020442][ T2350] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2936.029699][ T2350] Memory cgroup stats for /syz1: [ 2936.029803][ T2350] anon 225124352 [ 2936.029803][ T2350] file 98304 [ 2936.029803][ T2350] kernel_stack 13492224 [ 2936.029803][ T2350] slab 22999040 [ 2936.029803][ T2350] sock 0 [ 2936.029803][ T2350] shmem 0 [ 2936.029803][ T2350] file_mapped 135168 [ 2936.029803][ T2350] file_dirty 0 [ 2936.029803][ T2350] file_writeback 0 [ 2936.029803][ T2350] anon_thp 150994944 [ 2936.029803][ T2350] inactive_anon 0 [ 2936.029803][ T2350] active_anon 225062912 [ 2936.029803][ T2350] inactive_file 12288 [ 2936.029803][ T2350] active_file 8192 [ 2936.029803][ T2350] unevictable 0 [ 2936.029803][ T2350] slab_reclaimable 4190208 [ 2936.029803][ T2350] slab_unreclaimable 18808832 [ 2936.029803][ T2350] pgfault 158697 [ 2936.029803][ T2350] pgmajfault 0 [ 2936.029803][ T2350] workingset_refault 1023 [ 2936.029803][ T2350] workingset_activate 528 [ 2936.029803][ T2350] workingset_nodereclaim 0 [ 2936.029803][ T2350] pgrefill 10047 [ 2936.029803][ T2350] pgscan 326285 [ 2936.029803][ T2350] pgsteal 1442 [ 2936.144400][ T2350] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16551,uid=0 16:58:01 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2936.168953][ T2350] Memory cgroup out of memory: Killed process 16551 (syz-executor.1) total-vm:72716kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 16:58:01 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:01 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x2000, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) poll(&(0x7f0000000280)=[{}, {}, {}], 0x3, 0x4e) recvfrom$inet(r0, 0x0, 0xd78, 0x0, 0x0, 0x800e004b8) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0x1ea3, 0x0, 0x0, 0x800e00517) shutdown(r0, 0x0) 16:58:01 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000003000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2936.587353][ T2412] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:58:01 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:01 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x3f00, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2936.690087][ T2427] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:58:02 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$SNDRV_PCM_IOCTL_HWSYNC(r4, 0x4122, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:58:02 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000005000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:02 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) getpid() r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:02 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:02 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x4000, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2937.218673][ T2452] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2937.231046][ T2452] CPU: 1 PID: 2452 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 2937.239986][ T2452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2937.251386][ T2452] Call Trace: [ 2937.254728][ T2452] dump_stack+0x197/0x210 [ 2937.259181][ T2452] dump_header+0x10b/0x82d [ 2937.263627][ T2452] ? oom_kill_process+0x94/0x420 [ 2937.268633][ T2452] oom_kill_process.cold+0x10/0x15 [ 2937.273791][ T2452] out_of_memory+0x334/0x13c0 [ 2937.278507][ T2452] ? find_held_lock+0x35/0x130 [ 2937.283331][ T2452] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2937.289195][ T2452] ? oom_killer_disable+0x280/0x280 [ 2937.294727][ T2452] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2937.300308][ T2452] ? memcg_oom_wake_function+0x700/0x700 [ 2937.306334][ T2452] ? do_raw_spin_unlock+0x178/0x270 [ 2937.311745][ T2452] ? _raw_spin_unlock+0x28/0x40 [ 2937.316647][ T2452] try_charge+0xf76/0x14d0 [ 2937.321291][ T2452] ? find_held_lock+0x35/0x130 [ 2937.326105][ T2452] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2937.331703][ T2452] ? get_mem_cgroup_from_mm+0x139/0x310 [ 2937.337401][ T2452] ? find_held_lock+0x35/0x130 [ 2937.342227][ T2452] ? get_mem_cgroup_from_mm+0x139/0x310 [ 2937.342258][ T2452] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2937.342276][ T2452] ? memcg_kmem_put_cache+0x1a0/0x1a0 [ 2937.342297][ T2452] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2937.342315][ T2452] __memcg_kmem_charge+0x13a/0x3a0 [ 2937.342334][ T2452] __alloc_pages_nodemask+0x4f5/0x910 [ 2937.342358][ T2452] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2937.381750][ T2452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2937.388038][ T2452] ? do_huge_pmd_anonymous_page+0xceb/0x1a50 [ 2937.394051][ T2452] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2937.400323][ T2452] alloc_pages_current+0x107/0x210 [ 2937.400348][ T2452] pte_alloc_one+0x1b/0x1a0 [ 2937.400368][ T2452] __pte_alloc+0x20/0x310 [ 2937.400388][ T2452] __handle_mm_fault+0x2f6c/0x3da0 [ 2937.400410][ T2452] ? vm_iomap_memory+0x1a0/0x1a0 [ 2937.400426][ T2452] ? handle_mm_fault+0x292/0xa50 [ 2937.400449][ T2452] ? handle_mm_fault+0x7a0/0xa50 [ 2937.435460][ T2452] ? __kasan_check_read+0x11/0x20 [ 2937.440830][ T2452] handle_mm_fault+0x3b2/0xa50 [ 2937.445790][ T2452] __do_page_fault+0x536/0xd80 [ 2937.450773][ T2452] do_page_fault+0x38/0x590 [ 2937.455575][ T2452] page_fault+0x39/0x40 [ 2937.459757][ T2452] RIP: 0033:0x441a91 [ 2937.463763][ T2452] Code: 8d 15 33 c3 0a 00 8b 0c 8a 8b 04 82 29 c8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 fa 20 48 89 f8 73 77 f6 c2 01 74 0b 0f b6 0e <88> 0f 48 ff c6 48 ff c7 f6 c2 02 74 12 0f b7 0e 66 89 0f 48 83 c6 [ 2937.484308][ T2452] RSP: 002b:00007ffc81522228 EFLAGS: 00010202 [ 2937.491181][ T2452] RAX: 0000000020000080 RBX: 0000000000000000 RCX: 0000000000000054 [ 2937.499676][ T2452] RDX: 0000000000000005 RSI: 0000000000760020 RDI: 0000000020000080 [ 2937.507874][ T2452] RBP: 0000000000760000 R08: 0000000000000000 R09: 0000000000000004 16:58:02 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2937.515889][ T2452] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 2937.523966][ T2452] R13: 00007ffc81522410 R14: 0000000000760008 R15: 00007ffc81522420 [ 2937.542646][ T2452] memory: usage 307200kB, limit 307200kB, failcnt 3495 [ 2937.558215][ T2452] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2937.625126][ T2452] Memory cgroup stats for /syz2: [ 2937.625250][ T2452] anon 248340480 [ 2937.625250][ T2452] file 0 [ 2937.625250][ T2452] kernel_stack 9768960 [ 2937.625250][ T2452] slab 16084992 [ 2937.625250][ T2452] sock 0 [ 2937.625250][ T2452] shmem 122880 [ 2937.625250][ T2452] file_mapped 0 [ 2937.625250][ T2452] file_dirty 0 [ 2937.625250][ T2452] file_writeback 0 [ 2937.625250][ T2452] anon_thp 199229440 [ 2937.625250][ T2452] inactive_anon 135168 [ 2937.625250][ T2452] active_anon 248340480 16:58:02 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x4800, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:02 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000006000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:02 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r2, &(0x7f00000000c0)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x24) [ 2937.625250][ T2452] inactive_file 65536 [ 2937.625250][ T2452] active_file 0 [ 2937.625250][ T2452] unevictable 0 [ 2937.625250][ T2452] slab_reclaimable 2973696 [ 2937.625250][ T2452] slab_unreclaimable 13111296 [ 2937.625250][ T2452] pgfault 184140 [ 2937.625250][ T2452] pgmajfault 0 [ 2937.625250][ T2452] workingset_refault 693 [ 2937.625250][ T2452] workingset_activate 330 [ 2937.625250][ T2452] workingset_nodereclaim 0 [ 2937.625250][ T2452] pgrefill 15159 [ 2937.625250][ T2452] pgscan 51045 [ 2937.625250][ T2452] pgsteal 2149 [ 2937.764204][ T2452] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2136,uid=0 [ 2937.858989][ T2452] Memory cgroup out of memory: Killed process 2136 (syz-executor.2) total-vm:72584kB, anon-rss:2208kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2937.895970][ T1112] oom_reaper: reaped process 2136 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 16:58:03 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x0, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:03 executing program 1: r0 = syz_open_dev$sndpcmp(&(0x7f0000001140)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r0, 0x81204101, 0x0) 16:58:03 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x4c00, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:03 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$null(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/null\x00', 0x30c00, 0x0) setsockopt$inet_dccp_int(r1, 0x21, 0x11, &(0x7f0000000200)=0x6, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$ION_IOC_HEAP_QUERY(r4, 0xc0184908, &(0x7f0000000140)={0x34, 0x0, &(0x7f0000000100)}) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$SCSI_IOCTL_SEND_COMMAND(r9, 0x1, &(0x7f0000000400)={0x82, 0x5, 0x4, "32e09e43e04584a6ee79a301a2f5346fdff0bf93648cc79f6789ce5f38664e65e56bcf1972c287bb59e279ca0cf75e374d74c9eb7bf9666ffa90f0919e1fb3515fd3a45946cbcafe86ed5f46ad2f3cfd508b9ac81eda4aec9a4eb3ddaca2db76af07a0c7587b27daafb80bdaad159ed148b05ef332ae5d7b120c2584a4696124e4b7"}) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0, 0x1000000ea}], 0x1d7, 0x4, 0x0, 0xfc) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r10 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) get_thread_area(&(0x7f0000000180)={0xfffffff9, 0x1000, 0x1000, 0x1, 0x2, 0x0, 0x0, 0x1, 0x1}) ioctl$SNDRV_TIMER_IOCTL_INFO(r7, 0x80e85411, &(0x7f0000000040)=""/79) 16:58:03 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x6000, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:03 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) getpid() r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:03 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000007000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:03 executing program 1: r0 = syz_open_dev$sndpcmp(&(0x7f0000001140)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r0, 0x40044103, 0x0) 16:58:03 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x0, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:03 executing program 1: r0 = syz_open_dev$sndpcmp(&(0x7f0000001140)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_FORWARD(r0, 0x40084149, &(0x7f0000000000)=0x6) 16:58:03 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) getpid() r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:03 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000011000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:04 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x0, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:04 executing program 1: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x258, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYBLOB="24000000040819030000000000000000000000000800020000020000080003002f00ffed"], 0x1c1}}, 0x0) r0 = socket(0x10, 0x80002, 0xc) sendmmsg$alg(r0, &(0x7f0000000140), 0xffffffffffffff68, 0x0) 16:58:04 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x6800, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2939.078971][ T2564] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2939.097237][ T2573] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 2939.150105][ T2573] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 2939.159229][ T2564] CPU: 1 PID: 2564 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 2939.167850][ T2564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2939.178136][ T2564] Call Trace: [ 2939.181464][ T2564] dump_stack+0x197/0x210 [ 2939.185820][ T2564] dump_header+0x10b/0x82d [ 2939.190255][ T2564] ? oom_kill_process+0x94/0x420 [ 2939.195347][ T2564] oom_kill_process.cold+0x10/0x15 [ 2939.200489][ T2564] out_of_memory+0x334/0x13c0 [ 2939.205214][ T2564] ? find_held_lock+0x35/0x130 [ 2939.210029][ T2564] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2939.215955][ T2564] ? oom_killer_disable+0x280/0x280 [ 2939.221191][ T2564] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2939.227211][ T2564] ? memcg_oom_wake_function+0x700/0x700 [ 2939.232888][ T2564] ? do_raw_spin_unlock+0x178/0x270 [ 2939.238124][ T2564] ? _raw_spin_unlock+0x28/0x40 [ 2939.243001][ T2564] try_charge+0xf76/0x14d0 [ 2939.247538][ T2564] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2939.253204][ T2564] ? percpu_ref_tryget+0x102/0x230 [ 2939.258339][ T2564] ? rcu_read_lock_held+0x9c/0xb0 [ 2939.263391][ T2564] ? __kasan_check_read+0x11/0x20 [ 2939.268443][ T2564] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2939.274015][ T2564] mem_cgroup_try_charge+0x136/0x590 [ 2939.279414][ T2564] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2939.285080][ T2564] wp_page_copy+0x407/0x1560 [ 2939.289860][ T2564] ? find_held_lock+0x35/0x130 [ 2939.294670][ T2564] ? follow_pfn+0x2a0/0x2a0 [ 2939.299210][ T2564] ? lock_downgrade+0x920/0x920 [ 2939.304748][ T2564] ? swp_swapcount+0x540/0x540 [ 2939.305977][ T2579] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 2939.309547][ T2564] ? do_raw_spin_unlock+0x178/0x270 [ 2939.309571][ T2564] do_wp_page+0x543/0x1540 [ 2939.309590][ T2564] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 2939.309613][ T2564] __handle_mm_fault+0x327b/0x3da0 [ 2939.339114][ T2564] ? vm_iomap_memory+0x1a0/0x1a0 [ 2939.344283][ T2564] ? handle_mm_fault+0x292/0xa50 [ 2939.349242][ T2564] ? handle_mm_fault+0x7a0/0xa50 [ 2939.354204][ T2564] ? __kasan_check_read+0x11/0x20 [ 2939.359368][ T2564] handle_mm_fault+0x3b2/0xa50 [ 2939.364158][ T2564] __do_page_fault+0x536/0xd80 [ 2939.368958][ T2564] do_page_fault+0x38/0x590 [ 2939.373586][ T2564] page_fault+0x39/0x40 [ 2939.377806][ T2564] RIP: 0033:0x4729ee [ 2939.381713][ T2564] Code: ff 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec 28 05 00 00 48 c7 c0 d4 ff ff ff 64 8b 00 <89> 85 5c fb ff ff 8b 87 c0 00 00 00 85 c0 0f 85 ee 00 00 00 c7 87 [ 2939.396825][ T2579] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 2939.401412][ T2564] RSP: 002b:00007ffc81521c30 EFLAGS: 00010206 [ 2939.401428][ T2564] RAX: 0000000000000002 RBX: 00007ffc81522190 RCX: 0000000000000000 [ 2939.401438][ T2564] RDX: 00007ffc81522308 RSI: 00000000004c018f RDI: 00007ffc81522190 [ 2939.401447][ T2564] RBP: 00007ffc81522180 R08: 0000000000000000 R09: 00007ffc81522308 [ 2939.401456][ T2564] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc81522460 [ 2939.401464][ T2564] R13: 00000000004c018f R14: 00007ffc81522308 R15: 0000000000000001 [ 2939.540258][ T2574] xt_check_target: 10 callbacks suppressed [ 2939.540273][ T2574] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2939.642102][ T2584] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2939.770523][ T2564] memory: usage 307200kB, limit 307200kB, failcnt 3521 [ 2939.777669][ T2564] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2939.784598][ T2564] Memory cgroup stats for /syz2: [ 2939.784754][ T2564] anon 248389632 [ 2939.784754][ T2564] file 0 [ 2939.784754][ T2564] kernel_stack 9768960 [ 2939.784754][ T2564] slab 16084992 [ 2939.784754][ T2564] sock 0 [ 2939.784754][ T2564] shmem 122880 [ 2939.784754][ T2564] file_mapped 0 [ 2939.784754][ T2564] file_dirty 0 [ 2939.784754][ T2564] file_writeback 0 [ 2939.784754][ T2564] anon_thp 199229440 [ 2939.784754][ T2564] inactive_anon 135168 [ 2939.784754][ T2564] active_anon 248389632 [ 2939.784754][ T2564] inactive_file 65536 [ 2939.784754][ T2564] active_file 0 [ 2939.784754][ T2564] unevictable 0 [ 2939.784754][ T2564] slab_reclaimable 2973696 [ 2939.784754][ T2564] slab_unreclaimable 13111296 [ 2939.784754][ T2564] pgfault 184305 [ 2939.784754][ T2564] pgmajfault 0 [ 2939.784754][ T2564] workingset_refault 693 [ 2939.784754][ T2564] workingset_activate 330 [ 2939.784754][ T2564] workingset_nodereclaim 0 [ 2939.784754][ T2564] pgrefill 15324 [ 2939.784754][ T2564] pgscan 51244 [ 2939.784754][ T2564] pgsteal 2149 [ 2939.884875][ T2564] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2541,uid=0 [ 2939.900810][ T2564] Memory cgroup out of memory: Killed process 2541 (syz-executor.2) total-vm:72716kB, anon-rss:2216kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 16:58:05 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000200)='/dev/nvme-fabrics\x00', 0x400000, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r2, 0x541b, &(0x7f0000000280)) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() fstat(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$f2fs(&(0x7f0000000040)='f2fs\x00', &(0x7f0000000080)='./file0\x00', 0x7fffffff, 0x1, &(0x7f00000001c0)=[{&(0x7f00000000c0)="ff7ecad5443967991bb390478d4f6b82f2cd74fb82d1b40e5eaf0001835cb456534565f17141e6b00ad290d8a291b0dd3c2a4e8b3a093d0add23e94531d9aeb35eb206e0cb75838bf727e757fa544ff8b3d9f3a30f719b06d5117b0586b8fbd4339a6eab3b2adc32c728a330399527462d010a593a45ac84fef886958a8e9c8faad8ada74a2b900e45a46c2677ce7b448b8f9eee7505e8abecb6ff4a4349811757ce2baad9f306c9bfe30bdddec70cb1a5e3d20195b2fbb551a54de426adcb8dfcc69f0a7a9c9faccffb0b6a20889c046c17165631be057561f073abd18bd22b9844bb9a8cfcf067bc4112f13390a7b741e0e228b8", 0xf5, 0x6}], 0x8, &(0x7f0000000540)={[{@resuid={'resuid', 0x3d, r4}}, {@inline_xattr='inline_xattr'}, {@whint_mode_off='whint_mode=off'}, {@fastboot='fastboot'}, {@two_active_logs='active_logs=2'}, {@noacl='noacl'}, {@jqfmt_vfsv1='jqfmt=vfsv1'}], [{@subj_type={'subj_type'}}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'posix_acl_accessGPL\''}}, {@appraise='appraise'}, {@context={'context', 0x3d, 'unconfined_u'}}, {@pcr={'pcr', 0x3d, 0xd}}]}) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:58:05 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x0, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:05 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x0, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:05 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000020000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:05 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_procfs(0x0, &(0x7f0000000340)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa9\x9d]\xce\xaa#\x87X\xb0\xbf9\n\x9f!A&$F\x86\xfd\x17\x95me\xd0\x19G\bP5\xa4\x05\x00\xb8\xee\xb3X(\x83\xc2\xee8\\\xa5\xb1\x1aed\x94\x9b\xfb\x1d\x1f\xf2\xccr\x0fV\x88\xdf-\xd5N\x1d+ \xa5\xa1Fm\x85\v\xa1\xf87GAV\"%y\xfas\xdd9\x9e\x96R\x16\x19\xa2Y\x92z\xabc\xec\"A\x90\xcf\x83\xf2\xbb\xdb\xe1\xfb\x90JF\xa8\x80\xa9\xe0\xc8\xf3j\x03\xb4\x911.\x86\xcb\xe8\x05\xdd\x1dRV\x9d \x8c\n7\xe6\xb7ys\xcd \xb5\x92\x913\xddV\xb5\xaa\xd8\"\aj(\xe4\xfc}\xcc*\x1a,_\xb7\xf6\xa4SQ\x1c\xb3\xbe\x1e\tK\x9co\x17pR\xb5\"\xb2Jl2\x0f\xd5\xa5v9\xcc\x8c\x98\xb1\xe3\x00\xc6\n#\x82Up#\x96\xd4L\xa6\x00z\xc7\xfaF_\xf5:5\x0f\xb4sQD\x9c\x14?\x04-\xa3\xea9\xd1\xfc\x03z\x86\x14\xa4M\x8fu\xf9\xcb\xe4\xca\xd1\xf6\xba\xbd\x8dM\xb9\xb6\xc8\x94\xf2\v;\xde\xd1\xf0!\f\xb2\x1b\xb3\xba\xcaI=R7\x9c_\xcc\x8eZ\xae\xc5\xc9\x9e\xbdPMpW\xeeNt\x05S&\xdf\t\x98\xe7\xe8#\xa7\xa0\x9f>\x18e\x1c!\x01\xa8\xae-\xc7\xc1\xda#P\x03\xe4\xee\x91\x84\xd9\xf9|4\xb94\xa2\xa2V\x14\xe7\x99\xf1\xafM\xbbT\xa8\x7f\xb8M\x00\xa3X\xae\x996sb\x80M=\xd4\x9af\x8d\x8c\x16b\xe4\xb2\xb5\b\xcd+p\x9c\x88k8:8OD\vo{(\xca\xa8\xb0\x89\x18\xfa\x9f\xf7\t-\xb5\x9a\x06\xccRl\x10\xe8rc\x9a\x9e\xc85u\x7f\xe5\x05\xab\xd29\x1cV\xec\x8e\xda\xe2\xa7') r3 = openat$cgroup_ro(r2, &(0x7f0000000280)='mem\x00\x01y7\x89\xc9B\xab\xe3\xfa\x00\xef\x82\xb1^\x1d\xf5\x03\xcb\xc5\xc2@\xf4\x93\xe5\xd7s\xe4\x0e\x8b\xd2\b\xa9\"\x150\xe7-\x86\xb5\n\xee\xe6\xe8\x12\x0e\xff\xa1:\xc4\xc2\xf3\x84q\xa5\nJ\x1d\xd5\x10\xc8=\xbe\xc8\xdd\xb2r\xff\xa6\x92\xc9\xd9\x0fBNm\xaa\x7f\xd9GO\"2\x18\xf6\xbc\xfc\xac\xa4\x90\xa15\x81B:z\xb7w\x81=A\xd5yr0\r\xa7v\x10d\xb6\xe5Q\xae\xf9W\xc8\x93\xe8\x06O\x87k8I\xa6\xbb\xee\xea\xd0\x14B\xa5D\xa0\x00Q\x88\xc2\xd6\x1f\xcdo\xcb\x13\f{I^\xdc:P\xef\x01\v\x0eRZl\x926eUA\xc4\xe8\xb6\xdb\x99\xda\xf5\x9eE\xde\x11', 0x0, 0x0) write$FUSE_OPEN(0xffffffffffffffff, 0x0, 0x0) preadv(r3, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0xb50316f}], 0x1, 0x2000107c) 16:58:05 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x6c00, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2940.277134][ T2594] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2940.327426][ T2598] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2940.379475][ T2594] CPU: 0 PID: 2594 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 2940.388650][ T2594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2940.398892][ T2594] Call Trace: [ 2940.402528][ T2594] dump_stack+0x197/0x210 [ 2940.407126][ T2594] dump_header+0x10b/0x82d [ 2940.411713][ T2594] ? oom_kill_process+0x94/0x420 [ 2940.416801][ T2594] oom_kill_process.cold+0x10/0x15 [ 2940.421916][ T2594] out_of_memory+0x334/0x13c0 [ 2940.426592][ T2594] ? find_held_lock+0x35/0x130 [ 2940.431352][ T2594] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2940.437235][ T2594] ? oom_killer_disable+0x280/0x280 [ 2940.442533][ T2594] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2940.448077][ T2594] ? memcg_oom_wake_function+0x700/0x700 [ 2940.453961][ T2594] ? do_raw_spin_unlock+0x178/0x270 [ 2940.459257][ T2594] ? _raw_spin_unlock+0x28/0x40 [ 2940.464100][ T2594] try_charge+0xf76/0x14d0 [ 2940.468696][ T2594] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2940.474251][ T2594] ? percpu_ref_tryget+0x102/0x230 [ 2940.479356][ T2594] ? rcu_read_lock_held+0x9c/0xb0 [ 2940.484546][ T2594] ? __kasan_check_read+0x11/0x20 [ 2940.489565][ T2594] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2940.495197][ T2594] mem_cgroup_try_charge+0x136/0x590 [ 2940.500484][ T2594] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2940.506232][ T2594] wp_page_copy+0x407/0x1560 [ 2940.510835][ T2594] ? find_held_lock+0x35/0x130 [ 2940.515712][ T2594] ? follow_pfn+0x2a0/0x2a0 [ 2940.520311][ T2594] ? lock_downgrade+0x920/0x920 [ 2940.525493][ T2594] ? swp_swapcount+0x540/0x540 [ 2940.530275][ T2594] ? do_raw_spin_unlock+0x178/0x270 [ 2940.535480][ T2594] do_wp_page+0x543/0x1540 [ 2940.539993][ T2594] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 2940.545363][ T2594] __handle_mm_fault+0x327b/0x3da0 [ 2940.550466][ T2594] ? vm_iomap_memory+0x1a0/0x1a0 [ 2940.555389][ T2594] ? handle_mm_fault+0x292/0xa50 [ 2940.560404][ T2594] ? handle_mm_fault+0x7a0/0xa50 [ 2940.565429][ T2594] ? __kasan_check_read+0x11/0x20 [ 2940.570453][ T2594] handle_mm_fault+0x3b2/0xa50 [ 2940.575397][ T2594] __do_page_fault+0x536/0xd80 [ 2940.580195][ T2594] do_page_fault+0x38/0x590 [ 2940.584711][ T2594] page_fault+0x39/0x40 [ 2940.588876][ T2594] RIP: 0033:0x431926 [ 2940.592760][ T2594] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 a6 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 1c 58 64 00 85 c0 0f 84 [ 2940.612523][ T2594] RSP: 002b:00007ffc81522020 EFLAGS: 00010206 [ 2940.618664][ T2594] RAX: 00000000000205b1 RBX: 000000000071a640 RCX: 0000000000000121 [ 2940.627097][ T2594] RDX: 00000000028b9930 RSI: 00000000028b9a50 RDI: 0000000000000000 [ 2940.635134][ T2594] RBP: 0000000000000121 R08: ffffffffffffffff R09: 0000000000000000 [ 2940.643871][ T2594] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000071a698 [ 2940.652051][ T2594] R13: 000000000071a698 R14: 0000000000000000 R15: 0000000000002710 16:58:05 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000003f000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:05 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x0, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2940.680886][ T2594] memory: usage 307200kB, limit 307200kB, failcnt 3557 [ 2940.688421][ T2594] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2940.702099][ T2594] Memory cgroup stats for /syz2: [ 2940.727509][ T2594] anon 248352768 [ 2940.727509][ T2594] file 0 [ 2940.727509][ T2594] kernel_stack 9768960 [ 2940.727509][ T2594] slab 16084992 [ 2940.727509][ T2594] sock 0 [ 2940.727509][ T2594] shmem 122880 [ 2940.727509][ T2594] file_mapped 0 [ 2940.727509][ T2594] file_dirty 0 [ 2940.727509][ T2594] file_writeback 0 [ 2940.727509][ T2594] anon_thp 199229440 [ 2940.727509][ T2594] inactive_anon 135168 [ 2940.727509][ T2594] active_anon 248352768 [ 2940.727509][ T2594] inactive_file 65536 [ 2940.727509][ T2594] active_file 0 [ 2940.727509][ T2594] unevictable 0 [ 2940.727509][ T2594] slab_reclaimable 2973696 [ 2940.727509][ T2594] slab_unreclaimable 13111296 [ 2940.727509][ T2594] pgfault 184371 [ 2940.727509][ T2594] pgmajfault 0 [ 2940.727509][ T2594] workingset_refault 693 [ 2940.727509][ T2594] workingset_activate 330 [ 2940.727509][ T2594] workingset_nodereclaim 0 [ 2940.727509][ T2594] pgrefill 15390 [ 2940.727509][ T2594] pgscan 51311 [ 2940.727509][ T2594] pgsteal 2149 [ 2940.848631][ T2594] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=2590,uid=0 [ 2940.876359][ T2594] Memory cgroup out of memory: Killed process 2590 (syz-executor.2) total-vm:72584kB, anon-rss:2208kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2940.937537][ T2601] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2941.006681][ T2601] CPU: 1 PID: 2601 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 2941.006911][ T2627] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2941.015407][ T2601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2941.015414][ T2601] Call Trace: [ 2941.015441][ T2601] dump_stack+0x197/0x210 [ 2941.015462][ T2601] dump_header+0x10b/0x82d [ 2941.015480][ T2601] oom_kill_process.cold+0x10/0x15 [ 2941.015496][ T2601] out_of_memory+0x334/0x13c0 [ 2941.015515][ T2601] ? oom_killer_disable+0x280/0x280 [ 2941.015542][ T2601] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2941.015556][ T2601] ? memcg_oom_wake_function+0x700/0x700 [ 2941.015579][ T2601] ? do_raw_spin_unlock+0x178/0x270 [ 2941.015596][ T2601] ? _raw_spin_unlock+0x28/0x40 [ 2941.015620][ T2601] try_charge+0xf76/0x14d0 [ 2941.015648][ T2601] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2941.015662][ T2601] ? percpu_ref_tryget+0x102/0x230 [ 2941.015679][ T2601] ? rcu_read_lock_held+0x9c/0xb0 [ 2941.015697][ T2601] ? __kasan_check_read+0x11/0x20 [ 2941.015720][ T2601] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2941.114804][ T2601] mem_cgroup_try_charge+0x136/0x590 [ 2941.120238][ T2601] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2941.125864][ T2601] wp_page_copy+0x407/0x1560 [ 2941.130467][ T2601] ? find_held_lock+0x35/0x130 [ 2941.135225][ T2601] ? follow_pfn+0x2a0/0x2a0 [ 2941.140146][ T2601] ? lock_downgrade+0x920/0x920 [ 2941.144996][ T2601] ? vm_normal_page+0x15d/0x3c0 [ 2941.149832][ T2601] ? __pte_alloc_kernel+0x210/0x210 [ 2941.155018][ T2601] ? do_raw_spin_unlock+0x178/0x270 [ 2941.160292][ T2601] do_wp_page+0x543/0x1540 [ 2941.164696][ T2601] ? do_raw_spin_lock+0x12a/0x2e0 [ 2941.170397][ T2601] ? lock_acquire+0x190/0x410 [ 2941.175059][ T2601] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 2941.180433][ T2601] ? fault_around_bytes_set+0xa0/0xa0 [ 2941.185807][ T2601] __handle_mm_fault+0x327b/0x3da0 [ 2941.190909][ T2601] ? vm_iomap_memory+0x1a0/0x1a0 [ 2941.197482][ T2601] ? handle_mm_fault+0x292/0xa50 [ 2941.202413][ T2601] ? handle_mm_fault+0x7a0/0xa50 [ 2941.207340][ T2601] ? __kasan_check_read+0x11/0x20 [ 2941.212472][ T2601] handle_mm_fault+0x3b2/0xa50 [ 2941.217319][ T2601] __do_page_fault+0x536/0xd80 [ 2941.222097][ T2601] do_page_fault+0x38/0x590 [ 2941.226650][ T2601] page_fault+0x39/0x40 [ 2941.230881][ T2601] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2941.237664][ T2601] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2941.257353][ T2601] RSP: 0018:ffffc9009b777ab8 EFLAGS: 00010206 [ 2941.263408][ T2601] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000c0 [ 2941.271532][ T2601] RDX: 0000000000001000 RSI: ffff8881b4782f40 RDI: 0000000020264000 [ 2941.279515][ T2601] RBP: ffffc9009b777af0 R08: ffffed10368f0600 R09: 0000000000000000 [ 2941.287623][ T2601] R10: ffffed10368f05ff R11: ffff8881b4782fff R12: 00000000202630c0 [ 2941.295604][ T2601] R13: ffff8881b4782000 R14: 00000000202640c0 R15: 00007ffffffff000 [ 2941.303596][ T2601] ? _copy_to_user+0x146/0x160 [ 2941.308438][ T2601] mem_rw.isra.0+0x397/0x550 [ 2941.313029][ T2601] ? proc_pid_stack+0x200/0x200 [ 2941.318177][ T2601] ? security_file_permission+0x8f/0x380 [ 2941.323842][ T2601] mem_read+0x52/0x70 [ 2941.327834][ T2601] do_iter_read+0x4a4/0x660 [ 2941.332661][ T2601] ? dup_iter+0x260/0x260 [ 2941.337000][ T2601] vfs_readv+0xf0/0x160 [ 2941.341163][ T2601] ? compat_rw_copy_check_uvector+0x4c0/0x4c0 [ 2941.347228][ T2601] ? __kasan_check_read+0x11/0x20 [ 2941.352601][ T2601] ? ksys_dup3+0x3e0/0x3e0 [ 2941.357008][ T2601] ? __kasan_check_read+0x11/0x20 [ 2941.362025][ T2601] ? _copy_to_user+0x118/0x160 [ 2941.366903][ T2601] ? __fget_light+0x1a9/0x230 [ 2941.371652][ T2601] do_preadv+0x1c4/0x280 [ 2941.375905][ T2601] ? do_readv+0x330/0x330 [ 2941.380499][ T2601] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2941.385982][ T2601] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2941.391439][ T2601] ? do_syscall_64+0x26/0x790 [ 2941.396116][ T2601] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2941.402258][ T2601] ? do_syscall_64+0x26/0x790 [ 2941.406930][ T2601] __x64_sys_preadv+0x9a/0xf0 [ 2941.411611][ T2601] do_syscall_64+0xfa/0x790 [ 2941.416108][ T2601] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2941.422082][ T2601] RIP: 0033:0x45a849 [ 2941.425966][ T2601] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2941.446105][ T2601] RSP: 002b:00007fb49b939c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 2941.454512][ T2601] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a849 [ 2941.462474][ T2601] RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000006 [ 2941.470473][ T2601] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2941.478737][ T2601] R10: 000000002000107c R11: 0000000000000246 R12: 00007fb49b93a6d4 [ 2941.486729][ T2601] R13: 00000000004c8c21 R14: 00000000004e02c0 R15: 00000000ffffffff 16:58:06 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x0, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:06 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000040000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:06 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x0, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2941.642364][ T2601] memory: usage 307200kB, limit 307200kB, failcnt 6719 [ 2941.657944][ T2601] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2941.686494][ T2601] Memory cgroup stats for /syz1: [ 2941.686730][ T2601] anon 225304576 [ 2941.686730][ T2601] file 98304 [ 2941.686730][ T2601] kernel_stack 13381632 [ 2941.686730][ T2601] slab 22999040 [ 2941.686730][ T2601] sock 0 [ 2941.686730][ T2601] shmem 0 [ 2941.686730][ T2601] file_mapped 135168 [ 2941.686730][ T2601] file_dirty 0 [ 2941.686730][ T2601] file_writeback 0 [ 2941.686730][ T2601] anon_thp 148897792 [ 2941.686730][ T2601] inactive_anon 0 [ 2941.686730][ T2601] active_anon 225251328 [ 2941.686730][ T2601] inactive_file 12288 16:58:06 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x0, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2941.686730][ T2601] active_file 8192 [ 2941.686730][ T2601] unevictable 0 [ 2941.686730][ T2601] slab_reclaimable 4190208 [ 2941.686730][ T2601] slab_unreclaimable 18808832 [ 2941.686730][ T2601] pgfault 160281 [ 2941.686730][ T2601] pgmajfault 0 [ 2941.686730][ T2601] workingset_refault 1023 [ 2941.686730][ T2601] workingset_activate 528 [ 2941.686730][ T2601] workingset_nodereclaim 0 [ 2941.686730][ T2601] pgrefill 10114 [ 2941.686730][ T2601] pgscan 326351 [ 2941.686730][ T2601] pgsteal 1442 [ 2942.048140][ T2601] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=2596,uid=0 [ 2942.065961][ T2601] Memory cgroup out of memory: Killed process 2596 (syz-executor.1) total-vm:72584kB, anon-rss:2596kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2942.091246][ T1112] oom_reaper: reaped process 2596 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 16:58:07 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x3}, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:58:07 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000088000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:07 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 16:58:07 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x7400, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:07 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:07 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) syslog(0x3, &(0x7f00000000c0)=""/147, 0x37a8ec531be3c41f) open(&(0x7f0000000e00)='./file1\x00', 0x0, 0x0) mount(&(0x7f0000000280)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='mountstats\x00') r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) sendfile(r4, r3, 0x0, 0x800000080000010) 16:58:07 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2942.437140][ T2679] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:58:07 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x0) socket$nl_generic(0x10, 0x3, 0x10) [ 2942.510413][ T2697] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:58:07 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x7a00, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:07 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000020000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:07 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:08 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:08 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = socket(0x10, 0x803, 0x0) sendto(r4, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r4, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000040)={0x0, 'bond_slave_0\x00', {0x2}, 0x100}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:58:08 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 16:58:08 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x8800, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:08 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000200000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:08 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2942.927908][ T2716] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2942.981143][ T2726] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2943.408672][ T2748] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2943.506174][ T2764] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:58:08 executing program 1: tkill(0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000fbff1e100000000000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x12dc, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 16:58:08 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="300000001100010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800100005000000b17c5018da4a96b4d816c2bd88e64d354471b7881a78669b22c7729ae4773927bca19f12001719ef1ac8a1e4b7319aaa1501593d65a16222ed34557dfce7d593e7f0383bf5dd3c0c07fcc8b9f2a4411f745e051eefcf0768a41fe51cc774c88d83a6a7276951a872f97c69cb9a432569414599f5495fed24049a553a42099c60fde4a2c62cfbeaf941d7e5285177d27351dc031400123091f58d93eae12818ff6f138ff7fe560fdd669c20cde28c6bd9a59cd2a096280914c362c0a4c3fed658395c139729b0a8cfb53f44fb5a"], 0x30}}, 0x0) 16:58:08 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x200000, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:08 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:08 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000100000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:08 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:58:08 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2943.771080][ T2784] netlink: 'syz-executor.2': attribute type 16 has an invalid length. 16:58:09 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/netstat\x00') syz_kvm_setup_cpu$x86(r5, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x244, 0x0, 0x0, 0x0) 16:58:09 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:09 executing program 1: r0 = socket$inet(0x2, 0x3, 0x19) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000100)={@multicast2, @local, 0x0, 0x2, [@multicast1, @multicast1]}, 0x18) 16:58:09 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:09 executing program 1: 16:58:09 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:09 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x1000000, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:09 executing program 0: r0 = getpid() r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/netstat\x00') r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r3 = open(&(0x7f0000000180)='./file0\x00', 0x100, 0x114) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f00000001c0)={0x1, 0x0, 0x401, 0x3}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000000)={0x0, 0x3}) r6 = fcntl$dupfd(r4, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$TCSETS(r2, 0x40045431, &(0x7f00003b9fdc)) r7 = syz_open_pts(r2, 0x4000000000000002) sendfile(r7, r1, 0x0, 0x6f0a77bb) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x1a}, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$random(0xffffffffffffff9c, &(0x7f0000000200)='/dev/urandom\x00', 0x42102, 0x0) r12 = dup(r11) ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200) ioctl$KVM_REINJECT_CONTROL(r12, 0xae71, &(0x7f0000000040)={0xe1}) 16:58:09 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000300000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:09 executing program 1: 16:58:09 executing program 2: 16:58:09 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:10 executing program 1: 16:58:10 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000400000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:10 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 16:58:10 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x6c00, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:10 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2945.477591][ T2875] xt_check_target: 1 callbacks suppressed [ 2945.477604][ T2875] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2946.199947][ T2852] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2946.625063][ T2889] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:58:12 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x2000000, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:12 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 16:58:12 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000500000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:12 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x0, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:12 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:12 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x400, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000002000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe000000008500000026000000b7000000000000009500070000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r3, 0x0, 0xe, 0x0, &(0x7f0000000040)="b20408788949f63a7499", 0x0, 0x3f, 0x0, 0x75f2}, 0x28) write$P9_RCLUNK(r2, &(0x7f0000000080)={0x7, 0x79, 0x1}, 0x7) getpid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$FBIOGET_FSCREENINFO(r5, 0x4602, &(0x7f0000000140)) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x4000000000, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2, 0x0, 0xfffffffffffffffd, 0x3], 0x1b004}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 2947.020500][ T9266] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2947.085100][ T9266] CPU: 0 PID: 9266 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 2947.093779][ T9266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2947.104104][ T9266] Call Trace: [ 2947.107421][ T9266] dump_stack+0x197/0x210 [ 2947.111907][ T9266] dump_header+0x10b/0x82d [ 2947.116434][ T9266] ? oom_kill_process+0x94/0x420 [ 2947.121411][ T9266] oom_kill_process.cold+0x10/0x15 [ 2947.126554][ T9266] out_of_memory+0x334/0x13c0 [ 2947.132136][ T9266] ? find_held_lock+0x35/0x130 [ 2947.136938][ T9266] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2947.142859][ T9266] ? oom_killer_disable+0x280/0x280 [ 2947.148109][ T9266] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2947.153693][ T9266] ? memcg_oom_wake_function+0x700/0x700 [ 2947.159352][ T9266] ? do_raw_spin_unlock+0x178/0x270 [ 2947.164563][ T9266] ? _raw_spin_unlock+0x28/0x40 [ 2947.169446][ T9266] try_charge+0xf76/0x14d0 [ 2947.173898][ T9266] ? find_held_lock+0x35/0x130 [ 2947.178714][ T9266] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2947.184533][ T9266] ? get_mem_cgroup_from_mm+0x139/0x310 [ 2947.190091][ T9266] ? find_held_lock+0x35/0x130 [ 2947.194871][ T9266] ? get_mem_cgroup_from_mm+0x139/0x310 [ 2947.200437][ T9266] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2947.206104][ T9266] ? memcg_kmem_put_cache+0x1a0/0x1a0 [ 2947.211583][ T9266] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2947.217156][ T9266] __memcg_kmem_charge+0x13a/0x3a0 [ 2947.222375][ T9266] __alloc_pages_nodemask+0x4f5/0x910 [ 2947.227755][ T9266] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2947.233502][ T9266] ? copy_page_range+0x10b2/0x20b0 [ 2947.238716][ T9266] ? copy_page_range+0x10b2/0x20b0 [ 2947.243843][ T9266] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2947.250104][ T9266] alloc_pages_current+0x107/0x210 [ 2947.255222][ T9266] pte_alloc_one+0x1b/0x1a0 [ 2947.259733][ T9266] __pte_alloc+0x20/0x310 [ 2947.264072][ T9266] copy_page_range+0x1616/0x20b0 [ 2947.269256][ T9266] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2947.274900][ T9266] ? __rb_insert_augmented+0x20c/0xd90 [ 2947.280464][ T9266] ? validate_mm_rb+0xa3/0xc0 [ 2947.285140][ T9266] ? __vma_link_rb+0x5ad/0x770 [ 2947.289913][ T9266] dup_mm+0xa67/0x1430 [ 2947.294090][ T9266] ? vm_area_dup+0x170/0x170 [ 2947.298681][ T9266] ? debug_mutex_init+0x2d/0x60 [ 2947.303543][ T9266] copy_process+0x2ad6/0x7230 [ 2947.308308][ T9266] ? __kasan_check_read+0x11/0x20 [ 2947.313335][ T9266] ? mark_lock+0xc2/0x1220 [ 2947.317760][ T9266] ? do_raw_spin_unlock+0x178/0x270 [ 2947.323172][ T9266] ? __cleanup_sighand+0xc0/0xc0 [ 2947.328114][ T9266] ? __might_fault+0x12b/0x1e0 [ 2947.332883][ T9266] ? __might_fault+0x12b/0x1e0 [ 2947.337749][ T9266] _do_fork+0x146/0x1090 [ 2947.342005][ T9266] ? copy_init_mm+0x20/0x20 [ 2947.346527][ T9266] ? __kasan_check_read+0x11/0x20 [ 2947.351551][ T9266] ? _copy_to_user+0x118/0x160 [ 2947.356319][ T9266] __x64_sys_clone+0x19a/0x260 [ 2947.361100][ T9266] ? __ia32_sys_vfork+0xd0/0xd0 [ 2947.366061][ T9266] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2947.371345][ T9266] ? trace_hardirqs_on+0x67/0x240 [ 2947.376379][ T9266] do_syscall_64+0xfa/0x790 [ 2947.380887][ T9266] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2947.386860][ T9266] RIP: 0033:0x458e1a [ 2947.390776][ T9266] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2947.410383][ T9266] RSP: 002b:00007ffc81522390 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2947.418794][ T9266] RAX: ffffffffffffffda RBX: 00007ffc81522390 RCX: 0000000000458e1a [ 2947.426788][ T9266] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2947.434842][ T9266] RBP: 00007ffc815223d0 R08: 0000000000000001 R09: 00000000028b8940 [ 2947.442898][ T9266] R10: 00000000028b8c10 R11: 0000000000000246 R12: 0000000000000001 [ 2947.450867][ T9266] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc81522420 16:58:12 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x0, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2947.565680][ T9266] memory: usage 307200kB, limit 307200kB, failcnt 3659 [ 2947.575897][ T9266] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2947.583496][ T9266] Memory cgroup stats for /syz2: [ 2947.583648][ T9266] anon 246898688 [ 2947.583648][ T9266] file 0 [ 2947.583648][ T9266] kernel_stack 9916416 [ 2947.583648][ T9266] slab 16637952 [ 2947.583648][ T9266] sock 0 [ 2947.583648][ T9266] shmem 122880 [ 2947.583648][ T9266] file_mapped 0 [ 2947.583648][ T9266] file_dirty 0 [ 2947.583648][ T9266] file_writeback 0 [ 2947.583648][ T9266] anon_thp 197132288 [ 2947.583648][ T9266] inactive_anon 135168 [ 2947.583648][ T9266] active_anon 246898688 [ 2947.583648][ T9266] inactive_file 65536 [ 2947.583648][ T9266] active_file 0 [ 2947.583648][ T9266] unevictable 0 [ 2947.583648][ T9266] slab_reclaimable 2973696 [ 2947.583648][ T9266] slab_unreclaimable 13664256 [ 2947.583648][ T9266] pgfault 185064 [ 2947.583648][ T9266] pgmajfault 0 [ 2947.583648][ T9266] workingset_refault 759 [ 2947.583648][ T9266] workingset_activate 330 16:58:12 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000600000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2947.583648][ T9266] workingset_nodereclaim 0 [ 2947.583648][ T9266] pgrefill 15789 [ 2947.583648][ T9266] pgscan 51679 [ 2947.583648][ T9266] pgsteal 2182 [ 2947.760680][ T9266] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22737,uid=0 [ 2947.784708][ T9266] Memory cgroup out of memory: Killed process 22737 (syz-executor.2) total-vm:72716kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 16:58:13 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:13 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x0, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:13 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 16:58:13 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000700000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2949.704264][ T2933] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2950.169279][ T2908] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:58:16 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x3000000, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:16 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:16 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:16 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x0, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:16 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000feffff0700000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:16 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0xfffffffffffffe28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) timer_create(0x0, &(0x7f0000000740)={0x0, 0x10000, 0x1, @thr={&(0x7f0000000040)="bb4c3b17ef3421a724fee31ca58cc75bf4d6bbf7d08710a3d2200bddd93100185013b306cf183102e1483f311b4f6f9eabcc161995c12647f3b5029ea52a07b6ab9735bd882e1591106492516b05ed8bdac425f7f047665bdd775a22a459cbf0a02e0c429a2c", &(0x7f00000000c0)="0005866bdc6874f945bf222b52cfc0acb3462f2bee7d8d1e83c751f49703683665876ae989899d1b55ae18825bb07dfc24f7ef90b7327c118dca591f651cfb45302dcc19a04a1b062810a2398548d2fccd50b4fd01627da7760861e06b51c962380d989b8c6affa7a94a27f229f3a5877482a44385afac886111005faa7e4afe55b60f416bb8166b07859e2093e36a011bcc8159a8992ba44e8cbc7ac8a23a06a5485571af811be7e559d0c18c3add5a51c2c3dc3073b18bb615d6a78366d5b6c858f0f6b88f8de97223a73f22b7d2d6a66bbd7cb00db874a3579a44"}}, &(0x7f0000000200)=0x0) timer_settime(r4, 0x0, &(0x7f0000000280)={{0x77359400}, {0x77359400}}, &(0x7f0000000400)) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000780)={[0x7fff, 0x5, 0x0, 0x0, 0x80000000, 0x4, 0x4ce, 0xf0, 0xfff, 0x2, 0x0, 0x0, 0x1000006, 0x3, 0x0, 0x7], 0x0, 0x8000}) r5 = socket(0x10, 0x803, 0x0) sendto(r5, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) fstat(r5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) keyctl$chown(0x4, 0x0, r7, r8) socket(0x10, 0x2, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x20e, &(0x7f0000000000)={&(0x7f0000000840)=ANY=[@ANYBLOB="680000001000050700"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000048001200100001006970366772657461700000003400020014000600fe8000000000000000000000000000aa14000700fe800000ee94e6e52e1c67340862dff5f061c27cc60d8744f6bf81ca64f73e295c5700f3be686ddd476e0c2110e67b28e47713ea11016dc13a33a8893aa82f856ddf3abfc9401e2bb881186bae666705a147fb860c44abb4e6340803e22a8acb01a8", @ANYRES32=0x0], 0x68}}, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) lsetxattr$system_posix_acl(&(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000240)='system.posix_acl_default\x00', &(0x7f00000006c0)={{}, {0x1, 0x3}, [{0x2, 0x0, r7}, {0x2, 0x4}, {0x2, 0x1, 0xee01}, {0x2, 0xb}], {0x4, 0xf}, [{0x8, 0x6, r10}]}, 0x4c, 0x2) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0x58) keyctl$chown(0x4, 0x0, r11, r12) r13 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r13, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) r15 = getuid() lsetxattr$system_posix_acl(&(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000240)='system.posix_acl_default\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000010002000000000002000000", @ANYRES32=r11, @ANYBLOB="02b90400", @ANYRES32=0x0, @ANYBLOB="02000200", @ANYRES32=r15, @ANYBLOB="02000b00", @ANYRES32=0x0, @ANYBLOB="0400a0000000000010000000000000002000000000000000"], 0x44, 0x2) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) keyctl$chown(0x4, 0x0, r16, r17) getgroups(0x6, &(0x7f0000000540)=[r14, r17, 0x0, 0xffffffffffffffff, 0xee01, 0xee01]) setresgid(r6, r10, r18) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:58:16 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r3 = getpid() r4 = getpid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$pokeuser(0x6, r5, 0x388, 0xb8) ptrace$pokeuser(0x6, r3, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:16 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000001100000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:16 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x0, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2951.163443][ T2980] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 16:58:16 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2951.438326][ T2980] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 16:58:16 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:16 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2960.251143][ T9245] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2960.289281][ T9245] CPU: 0 PID: 9245 Comm: syz-fuzzer Not tainted 5.5.0-rc1-syzkaller #0 [ 2960.297585][ T9245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2960.307762][ T9245] Call Trace: [ 2960.311109][ T9245] dump_stack+0x197/0x210 [ 2960.315553][ T9245] dump_header+0x10b/0x82d [ 2960.319972][ T9245] ? oom_kill_process+0x94/0x420 [ 2960.325011][ T9245] oom_kill_process.cold+0x10/0x15 [ 2960.330280][ T9245] out_of_memory+0x334/0x13c0 [ 2960.335057][ T9245] ? oom_killer_disable+0x280/0x280 [ 2960.340261][ T9245] ? mutex_trylock+0x264/0x2f0 [ 2960.345028][ T9245] ? __alloc_pages_slowpath+0xca3/0x2920 [ 2960.350679][ T9245] __alloc_pages_slowpath+0x222b/0x2920 [ 2960.356367][ T9245] ? warn_alloc+0x110/0x110 [ 2960.360880][ T9245] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2960.367236][ T9245] ? should_fail+0x1de/0x852 [ 2960.371846][ T9245] ? __kasan_check_read+0x11/0x20 [ 2960.376994][ T9245] __alloc_pages_nodemask+0x646/0x910 [ 2960.382429][ T9245] ? xas_descend+0x144/0x370 [ 2960.387307][ T9245] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2960.393059][ T9245] ? __kasan_check_read+0x11/0x20 [ 2960.398117][ T9245] ? find_get_entry+0x4a6/0x7a0 [ 2960.403077][ T9245] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2960.409338][ T9245] alloc_pages_current+0x107/0x210 [ 2960.414564][ T9245] __page_cache_alloc+0x29d/0x490 [ 2960.419601][ T9245] pagecache_get_page+0x27e/0x9e0 [ 2960.424727][ T9245] ? __kasan_check_read+0x11/0x20 [ 2960.429940][ T9245] filemap_fault+0x9b1/0x3180 [ 2960.434634][ T9245] ? mark_held_locks+0xf0/0xf0 [ 2960.439423][ T9245] ? read_cache_page_gfp+0x30/0x30 [ 2960.444804][ T9245] ? __kasan_check_write+0x14/0x20 [ 2960.449939][ T9245] ? down_read+0x109/0x430 [ 2960.454372][ T9245] ? down_read_killable+0x490/0x490 [ 2960.459613][ T9245] ? find_lock_entry+0x650/0x650 [ 2960.464565][ T9245] ? pmd_val+0x85/0x100 [ 2960.468822][ T9245] ext4_filemap_fault+0x86/0xb2 [ 2960.473690][ T9245] __do_fault+0x111/0x540 [ 2960.478034][ T9245] __handle_mm_fault+0x2943/0x3da0 [ 2960.483344][ T9245] ? vm_iomap_memory+0x1a0/0x1a0 [ 2960.488329][ T9245] ? handle_mm_fault+0x292/0xa50 [ 2960.493281][ T9245] ? handle_mm_fault+0x7a0/0xa50 [ 2960.498232][ T9245] ? __kasan_check_read+0x11/0x20 [ 2960.503267][ T9245] handle_mm_fault+0x3b2/0xa50 [ 2960.508057][ T9245] __do_page_fault+0x536/0xd80 [ 2960.512845][ T9245] do_page_fault+0x38/0x590 [ 2960.517393][ T9245] page_fault+0x39/0x40 [ 2960.521567][ T9245] RIP: 0033:0x4375fe [ 2960.525477][ T9245] Code: Bad RIP value. [ 2960.529550][ T9245] RSP: 002b:000000c420037f38 EFLAGS: 00010297 [ 2960.535621][ T9245] RAX: 0000000000002710 RBX: 0000000000000013 RCX: 000000000000006a [ 2960.543708][ T9245] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2960.551685][ T9245] RBP: 000000c420037fb0 R08: 000000c420037f18 R09: 0000000000000000 [ 2960.559663][ T9245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000430120 [ 2960.567639][ T9245] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000000 [ 2960.585334][ T9245] Mem-Info: [ 2960.589753][ T9245] active_anon:364174 inactive_anon:214 isolated_anon:0 [ 2960.589753][ T9245] active_file:15 inactive_file:58 isolated_file:0 [ 2960.589753][ T9245] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2960.589753][ T9245] slab_reclaimable:16305 slab_unreclaimable:109191 [ 2960.589753][ T9245] mapped:52227 shmem:284 pagetables:31744 bounce:0 [ 2960.589753][ T9245] free:24202 free_pcp:79 free_cma:0 [ 2960.628338][ T9245] Node 0 active_anon:1342348kB inactive_anon:836kB active_file:24kB inactive_file:80kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208908kB dirty:0kB writeback:0kB shmem:1116kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 710656kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2960.657992][ T9245] Node 1 active_anon:114348kB inactive_anon:20kB active_file:36kB inactive_file:224kB unevictable:0kB isolated(anon):0kB isolated(file):104kB mapped:100kB dirty:0kB writeback:0kB shmem:20kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2960.689443][ T9245] Node 0 DMA free:10356kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1620kB inactive_anon:0kB active_file:0kB inactive_file:44kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:52kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2960.719864][ T9245] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 2960.726630][ T9245] Node 0 DMA32 free:38428kB min:44296kB low:53320kB high:62344kB reserved_highatomic:2048KB active_anon:1340728kB inactive_anon:836kB active_file:24kB inactive_file:76kB unevictable:0kB writepending:0kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31664kB pagetables:81236kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2960.760006][ T9245] lowmem_reserve[]: 0 0 0 0 0 [ 2960.767628][ T9245] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2960.801262][ T9245] lowmem_reserve[]: 0 0 0 0 0 [ 2960.806089][ T9245] Node 1 Normal free:53768kB min:53780kB low:67224kB high:80668kB reserved_highatomic:0KB active_anon:114348kB inactive_anon:20kB active_file:540kB inactive_file:12kB unevictable:0kB writepending:0kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14160kB pagetables:45688kB bounce:0kB free_pcp:504kB local_pcp:0kB free_cma:0kB [ 2960.837899][ T9245] lowmem_reserve[]: 0 0 0 0 0 [ 2960.842870][ T9245] Node 0 DMA: 87*4kB (UME) 17*8kB (UME) 26*16kB (UME) 8*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10372kB [ 2960.859906][ T9245] Node 0 DMA32: 5458*4kB (UME) 1656*8kB (UMEH) 151*16kB (UMH) 28*32kB (UMH) 2*64kB (H) 2*128kB (H) 1*256kB (H) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 39032kB [ 2960.875966][ T9245] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2960.888323][ T9245] Node 1 Normal: 1200*4kB (UME) 388*8kB (UME) 150*16kB (UME) 60*32kB (UME) 43*64kB (ME) 25*128kB (UME) 16*256kB (UME) 14*512kB (ME) 24*1024kB (UM) 0*2048kB 0*4096kB = 54016kB [ 2960.908947][ T9245] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2960.919677][ T9245] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2960.929306][ T9245] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2960.939050][ T9245] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2960.948658][ T9245] 374 total pagecache pages [ 2960.953372][ T9245] 0 pages in swap cache [ 2960.957740][ T9245] Swap cache stats: add 0, delete 0, find 0/0 [ 2960.964089][ T9245] Free swap = 0kB [ 2960.967808][ T9245] Total swap = 0kB [ 2960.971691][ T9245] 1965979 pages RAM [ 2960.975801][ T9245] 0 pages HighMem/MovableOnly [ 2960.980766][ T9245] 344068 pages reserved [ 2960.985103][ T9245] 0 pages cma reserved [ 2960.989302][ T9245] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/syz5,task=syz-executor.5,pid=32196,uid=0 [ 2961.010343][ T9245] Out of memory: Killed process 32196 (syz-executor.5) total-vm:73376kB, anon-rss:4308kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2961.033698][ T1112] oom_reaper: reaped process 32196 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2963.076510][ T9245] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2963.130298][ T9245] CPU: 0 PID: 9245 Comm: syz-fuzzer Not tainted 5.5.0-rc1-syzkaller #0 [ 2963.138609][ T9245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2963.148764][ T9245] Call Trace: [ 2963.152113][ T9245] dump_stack+0x197/0x210 [ 2963.156551][ T9245] dump_header+0x10b/0x82d [ 2963.161073][ T9245] ? oom_kill_process+0x94/0x420 [ 2963.166028][ T9245] oom_kill_process.cold+0x10/0x15 [ 2963.172551][ T9245] out_of_memory+0x334/0x13c0 [ 2963.177263][ T9245] ? oom_killer_disable+0x280/0x280 [ 2963.182465][ T9245] ? mutex_trylock+0x264/0x2f0 [ 2963.187369][ T9245] ? __alloc_pages_slowpath+0xca3/0x2920 [ 2963.193013][ T9245] __alloc_pages_slowpath+0x222b/0x2920 [ 2963.198610][ T9245] ? warn_alloc+0x110/0x110 [ 2963.203123][ T9245] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2963.209370][ T9245] ? should_fail+0x1de/0x852 [ 2963.213976][ T9245] ? __kasan_check_read+0x11/0x20 [ 2963.219043][ T9245] __alloc_pages_nodemask+0x646/0x910 [ 2963.224426][ T9245] ? xas_descend+0x144/0x370 [ 2963.229022][ T9245] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2963.234858][ T9245] ? __kasan_check_read+0x11/0x20 [ 2963.239893][ T9245] ? find_get_entry+0x4a6/0x7a0 [ 2963.244756][ T9245] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2963.251140][ T9245] alloc_pages_current+0x107/0x210 [ 2963.256275][ T9245] __page_cache_alloc+0x29d/0x490 [ 2963.261312][ T9245] pagecache_get_page+0x27e/0x9e0 [ 2963.266342][ T9245] ? __kasan_check_read+0x11/0x20 [ 2963.271383][ T9245] filemap_fault+0x9b1/0x3180 [ 2963.276074][ T9245] ? mark_held_locks+0xf0/0xf0 [ 2963.280861][ T9245] ? read_cache_page_gfp+0x30/0x30 [ 2963.285989][ T9245] ? __kasan_check_write+0x14/0x20 [ 2963.291208][ T9245] ? down_read+0x109/0x430 [ 2963.295629][ T9245] ? down_read_killable+0x490/0x490 [ 2963.300838][ T9245] ? lock_downgrade+0x920/0x920 [ 2963.305802][ T9245] ext4_filemap_fault+0x86/0xb2 [ 2963.310663][ T9245] __do_fault+0x111/0x540 [ 2963.315182][ T9245] ? do_raw_spin_unlock+0x178/0x270 [ 2963.320391][ T9245] __handle_mm_fault+0x2943/0x3da0 [ 2963.325789][ T9245] ? vm_iomap_memory+0x1a0/0x1a0 [ 2963.330735][ T9245] ? handle_mm_fault+0x292/0xa50 [ 2963.335794][ T9245] ? handle_mm_fault+0x7a0/0xa50 [ 2963.340857][ T9245] ? __kasan_check_read+0x11/0x20 [ 2963.346076][ T9245] handle_mm_fault+0x3b2/0xa50 [ 2963.350859][ T9245] __do_page_fault+0x536/0xd80 [ 2963.355635][ T9245] ? page_fault+0x16/0x40 [ 2963.359985][ T9245] do_page_fault+0x38/0x590 [ 2963.364522][ T9245] page_fault+0x39/0x40 [ 2963.368703][ T9245] RIP: 0033:0x4375fe [ 2963.372611][ T9245] Code: Bad RIP value. [ 2963.376674][ T9245] RSP: 002b:000000c420037f38 EFLAGS: 00010297 [ 2963.382745][ T9245] RAX: 0000000000002710 RBX: 0000000000000013 RCX: 000000000000006a [ 2963.390852][ T9245] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2963.399197][ T9245] RBP: 000000c420037fb0 R08: 000000c420037f18 R09: 0000000000000000 [ 2963.407356][ T9245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000430120 [ 2963.416195][ T9245] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000000 [ 2964.011848][ T9245] Mem-Info: [ 2964.039614][ T9245] active_anon:363110 inactive_anon:214 isolated_anon:0 [ 2964.039614][ T9245] active_file:19 inactive_file:14 isolated_file:0 [ 2964.039614][ T9245] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2964.039614][ T9245] slab_reclaimable:16246 slab_unreclaimable:109514 [ 2964.039614][ T9245] mapped:52226 shmem:284 pagetables:31716 bounce:0 [ 2964.039614][ T9245] free:24694 free_pcp:62 free_cma:0 [ 2964.182550][ T9245] Node 0 active_anon:1338092kB inactive_anon:836kB active_file:128kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:0kB writeback:0kB shmem:1116kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 706560kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2964.290043][ T9245] Node 1 active_anon:114348kB inactive_anon:20kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:20kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2964.389249][ T9245] Node 0 DMA free:10364kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1620kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:52kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2964.497731][ T9245] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 2964.515194][ T9245] Node 0 DMA32 free:32656kB min:44296kB low:53320kB high:62344kB reserved_highatomic:0KB active_anon:1336472kB inactive_anon:836kB active_file:120kB inactive_file:64kB unevictable:0kB writepending:0kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31632kB pagetables:81124kB bounce:0kB free_pcp:448kB local_pcp:228kB free_cma:0kB [ 2964.635042][ T9245] lowmem_reserve[]: 0 0 0 0 0 [ 2964.640111][ T9245] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2964.761109][ T9245] lowmem_reserve[]: 0 0 0 0 0 [ 2964.778816][ T9245] Node 1 Normal free:53692kB min:53780kB low:67224kB high:80668kB reserved_highatomic:0KB active_anon:114348kB inactive_anon:20kB active_file:12kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14160kB pagetables:45688kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2964.890289][ T9245] lowmem_reserve[]: 0 0 0 0 0 [ 2964.908094][ T9245] Node 0 DMA: 75*4kB (UME) 20*8kB (UME) 27*16kB (UME) 8*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10364kB [ 2964.944656][ T9245] Node 0 DMA32: 5466*4kB (ME) 733*8kB (ME) 73*16kB (M) 25*32kB (UM) 3*64kB (UM) 3*128kB (UM) 1*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31040kB [ 2965.012693][ T9245] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2965.036367][ T9245] Node 1 Normal: 1492*4kB (ME) 343*8kB (UME) 96*16kB (ME) 59*32kB (UME) 44*64kB (ME) 25*128kB (UME) 15*256kB (ME) 14*512kB (ME) 24*1024kB (UM) 0*2048kB 0*4096kB = 53736kB [ 2965.093298][ T9245] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2965.128025][ T9245] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2965.139608][ T9245] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2965.170735][ T9245] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2965.191971][ T9245] 317 total pagecache pages [ 2965.198049][ T9245] 0 pages in swap cache [ 2965.202307][ T9245] Swap cache stats: add 0, delete 0, find 0/0 [ 2965.235217][ T9245] Free swap = 0kB [ 2965.238990][ T9245] Total swap = 0kB [ 2965.246171][ T9245] 1965979 pages RAM [ 2965.250017][ T9245] 0 pages HighMem/MovableOnly [ 2965.278192][ T9245] 344068 pages reserved [ 2965.282399][ T9245] 0 pages cma reserved [ 2965.286618][ T9245] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=21451,uid=0 [ 2965.327768][ T9245] Out of memory: Killed process 21451 (syz-executor.3) total-vm:72716kB, anon-rss:4264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2965.843520][ T1112] oom_reaper: reaped process 2992 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2966.091667][ T2992] x_tables: eb_tables: snat target: only valid in nat table, not na% [ 2966.978723][ T3031] x_tables: eb_tables: snat target: only valid in nat table, not na% 16:58:33 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:33 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000003f00000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:33 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x4000000, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:33 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) syncfs(r2) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:58:33 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x0, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:33 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:33 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:33 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000004000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:33 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:34 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:34 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:34 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000008800000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:34 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) [ 2973.882091][ T4087] udevd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=-1000 [ 2973.906287][ T4087] CPU: 0 PID: 4087 Comm: udevd Not tainted 5.5.0-rc1-syzkaller #0 [ 2973.914158][ T4087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2973.924224][ T4087] Call Trace: [ 2973.927679][ T4087] dump_stack+0x197/0x210 [ 2973.932027][ T4087] dump_header+0x10b/0x82d [ 2973.936451][ T4087] ? oom_kill_process+0x94/0x420 [ 2973.941519][ T4087] oom_kill_process.cold+0x10/0x15 [ 2973.946752][ T4087] out_of_memory+0x334/0x13c0 [ 2973.951451][ T4087] ? oom_killer_disable+0x280/0x280 [ 2973.956657][ T4087] ? mutex_trylock+0x264/0x2f0 [ 2973.961618][ T4087] ? __alloc_pages_slowpath+0xca3/0x2920 [ 2973.967393][ T4087] __alloc_pages_slowpath+0x222b/0x2920 [ 2973.972978][ T4087] ? warn_alloc+0x110/0x110 [ 2973.977580][ T4087] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2973.983830][ T4087] ? should_fail+0x1de/0x852 [ 2973.988449][ T4087] ? __kasan_check_read+0x11/0x20 [ 2973.993487][ T4087] __alloc_pages_nodemask+0x646/0x910 [ 2973.998887][ T4087] ? xas_descend+0x144/0x370 [ 2974.003504][ T4087] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2974.009233][ T4087] ? __kasan_check_read+0x11/0x20 [ 2974.014372][ T4087] ? find_get_entry+0x4a6/0x7a0 [ 2974.019413][ T4087] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2974.025671][ T4087] alloc_pages_current+0x107/0x210 [ 2974.030809][ T4087] __page_cache_alloc+0x29d/0x490 [ 2974.036179][ T4087] pagecache_get_page+0x27e/0x9e0 [ 2974.041236][ T4087] ? __kasan_check_read+0x11/0x20 [ 2974.046370][ T4087] filemap_fault+0x9b1/0x3180 [ 2974.051109][ T4087] ? mark_held_locks+0xf0/0xf0 [ 2974.055919][ T4087] ? read_cache_page_gfp+0x30/0x30 [ 2974.061324][ T4087] ? __kasan_check_write+0x14/0x20 [ 2974.066543][ T4087] ? down_read+0x109/0x430 [ 2974.070977][ T4087] ? down_read_killable+0x490/0x490 [ 2974.076225][ T4087] ? find_lock_entry+0x650/0x650 [ 2974.081175][ T4087] ? pmd_val+0x85/0x100 [ 2974.085348][ T4087] ext4_filemap_fault+0x86/0xb2 [ 2974.090207][ T4087] __do_fault+0x111/0x540 [ 2974.094580][ T4087] __handle_mm_fault+0x2943/0x3da0 [ 2974.099791][ T4087] ? vm_iomap_memory+0x1a0/0x1a0 [ 2974.106346][ T4087] ? handle_mm_fault+0x292/0xa50 [ 2974.111340][ T4087] ? handle_mm_fault+0x7a0/0xa50 [ 2974.116461][ T4087] ? __kasan_check_read+0x11/0x20 [ 2974.121561][ T4087] handle_mm_fault+0x3b2/0xa50 [ 2974.126334][ T4087] __do_page_fault+0x536/0xd80 [ 2974.131091][ T4087] ? page_fault+0x16/0x40 [ 2974.135577][ T4087] do_page_fault+0x38/0x590 [ 2974.140071][ T4087] page_fault+0x39/0x40 [ 2974.144207][ T4087] RIP: 0033:0x7fe87eb8b400 [ 2974.148665][ T4087] Code: Bad RIP value. [ 2974.152798][ T4087] RSP: 002b:00007ffc9750dcb8 EFLAGS: 00010297 [ 2974.158865][ T4087] RAX: 0000000000000001 RBX: 0000000000e00d10 RCX: 00007fe87ec37943 [ 2974.166845][ T4087] RDX: 0000000000000008 RSI: 000000000000000f RDI: 00000000000060fd [ 2974.174915][ T4087] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2974.183118][ T4087] R10: 0000000000000bb8 R11: 0000000000000246 R12: 0000000000000003 [ 2974.191081][ T4087] R13: 0000000000000000 R14: 0000000000e07e80 R15: 0000000000def250 [ 2974.212587][ T4087] Mem-Info: [ 2974.215783][ T4087] active_anon:362740 inactive_anon:214 isolated_anon:0 [ 2974.215783][ T4087] active_file:16 inactive_file:67 isolated_file:0 [ 2974.215783][ T4087] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2974.215783][ T4087] slab_reclaimable:16186 slab_unreclaimable:106568 [ 2974.215783][ T4087] mapped:52251 shmem:284 pagetables:31837 bounce:0 [ 2974.215783][ T4087] free:25008 free_pcp:256 free_cma:0 [ 2974.269588][ T4087] Node 0 active_anon:1336264kB inactive_anon:840kB active_file:28kB inactive_file:164kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:209004kB dirty:0kB writeback:0kB shmem:1120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 704512kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2974.313984][ T4087] Node 1 active_anon:114696kB inactive_anon:16kB active_file:32kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2974.357708][ T4087] Node 0 DMA free:10360kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1620kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:52kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2974.479029][ T4087] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 2974.492056][ T4087] Node 0 DMA32 free:35260kB min:36104kB low:45128kB high:54152kB reserved_highatomic:0KB active_anon:1334644kB inactive_anon:840kB active_file:116kB inactive_file:100kB unevictable:0kB writepending:0kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31728kB pagetables:81332kB bounce:0kB free_pcp:480kB local_pcp:236kB free_cma:0kB [ 2974.559833][ T4087] lowmem_reserve[]: 0 0 0 0 0 [ 2974.572042][ T4087] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2974.650706][ T4087] lowmem_reserve[]: 0 0 0 0 0 [ 2974.668554][ T4087] Node 1 Normal free:53692kB min:53780kB low:67224kB high:80668kB reserved_highatomic:0KB active_anon:114696kB inactive_anon:16kB active_file:32kB inactive_file:36kB unevictable:0kB writepending:0kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14224kB pagetables:45964kB bounce:0kB free_pcp:252kB local_pcp:0kB free_cma:0kB [ 2974.734135][ T4087] lowmem_reserve[]: 0 0 0 0 0 [ 2974.738997][ T4087] Node 0 DMA: 58*4kB (UME) 24*8kB (UME) 27*16kB (UME) 9*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10360kB [ 2974.784053][ T4087] Node 0 DMA32: 5541*4kB (UME) 799*8kB (ME) 157*16kB (UME) 80*32kB (UME) 6*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 34012kB [ 2974.818875][ T4087] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2974.842515][ T4087] Node 1 Normal: 1517*4kB (ME) 249*8kB (ME) 87*16kB (UME) 50*32kB (ME) 37*64kB (ME) 23*128kB (UME) 16*256kB (UME) 13*512kB (ME) 26*1024kB (UM) 0*2048kB 0*4096kB = 53740kB [ 2974.876727][ T4087] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2974.897758][ T4087] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2974.931985][ T4087] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2974.954975][ T4087] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2974.992698][ T4087] 340 total pagecache pages [ 2974.997258][ T4087] 0 pages in swap cache [ 2975.001548][ T4087] Swap cache stats: add 0, delete 0, find 0/0 [ 2975.032984][ T4087] Free swap = 0kB [ 2975.036823][ T4087] Total swap = 0kB [ 2975.040670][ T4087] 1965979 pages RAM [ 2975.068894][ T4087] 0 pages HighMem/MovableOnly [ 2975.087050][ T4087] 344068 pages reserved [ 2975.091253][ T4087] 0 pages cma reserved [ 2975.110583][ T4087] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=18170,uid=0 [ 2975.155085][ T4087] Out of memory: Killed process 18170 (syz-executor.3) total-vm:73376kB, anon-rss:2260kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2976.008890][ T1] init invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2976.062559][ T1] CPU: 1 PID: 1 Comm: init Not tainted 5.5.0-rc1-syzkaller #0 [ 2976.070254][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2976.080512][ T1] Call Trace: [ 2976.083830][ T1] dump_stack+0x197/0x210 [ 2976.088265][ T1] dump_header+0x10b/0x82d [ 2976.092961][ T1] ? oom_kill_process+0x94/0x420 [ 2976.097916][ T1] oom_kill_process.cold+0x10/0x15 [ 2976.103040][ T1] out_of_memory+0x334/0x13c0 [ 2976.107745][ T1] ? oom_killer_disable+0x280/0x280 [ 2976.112958][ T1] ? mutex_trylock+0x264/0x2f0 [ 2976.117747][ T1] ? __alloc_pages_slowpath+0xca3/0x2920 [ 2976.123407][ T1] __alloc_pages_slowpath+0x222b/0x2920 [ 2976.129009][ T1] ? warn_alloc+0x110/0x110 [ 2976.133534][ T1] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2976.139801][ T1] ? should_fail+0x1de/0x852 [ 2976.144427][ T1] ? __kasan_check_read+0x11/0x20 [ 2976.149637][ T1] __alloc_pages_nodemask+0x646/0x910 [ 2976.155020][ T1] ? xas_descend+0x144/0x370 [ 2976.159635][ T1] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2976.165357][ T1] ? __kasan_check_read+0x11/0x20 [ 2976.170412][ T1] ? find_get_entry+0x4a6/0x7a0 [ 2976.175290][ T1] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2976.181568][ T1] alloc_pages_current+0x107/0x210 [ 2976.186989][ T1] __page_cache_alloc+0x29d/0x490 [ 2976.192262][ T1] pagecache_get_page+0x27e/0x9e0 [ 2976.197486][ T1] ? __kasan_check_read+0x11/0x20 [ 2976.202533][ T1] filemap_fault+0x9b1/0x3180 [ 2976.207315][ T1] ? mark_held_locks+0xf0/0xf0 [ 2976.212380][ T1] ? read_cache_page_gfp+0x30/0x30 [ 2976.217512][ T1] ? __kasan_check_write+0x14/0x20 [ 2976.222677][ T1] ? down_read+0x109/0x430 [ 2976.227100][ T1] ? down_read_killable+0x490/0x490 [ 2976.232311][ T1] ? find_lock_entry+0x650/0x650 [ 2976.237260][ T1] ? pmd_val+0x85/0x100 [ 2976.241800][ T1] ext4_filemap_fault+0x86/0xb2 [ 2976.246679][ T1] __do_fault+0x111/0x540 [ 2976.251113][ T1] __handle_mm_fault+0x2943/0x3da0 [ 2976.256335][ T1] ? vm_iomap_memory+0x1a0/0x1a0 [ 2976.261395][ T1] ? handle_mm_fault+0x292/0xa50 [ 2976.266352][ T1] ? handle_mm_fault+0x7a0/0xa50 [ 2976.271497][ T1] ? __kasan_check_read+0x11/0x20 [ 2976.278300][ T1] handle_mm_fault+0x3b2/0xa50 [ 2976.283107][ T1] __do_page_fault+0x536/0xd80 [ 2976.287903][ T1] ? page_fault+0x16/0x40 [ 2976.292309][ T1] do_page_fault+0x38/0x590 [ 2976.296826][ T1] page_fault+0x39/0x40 [ 2976.300988][ T1] RIP: 0033:0x7f1828eb4dd3 [ 2976.305419][ T1] Code: Bad RIP value. [ 2976.309481][ T1] RSP: 002b:00007fff5c0be598 EFLAGS: 00010246 [ 2976.315549][ T1] RAX: 0000000000000000 RBX: 00007fff5c0be740 RCX: 00007f1828eb4dd3 [ 2976.323531][ T1] RDX: 0000000000000000 RSI: 00007fff5c0be8f0 RDI: 000000000000000b [ 2976.331531][ T1] RBP: 00007fff5c0be8f0 R08: 00007fff5c0be970 R09: 0000000000000001 [ 2976.339695][ T1] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2976.347670][ T1] R13: 00007fff5c0becd0 R14: 0000000000000000 R15: 0000000000000000 [ 2976.870020][ T1] Mem-Info: [ 2976.880574][ T1] active_anon:362185 inactive_anon:214 isolated_anon:0 [ 2976.880574][ T1] active_file:17 inactive_file:9 isolated_file:0 [ 2976.880574][ T1] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2976.880574][ T1] slab_reclaimable:16179 slab_unreclaimable:107049 [ 2976.880574][ T1] mapped:52226 shmem:284 pagetables:31811 bounce:0 [ 2976.880574][ T1] free:25016 free_pcp:107 free_cma:0 [ 2977.046789][ T1] Node 0 active_anon:1334044kB inactive_anon:840kB active_file:36kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:0kB writeback:0kB shmem:1120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 702464kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2977.139513][ T1] Node 1 active_anon:114696kB inactive_anon:16kB active_file:28kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2977.255526][ T1] Node 0 DMA free:10364kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1620kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:52kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2977.336425][ T1] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 2977.342862][ T1] Node 0 DMA32 free:37836kB min:40200kB low:49224kB high:58248kB reserved_highatomic:0KB active_anon:1332424kB inactive_anon:840kB active_file:36kB inactive_file:36kB unevictable:0kB writepending:0kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31696kB pagetables:81228kB bounce:0kB free_pcp:244kB local_pcp:0kB free_cma:0kB [ 2977.376478][ T1] lowmem_reserve[]: 0 0 0 0 0 [ 2977.381185][ T1] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2977.410400][ T1] lowmem_reserve[]: 0 0 0 0 0 [ 2977.415144][ T1] Node 1 Normal free:53736kB min:53780kB low:67224kB high:80668kB reserved_highatomic:0KB active_anon:114696kB inactive_anon:16kB active_file:40kB inactive_file:24kB unevictable:0kB writepending:0kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14224kB pagetables:45964kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2977.447211][ T1] lowmem_reserve[]: 0 0 0 0 0 [ 2977.451923][ T1] Node 0 DMA: 59*4kB (UME) 27*8kB (UME) 27*16kB (UME) 9*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10388kB [ 2977.469212][ T1] Node 0 DMA32: 5630*4kB (ME) 995*8kB (UME) 157*16kB (UME) 68*32kB (ME) 0*64kB 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 37088kB [ 2977.485441][ T1] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2977.497384][ T1] Node 1 Normal: 1520*4kB (UME) 265*8kB (UME) 88*16kB (UME) 51*32kB (UME) 38*64kB (UME) 23*128kB (UME) 16*256kB (UME) 13*512kB (ME) 26*1024kB (UM) 0*2048kB 0*4096kB = 53992kB [ 2977.515930][ T1] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2977.525732][ T1] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2977.535243][ T1] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2977.545037][ T1] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2977.554713][ T1] 315 total pagecache pages [ 2977.559232][ T1] 0 pages in swap cache [ 2977.563445][ T1] Swap cache stats: add 0, delete 0, find 0/0 [ 2977.569607][ T1] Free swap = 0kB [ 2977.573551][ T1] Total swap = 0kB [ 2977.577320][ T1] 1965979 pages RAM [ 2977.581153][ T1] 0 pages HighMem/MovableOnly [ 2977.586587][ T1] 344068 pages reserved [ 2977.590852][ T1] 0 pages cma reserved [ 2977.596065][ T1] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/syz5,task=syz-executor.5,pid=32756,uid=0 [ 2977.610846][ T1] Out of memory: Killed process 32756 (syz-executor.5) total-vm:72980kB, anon-rss:2232kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2977.631244][ T1112] oom_reaper: reaped process 32756 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2977.938654][ T9245] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2978.001692][ T9245] CPU: 1 PID: 9245 Comm: syz-fuzzer Not tainted 5.5.0-rc1-syzkaller #0 [ 2978.010036][ T9245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2978.020561][ T9245] Call Trace: [ 2978.023863][ T9245] dump_stack+0x197/0x210 [ 2978.028210][ T9245] dump_header+0x10b/0x82d [ 2978.032645][ T9245] ? oom_kill_process+0x94/0x420 [ 2978.037608][ T9245] oom_kill_process.cold+0x10/0x15 [ 2978.042738][ T9245] out_of_memory+0x334/0x13c0 [ 2978.047442][ T9245] ? oom_killer_disable+0x280/0x280 [ 2978.052808][ T9245] ? mutex_trylock+0x264/0x2f0 [ 2978.057643][ T9245] ? __alloc_pages_slowpath+0xca3/0x2920 [ 2978.063494][ T9245] __alloc_pages_slowpath+0x222b/0x2920 [ 2978.069535][ T9245] ? warn_alloc+0x110/0x110 [ 2978.074087][ T9245] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2978.080504][ T9245] ? should_fail+0x1de/0x852 [ 2978.085193][ T9245] ? __kasan_check_read+0x11/0x20 [ 2978.090236][ T9245] __alloc_pages_nodemask+0x646/0x910 [ 2978.095596][ T9245] ? xas_descend+0x144/0x370 [ 2978.100175][ T9245] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2978.105877][ T9245] ? __kasan_check_read+0x11/0x20 [ 2978.110890][ T9245] ? find_get_entry+0x4a6/0x7a0 [ 2978.115994][ T9245] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2978.122254][ T9245] alloc_pages_current+0x107/0x210 [ 2978.127746][ T9245] __page_cache_alloc+0x29d/0x490 [ 2978.132862][ T9245] pagecache_get_page+0x27e/0x9e0 [ 2978.138298][ T9245] ? __kasan_check_read+0x11/0x20 [ 2978.143487][ T9245] filemap_fault+0x9b1/0x3180 [ 2978.148276][ T9245] ? mark_held_locks+0xf0/0xf0 [ 2978.153166][ T9245] ? read_cache_page_gfp+0x30/0x30 [ 2978.158363][ T9245] ? __kasan_check_write+0x14/0x20 [ 2978.163479][ T9245] ? down_read+0x109/0x430 [ 2978.167893][ T9245] ? down_read_killable+0x490/0x490 [ 2978.173127][ T9245] ? find_lock_entry+0x650/0x650 [ 2978.178061][ T9245] ? pmd_val+0x85/0x100 [ 2978.182559][ T9245] ext4_filemap_fault+0x86/0xb2 [ 2978.187436][ T9245] __do_fault+0x111/0x540 [ 2978.191772][ T9245] __handle_mm_fault+0x2943/0x3da0 [ 2978.197037][ T9245] ? vm_iomap_memory+0x1a0/0x1a0 [ 2978.202016][ T9245] ? handle_mm_fault+0x292/0xa50 [ 2978.207059][ T9245] ? handle_mm_fault+0x7a0/0xa50 [ 2978.211984][ T9245] ? __kasan_check_read+0x11/0x20 [ 2978.217058][ T9245] handle_mm_fault+0x3b2/0xa50 [ 2978.222257][ T9245] __do_page_fault+0x536/0xd80 [ 2978.227041][ T9245] ? page_fault+0x16/0x40 [ 2978.231447][ T9245] do_page_fault+0x38/0x590 [ 2978.235957][ T9245] page_fault+0x39/0x40 [ 2978.240105][ T9245] RIP: 0033:0x4375fe [ 2978.244034][ T9245] Code: Bad RIP value. [ 2978.248081][ T9245] RSP: 002b:000000c420037f38 EFLAGS: 00010297 [ 2978.254219][ T9245] RAX: 0000000000001400 RBX: 0000000000000013 RCX: 000000000000003a [ 2978.262175][ T9245] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2978.270389][ T9245] RBP: 000000c420037fb0 R08: 000000c420037f18 R09: 0000000000000000 [ 2978.278347][ T9245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000430120 [ 2978.286507][ T9245] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000000 [ 2978.308257][ T9245] Mem-Info: [ 2978.311446][ T9245] active_anon:361641 inactive_anon:214 isolated_anon:0 [ 2978.311446][ T9245] active_file:36 inactive_file:25 isolated_file:9 [ 2978.311446][ T9245] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2978.311446][ T9245] slab_reclaimable:16102 slab_unreclaimable:106365 [ 2978.311446][ T9245] mapped:52238 shmem:284 pagetables:31784 bounce:0 [ 2978.311446][ T9245] free:25725 free_pcp:247 free_cma:0 [ 2978.356076][ T9245] Node 0 active_anon:1331868kB inactive_anon:840kB active_file:64kB inactive_file:80kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:208932kB dirty:0kB writeback:0kB shmem:1120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 700416kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2978.384952][ T9245] Node 1 active_anon:114696kB inactive_anon:16kB active_file:4kB inactive_file:64kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2978.414244][ T9245] Node 0 DMA free:10368kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1620kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:52kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2978.445320][ T9245] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 2978.451179][ T9245] Node 0 DMA32 free:38768kB min:40200kB low:49224kB high:58248kB reserved_highatomic:0KB active_anon:1330248kB inactive_anon:840kB active_file:64kB inactive_file:80kB unevictable:0kB writepending:0kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31664kB pagetables:81120kB bounce:0kB free_pcp:520kB local_pcp:248kB free_cma:0kB [ 2978.484018][ T9245] lowmem_reserve[]: 0 0 0 0 0 [ 2978.497995][ T9245] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2978.532338][ T9245] lowmem_reserve[]: 0 0 0 0 0 [ 2978.537257][ T9245] Node 1 Normal free:53356kB min:53780kB low:67224kB high:80668kB reserved_highatomic:0KB active_anon:114696kB inactive_anon:16kB active_file:4kB inactive_file:64kB unevictable:0kB writepending:0kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14224kB pagetables:45964kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2978.570730][ T9245] lowmem_reserve[]: 0 0 0 0 0 [ 2978.577002][ T9245] Node 0 DMA: 44*4kB (UME) 32*8kB (UME) 27*16kB (UME) 9*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10368kB [ 2978.594290][ T9245] Node 0 DMA32: 5626*4kB (ME) 825*8kB (UME) 188*16kB (UME) 68*32kB (ME) 0*64kB 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 1*2048kB (M) 0*4096kB = 38256kB [ 2978.610353][ T9245] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2978.621913][ T9245] Node 1 Normal: 1532*4kB (UME) 249*8kB (ME) 86*16kB (ME) 50*32kB (ME) 38*64kB (UME) 22*128kB (ME) 15*256kB (ME) 13*512kB (ME) 26*1024kB (UM) 0*2048kB 0*4096kB = 53464kB [ 2978.640715][ T9245] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2978.659185][ T9245] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2978.668911][ T9245] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2978.678881][ T9245] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2978.688257][ T9245] 324 total pagecache pages [ 2978.695672][ T9245] 0 pages in swap cache [ 2978.699874][ T9245] Swap cache stats: add 0, delete 0, find 0/0 [ 2978.707087][ T9245] Free swap = 0kB [ 2978.710923][ T9245] Total swap = 0kB [ 2978.714801][ T9245] 1965979 pages RAM [ 2978.718977][ T9245] 0 pages HighMem/MovableOnly [ 2978.724365][ T9245] 344068 pages reserved [ 2978.728534][ T9245] 0 pages cma reserved [ 2978.732648][ T9245] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/syz5,task=syz-executor.5,pid=27537,uid=0 [ 2978.750609][ T9245] Out of memory: Killed process 27537 (syz-executor.5) total-vm:72980kB, anon-rss:2232kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2979.323895][ T1112] oom_reaper: reaped process 3094 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2979.349597][ T9133] rsyslogd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2979.360281][ T9133] CPU: 0 PID: 9133 Comm: rsyslogd Not tainted 5.5.0-rc1-syzkaller #0 [ 2979.368527][ T9133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2979.378695][ T9133] Call Trace: [ 2979.382007][ T9133] dump_stack+0x197/0x210 [ 2979.386394][ T9133] dump_header+0x10b/0x82d [ 2979.390828][ T9133] ? oom_kill_process+0x94/0x420 [ 2979.395880][ T9133] oom_kill_process.cold+0x10/0x15 [ 2979.401132][ T9133] out_of_memory+0x334/0x13c0 [ 2979.406070][ T9133] ? oom_killer_disable+0x280/0x280 [ 2979.411362][ T9133] ? mutex_trylock+0x264/0x2f0 [ 2979.416113][ T9133] ? __alloc_pages_slowpath+0xca3/0x2920 [ 2979.422100][ T9133] __alloc_pages_slowpath+0x222b/0x2920 [ 2979.427735][ T9133] ? warn_alloc+0x110/0x110 [ 2979.432224][ T9133] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2979.438750][ T9133] ? should_fail+0x1de/0x852 [ 2979.443362][ T9133] ? __kasan_check_read+0x11/0x20 [ 2979.448388][ T9133] __alloc_pages_nodemask+0x646/0x910 [ 2979.453749][ T9133] ? xas_descend+0x144/0x370 [ 2979.458697][ T9133] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2979.464947][ T9133] ? __kasan_check_read+0x11/0x20 [ 2979.469994][ T9133] ? find_get_entry+0x4a6/0x7a0 [ 2979.475010][ T9133] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2979.481277][ T9133] alloc_pages_current+0x107/0x210 [ 2979.486580][ T9133] __page_cache_alloc+0x29d/0x490 [ 2979.491892][ T9133] pagecache_get_page+0x27e/0x9e0 [ 2979.497122][ T9133] ? __kasan_check_read+0x11/0x20 [ 2979.502223][ T9133] filemap_fault+0x9b1/0x3180 [ 2979.507343][ T9133] ? mark_held_locks+0xf0/0xf0 [ 2979.512143][ T9133] ? read_cache_page_gfp+0x30/0x30 [ 2979.517289][ T9133] ? __kasan_check_write+0x14/0x20 [ 2979.522414][ T9133] ? down_read+0x109/0x430 [ 2979.526859][ T9133] ? down_read_killable+0x490/0x490 [ 2979.532333][ T9133] ? find_lock_entry+0x650/0x650 [ 2979.537446][ T9133] ? pmd_val+0x85/0x100 [ 2979.541814][ T9133] ext4_filemap_fault+0x86/0xb2 [ 2979.546736][ T9133] __do_fault+0x111/0x540 [ 2979.551071][ T9133] __handle_mm_fault+0x2943/0x3da0 [ 2979.556177][ T9133] ? vm_iomap_memory+0x1a0/0x1a0 [ 2979.561107][ T9133] ? handle_mm_fault+0x292/0xa50 [ 2979.566042][ T9133] ? handle_mm_fault+0x7a0/0xa50 [ 2979.571071][ T9133] ? __kasan_check_read+0x11/0x20 [ 2979.576243][ T9133] handle_mm_fault+0x3b2/0xa50 [ 2979.581071][ T9133] __do_page_fault+0x536/0xd80 [ 2979.586123][ T9133] ? page_fault+0x16/0x40 [ 2979.590581][ T9133] do_page_fault+0x38/0x590 [ 2979.595180][ T9133] page_fault+0x39/0x40 [ 2979.599431][ T9133] RIP: 0033:0x41a69e [ 2979.603343][ T9133] Code: Bad RIP value. [ 2979.607496][ T9133] RSP: 002b:00007f3b663eed70 EFLAGS: 00010202 [ 2979.613547][ T9133] RAX: 0000000000d80790 RBX: 00007f3b663eed88 RCX: 0000000000d80780 [ 2979.621576][ T9133] RDX: 00007f3b68a30e40 RSI: 0000000000000210 RDI: 00007f3b68a30e40 [ 2979.629552][ T9133] RBP: 0000000000000004 R08: 00007f3b68a310a8 R09: 00007f3b687e3100 [ 2979.637600][ T9133] R10: 203a7463656a626f R11: 0000000000000000 R12: 0000000000000000 [ 2979.645558][ T9133] R13: 00007f3b67c245a3 R14: 0000000000000cf8 R15: 00007f3b67c2361a [ 2979.655708][ T9133] Mem-Info: [ 2979.658894][ T9133] active_anon:360546 inactive_anon:214 isolated_anon:0 [ 2979.658894][ T9133] active_file:18 inactive_file:1 isolated_file:1 [ 2979.658894][ T9133] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2979.658894][ T9133] slab_reclaimable:16086 slab_unreclaimable:106089 [ 2979.658894][ T9133] mapped:52253 shmem:284 pagetables:31756 bounce:0 [ 2979.658894][ T9133] free:17151 free_pcp:124 free_cma:0 [ 2979.675169][ T3094] warn_alloc: 1 callbacks suppressed [ 2979.675189][ T3094] syz-executor.3: vmalloc: allocation failure, allocated 728514560 of 1073745920 bytes, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 2979.696871][ T9133] Node 0 active_anon:1327520kB inactive_anon:840kB active_file:52kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):4kB mapped:208960kB dirty:0kB writeback:0kB shmem:1120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 696320kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2979.708122][ T3094] CPU: 1 PID: 3094 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 2979.718013][ T9133] Node 1 active_anon:114664kB inactive_anon:16kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2979.746902][ T3094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2979.746909][ T3094] Call Trace: [ 2979.746935][ T3094] dump_stack+0x197/0x210 [ 2979.746955][ T3094] warn_alloc.cold+0x87/0x164 [ 2979.746969][ T3094] ? zone_watermark_ok_safe+0x260/0x260 [ 2979.746982][ T3094] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2979.747005][ T3094] ? write_comp_data+0x1e/0x70 [ 2979.747021][ T3094] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2979.747047][ T3094] __vmalloc_node_range+0x5ad/0x810 [ 2979.756053][ T9133] Node 0 DMA free:10248kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1620kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:52kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2979.783934][ T3094] ? do_replace_finish+0xe2/0x2220 [ 2979.783956][ T3094] vmalloc+0x6b/0x90 [ 2979.783970][ T3094] ? do_replace_finish+0xe2/0x2220 [ 2979.783983][ T3094] do_replace_finish+0xe2/0x2220 [ 2979.784003][ T3094] ? __might_fault+0x12b/0x1e0 [ 2979.794889][ T9133] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 2979.797540][ T3094] ? lock_downgrade+0x920/0x920 [ 2979.801840][ T9133] Node 0 DMA32 free:31000kB min:64776kB low:73800kB high:82824kB reserved_highatomic:0KB active_anon:1325900kB inactive_anon:840kB active_file:52kB inactive_file:12kB unevictable:0kB writepending:0kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31600kB pagetables:81008kB bounce:0kB free_pcp:244kB local_pcp:244kB free_cma:0kB [ 2979.806935][ T3094] ? ebt_unregister_table+0x70/0x70 [ 2979.806962][ T3094] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2979.806978][ T3094] ? _copy_from_user+0x12c/0x1a0 [ 2979.806993][ T3094] do_replace+0x30b/0x490 [ 2979.807009][ T3094] ? do_replace_finish+0x2220/0x2220 [ 2979.807042][ T3094] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2979.812638][ T9133] lowmem_reserve[]: 0 0 0 0 0 [ 2979.818643][ T3094] ? ns_capable_common+0x93/0x100 [ 2979.823491][ T9133] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2979.829588][ T3094] do_ebt_set_ctl+0xec/0x110 [ 2979.834949][ T9133] lowmem_reserve[]: 0 0 0 0 0 [ 2979.864299][ T3094] nf_setsockopt+0x77/0xd0 [ 2979.864340][ T3094] ip_setsockopt+0xdf/0x100 [ 2979.864382][ T3094] udp_setsockopt+0x68/0xb0 [ 2979.864420][ T3094] sock_common_setsockopt+0x94/0xd0 [ 2979.869539][ T9133] Node 1 Normal free:27624kB min:55828kB low:69272kB high:82716kB reserved_highatomic:0KB active_anon:114664kB inactive_anon:16kB active_file:8kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14224kB pagetables:45964kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2979.873459][ T3094] __sys_setsockopt+0x261/0x4c0 [ 2979.873479][ T3094] ? sock_create_kern+0x50/0x50 [ 2979.878566][ T9133] lowmem_reserve[]: 0 0 0 0 0 [ 2979.883599][ T3094] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2979.883614][ T3094] ? do_syscall_64+0x26/0x790 [ 2979.883630][ T3094] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2979.883642][ T3094] ? do_syscall_64+0x26/0x790 [ 2979.883661][ T3094] __x64_sys_setsockopt+0xbe/0x150 [ 2979.883680][ T3094] do_syscall_64+0xfa/0x790 [ 2979.888420][ T9133] Node 0 DMA: 14*4kB (UME) 32*8kB (UME) 27*16kB (UME) 9*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10248kB [ 2979.894301][ T3094] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2979.894313][ T3094] RIP: 0033:0x45a849 [ 2979.894345][ T3094] Code: Bad RIP value. [ 2979.899827][ T9133] Node 0 DMA32: 5544*4kB (UME) 749*8kB (ME) 97*16kB (UM) 40*32kB (M) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31000kB [ 2979.932958][ T3094] RSP: 002b:00007fc34270cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2979.932974][ T3094] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a849 [ 2979.932981][ T3094] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000006 [ 2979.932988][ T3094] RBP: 000000000075c070 R08: 0000000000000258 R09: 0000000000000000 [ 2979.932995][ T3094] R10: 00000000200002c0 R11: 0000000000000246 R12: 00007fc34270d6d4 [ 2979.933003][ T3094] R13: 00000000004c9bfa R14: 00000000004e1c58 R15: 00000000ffffffff [ 2979.943343][ T3094] Mem-Info: [ 2979.945539][ T9133] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2979.949948][ T3094] active_anon:360546 inactive_anon:214 isolated_anon:0 [ 2979.949948][ T3094] active_file:15 inactive_file:4 isolated_file:1 [ 2979.949948][ T3094] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2979.949948][ T3094] slab_reclaimable:16086 slab_unreclaimable:106091 [ 2979.949948][ T3094] mapped:52253 shmem:284 pagetables:31756 bounce:0 [ 2979.949948][ T3094] free:17255 free_pcp:0 free_cma:0 [ 2979.954937][ T9133] Node 1 Normal: 1538*4kB (ME) 251*8kB (UME) 86*16kB (UME) 51*32kB (UME) 37*64kB (UME) 22*128kB (UME) 15*256kB (ME) 13*512kB (ME) 1*1024kB (U) 0*2048kB 0*4096kB = 27872kB [ 2979.955031][ T9133] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2979.955043][ T9133] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2979.955055][ T9133] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2979.955066][ T9133] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2979.955072][ T9133] 343 total pagecache pages [ 2979.955080][ T9133] 0 pages in swap cache [ 2979.955089][ T9133] Swap cache stats: add 0, delete 0, find 0/0 [ 2979.955095][ T9133] Free swap = 0kB [ 2979.955101][ T9133] Total swap = 0kB [ 2979.955108][ T9133] 1965979 pages RAM [ 2979.955114][ T9133] 0 pages HighMem/MovableOnly [ 2979.955121][ T9133] 344068 pages reserved [ 2979.955132][ T9133] 0 pages cma reserved [ 2979.962565][ T3094] Node 0 active_anon:1327520kB inactive_anon:840kB active_file:52kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):4kB mapped:208960kB dirty:0kB writeback:0kB shmem:1120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 696320kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2979.978111][ T9133] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=21526,uid=0 [ 2980.012637][ T3094] Node 1 active_anon:114664kB inactive_anon:16kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2980.048750][ T9133] Out of memory: Killed process 21526 (syz-executor.3) total-vm:72980kB, anon-rss:2232kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2980.128374][ T3094] Node 0 DMA free:10248kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1620kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:52kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2980.454203][ T4087] udevd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=-1000 [ 2980.519910][ T3094] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 2980.534025][ T3094] Node 0 DMA32 free:33984kB min:36104kB low:45128kB high:54152kB reserved_highatomic:0KB active_anon:1323744kB inactive_anon:840kB active_file:48kB inactive_file:76kB unevictable:0kB writepending:0kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31600kB pagetables:81008kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2980.600294][ T4087] CPU: 1 PID: 4087 Comm: udevd Not tainted 5.5.0-rc1-syzkaller #0 [ 2980.608157][ T4087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2980.618926][ T4087] Call Trace: [ 2980.622518][ T4087] dump_stack+0x197/0x210 [ 2980.627216][ T4087] dump_header+0x10b/0x82d [ 2980.631973][ T4087] ? oom_kill_process+0x94/0x420 [ 2980.637297][ T4087] oom_kill_process.cold+0x10/0x15 [ 2980.642666][ T4087] out_of_memory+0x334/0x13c0 [ 2980.647472][ T4087] ? oom_killer_disable+0x280/0x280 [ 2980.652707][ T4087] ? mutex_trylock+0x264/0x2f0 [ 2980.657656][ T4087] ? __alloc_pages_slowpath+0xca3/0x2920 [ 2980.663566][ T4087] __alloc_pages_slowpath+0x222b/0x2920 [ 2980.670222][ T4087] ? warn_alloc+0x110/0x110 [ 2980.674831][ T4087] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2980.681609][ T4087] ? should_fail+0x1de/0x852 [ 2980.686238][ T4087] ? __kasan_check_read+0x11/0x20 [ 2980.691292][ T4087] __alloc_pages_nodemask+0x646/0x910 [ 2980.696682][ T4087] ? xas_descend+0x144/0x370 [ 2980.701285][ T4087] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2980.707017][ T4087] ? __kasan_check_read+0x11/0x20 [ 2980.712067][ T4087] ? find_get_entry+0x4a6/0x7a0 [ 2980.716946][ T4087] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2980.723205][ T4087] alloc_pages_current+0x107/0x210 [ 2980.728334][ T4087] __page_cache_alloc+0x29d/0x490 [ 2980.733381][ T4087] pagecache_get_page+0x27e/0x9e0 [ 2980.738518][ T4087] ? __kasan_check_read+0x11/0x20 [ 2980.743586][ T4087] filemap_fault+0x9b1/0x3180 [ 2980.748277][ T4087] ? mark_held_locks+0xf0/0xf0 [ 2980.753177][ T4087] ? read_cache_page_gfp+0x30/0x30 [ 2980.758443][ T4087] ? __kasan_check_write+0x14/0x20 [ 2980.763567][ T4087] ? down_read+0x109/0x430 [ 2980.767993][ T4087] ? down_read_killable+0x490/0x490 [ 2980.773210][ T4087] ? find_lock_entry+0x650/0x650 [ 2980.778150][ T4087] ? pmd_val+0x85/0x100 [ 2980.782322][ T4087] ext4_filemap_fault+0x86/0xb2 [ 2980.787180][ T4087] __do_fault+0x111/0x540 [ 2980.791520][ T4087] __handle_mm_fault+0x2943/0x3da0 [ 2980.796652][ T4087] ? vm_iomap_memory+0x1a0/0x1a0 [ 2980.802606][ T4087] ? handle_mm_fault+0x292/0xa50 [ 2980.807559][ T4087] ? handle_mm_fault+0x7a0/0xa50 [ 2980.812876][ T4087] ? __kasan_check_read+0x11/0x20 [ 2980.818019][ T4087] handle_mm_fault+0x3b2/0xa50 [ 2980.823004][ T4087] __do_page_fault+0x536/0xd80 [ 2980.827792][ T4087] ? page_fault+0x16/0x40 [ 2980.832151][ T4087] do_page_fault+0x38/0x590 [ 2980.836681][ T4087] page_fault+0x39/0x40 [ 2980.840854][ T4087] RIP: 0033:0x7fe87ec37930 [ 2980.845285][ T4087] Code: Bad RIP value. [ 2980.849348][ T4087] RSP: 002b:00007ffc9750dcd8 EFLAGS: 00010246 [ 2980.855419][ T4087] RAX: 0000000000000bb8 RBX: 0000000000000bb8 RCX: 0000000000000bb8 [ 2980.863482][ T4087] RDX: 0000000000000008 RSI: 00007ffc9750ddd0 RDI: 000000000000000a [ 2980.871469][ T4087] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 2980.879461][ T4087] R10: 0000000000000008 R11: 0000000000000004 R12: 0000000000000003 [ 2980.887547][ T4087] R13: 0000000000000000 R14: 0000000000e07e80 R15: 0000000000def250 [ 2980.937294][ T3094] lowmem_reserve[]: 0 0 0 0 0 [ 2980.942040][ T3094] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2980.958227][ T4087] Mem-Info: [ 2981.015521][ T3094] lowmem_reserve[]: 0 0 0 0 0 [ 2981.020302][ T3094] Node 1 Normal free:27872kB min:55828kB low:69272kB high:82716kB reserved_highatomic:0KB active_anon:114664kB inactive_anon:16kB active_file:16kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14224kB pagetables:45964kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2981.020687][ T4087] active_anon:360007 inactive_anon:214 isolated_anon:0 [ 2981.020687][ T4087] active_file:33 inactive_file:0 isolated_file:10 [ 2981.020687][ T4087] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2981.020687][ T4087] slab_reclaimable:16036 slab_unreclaimable:106142 [ 2981.020687][ T4087] mapped:52226 shmem:284 pagetables:31756 bounce:0 [ 2981.020687][ T4087] free:17772 free_pcp:223 free_cma:0 [ 2981.053951][ T3094] lowmem_reserve[]: 0 0 0 0 0 [ 2981.098312][ T4087] Node 0 active_anon:1325320kB inactive_anon:840kB active_file:56kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):40kB mapped:208904kB dirty:0kB writeback:0kB shmem:1120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 694272kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2981.114276][ T3094] Node 0 DMA: 14*4kB (UME) 32*8kB (UME) 27*16kB (UME) 9*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10248kB [ 2981.135719][ T4087] Node 1 active_anon:114664kB inactive_anon:16kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2981.172573][ T3094] Node 0 DMA32: 5512*4kB (ME) 747*8kB (ME) 94*16kB (UM) 38*32kB (M) 1*64kB (U) 1*128kB (U) 0*256kB 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 32472kB [ 2981.179122][ T4087] Node 0 DMA free:10248kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1620kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:52kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2981.202591][ T3094] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2981.227214][ T4087] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 2981.246248][ T4087] Node 0 DMA32 free:32216kB min:36104kB low:45128kB high:54152kB reserved_highatomic:0KB active_anon:1323700kB inactive_anon:840kB active_file:56kB inactive_file:28kB unevictable:0kB writepending:0kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31568kB pagetables:80904kB bounce:0kB free_pcp:888kB local_pcp:660kB free_cma:0kB [ 2981.272566][ T3094] Node 1 Normal: 1538*4kB (ME) 260*8kB (UME) 89*16kB (UME) 51*32kB (UME) 37*64kB (UME) 22*128kB (UME) 15*256kB (ME) 13*512kB (ME) 1*1024kB (U) 0*2048kB 0*4096kB = 27992kB [ 2981.285386][ T4087] lowmem_reserve[]: 0 0 0 0 0 [ 2981.308490][ T4087] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2981.312582][ T3094] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2981.343308][ T4087] lowmem_reserve[]: 0 0 0 0 0 [ 2981.351739][ T4087] Node 1 Normal free:27968kB min:55828kB low:69272kB high:82716kB reserved_highatomic:0KB active_anon:114664kB inactive_anon:16kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14224kB pagetables:45964kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2981.392726][ T3094] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2981.393141][ T4087] lowmem_reserve[]: 0 0 0 0 0 [ 2981.402082][ T3094] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2981.413022][ T4087] Node 0 DMA: 14*4kB (UME) 32*8kB (UME) 27*16kB (UME) 9*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10248kB [ 2981.439780][ T4087] Node 0 DMA32: 5512*4kB (ME) 747*8kB (ME) 94*16kB (UM) 38*32kB (M) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31704kB [ 2981.442572][ T3094] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2981.461703][ T4087] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2981.482547][ T4087] Node 1 Normal: 1538*4kB (ME) 260*8kB (UME) 89*16kB (UME) 51*32kB (UME) 37*64kB (UME) 22*128kB (UME) 15*256kB (ME) 13*512kB (ME) 1*1024kB (U) 0*2048kB 0*4096kB = 27992kB [ 2981.493632][ T3094] 316 total pagecache pages [ 2981.507590][ T4087] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2981.521038][ T4087] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2981.530367][ T3094] 0 pages in swap cache [ 2981.530378][ T3094] Swap cache stats: add 0, delete 0, find 0/0 [ 2981.530384][ T3094] Free swap = 0kB [ 2981.530388][ T3094] Total swap = 0kB [ 2981.530397][ T3094] 1965979 pages RAM [ 2981.530402][ T3094] 0 pages HighMem/MovableOnly [ 2981.530407][ T3094] 344068 pages reserved [ 2981.530412][ T3094] 0 pages cma reserved [ 2981.573735][ T4087] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2981.589207][ T4087] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2981.599874][ T4087] 316 total pagecache pages [ 2981.611450][ T4087] 0 pages in swap cache [ 2981.616859][ T4087] Swap cache stats: add 0, delete 0, find 0/0 [ 2981.628496][ T4087] Free swap = 0kB [ 2981.632359][ T4087] Total swap = 0kB [ 2981.637348][ T4087] 1965979 pages RAM [ 2981.641186][ T4087] 0 pages HighMem/MovableOnly [ 2981.651849][ T4087] 344068 pages reserved [ 2981.657282][ T4087] 0 pages cma reserved [ 2981.661370][ T4087] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=18970,uid=0 [ 2981.682648][ T4087] Out of memory: Killed process 18970 (syz-executor.3) total-vm:72980kB, anon-rss:2232kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2981.708978][ T1112] oom_reaper: reaped process 18970 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 16:58:48 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:48 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) 16:58:48 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x5000000, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:48 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000007fffffe00000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:48 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:48 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r2 = socket(0x10, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000040)={@in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x0, 0x9, 0x0, "c17f7d6c7b1283e02c63f25f21550bf70d819c5d5923afb779a532043d33b4c2265e9fe4d62864e47fa42ea4912989f5f8bff3ce0546176a53f990d09c44cf6c28adce18d27ccdb71deb128a39b894fe"}, 0xd8) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xe, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:58:48 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) 16:58:48 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) 16:58:49 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000100feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:49 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:49 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000200feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2984.138623][ T3131] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 16:58:49 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) [ 2984.283349][ T3131] CPU: 0 PID: 3131 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 2984.291997][ T3131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2984.302169][ T3131] Call Trace: [ 2984.305482][ T3131] dump_stack+0x197/0x210 [ 2984.309808][ T3131] dump_header+0x10b/0x82d [ 2984.314309][ T3131] ? oom_kill_process+0x94/0x420 [ 2984.319248][ T3131] oom_kill_process.cold+0x10/0x15 [ 2984.324525][ T3131] out_of_memory+0x334/0x13c0 [ 2984.329447][ T3131] ? find_held_lock+0x35/0x130 [ 2984.334651][ T3131] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2984.341416][ T3131] ? oom_killer_disable+0x280/0x280 [ 2984.347154][ T3131] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2984.352727][ T3131] ? memcg_oom_wake_function+0x700/0x700 [ 2984.359101][ T3131] ? do_raw_spin_unlock+0x178/0x270 [ 2984.364391][ T3131] ? _raw_spin_unlock+0x28/0x40 [ 2984.369677][ T3131] try_charge+0xf76/0x14d0 [ 2984.374211][ T3131] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2984.380149][ T3131] ? percpu_ref_tryget+0x102/0x230 [ 2984.385280][ T3131] ? rcu_read_lock_held+0x9c/0xb0 [ 2984.390297][ T3131] ? __kasan_check_read+0x11/0x20 [ 2984.395318][ T3131] ? get_mem_cgroup_from_mm+0x151/0x310 [ 2984.400985][ T3131] mem_cgroup_try_charge+0x136/0x590 [ 2984.406263][ T3131] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2984.411975][ T3131] __handle_mm_fault+0x1f1f/0x3da0 [ 2984.417165][ T3131] ? vm_iomap_memory+0x1a0/0x1a0 [ 2984.422106][ T3131] ? handle_mm_fault+0x292/0xa50 [ 2984.427070][ T3131] ? handle_mm_fault+0x7a0/0xa50 [ 2984.432194][ T3131] ? __kasan_check_read+0x11/0x20 [ 2984.437300][ T3131] handle_mm_fault+0x3b2/0xa50 [ 2984.442058][ T3131] __do_page_fault+0x536/0xd80 [ 2984.447179][ T3131] do_page_fault+0x38/0x590 [ 2984.451760][ T3131] page_fault+0x39/0x40 [ 2984.455916][ T3131] RIP: 0033:0x41203f [ 2984.459909][ T3131] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2984.480930][ T3131] RSP: 002b:00007ffc81522140 EFLAGS: 00010206 [ 2984.486991][ T3131] RAX: 00007ff591a03000 RBX: 0000000000020000 RCX: 000000000045a89a [ 2984.494954][ T3131] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2984.503274][ T3131] RBP: 00007ffc81522220 R08: ffffffffffffffff R09: 0000000000000000 [ 2984.511240][ T3131] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc81522310 [ 2984.519213][ T3131] R13: 00007ff591a23700 R14: 0000000000000001 R15: 000000000075bfd4 [ 2984.603910][ T3131] memory: usage 307200kB, limit 307200kB, failcnt 3691 16:58:49 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000002000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) [ 2984.668520][ T3131] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2984.732700][ T3131] Memory cgroup stats for /syz2: [ 2984.732818][ T3131] anon 247160832 [ 2984.732818][ T3131] file 0 [ 2984.732818][ T3131] kernel_stack 10027008 [ 2984.732818][ T3131] slab 16502784 [ 2984.732818][ T3131] sock 0 [ 2984.732818][ T3131] shmem 122880 [ 2984.732818][ T3131] file_mapped 0 [ 2984.732818][ T3131] file_dirty 0 [ 2984.732818][ T3131] file_writeback 0 [ 2984.732818][ T3131] anon_thp 197132288 [ 2984.732818][ T3131] inactive_anon 135168 [ 2984.732818][ T3131] active_anon 247160832 [ 2984.732818][ T3131] inactive_file 65536 [ 2984.732818][ T3131] active_file 0 [ 2984.732818][ T3131] unevictable 0 [ 2984.732818][ T3131] slab_reclaimable 2973696 [ 2984.732818][ T3131] slab_unreclaimable 13529088 [ 2984.732818][ T3131] pgfault 185823 [ 2984.732818][ T3131] pgmajfault 0 [ 2984.732818][ T3131] workingset_refault 759 [ 2984.732818][ T3131] workingset_activate 330 [ 2984.732818][ T3131] workingset_nodereclaim 0 [ 2984.732818][ T3131] pgrefill 15956 [ 2984.732818][ T3131] pgscan 51846 [ 2984.732818][ T3131] pgsteal 2216 [ 2985.097720][ T3131] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=3122,uid=0 [ 2985.124330][ T3131] Memory cgroup out of memory: Killed process 3122 (syz-executor.2) total-vm:72716kB, anon-rss:2216kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2987.496359][ T1112] oom_reaper: reaped process 3109 (syz-executor.3), now anon-rss:0kB, file-rss:34804kB, shmem-rss:0kB [ 2987.754032][ T3139] syz-executor.3 invoked oom-killer: gfp_mask=0x2cc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 2987.769148][ T3139] CPU: 1 PID: 3139 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 2987.778207][ T3139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2987.788554][ T3139] Call Trace: [ 2987.792047][ T3139] dump_stack+0x197/0x210 [ 2987.796429][ T3139] dump_header+0x10b/0x82d [ 2987.800878][ T3139] oom_kill_process.cold+0x10/0x15 [ 2987.806023][ T3139] out_of_memory+0x334/0x13c0 [ 2987.810900][ T3139] ? oom_killer_disable+0x280/0x280 [ 2987.816724][ T3139] ? mutex_trylock+0x264/0x2f0 [ 2987.821583][ T3139] ? __alloc_pages_slowpath+0xca3/0x2920 [ 2987.827241][ T3139] __alloc_pages_slowpath+0x222b/0x2920 [ 2987.832854][ T3139] ? warn_alloc+0x110/0x110 [ 2987.837372][ T3139] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2987.843627][ T3139] ? should_fail+0x1de/0x852 [ 2987.848284][ T3139] ? __kasan_check_read+0x11/0x20 [ 2987.853324][ T3139] __alloc_pages_nodemask+0x646/0x910 [ 2987.858720][ T3139] ? retint_kernel+0x2b/0x2b [ 2987.863465][ T3139] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2987.869382][ T3139] ? __sanitizer_cov_trace_const_cmp2+0x1/0x20 [ 2987.875556][ T3139] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2987.881809][ T3139] alloc_pages_current+0x107/0x210 [ 2987.886930][ T3139] ? ___might_sleep+0x163/0x2c0 [ 2987.892180][ T3139] __vmalloc_node_range+0x4f8/0x810 [ 2987.897567][ T3139] ? do_replace_finish+0xe2/0x2220 [ 2987.902803][ T3139] vmalloc+0x6b/0x90 [ 2987.906839][ T3139] ? do_replace_finish+0xe2/0x2220 [ 2987.912168][ T3139] do_replace_finish+0xe2/0x2220 [ 2987.917126][ T3139] ? __might_fault+0x12b/0x1e0 [ 2987.921912][ T3139] ? lock_downgrade+0x920/0x920 [ 2987.926783][ T3139] ? ebt_unregister_table+0x70/0x70 [ 2987.932087][ T3139] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2987.938339][ T3139] ? _copy_from_user+0x12c/0x1a0 [ 2987.943300][ T3139] do_replace+0x30b/0x490 [ 2987.947649][ T3139] ? do_replace_finish+0x2220/0x2220 [ 2987.952974][ T3139] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2987.959226][ T3139] ? ns_capable_common+0x93/0x100 [ 2987.964436][ T3139] do_ebt_set_ctl+0xec/0x110 [ 2987.969044][ T3139] nf_setsockopt+0x77/0xd0 [ 2987.973567][ T3139] ip_setsockopt+0xdf/0x100 [ 2987.978079][ T3139] udp_setsockopt+0x68/0xb0 [ 2987.982596][ T3139] sock_common_setsockopt+0x94/0xd0 [ 2987.987813][ T3139] __sys_setsockopt+0x261/0x4c0 [ 2987.992950][ T3139] ? sock_create_kern+0x50/0x50 [ 2987.998039][ T3139] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2988.003503][ T3139] ? do_syscall_64+0x26/0x790 [ 2988.008366][ T3139] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2988.014538][ T3139] ? do_syscall_64+0x26/0x790 [ 2988.019341][ T3139] __x64_sys_setsockopt+0xbe/0x150 [ 2988.024491][ T3139] do_syscall_64+0xfa/0x790 [ 2988.029161][ T3139] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2988.035070][ T3139] RIP: 0033:0x45a849 [ 2988.039003][ T3139] Code: Bad RIP value. [ 2988.044904][ T3139] RSP: 002b:00007fc34270cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2988.053789][ T3139] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a849 [ 2988.061785][ T3139] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000006 [ 2988.069975][ T3139] RBP: 000000000075c070 R08: 0000000000000258 R09: 0000000000000000 [ 2988.077983][ T3139] R10: 00000000200002c0 R11: 0000000000000246 R12: 00007fc34270d6d4 [ 2988.085973][ T3139] R13: 00000000004c9bfa R14: 00000000004e1c58 R15: 00000000ffffffff [ 2988.097012][ T3139] Mem-Info: [ 2988.100178][ T3139] active_anon:360125 inactive_anon:214 isolated_anon:0 [ 2988.100178][ T3139] active_file:89 inactive_file:148 isolated_file:32 [ 2988.100178][ T3139] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2988.100178][ T3139] slab_reclaimable:16038 slab_unreclaimable:105889 [ 2988.100178][ T3139] mapped:52446 shmem:284 pagetables:31858 bounce:0 [ 2988.100178][ T3139] free:13935 free_pcp:187 free_cma:0 [ 2988.137890][ T3139] Node 0 active_anon:1325324kB inactive_anon:836kB active_file:320kB inactive_file:512kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:209784kB dirty:0kB writeback:0kB shmem:1116kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 694272kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2988.166854][ T3139] Node 1 active_anon:115176kB inactive_anon:20kB active_file:36kB inactive_file:80kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:20kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2988.194500][ T3139] Node 0 DMA free:10244kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1620kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:52kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2988.262523][ T3139] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 2988.268518][ T3139] Node 0 DMA32 free:17988kB min:36104kB low:45128kB high:54152kB reserved_highatomic:0KB active_anon:1323704kB inactive_anon:836kB active_file:448kB inactive_file:412kB unevictable:0kB writepending:0kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31600kB pagetables:80968kB bounce:0kB free_pcp:512kB local_pcp:236kB free_cma:0kB [ 2988.312076][ T3139] lowmem_reserve[]: 0 0 0 0 0 [ 2988.316968][ T3139] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2988.347064][ T3139] lowmem_reserve[]: 0 0 0 0 0 [ 2988.351911][ T3139] Node 1 Normal free:26836kB min:53780kB low:67224kB high:80668kB reserved_highatomic:0KB active_anon:115176kB inactive_anon:20kB active_file:36kB inactive_file:80kB unevictable:0kB writepending:0kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14352kB pagetables:46412kB bounce:0kB free_pcp:280kB local_pcp:0kB free_cma:0kB [ 2988.385649][ T3139] lowmem_reserve[]: 0 0 0 0 0 [ 2988.390385][ T3139] Node 0 DMA: 13*4kB (ME) 30*8kB (UME) 28*16kB (UME) 9*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10244kB [ 2988.407071][ T3139] Node 0 DMA32: 3715*4kB (UME) 453*8kB (UM) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18484kB [ 2988.432522][ T3139] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2988.452566][ T3139] Node 1 Normal: 1376*4kB (ME) 263*8kB (UME) 86*16kB (UME) 50*32kB (UME) 35*64kB (UME) 20*128kB (ME) 16*256kB (UME) 13*512kB (ME) 1*1024kB (U) 0*2048kB 0*4096kB = 27160kB [ 2988.498524][ T3139] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2988.557939][ T3139] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2988.619236][ T3139] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2988.683284][ T3139] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2988.752548][ T3139] 510 total pagecache pages [ 2988.757540][ T3139] 0 pages in swap cache [ 2988.761808][ T3139] Swap cache stats: add 0, delete 0, find 0/0 [ 2988.787131][ T3139] Free swap = 0kB [ 2988.791077][ T3139] Total swap = 0kB [ 2988.795538][ T3139] 1965979 pages RAM [ 2988.799354][ T3139] 0 pages HighMem/MovableOnly [ 2988.804335][ T3139] 344068 pages reserved [ 2988.808504][ T3139] 0 pages cma reserved [ 2988.812863][ T3139] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,global_oom,task_memcg=/syz5,task=syz-executor.5,pid=1623,uid=0 [ 2988.829646][ T3139] Out of memory: Killed process 1623 (syz-executor.5) total-vm:72848kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2988.848944][ T1112] oom_reaper: reaped process 1623 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2988.876111][ T3109] syz-executor.3 invoked oom-killer: gfp_mask=0x2cc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 2988.895977][ T3109] CPU: 1 PID: 3109 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 2988.904687][ T3109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2988.914840][ T3109] Call Trace: [ 2988.918151][ T3109] dump_stack+0x197/0x210 [ 2988.922611][ T3109] dump_header+0x10b/0x82d [ 2988.927081][ T3109] oom_kill_process.cold+0x10/0x15 [ 2988.932210][ T3109] out_of_memory+0x334/0x13c0 [ 2988.936916][ T3109] ? oom_killer_disable+0x280/0x280 [ 2988.942334][ T3109] ? mutex_trylock+0x264/0x2f0 [ 2988.947400][ T3109] ? __alloc_pages_slowpath+0xca3/0x2920 [ 2988.953396][ T3109] __alloc_pages_slowpath+0x222b/0x2920 [ 2988.958985][ T3109] ? warn_alloc+0x110/0x110 [ 2988.963507][ T3109] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2988.969961][ T3109] ? should_fail+0x1de/0x852 [ 2988.974599][ T3109] ? __kasan_check_read+0x11/0x20 [ 2988.980087][ T3109] __alloc_pages_nodemask+0x646/0x910 [ 2988.985587][ T3109] ? retint_kernel+0x2b/0x2b [ 2988.990251][ T3109] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2989.001720][ T3109] ? __sanitizer_cov_trace_pc+0x3b/0x50 [ 2989.008774][ T3109] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2989.015248][ T3109] alloc_pages_current+0x107/0x210 [ 2989.020655][ T3109] ? ___might_sleep+0x163/0x2c0 [ 2989.025631][ T3109] __vmalloc_node_range+0x4f8/0x810 [ 2989.031132][ T3109] ? do_replace_finish+0xe2/0x2220 [ 2989.036267][ T3109] vmalloc+0x6b/0x90 [ 2989.040288][ T3109] ? do_replace_finish+0xe2/0x2220 [ 2989.045420][ T3109] do_replace_finish+0xe2/0x2220 [ 2989.050454][ T3109] ? __might_fault+0x12b/0x1e0 [ 2989.055234][ T3109] ? lock_downgrade+0x920/0x920 [ 2989.060100][ T3109] ? ebt_unregister_table+0x70/0x70 [ 2989.065331][ T3109] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2989.071665][ T3109] ? _copy_from_user+0x12c/0x1a0 [ 2989.076614][ T3109] do_replace+0x30b/0x490 [ 2989.080959][ T3109] ? do_replace_finish+0x2220/0x2220 [ 2989.086398][ T3109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2989.092667][ T3109] ? ns_capable_common+0x93/0x100 [ 2989.097711][ T3109] do_ebt_set_ctl+0xec/0x110 [ 2989.102325][ T3109] nf_setsockopt+0x77/0xd0 [ 2989.106760][ T3109] ip_setsockopt+0xdf/0x100 [ 2989.111284][ T3109] udp_setsockopt+0x68/0xb0 [ 2989.115796][ T3109] sock_common_setsockopt+0x94/0xd0 [ 2989.121005][ T3109] __sys_setsockopt+0x261/0x4c0 [ 2989.125879][ T3109] ? sock_create_kern+0x50/0x50 [ 2989.130773][ T3109] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2989.136265][ T3109] ? do_syscall_64+0x26/0x790 [ 2989.141064][ T3109] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2989.147253][ T3109] ? do_syscall_64+0x26/0x790 [ 2989.151955][ T3109] __x64_sys_setsockopt+0xbe/0x150 [ 2989.157112][ T3109] do_syscall_64+0xfa/0x790 [ 2989.161640][ T3109] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2989.167630][ T3109] RIP: 0033:0x45a849 [ 2989.171545][ T3109] Code: Bad RIP value. [ 2989.175616][ T3109] RSP: 002b:00007fc34274ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2989.184038][ T3109] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a849 [ 2989.192018][ T3109] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000006 [ 2989.200026][ T3109] RBP: 000000000075bf20 R08: 0000000000000258 R09: 0000000000000000 [ 2989.208135][ T3109] R10: 00000000200002c0 R11: 0000000000000246 R12: 00007fc34274f6d4 [ 2989.216123][ T3109] R13: 00000000004c9bfa R14: 00000000004e1c58 R15: 00000000ffffffff [ 2989.236725][ T3109] Mem-Info: [ 2989.239902][ T3109] active_anon:359582 inactive_anon:214 isolated_anon:0 [ 2989.239902][ T3109] active_file:87 inactive_file:26 isolated_file:6 [ 2989.239902][ T3109] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2989.239902][ T3109] slab_reclaimable:15988 slab_unreclaimable:105879 [ 2989.239902][ T3109] mapped:52317 shmem:284 pagetables:31831 bounce:0 [ 2989.239902][ T3109] free:13868 free_pcp:142 free_cma:0 [ 2989.278414][ T3109] Node 0 active_anon:1323276kB inactive_anon:836kB active_file:440kB inactive_file:76kB unevictable:0kB isolated(anon):0kB isolated(file):24kB mapped:209268kB dirty:0kB writeback:0kB shmem:1116kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 692224kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2989.307260][ T3109] Node 1 active_anon:115052kB inactive_anon:20kB active_file:8kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:20kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2989.335033][ T3109] Node 0 DMA free:10276kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1620kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:52kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2989.367187][ T3109] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 2989.372981][ T3109] Node 0 DMA32 free:17836kB min:36104kB low:45128kB high:54152kB reserved_highatomic:0KB active_anon:1321656kB inactive_anon:836kB active_file:340kB inactive_file:188kB unevictable:0kB writepending:0kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31600kB pagetables:80968kB bounce:0kB free_pcp:1076kB local_pcp:320kB free_cma:0kB [ 2989.405869][ T3109] lowmem_reserve[]: 0 0 0 0 0 [ 2989.410588][ T3109] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2989.446808][ T3109] lowmem_reserve[]: 0 0 0 0 0 [ 2989.451752][ T3109] Node 1 Normal free:26704kB min:53780kB low:67224kB high:80668kB reserved_highatomic:0KB active_anon:115052kB inactive_anon:20kB active_file:8kB inactive_file:28kB unevictable:0kB writepending:0kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14352kB pagetables:46304kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2989.493552][ T3109] lowmem_reserve[]: 0 0 0 0 0 [ 2989.498308][ T3109] Node 0 DMA: 14*4kB (UME) 28*8kB (UME) 29*16kB (UME) 9*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10248kB [ 2989.542512][ T3109] Node 0 DMA32: 3589*4kB (UME) 451*8kB (UME) 2*16kB (UE) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17996kB [ 2989.572554][ T3109] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2989.593255][ T3109] Node 1 Normal: 1415*4kB (UME) 270*8kB (UME) 107*16kB (UME) 50*32kB (UME) 34*64kB (ME) 21*128kB (UME) 15*256kB (ME) 14*512kB (UME) 0*1024kB 0*2048kB 0*4096kB = 27004kB [ 2989.632540][ T3109] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2989.652548][ T3109] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2989.662586][ T3109] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2989.672165][ T3109] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2989.689619][ T3109] 377 total pagecache pages [ 2989.694410][ T3109] 0 pages in swap cache [ 2989.698584][ T3109] Swap cache stats: add 0, delete 0, find 0/0 [ 2989.712740][ T3109] Free swap = 0kB [ 2989.729696][ T3109] Total swap = 0kB [ 2989.734011][ T3109] 1965979 pages RAM [ 2989.737847][ T3109] 0 pages HighMem/MovableOnly [ 2989.783013][ T3109] 344068 pages reserved [ 2989.799255][ T3109] 0 pages cma reserved [ 2989.812843][ T3109] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,global_oom,task_memcg=/syz5,task=syz-executor.5,pid=26228,uid=0 [ 2989.829640][ T3109] Out of memory: Killed process 26228 (syz-executor.5) total-vm:72848kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2989.863711][ T3109] warn_alloc: 1 callbacks suppressed [ 2989.863735][ T3109] syz-executor.3: vmalloc: allocation failure, allocated 1011679232 of 1342181376 bytes, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 2989.886621][ T3109] CPU: 1 PID: 3109 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 2989.895440][ T3109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2989.905912][ T3109] Call Trace: [ 2989.909363][ T3109] dump_stack+0x197/0x210 [ 2989.913710][ T3109] warn_alloc.cold+0x87/0x164 [ 2989.918396][ T3109] ? zone_watermark_ok_safe+0x260/0x260 [ 2989.924060][ T3109] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2989.929883][ T3109] ? __sanitizer_cov_trace_pc+0x3b/0x50 [ 2989.935777][ T3109] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2989.942061][ T3109] __vmalloc_node_range+0x5ad/0x810 [ 2989.947658][ T3109] ? do_replace_finish+0xe2/0x2220 [ 2989.952829][ T3109] vmalloc+0x6b/0x90 [ 2989.956754][ T3109] ? do_replace_finish+0xe2/0x2220 [ 2989.961991][ T3109] do_replace_finish+0xe2/0x2220 [ 2989.966955][ T3109] ? __might_fault+0x12b/0x1e0 [ 2989.971767][ T3109] ? lock_downgrade+0x920/0x920 [ 2989.976754][ T3109] ? ebt_unregister_table+0x70/0x70 [ 2989.982178][ T3109] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2989.988471][ T3109] ? _copy_from_user+0x12c/0x1a0 [ 2989.993453][ T3109] do_replace+0x30b/0x490 [ 2989.998129][ T3109] ? do_replace_finish+0x2220/0x2220 [ 2990.003462][ T3109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2990.009806][ T3109] ? ns_capable_common+0x93/0x100 [ 2990.014944][ T3109] do_ebt_set_ctl+0xec/0x110 [ 2990.019571][ T3109] nf_setsockopt+0x77/0xd0 [ 2990.024461][ T3109] ip_setsockopt+0xdf/0x100 [ 2990.028978][ T3109] udp_setsockopt+0x68/0xb0 [ 2990.033502][ T3109] sock_common_setsockopt+0x94/0xd0 [ 2990.038812][ T3109] __sys_setsockopt+0x261/0x4c0 [ 2990.043701][ T3109] ? sock_create_kern+0x50/0x50 [ 2990.048589][ T3109] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2990.054080][ T3109] ? do_syscall_64+0x26/0x790 [ 2990.058781][ T3109] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2990.064878][ T3109] ? do_syscall_64+0x26/0x790 [ 2990.069715][ T3109] __x64_sys_setsockopt+0xbe/0x150 [ 2990.074930][ T3109] do_syscall_64+0xfa/0x790 [ 2990.079532][ T3109] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2990.085422][ T3109] RIP: 0033:0x45a849 [ 2990.089360][ T3109] Code: Bad RIP value. [ 2990.093418][ T3109] RSP: 002b:00007fc34274ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2990.102011][ T3109] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a849 [ 2990.110336][ T3109] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000006 [ 2990.118330][ T3109] RBP: 000000000075bf20 R08: 0000000000000258 R09: 0000000000000000 [ 2990.126509][ T3109] R10: 00000000200002c0 R11: 0000000000000246 R12: 00007fc34274f6d4 [ 2990.134523][ T3109] R13: 00000000004c9bfa R14: 00000000004e1c58 R15: 00000000ffffffff [ 2990.143655][ T3109] Mem-Info: [ 2990.146856][ T3109] active_anon:359040 inactive_anon:214 isolated_anon:0 [ 2990.146856][ T3109] active_file:53 inactive_file:23 isolated_file:1 [ 2990.146856][ T3109] unevictable:0 dirty:0 writeback:4 unstable:0 [ 2990.146856][ T3109] slab_reclaimable:15983 slab_unreclaimable:105360 [ 2990.146856][ T3109] mapped:52261 shmem:284 pagetables:31805 bounce:0 [ 2990.146856][ T3109] free:14176 free_pcp:181 free_cma:0 [ 2990.174897][ T9133] rsyslogd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2990.198456][ T3109] Node 0 active_anon:1321208kB inactive_anon:836kB active_file:80kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):4kB mapped:208944kB dirty:0kB writeback:12kB shmem:1116kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 692224kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2990.205699][ T9133] CPU: 1 PID: 9133 Comm: rsyslogd Not tainted 5.5.0-rc1-syzkaller #0 [ 2990.236149][ T9133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2990.246433][ T9133] Call Trace: [ 2990.249947][ T9133] dump_stack+0x197/0x210 [ 2990.254320][ T9133] dump_header+0x10b/0x82d [ 2990.255088][ T3109] Node 1 active_anon:114952kB inactive_anon:20kB active_file:0kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:4kB shmem:20kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2990.258834][ T9133] ? oom_kill_process+0x94/0x420 [ 2990.258853][ T9133] oom_kill_process.cold+0x10/0x15 [ 2990.297469][ T9133] out_of_memory+0x334/0x13c0 [ 2990.302258][ T9133] ? oom_killer_disable+0x280/0x280 [ 2990.307566][ T9133] ? mutex_trylock+0x264/0x2f0 [ 2990.310237][ T3109] Node 0 DMA free:10252kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1620kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:48kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2990.312415][ T9133] ? __alloc_pages_slowpath+0xca3/0x2920 [ 2990.312435][ T9133] __alloc_pages_slowpath+0x222b/0x2920 [ 2990.353696][ T9133] ? warn_alloc+0x110/0x110 [ 2990.358221][ T9133] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2990.364487][ T9133] ? should_fail+0x1de/0x852 [ 2990.367094][ T3109] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 2990.369354][ T9133] ? __kasan_check_read+0x11/0x20 [ 2990.378283][ T3109] Node 0 DMA32 free:20992kB min:40200kB low:49224kB high:58248kB reserved_highatomic:0KB active_anon:1319604kB inactive_anon:836kB active_file:80kB inactive_file:68kB unevictable:0kB writepending:12kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31600kB pagetables:80968kB bounce:0kB free_pcp:24kB local_pcp:16kB free_cma:0kB [ 2990.380153][ T9133] __alloc_pages_nodemask+0x646/0x910 [ 2990.417401][ T9133] ? xas_descend+0x144/0x370 [ 2990.422004][ T9133] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2990.427876][ T9133] ? __kasan_check_read+0x11/0x20 [ 2990.433006][ T9133] ? find_get_entry+0x4a6/0x7a0 [ 2990.433933][ T3109] lowmem_reserve[]: 0 0 0 0 0 [ 2990.437875][ T9133] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2990.448816][ T9133] alloc_pages_current+0x107/0x210 [ 2990.453970][ T9133] __page_cache_alloc+0x29d/0x490 [ 2990.454158][ T3109] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2990.459027][ T9133] pagecache_get_page+0x27e/0x9e0 [ 2990.492534][ T9133] ? __kasan_check_read+0x11/0x20 [ 2990.497578][ T9133] filemap_fault+0x9b1/0x3180 [ 2990.501587][ T3109] lowmem_reserve[]: 0 0 0 0 0 [ 2990.502263][ T9133] ? mark_held_locks+0xf0/0xf0 [ 2990.512037][ T9133] ? read_cache_page_gfp+0x30/0x30 [ 2990.517179][ T9133] ? __kasan_check_write+0x14/0x20 [ 2990.520106][ T3109] Node 1 Normal free:26988kB min:53780kB low:67224kB high:80668kB reserved_highatomic:0KB active_anon:114952kB inactive_anon:20kB active_file:0kB inactive_file:24kB unevictable:0kB writepending:4kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14320kB pagetables:46204kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2990.522304][ T9133] ? down_read+0x109/0x430 [ 2990.558582][ T9133] ? down_read_killable+0x490/0x490 [ 2990.564066][ T9133] ? find_lock_entry+0x650/0x650 [ 2990.569011][ T9133] ? pmd_val+0x85/0x100 [ 2990.573203][ T9133] ext4_filemap_fault+0x86/0xb2 [ 2990.578079][ T9133] __do_fault+0x111/0x540 [ 2990.579360][ T3109] lowmem_reserve[]: 0 0 0 0 0 [ 2990.582434][ T9133] __handle_mm_fault+0x2943/0x3da0 [ 2990.587359][ T3109] Node 0 DMA: 17*4kB (UME) 29*8kB (UME) 29*16kB (UME) 9*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10268kB [ 2990.592647][ T9133] ? vm_iomap_memory+0x1a0/0x1a0 [ 2990.592663][ T9133] ? handle_mm_fault+0x292/0xa50 [ 2990.592685][ T9133] ? handle_mm_fault+0x7a0/0xa50 [ 2990.592702][ T9133] ? __kasan_check_read+0x11/0x20 [ 2990.592722][ T9133] handle_mm_fault+0x3b2/0xa50 [ 2990.592747][ T9133] __do_page_fault+0x536/0xd80 [ 2990.592769][ T9133] ? page_fault+0x16/0x40 [ 2990.592793][ T9133] do_page_fault+0x38/0x590 [ 2990.592809][ T9133] page_fault+0x39/0x40 [ 2990.592821][ T9133] RIP: 0033:0x7f3b68e4f1fd [ 2990.592847][ T9133] Code: Bad RIP value. [ 2990.640583][ T3109] Node 0 DMA32: 3672*4kB (ME) 468*8kB (UME) 2*16kB (U) 0*32kB 1*64kB (U) 0*128kB 1*256kB (U) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 20320kB [ 2990.643183][ T9133] RSP: 002b:00007f3b663eee30 EFLAGS: 00010293 [ 2990.643202][ T9133] RAX: 000000000000007e RBX: 0000000000d76650 RCX: 00007f3b68e4f1fd [ 2990.643209][ T9133] RDX: 0000000000000fff RSI: 00007f3b67c235a0 RDI: 0000000000000004 [ 2990.643216][ T9133] RBP: 0000000000000000 R08: 0000000000d61260 R09: 0000000000000000 [ 2990.643224][ T9133] R10: 203a7463656a626f R11: 0000000000000293 R12: 000000000065e420 [ 2990.643231][ T9133] R13: 00007f3b663ef9c0 R14: 00007f3b69494040 R15: 0000000000000003 [ 2990.812610][ T3109] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2990.827809][ T3109] Node 1 Normal: 1451*4kB (UME) 275*8kB (ME) 88*16kB (UME) 50*32kB (UME) 34*64kB (ME) 21*128kB (UME) 15*256kB (ME) 14*512kB (UME) 0*1024kB 0*2048kB 0*4096kB = 26884kB [ 2990.845552][ T3109] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2990.845821][ T9133] Mem-Info: [ 2990.855260][ T3109] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2990.855273][ T3109] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2990.855283][ T3109] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2990.855290][ T3109] 357 total pagecache pages [ 2990.855298][ T3109] 0 pages in swap cache [ 2990.855307][ T3109] Swap cache stats: add 0, delete 0, find 0/0 [ 2990.855311][ T3109] Free swap = 0kB [ 2990.855316][ T3109] Total swap = 0kB [ 2990.855326][ T3109] 1965979 pages RAM [ 2990.855330][ T3109] 0 pages HighMem/MovableOnly [ 2990.855336][ T3109] 344068 pages reserved [ 2990.855341][ T3109] 0 pages cma reserved [ 2990.935166][ T9133] active_anon:359040 inactive_anon:214 isolated_anon:0 [ 2990.935166][ T9133] active_file:19 inactive_file:0 isolated_file:1 [ 2990.935166][ T9133] unevictable:0 dirty:0 writeback:4 unstable:0 [ 2990.935166][ T9133] slab_reclaimable:15983 slab_unreclaimable:105357 [ 2990.935166][ T9133] mapped:52236 shmem:284 pagetables:31805 bounce:0 [ 2990.935166][ T9133] free:13797 free_pcp:129 free_cma:0 [ 2990.980721][ T9133] Node 0 active_anon:1321208kB inactive_anon:836kB active_file:80kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):4kB mapped:208944kB dirty:0kB writeback:12kB shmem:1116kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 692224kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2991.016869][ T9133] Node 1 active_anon:114944kB inactive_anon:20kB active_file:12kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:20kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2991.054700][ T9133] Node 0 DMA free:10248kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1604kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:48kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2991.102666][ T9133] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 2991.108463][ T9133] Node 0 DMA32 free:17948kB min:36104kB low:45128kB high:54152kB reserved_highatomic:0KB active_anon:1319604kB inactive_anon:836kB active_file:92kB inactive_file:16kB unevictable:0kB writepending:0kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31600kB pagetables:80968kB bounce:0kB free_pcp:548kB local_pcp:308kB free_cma:0kB [ 2991.233117][ T9133] lowmem_reserve[]: 0 0 0 0 0 [ 2991.237884][ T9133] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2991.318791][ T9133] lowmem_reserve[]: 0 0 0 0 0 [ 2991.352521][ T9133] Node 1 Normal free:26884kB min:53780kB low:67224kB high:80668kB reserved_highatomic:0KB active_anon:114944kB inactive_anon:20kB active_file:12kB inactive_file:8kB unevictable:0kB writepending:0kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14288kB pagetables:46200kB bounce:0kB free_pcp:32kB local_pcp:0kB free_cma:0kB [ 2991.402542][ T9133] lowmem_reserve[]: 0 0 0 0 0 [ 2991.407405][ T9133] Node 0 DMA: 16*4kB (UME) 27*8kB (UME) 29*16kB (UME) 9*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10248kB [ 2991.472554][ T9133] Node 0 DMA32: 3625*4kB (UME) 420*8kB (UM) 0*16kB 0*32kB 0*64kB 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17988kB [ 2991.492537][ T9133] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2991.525186][ T9133] Node 1 Normal: 1451*4kB (UME) 278*8kB (UME) 90*16kB (UME) 50*32kB (UME) 34*64kB (ME) 21*128kB (UME) 15*256kB (ME) 14*512kB (UME) 0*1024kB 0*2048kB 0*4096kB = 26940kB [ 2991.562577][ T9133] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2991.572377][ T9133] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2991.610232][ T9133] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2991.642551][ T9133] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2991.651980][ T9133] 316 total pagecache pages [ 2991.671074][ T9133] 0 pages in swap cache [ 2991.681852][ T9133] Swap cache stats: add 0, delete 0, find 0/0 [ 2991.696743][ T9133] Free swap = 0kB [ 2991.700623][ T9133] Total swap = 0kB [ 2991.722605][ T9133] 1965979 pages RAM [ 2991.726589][ T9133] 0 pages HighMem/MovableOnly [ 2991.732139][ T9133] 344068 pages reserved [ 2991.743851][ T9133] 0 pages cma reserved [ 2991.748083][ T9133] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/syz5,task=syz-executor.5,pid=5029,uid=0 [ 2991.791113][ T9133] Out of memory: Killed process 5029 (syz-executor.5) total-vm:72848kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2991.897306][ T9133] rsyslogd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2991.912593][ T9133] CPU: 1 PID: 9133 Comm: rsyslogd Not tainted 5.5.0-rc1-syzkaller #0 [ 2991.920744][ T9133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2991.930819][ T9133] Call Trace: [ 2991.934134][ T9133] dump_stack+0x197/0x210 [ 2991.938620][ T9133] dump_header+0x10b/0x82d [ 2991.943075][ T9133] ? oom_kill_process+0x94/0x420 [ 2991.948021][ T9133] oom_kill_process.cold+0x10/0x15 [ 2991.953151][ T9133] out_of_memory+0x334/0x13c0 [ 2991.957872][ T9133] ? oom_killer_disable+0x280/0x280 [ 2991.963084][ T9133] ? mutex_trylock+0x264/0x2f0 [ 2991.967948][ T9133] ? __alloc_pages_slowpath+0xca3/0x2920 [ 2991.973599][ T9133] __alloc_pages_slowpath+0x222b/0x2920 [ 2991.979176][ T9133] ? warn_alloc+0x110/0x110 [ 2991.983688][ T9133] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2991.990037][ T9133] ? should_fail+0x1de/0x852 [ 2991.994832][ T9133] ? __kasan_check_read+0x11/0x20 [ 2991.999901][ T9133] __alloc_pages_nodemask+0x646/0x910 [ 2992.005307][ T9133] ? xas_descend+0x144/0x370 [ 2992.010106][ T9133] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2992.015943][ T9133] ? __kasan_check_read+0x11/0x20 [ 2992.020993][ T9133] ? find_get_entry+0x4a6/0x7a0 [ 2992.025867][ T9133] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2992.032244][ T9133] alloc_pages_current+0x107/0x210 [ 2992.037376][ T9133] __page_cache_alloc+0x29d/0x490 [ 2992.042503][ T9133] pagecache_get_page+0x27e/0x9e0 [ 2992.047569][ T9133] ? __kasan_check_read+0x11/0x20 [ 2992.052607][ T9133] filemap_fault+0x9b1/0x3180 [ 2992.057299][ T9133] ? mark_held_locks+0xf0/0xf0 [ 2992.062091][ T9133] ? read_cache_page_gfp+0x30/0x30 [ 2992.067431][ T9133] ? __kasan_check_write+0x14/0x20 [ 2992.072566][ T9133] ? down_read+0x109/0x430 [ 2992.076994][ T9133] ? down_read_killable+0x490/0x490 [ 2992.082325][ T9133] ? find_lock_entry+0x650/0x650 [ 2992.087377][ T9133] ? pmd_val+0x85/0x100 [ 2992.091642][ T9133] ext4_filemap_fault+0x86/0xb2 [ 2992.096501][ T9133] __do_fault+0x111/0x540 [ 2992.100873][ T9133] __handle_mm_fault+0x2943/0x3da0 [ 2992.106002][ T9133] ? vm_iomap_memory+0x1a0/0x1a0 [ 2992.110952][ T9133] ? handle_mm_fault+0x292/0xa50 [ 2992.115927][ T9133] ? handle_mm_fault+0x7a0/0xa50 [ 2992.120873][ T9133] ? __kasan_check_read+0x11/0x20 [ 2992.126034][ T9133] handle_mm_fault+0x3b2/0xa50 [ 2992.130821][ T9133] __do_page_fault+0x536/0xd80 [ 2992.135605][ T9133] ? page_fault+0x16/0x40 [ 2992.140997][ T9133] do_page_fault+0x38/0x590 [ 2992.145687][ T9133] page_fault+0x39/0x40 [ 2992.149940][ T9133] RIP: 0033:0x7f3b68e4f1fd [ 2992.154456][ T9133] Code: Bad RIP value. [ 2992.158527][ T9133] RSP: 002b:00007f3b663eee30 EFLAGS: 00010293 [ 2992.164600][ T9133] RAX: 000000000000007e RBX: 0000000000d76650 RCX: 00007f3b68e4f1fd [ 2992.172579][ T9133] RDX: 0000000000000fff RSI: 00007f3b67c235a0 RDI: 0000000000000004 [ 2992.180573][ T9133] RBP: 0000000000000000 R08: 0000000000d61260 R09: 0000000000000000 [ 2992.188741][ T9133] R10: 203a7463656a626f R11: 0000000000000293 R12: 000000000065e420 [ 2992.196932][ T9133] R13: 00007f3b663ef9c0 R14: 00007f3b69494040 R15: 0000000000000003 [ 2992.256911][ T9133] Mem-Info: [ 2992.260203][ T9133] active_anon:358495 inactive_anon:214 isolated_anon:0 [ 2992.260203][ T9133] active_file:14 inactive_file:17 isolated_file:0 [ 2992.260203][ T9133] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2992.260203][ T9133] slab_reclaimable:15970 slab_unreclaimable:104735 [ 2992.260203][ T9133] mapped:52226 shmem:284 pagetables:31777 bounce:0 [ 2992.260203][ T9133] free:13778 free_pcp:192 free_cma:0 [ 2992.312549][ T9133] Node 0 active_anon:1319148kB inactive_anon:836kB active_file:48kB inactive_file:56kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:0kB writeback:0kB shmem:1116kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 688128kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2992.372567][ T9133] Node 1 active_anon:114832kB inactive_anon:20kB active_file:8kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:20kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2992.416099][ T9133] Node 0 DMA free:10244kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1604kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:40kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2992.453355][ T9133] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 2992.459239][ T9133] Node 0 DMA32 free:71364kB min:38152kB low:47176kB high:56200kB reserved_highatomic:0KB active_anon:1317544kB inactive_anon:836kB active_file:48kB inactive_file:156kB unevictable:0kB writepending:0kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31600kB pagetables:80968kB bounce:0kB free_pcp:1696kB local_pcp:232kB free_cma:0kB [ 2992.504927][ T9133] lowmem_reserve[]: 0 0 0 0 0 [ 2992.509683][ T9133] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2992.547270][ T9133] lowmem_reserve[]: 0 0 0 0 0 [ 2992.552043][ T9133] Node 1 Normal free:55544kB min:53780kB low:67224kB high:80668kB reserved_highatomic:0KB active_anon:114832kB inactive_anon:20kB active_file:8kB inactive_file:12kB unevictable:0kB writepending:0kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14256kB pagetables:46100kB bounce:0kB free_pcp:1444kB local_pcp:0kB free_cma:0kB [ 2992.590601][ T9133] lowmem_reserve[]: 0 0 0 0 0 [ 2992.595563][ T9133] Node 0 DMA: 79*4kB (UME) 27*8kB (UME) 29*16kB (UME) 9*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10500kB [ 2992.619012][ T9133] Node 0 DMA32: 2953*4kB (UME) 5326*8kB (UM) 791*16kB (UM) 143*32kB (U) 86*64kB (U) 30*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 80996kB [ 2992.641321][ T9133] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2992.662790][ T9133] Node 1 Normal: 2517*4kB (UME) 1602*8kB (UME) 2808*16kB (UME) 704*32kB (UME) 38*64kB (UME) 23*128kB (UME) 16*256kB (UME) 14*512kB (UME) 0*1024kB 0*2048kB 0*4096kB = 106980kB [ 2992.687792][ T9133] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2992.698803][ T9133] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2992.715196][ T9133] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2992.728404][ T9133] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2992.741162][ T9133] 981 total pagecache pages [ 2992.749581][ T9133] 0 pages in swap cache [ 2992.758397][ T9133] Swap cache stats: add 0, delete 0, find 0/0 [ 2992.769708][ T9133] Free swap = 0kB [ 2992.776875][ T9133] Total swap = 0kB [ 2992.780642][ T9133] 1965979 pages RAM [ 2992.787990][ T9133] 0 pages HighMem/MovableOnly [ 2992.796322][ T9133] 344068 pages reserved [ 2992.800505][ T9133] 0 pages cma reserved [ 2992.808098][ T9133] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/syz5,task=syz-executor.5,pid=2696,uid=0 [ 2992.829950][ T9133] Out of memory: Killed process 2696 (syz-executor.5) total-vm:72848kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2993.124490][ T3139] BUG: sleeping function called from invalid context at mm/page_alloc.c:4695 [ 2993.134496][ T3139] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3139, name: syz-executor.3 [ 2993.143982][ T3139] 2 locks held by syz-executor.3/3139: [ 2993.149442][ T3139] #0: ffffffff89a40820 (vmap_purge_lock){+.+.}, at: free_vmap_area_noflush+0x2a6/0x390 [ 2993.159689][ T3139] #1: ffffffff89a409b8 (free_vmap_area_lock){+.+.}, at: __purge_vmap_area_lazy+0x194/0x1ef0 [ 2993.170734][ T3139] Preemption disabled at: [ 2993.170764][ T3139] [] __purge_vmap_area_lazy+0x194/0x1ef0 [ 2993.182404][ T3139] CPU: 1 PID: 3139 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 2993.190997][ T3139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2993.201065][ T3139] Call Trace: [ 2993.204381][ T3139] dump_stack+0x197/0x210 [ 2993.208716][ T3139] ? __purge_vmap_area_lazy+0x194/0x1ef0 [ 2993.214456][ T3139] ___might_sleep.cold+0x1fb/0x23e [ 2993.219630][ T3139] __might_sleep+0x95/0x190 [ 2993.224448][ T3139] __alloc_pages_nodemask+0x523/0x910 [ 2993.229840][ T3139] ? find_held_lock+0x35/0x130 [ 2993.234617][ T3139] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2993.240359][ T3139] ? lock_downgrade+0x920/0x920 [ 2993.245228][ T3139] ? rwlock_bug.part.0+0x90/0x90 [ 2993.250262][ T3139] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2993.256521][ T3139] alloc_pages_current+0x107/0x210 [ 2993.261652][ T3139] __get_free_pages+0xc/0x40 [ 2993.266253][ T3139] __pte_alloc_kernel+0x1d/0x210 [ 2993.271287][ T3139] apply_to_page_range+0x621/0x700 [ 2993.276506][ T3139] ? __kasan_slab_free+0x150/0x150 [ 2993.281632][ T3139] kasan_release_vmalloc+0xa9/0xc0 [ 2993.287056][ T3139] __purge_vmap_area_lazy+0xca5/0x1ef0 [ 2993.292543][ T3139] free_vmap_area_noflush+0x2c8/0x390 [ 2993.298037][ T3139] remove_vm_area+0x1cf/0x230 [ 2993.302730][ T3139] __vunmap+0x217/0x9b0 [ 2993.306981][ T3139] __vfree+0x41/0xd0 [ 2993.310888][ T3139] __vmalloc_node_range+0x5d8/0x810 [ 2993.316190][ T3139] ? do_replace_finish+0xe2/0x2220 [ 2993.321532][ T3139] vmalloc+0x6b/0x90 [ 2993.325441][ T3139] ? do_replace_finish+0xe2/0x2220 [ 2993.330563][ T3139] do_replace_finish+0xe2/0x2220 [ 2993.335599][ T3139] ? __might_fault+0x12b/0x1e0 [ 2993.340382][ T3139] ? lock_downgrade+0x920/0x920 [ 2993.345263][ T3139] ? ebt_unregister_table+0x70/0x70 [ 2993.350616][ T3139] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2993.356962][ T3139] ? _copy_from_user+0x12c/0x1a0 [ 2993.362009][ T3139] do_replace+0x30b/0x490 [ 2993.366625][ T3139] ? do_replace_finish+0x2220/0x2220 [ 2993.372113][ T3139] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2993.378491][ T3139] ? ns_capable_common+0x93/0x100 [ 2993.383627][ T3139] do_ebt_set_ctl+0xec/0x110 [ 2993.388231][ T3139] nf_setsockopt+0x77/0xd0 [ 2993.392826][ T3139] ip_setsockopt+0xdf/0x100 [ 2993.397533][ T3139] udp_setsockopt+0x68/0xb0 [ 2993.402308][ T3139] sock_common_setsockopt+0x94/0xd0 [ 2993.407863][ T3139] __sys_setsockopt+0x261/0x4c0 [ 2993.413013][ T3139] ? sock_create_kern+0x50/0x50 [ 2993.417913][ T3139] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2993.423418][ T3139] ? do_syscall_64+0x26/0x790 [ 2993.428230][ T3139] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2993.434329][ T3139] ? do_syscall_64+0x26/0x790 [ 2993.439309][ T3139] __x64_sys_setsockopt+0xbe/0x150 [ 2993.444463][ T3139] do_syscall_64+0xfa/0x790 [ 2993.449069][ T3139] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2993.455353][ T3139] RIP: 0033:0x45a849 [ 2993.459283][ T3139] Code: Bad RIP value. [ 2993.463676][ T3139] RSP: 002b:00007fc34270cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2993.472130][ T3139] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a849 [ 2993.480395][ T3139] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000006 [ 2993.488711][ T3139] RBP: 000000000075c070 R08: 0000000000000258 R09: 0000000000000000 [ 2993.496717][ T3139] R10: 00000000200002c0 R11: 0000000000000246 R12: 00007fc34270d6d4 [ 2993.505051][ T3139] R13: 00000000004c9bfa R14: 00000000004e1c58 R15: 00000000ffffffff 16:58:59 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r2, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) 16:58:59 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000001feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:59 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:59 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:58:59 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'na%\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x6000000, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:58:59 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:59:00 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000002feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:59:00 executing program 2: 16:59:00 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000003feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:59:00 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:59:00 executing program 2: 16:59:00 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000004feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:59:01 executing program 1: syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r2, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:59:01 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0xf00, @link='broadcast-link\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\xcf\xa5\xb6\xc5&y\x00'}}}}, 0x68}}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) r4 = getpid() r5 = getpid() r6 = getpid() rt_tgsigqueueinfo(r6, r5, 0x16, &(0x7f0000000100)) ptrace(0x10, r5) ptrace$pokeuser(0x6, r6, 0x388, 0xb8) ptrace$pokeuser(0x6, r4, 0x388, 0xfffffffffffffffe) socket$nl_generic(0x10, 0x3, 0x10) 16:59:01 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) r3 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x4, 0x40) ioctl$VIDIOC_G_ENC_INDEX(r3, 0x8818564c, &(0x7f0000000540)) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) getpid() r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:59:01 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1e0, [0x200000c0, 0x0, 0x0, 0x200000f0, 0x20000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000005feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000200000000000000e2ccbeab2700000000000000000000000000ffffffff01000000050000002000000088e779616d3000000000e5ffffffffffffff00657464657673696d3000000000000065727370616e300000000000000000006e657464657673696d30000000000000aaaaaaaaaaaaff00ff00ffffaaaaaaaaaa1aff0000f3fffe0000e8000000e8000000200100007265616c6d000000000000000000000000000000000000000000000000000000100000000000000001000000bc0000008000b6000000000064657667726f757000b90000000000000000000000000000000000000000000018000000fbffffff0d00000006000000a2000000300d00000800000000000000736e6174000000000400000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff00000000"]}, 0x258) 16:59:01 executing program 2: [ 2999.006326][ T1112] oom_reaper: reaped process 3201 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2999.391610][ T3168] syz-executor.3 invoked oom-killer: gfp_mask=0x2cc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 2999.405169][ T3168] CPU: 0 PID: 3168 Comm: syz-executor.3 Tainted: G W 5.5.0-rc1-syzkaller #0 [ 2999.415427][ T3168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2999.425903][ T3168] Call Trace: [ 2999.429420][ T3168] dump_stack+0x197/0x210 [ 2999.434393][ T3168] dump_header+0x10b/0x82d [ 2999.439276][ T3168] oom_kill_process.cold+0x10/0x15 [ 2999.444613][ T3168] out_of_memory+0x334/0x13c0 [ 2999.449316][ T3168] ? oom_killer_disable+0x280/0x280 [ 2999.454774][ T3168] ? mutex_trylock+0x264/0x2f0 [ 2999.459703][ T3168] ? __alloc_pages_slowpath+0xca3/0x2920 [ 2999.465345][ T3168] __alloc_pages_slowpath+0x222b/0x2920 [ 2999.471215][ T3168] ? warn_alloc+0x110/0x110 [ 2999.475746][ T3168] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2999.482001][ T3168] ? should_fail+0x1de/0x852 [ 2999.486642][ T3168] ? __kasan_check_read+0x11/0x20 [ 2999.491687][ T3168] __alloc_pages_nodemask+0x646/0x910 [ 2999.497190][ T3168] ? retint_kernel+0x2b/0x2b [ 2999.501801][ T3168] ? __alloc_pages_slowpath+0x2920/0x2920 [ 2999.507811][ T3168] ? write_comp_data+0x1e/0x70 [ 2999.513483][ T3168] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2999.519769][ T3168] alloc_pages_current+0x107/0x210 [ 2999.524993][ T3168] ? ___might_sleep+0x163/0x2c0 [ 2999.529884][ T3168] __vmalloc_node_range+0x4f8/0x810 [ 2999.535114][ T3168] ? do_replace_finish+0xe2/0x2220 [ 2999.540251][ T3168] vmalloc+0x6b/0x90 [ 2999.544346][ T3168] ? do_replace_finish+0xe2/0x2220 [ 2999.549497][ T3168] do_replace_finish+0xe2/0x2220 [ 2999.554633][ T3168] ? __might_fault+0x12b/0x1e0 [ 2999.559687][ T3168] ? lock_downgrade+0x920/0x920 [ 2999.564562][ T3168] ? ebt_unregister_table+0x70/0x70 [ 2999.569796][ T3168] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2999.576247][ T3168] ? _copy_from_user+0x12c/0x1a0 [ 2999.581209][ T3168] do_replace+0x30b/0x490 [ 2999.585569][ T3168] ? do_replace_finish+0x2220/0x2220 [ 2999.590897][ T3168] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2999.597179][ T3168] ? ns_capable_common+0x93/0x100 [ 2999.602226][ T3168] do_ebt_set_ctl+0xec/0x110 [ 2999.607019][ T3168] nf_setsockopt+0x77/0xd0 [ 2999.611729][ T3168] ip_setsockopt+0xdf/0x100 [ 2999.616358][ T3168] udp_setsockopt+0x68/0xb0 [ 2999.620894][ T3168] sock_common_setsockopt+0x94/0xd0 [ 2999.626213][ T3168] __sys_setsockopt+0x261/0x4c0 [ 2999.631191][ T3168] ? sock_create_kern+0x50/0x50 [ 2999.636195][ T3168] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2999.641685][ T3168] ? do_syscall_64+0x26/0x790 [ 2999.646383][ T3168] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2999.652493][ T3168] ? do_syscall_64+0x26/0x790 [ 2999.657197][ T3168] __x64_sys_setsockopt+0xbe/0x150 [ 2999.662443][ T3168] do_syscall_64+0xfa/0x790 [ 2999.666975][ T3168] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2999.672882][ T3168] RIP: 0033:0x45a849 [ 2999.676811][ T3168] Code: Bad RIP value. [ 2999.680901][ T3168] RSP: 002b:00007fc34274ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2999.689323][ T3168] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a849 [ 2999.697483][ T3168] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000006 [ 2999.705579][ T3168] RBP: 000000000075bf20 R08: 0000000000000258 R09: 0000000000000000 [ 2999.713568][ T3168] R10: 00000000200002c0 R11: 0000000000000246 R12: 00007fc34274f6d4 [ 2999.721734][ T3168] R13: 00000000004c9bfa R14: 00000000004e1c58 R15: 00000000ffffffff [ 2999.752649][ T3168] Mem-Info: [ 2999.755963][ T3168] active_anon:358538 inactive_anon:214 isolated_anon:0 [ 2999.755963][ T3168] active_file:112 inactive_file:82 isolated_file:32 [ 2999.755963][ T3168] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2999.755963][ T3168] slab_reclaimable:15955 slab_unreclaimable:104812 [ 2999.755963][ T3168] mapped:52396 shmem:284 pagetables:31827 bounce:0 [ 2999.755963][ T3168] free:16223 free_pcp:71 free_cma:0 [ 2999.851604][ T3168] Node 0 active_anon:1319272kB inactive_anon:840kB active_file:440kB inactive_file:324kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:209584kB dirty:0kB writeback:0kB shmem:1120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 688128kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2999.890133][ T3168] Node 1 active_anon:114880kB inactive_anon:16kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2999.957654][ T3168] Node 0 DMA free:10240kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1604kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:40kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3000.052751][ T3168] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 3000.058939][ T3168] Node 0 DMA32 free:24440kB min:50440kB low:59464kB high:68488kB reserved_highatomic:0KB active_anon:1317668kB inactive_anon:840kB active_file:324kB inactive_file:228kB unevictable:0kB writepending:0kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31632kB pagetables:81112kB bounce:0kB free_pcp:560kB local_pcp:280kB free_cma:0kB [ 3000.139058][ T3168] lowmem_reserve[]: 0 0 0 0 0 [ 3000.146757][ T3168] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3000.262678][ T3168] lowmem_reserve[]: 0 0 0 0 0 [ 3000.267525][ T3168] Node 1 Normal free:26864kB min:53780kB low:67224kB high:80668kB reserved_highatomic:0KB active_anon:114880kB inactive_anon:16kB active_file:0kB inactive_file:12kB unevictable:0kB writepending:0kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14288kB pagetables:46156kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 3000.354012][ T3168] lowmem_reserve[]: 0 0 0 0 0 [ 3000.358881][ T3168] Node 0 DMA: 16*4kB (UME) 24*8kB (UME) 30*16kB (UME) 9*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10240kB [ 3000.382884][ T3168] Node 0 DMA32: 5113*4kB (UME) 492*8kB (UME) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24388kB [ 3000.400623][ T3168] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 3000.413347][ T3168] Node 1 Normal: 1378*4kB (ME) 290*8kB (ME) 91*16kB (ME) 49*32kB (ME) 34*64kB (ME) 20*128kB (ME) 15*256kB (ME) 13*512kB (ME) 1*1024kB (U) 0*2048kB 0*4096kB = 27112kB [ 3000.430875][ T3168] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3000.441950][ T3168] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3000.451370][ T3168] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3000.461566][ T3168] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3000.470965][ T3168] 372 total pagecache pages [ 3000.475563][ T3168] 0 pages in swap cache [ 3000.479846][ T3168] Swap cache stats: add 0, delete 0, find 0/0 [ 3000.485997][ T3168] Free swap = 0kB [ 3000.489716][ T3168] Total swap = 0kB [ 3000.493577][ T3168] 1965979 pages RAM [ 3000.497470][ T3168] 0 pages HighMem/MovableOnly [ 3000.502230][ T3168] 344068 pages reserved [ 3000.506592][ T3168] 0 pages cma reserved [ 3000.510727][ T3168] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,global_oom,task_memcg=/syz2,task=syz-executor.2,pid=3181,uid=0 [ 3000.525917][ T3168] Out of memory: Killed process 3181 (syz-executor.2) total-vm:72584kB, anon-rss:2208kB, file-rss:35032kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 3000.545833][ T1112] oom_reaper: reaped process 3181 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3000.725667][ T9133] rsyslogd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 3000.753317][ T9133] CPU: 0 PID: 9133 Comm: rsyslogd Tainted: G W 5.5.0-rc1-syzkaller #0 [ 3000.762830][ T9133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3000.773179][ T9133] Call Trace: [ 3000.776473][ T9133] dump_stack+0x197/0x210 [ 3000.780874][ T9133] dump_header+0x10b/0x82d [ 3000.785272][ T9133] ? oom_kill_process+0x94/0x420 [ 3000.790354][ T9133] oom_kill_process.cold+0x10/0x15 [ 3000.795492][ T9133] out_of_memory+0x334/0x13c0 [ 3000.800155][ T9133] ? oom_killer_disable+0x280/0x280 [ 3000.805339][ T9133] ? mutex_trylock+0x264/0x2f0 [ 3000.810082][ T9133] ? __alloc_pages_slowpath+0xca3/0x2920 [ 3000.815821][ T9133] __alloc_pages_slowpath+0x222b/0x2920 [ 3000.821377][ T9133] ? warn_alloc+0x110/0x110 [ 3000.825909][ T9133] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3000.832154][ T9133] ? should_fail+0x1de/0x852 [ 3000.836743][ T9133] ? __kasan_check_read+0x11/0x20 [ 3000.842655][ T9133] __alloc_pages_nodemask+0x646/0x910 [ 3000.848051][ T9133] ? xas_descend+0x144/0x370 [ 3000.852642][ T9133] ? __alloc_pages_slowpath+0x2920/0x2920 [ 3000.858365][ T9133] ? __kasan_check_read+0x11/0x20 [ 3000.863392][ T9133] ? find_get_entry+0x4a6/0x7a0 [ 3000.868249][ T9133] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3000.874509][ T9133] alloc_pages_current+0x107/0x210 [ 3000.879622][ T9133] __page_cache_alloc+0x29d/0x490 [ 3000.884637][ T9133] pagecache_get_page+0x27e/0x9e0 [ 3000.889646][ T9133] ? __kasan_check_read+0x11/0x20 [ 3000.894767][ T9133] filemap_fault+0x9b1/0x3180 [ 3000.899435][ T9133] ? mark_held_locks+0xf0/0xf0 [ 3000.904380][ T9133] ? read_cache_page_gfp+0x30/0x30 [ 3000.909541][ T9133] ? __kasan_check_write+0x14/0x20 [ 3000.914740][ T9133] ? down_read+0x109/0x430 [ 3000.919155][ T9133] ? down_read_killable+0x490/0x490 [ 3000.924378][ T9133] ? find_lock_entry+0x650/0x650 [ 3000.929424][ T9133] ? pmd_val+0x85/0x100 [ 3000.933575][ T9133] ext4_filemap_fault+0x86/0xb2 [ 3000.938508][ T9133] __do_fault+0x111/0x540 [ 3000.942859][ T9133] __handle_mm_fault+0x2943/0x3da0 [ 3000.947975][ T9133] ? vm_iomap_memory+0x1a0/0x1a0 [ 3000.952914][ T9133] ? handle_mm_fault+0x292/0xa50 [ 3000.957842][ T9133] ? handle_mm_fault+0x7a0/0xa50 [ 3000.962780][ T9133] ? __kasan_check_read+0x11/0x20 [ 3000.967800][ T9133] handle_mm_fault+0x3b2/0xa50 [ 3000.972580][ T9133] __do_page_fault+0x536/0xd80 [ 3000.977351][ T9133] ? page_fault+0x16/0x40 [ 3000.981873][ T9133] do_page_fault+0x38/0x590 [ 3000.986379][ T9133] page_fault+0x39/0x40 [ 3000.990544][ T9133] RIP: 0033:0x7f3b68e4f1fd [ 3000.995311][ T9133] Code: Bad RIP value. [ 3000.999390][ T9133] RSP: 002b:00007f3b663eee30 EFLAGS: 00010293 [ 3001.005439][ T9133] RAX: 000000000000007e RBX: 0000000000d76650 RCX: 00007f3b68e4f1fd [ 3001.013497][ T9133] RDX: 0000000000000fff RSI: 00007f3b67c235a0 RDI: 0000000000000004 [ 3001.022213][ T9133] RBP: 0000000000000000 R08: 0000000000d61260 R09: 0000000000000000 [ 3001.030738][ T9133] R10: 205b5d3730323931 R11: 0000000000000293 R12: 000000000065e420 [ 3001.039334][ T9133] R13: 00007f3b663ef9c0 R14: 00007f3b69494040 R15: 0000000000000003 [ 3001.147843][ T9133] Mem-Info: [ 3001.151053][ T9133] active_anon:357999 inactive_anon:214 isolated_anon:0 [ 3001.151053][ T9133] active_file:11 inactive_file:12 isolated_file:0 [ 3001.151053][ T9133] unevictable:0 dirty:0 writeback:0 unstable:0 [ 3001.151053][ T9133] slab_reclaimable:15902 slab_unreclaimable:104853 [ 3001.151053][ T9133] mapped:52226 shmem:284 pagetables:31801 bounce:0 [ 3001.151053][ T9133] free:14375 free_pcp:124 free_cma:0 [ 3001.192505][ T3168] warn_alloc: 1 callbacks suppressed [ 3001.192528][ T3168] syz-executor.3: vmalloc: allocation failure, allocated 802648064 of 1610616832 bytes, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 3001.216310][ T3168] CPU: 1 PID: 3168 Comm: syz-executor.3 Tainted: G W 5.5.0-rc1-syzkaller #0 [ 3001.226477][ T3168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3001.237070][ T3168] Call Trace: [ 3001.239803][ T9133] Node 0 active_anon:1317128kB inactive_anon:840kB active_file:40kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:0kB writeback:0kB shmem:1120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 3001.240665][ T3168] dump_stack+0x197/0x210 [ 3001.275277][ T3168] warn_alloc.cold+0x87/0x164 [ 3001.280214][ T3168] ? zone_watermark_ok_safe+0x260/0x260 [ 3001.284331][ T9133] Node 1 active_anon:114868kB inactive_anon:16kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 3001.286132][ T3168] ? __alloc_pages_slowpath+0x2920/0x2920 [ 3001.321040][ T3168] ? write_comp_data+0x1e/0x70 [ 3001.325867][ T3168] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3001.332309][ T3168] __vmalloc_node_range+0x5ad/0x810 [ 3001.337622][ T3168] ? do_replace_finish+0xe2/0x2220 [ 3001.343068][ T3168] vmalloc+0x6b/0x90 [ 3001.347141][ T3168] ? do_replace_finish+0xe2/0x2220 [ 3001.352622][ T3168] do_replace_finish+0xe2/0x2220 [ 3001.357680][ T3168] ? __might_fault+0x12b/0x1e0 [ 3001.358720][ T9133] Node 0 DMA free:10240kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1604kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:40kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3001.362719][ T3168] ? lock_downgrade+0x920/0x920 [ 3001.362739][ T3168] ? ebt_unregister_table+0x70/0x70 [ 3001.362764][ T3168] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3001.362780][ T3168] ? _copy_from_user+0x12c/0x1a0 [ 3001.362797][ T3168] do_replace+0x30b/0x490 [ 3001.421256][ T3168] ? do_replace_finish+0x2220/0x2220 [ 3001.426674][ T3168] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3001.433015][ T3168] ? ns_capable_common+0x93/0x100 [ 3001.438050][ T3168] do_ebt_set_ctl+0xec/0x110 [ 3001.442661][ T3168] nf_setsockopt+0x77/0xd0 [ 3001.447104][ T3168] ip_setsockopt+0xdf/0x100 [ 3001.451848][ T3168] udp_setsockopt+0x68/0xb0 [ 3001.456549][ T3168] sock_common_setsockopt+0x94/0xd0 [ 3001.458838][ T9133] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 3001.462022][ T3168] __sys_setsockopt+0x261/0x4c0 [ 3001.473223][ T3168] ? sock_create_kern+0x50/0x50 [ 3001.478242][ T3168] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3001.484115][ T3168] ? do_syscall_64+0x26/0x790 [ 3001.489136][ T3168] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3001.495647][ T3168] ? do_syscall_64+0x26/0x790 [ 3001.500360][ T3168] __x64_sys_setsockopt+0xbe/0x150 [ 3001.505681][ T3168] do_syscall_64+0xfa/0x790 [ 3001.506092][ T9133] Node 0 DMA32 free:19216kB min:44296kB low:53320kB high:62344kB reserved_highatomic:0KB active_anon:1315524kB inactive_anon:840kB active_file:40kB inactive_file:44kB unevictable:0kB writepending:0kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31600kB pagetables:81008kB bounce:0kB free_pcp:488kB local_pcp:240kB free_cma:0kB [ 3001.510213][ T3168] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3001.548649][ T3168] RIP: 0033:0x45a849 [ 3001.552600][ T3168] Code: Bad RIP value. [ 3001.556681][ T3168] RSP: 002b:00007fc34274ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 3001.565638][ T3168] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a849 [ 3001.574212][ T3168] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000006 [ 3001.582601][ T3168] RBP: 000000000075bf20 R08: 0000000000000258 R09: 0000000000000000 [ 3001.590931][ T3168] R10: 00000000200002c0 R11: 0000000000000246 R12: 00007fc34274f6d4 [ 3001.593842][ T9133] lowmem_reserve[]: 0 0 0 0 0 [ 3001.599023][ T3168] R13: 00000000004c9bfa R14: 00000000004e1c58 R15: 00000000ffffffff [ 3001.614221][ T3168] Mem-Info: [ 3001.617423][ T3168] active_anon:357999 inactive_anon:214 isolated_anon:0 [ 3001.617423][ T3168] active_file:11 inactive_file:12 isolated_file:0 [ 3001.617423][ T3168] unevictable:0 dirty:0 writeback:0 unstable:0 [ 3001.617423][ T3168] slab_reclaimable:15902 slab_unreclaimable:104853 [ 3001.617423][ T3168] mapped:52226 shmem:284 pagetables:31801 bounce:0 [ 3001.617423][ T3168] free:14083 free_pcp:119 free_cma:0 [ 3001.661924][ T9133] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3001.697738][ T9133] lowmem_reserve[]: 0 0 0 0 0 [ 3001.703946][ T9133] Node 1 Normal free:26876kB min:53780kB low:67224kB high:80668kB reserved_highatomic:0KB active_anon:114868kB inactive_anon:16kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14288kB pagetables:46156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3001.744011][ T9133] lowmem_reserve[]: 0 0 0 0 0 [ 3001.748758][ T9133] Node 0 DMA: 16*4kB (UME) 24*8kB (UME) 30*16kB (UME) 9*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10240kB [ 3001.771540][ T3168] Node 0 active_anon:1317128kB inactive_anon:840kB active_file:40kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:0kB writeback:0kB shmem:1120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 3001.807793][ T9133] Node 0 DMA32: 3905*4kB (UME) 418*8kB (UM) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18964kB [ 3001.822316][ T9133] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 3001.840701][ T9133] Node 1 Normal: 1383*4kB (UME) 290*8kB (ME) 91*16kB (ME) 49*32kB (ME) 34*64kB (ME) 20*128kB (ME) 16*256kB (UME) 14*512kB (UME) 0*1024kB 0*2048kB 0*4096kB = 26876kB [ 3001.865207][ T9133] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3001.880911][ T3168] Node 1 active_anon:114868kB inactive_anon:16kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 3001.916158][ T9133] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3001.929129][ T9133] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3001.942196][ T9133] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3001.955272][ T9133] 307 total pagecache pages [ 3001.959805][ T9133] 0 pages in swap cache [ 3001.967664][ T9133] Swap cache stats: add 0, delete 0, find 0/0 [ 3001.977992][ T9133] Free swap = 0kB [ 3001.981727][ T9133] Total swap = 0kB [ 3001.989036][ T3168] Node 0 DMA free:10240kB min:220kB low:272kB high:324kB reserved_highatomic:0KB active_anon:1604kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:40kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3002.026906][ T9133] 1965979 pages RAM [ 3002.030759][ T9133] 0 pages HighMem/MovableOnly [ 3002.038025][ T9133] 344068 pages reserved [ 3002.042297][ T9133] 0 pages cma reserved [ 3002.051402][ T9133] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/syz5,task=syz-executor.5,pid=1543,uid=0 [ 3002.072784][ T9133] Out of memory: Killed process 1543 (syz-executor.5) total-vm:72848kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 3002.140804][ T3168] lowmem_reserve[]: 0 2537 2537 2537 2537 [ 3002.142212][ T4087] udevd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=-1000 [ 3002.157012][ T3168] Node 0 DMA32 free:23276kB min:44296kB low:53320kB high:62344kB reserved_highatomic:0KB active_anon:1313372kB inactive_anon:840kB active_file:40kB inactive_file:44kB unevictable:0kB writepending:0kB present:3129332kB managed:2601536kB mlocked:0kB kernel_stack:31572kB pagetables:80860kB bounce:0kB free_pcp:196kB local_pcp:0kB free_cma:0kB [ 3002.181462][ T4087] CPU: 0 PID: 4087 Comm: udevd Tainted: G W 5.5.0-rc1-syzkaller #0 [ 3002.198666][ T4087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3002.203610][ T3168] lowmem_reserve[]: 0 0 0 0 0 [ 3002.208721][ T4087] Call Trace: [ 3002.208750][ T4087] dump_stack+0x197/0x210 [ 3002.213465][ T3168] Node 0 Normal free:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3002.216700][ T4087] dump_header+0x10b/0x82d [ 3002.221004][ T3168] lowmem_reserve[]: 0 0 0 0 0 [ 3002.249546][ T4087] ? oom_kill_process+0x94/0x420 [ 3002.249564][ T4087] oom_kill_process.cold+0x10/0x15 [ 3002.249580][ T4087] out_of_memory+0x334/0x13c0 [ 3002.249607][ T4087] ? oom_killer_disable+0x280/0x280 [ 3002.254044][ T3168] Node 1 Normal free:26876kB min:53780kB low:67224kB high:80668kB reserved_highatomic:0KB active_anon:114868kB inactive_anon:16kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870200kB mlocked:0kB kernel_stack:14288kB pagetables:46156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3002.258687][ T4087] ? mutex_trylock+0x264/0x2f0 [ 3002.263913][ T3168] lowmem_reserve[]: 0 0 0 0 0 [ 3002.268958][ T4087] ? __alloc_pages_slowpath+0xca3/0x2920 [ 3002.268976][ T4087] __alloc_pages_slowpath+0x222b/0x2920 [ 3002.273656][ T3168] Node 0 DMA: 16*4kB (UME) 24*8kB (UME) 30*16kB (UME) 9*32kB (U) 6*64kB (UME) 3*128kB (UE) 1*256kB (M) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10240kB [ 3002.278826][ T4087] ? warn_alloc+0x110/0x110 [ 3002.311908][ T3168] Node 0 DMA32: 4066*4kB (UME) 499*8kB (UME) 17*16kB (UME) 8*32kB (U) 6*64kB (U) 2*128kB (U) 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 23472kB [ 3002.316676][ T4087] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3002.316695][ T4087] ? should_fail+0x1de/0x852 [ 3002.316721][ T4087] ? __kasan_check_read+0x11/0x20 [ 3002.321353][ T3168] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 3002.326990][ T4087] __alloc_pages_nodemask+0x646/0x910 [ 3002.327008][ T4087] ? xas_descend+0x144/0x370 [ 3002.327025][ T4087] ? __alloc_pages_slowpath+0x2920/0x2920 [ 3002.327042][ T4087] ? __kasan_check_read+0x11/0x20 [ 3002.332590][ T3168] Node 1 Normal: 1383*4kB (UME) 290*8kB (ME) 91*16kB (ME) 49*32kB (ME) 34*64kB (ME) 20*128kB (ME) 16*256kB (UME) 14*512kB (UME) 0*1024kB 0*2048kB 0*4096kB = 26876kB [ 3002.349308][ T4087] ? find_get_entry+0x4a6/0x7a0 [ 3002.349328][ T4087] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3002.349348][ T4087] alloc_pages_current+0x107/0x210 [ 3002.354149][ T3168] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3002.369312][ T4087] __page_cache_alloc+0x29d/0x490 [ 3002.369334][ T4087] pagecache_get_page+0x27e/0x9e0 [ 3002.369349][ T4087] ? __kasan_check_read+0x11/0x20 [ 3002.369366][ T4087] filemap_fault+0x9b1/0x3180 [ 3002.369390][ T4087] ? mark_held_locks+0xf0/0xf0 [ 3002.375822][ T3168] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3002.380362][ T4087] ? read_cache_page_gfp+0x30/0x30 [ 3002.385471][ T3168] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3002.396883][ T4087] ? __kasan_check_write+0x14/0x20 [ 3002.396899][ T4087] ? down_read+0x109/0x430 [ 3002.396917][ T4087] ? down_read_killable+0x490/0x490 [ 3002.403000][ T3168] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3002.407563][ T4087] ? find_lock_entry+0x650/0x650 [ 3002.413708][ T3168] 307 total pagecache pages [ 3002.418674][ T4087] ? pmd_val+0x85/0x100 [ 3002.435577][ T3168] 0 pages in swap cache [ 3002.440368][ T4087] ext4_filemap_fault+0x86/0xb2 [ 3002.447024][ T3168] Swap cache stats: add 0, delete 0, find 0/0 [ 3002.452270][ T4087] __do_fault+0x111/0x540 [ 3002.462309][ T3168] Free swap = 0kB [ 3002.467269][ T4087] __handle_mm_fault+0x2943/0x3da0 [ 3002.467297][ T4087] ? vm_iomap_memory+0x1a0/0x1a0 [ 3002.472299][ T3168] Total swap = 0kB [ 3002.477309][ T4087] ? handle_mm_fault+0x292/0xa50 [ 3002.477334][ T4087] ? handle_mm_fault+0x7a0/0xa50 [ 3002.477359][ T4087] ? __kasan_check_read+0x11/0x20 [ 3002.482011][ T3168] 1965979 pages RAM [ 3002.487217][ T4087] handle_mm_fault+0x3b2/0xa50 [ 3002.487241][ T4087] __do_page_fault+0x536/0xd80 [ 3002.487257][ T4087] ? page_fault+0x16/0x40 [ 3002.487280][ T4087] do_page_fault+0x38/0x590 [ 3002.496652][ T3168] 0 pages HighMem/MovableOnly [ 3002.501730][ T4087] page_fault+0x39/0x40 [ 3002.511589][ T3168] 344068 pages reserved [ 3002.516818][ T4087] RIP: 0033:0x7fe87ec37943 [ 3002.516853][ T4087] Code: Bad RIP value. [ 3002.521487][ T3168] 0 pages cma reserved [ 3002.651082][ T4087] RSP: 002b:00007ffc9750dcd8 EFLAGS: 00010246 [ 3002.657166][ T4087] RAX: 0000000000000000 RBX: 0000000000000bb8 RCX: 00007fe87ec37943 [ 3002.665157][ T4087] RDX: 0000000000000008 RSI: 00007ffc9750ddd0 RDI: 000000000000000a [ 3002.673147][ T4087] RBP: 0000000000e0d790 R08: 0000000000000000 R09: 0000000000000000 [ 3002.681333][ T4087] R10: 0000000000000bb8 R11: 0000000000000246 R12: 0000000000000003 [ 3002.689538][ T4087] R13: 0000000000000000 R14: 0000000000e082e0 R15: 0000000000def250 [ 3002.957347][ T3201] BUG: sleeping function called from invalid context at mm/page_alloc.c:4695 [ 3002.966251][ T3201] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3201, name: syz-executor.3 [ 3002.975724][ T3201] 2 locks held by syz-executor.3/3201: [ 3002.981297][ T3201] #0: ffffffff89a40820 (vmap_purge_lock){+.+.}, at: free_vmap_area_noflush+0x2a6/0x390 [ 3002.991369][ T3201] #1: ffffffff89a409b8 (free_vmap_area_lock){+.+.}, at: __purge_vmap_area_lazy+0x194/0x1ef0 [ 3003.001811][ T3201] Preemption disabled at: [ 3003.001846][ T3201] [] __purge_vmap_area_lazy+0x194/0x1ef0 [ 3003.013802][ T3201] CPU: 0 PID: 3201 Comm: syz-executor.3 Tainted: G W 5.5.0-rc1-syzkaller #0 [ 3003.023998][ T3201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3003.034091][ T3201] Call Trace: [ 3003.037413][ T3201] dump_stack+0x197/0x210 [ 3003.041763][ T3201] ? __purge_vmap_area_lazy+0x194/0x1ef0 [ 3003.047646][ T3201] ___might_sleep.cold+0x1fb/0x23e [ 3003.052790][ T3201] __might_sleep+0x95/0x190 [ 3003.057320][ T3201] __alloc_pages_nodemask+0x523/0x910 [ 3003.062839][ T3201] ? find_held_lock+0x35/0x130 [ 3003.067630][ T3201] ? __alloc_pages_slowpath+0x2920/0x2920 [ 3003.073558][ T3201] ? lock_downgrade+0x920/0x920 [ 3003.078427][ T3201] ? rwlock_bug.part.0+0x90/0x90 [ 3003.083406][ T3201] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3003.089866][ T3201] alloc_pages_current+0x107/0x210 [ 3003.095022][ T3201] __get_free_pages+0xc/0x40 [ 3003.099752][ T3201] __pte_alloc_kernel+0x1d/0x210 [ 3003.104716][ T3201] apply_to_page_range+0x621/0x700 [ 3003.110095][ T3201] ? __kasan_slab_free+0x150/0x150 [ 3003.115692][ T3201] kasan_release_vmalloc+0xa9/0xc0 [ 3003.121413][ T3201] __purge_vmap_area_lazy+0xca5/0x1ef0 [ 3003.127003][ T3201] free_vmap_area_noflush+0x2c8/0x390 [ 3003.132406][ T3201] remove_vm_area+0x1cf/0x230 [ 3003.137108][ T3201] __vunmap+0x217/0x9b0 [ 3003.141458][ T3201] ? __sanitizer_cov_trace_pc+0x26/0x50 [ 3003.147129][ T3201] __vfree+0x41/0xd0 [ 3003.151059][ T3201] __vmalloc_node_range+0x5d8/0x810