kB isolated(anon):0kB isolated(file):0kB mapped:36528kB dirty:1108kB writeback:0kB shmem:27160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 22:34:07 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)={0x160, r1, 0x8, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x8}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7}]}, @IPVS_CMD_ATTR_SERVICE={0x54, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x3a, 0x2}}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7a}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast1}]}, @IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_DEST={0x60, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@mcast2}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x573e}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x10000}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x3}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}]}, @IPVS_CMD_ATTR_DAEMON={0x70, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x64010101}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x3d}}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x3}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x7}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x90}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x24}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}]}]}, 0x160}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) [ 996.320089] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 996.424628] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 996.463754] Node 0 DMA32 free:29948kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34240kB pagetables:55132kB bounce:0kB free_pcp:180kB local_pcp:100kB free_cma:0kB 22:34:07 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x84200, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x89e1, &(0x7f0000000040)={r2}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$IPSET_CMD_PROTOCOL(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x44, 0x1, 0x6, 0x801, 0x0, 0x0, {0xc}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x24008050}, 0x4) sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r6, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a80)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {}, {0xf}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000840)=ANY=[@ANYBLOB="3000ba001000010800"/20, @ANYRES32=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYBLOB="08001b0000000000", @ANYBLOB="9919cb301a24b1dc1c3f84ededcc9ed4dd9259b7801e6541d610c572698c4dbd803ec6cfdbcbc12d7f29fbe876ac58fdb3b8f5aeb942d6ec554525ed671e9a7fca0a000044b05ea8e33e60408f8bcf62026de10f91a2a5db4c3efd5274def96a3cc72dd1227181e2da3d7892330252e07c6ad1cb4c055cb8f83f63bf32d1eb3b8e8263349c8c7900dd95bbf547c6a31bf4cc90426bbc08e416d253da97656203cd870c2caba412121baba9ab63cb20d438ef506b542847fee1b8401fa037e010deb1a1be3c759c5b55b4784ef44c23f4e76a89bf118776118948bdb734904522857d46a7002ef4ac46f2f57b1cdd2d4e4a7fe80208f4cebaf3bd4ff3a03ddd6b2ff8087fb2e6e4e2a0842b681c2b22e67e731445ec0af1cc62988320be49879b676ffedb79ef4a073d9ddb6ed9b1f080738a3a9f1e2372baadffb985a0ba42", @ANYRES16=r0], 0x30}}, 0x0) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) accept4$inet6(r8, 0x0, &(0x7f00000000c0), 0x197f0c7751f70599) [ 996.551288] lowmem_reserve[]: 0 0 0 0 0 [ 996.555347] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 996.615282] lowmem_reserve[]: 0 0 0 0 0 [ 996.628361] Node 1 Normal free:1724304kB min:53592kB low:66988kB high:80384kB active_anon:356684kB inactive_anon:27140kB active_file:20752kB inactive_file:102168kB unevictable:0kB writepending:1156kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:125184kB pagetables:232940kB bounce:0kB free_pcp:980kB local_pcp:532kB free_cma:0kB 22:34:08 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$EVIOCGPROP(r2, 0xc004743e, &(0x7f0000000140)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x5) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r4, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x3, 0x2, 0x101, 0x0, 0x0, {0x3, 0x0, 0x4}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4880}, 0x4000c000) 22:34:08 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x0, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 996.683377] lowmem_reserve[]: 0 0 0 0 0 [ 996.688472] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 996.707366] Node 0 DMA32: 389*4kB (ME) 250*8kB (UME) 502*16kB (UME) 229*32kB (UME) 32*64kB (UM) 22*128kB (UM) 8*256kB (ME) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 29924kB [ 996.707620] Cannot find add_set index 0 as target [ 996.724479] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 996.770713] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 996.785435] Node 1 Normal: 1*4kB (E) 186*8kB (UE) 29*16kB (U) 3*32kB (UE) 1*64kB (U) 9*128kB (U) 4*256kB (U) 1*512kB (U) 2*1024kB (ME) 1*2048kB (U) 419*4096kB (M) = 1725124kB [ 996.888805] Cannot find add_set index 0 as target [ 996.911167] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 996.954017] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 996.971418] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 996.981708] Cannot find add_set index 0 as target [ 997.016736] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 22:34:08 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r4 = dup(r3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$TIOCNXCL(r4, 0x540d) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 997.067389] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 997.083502] Cannot find add_set index 0 as target 22:34:08 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000010000010800000000558e1ed500000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="08001b0000000000"], 0x30}}, 0x0) [ 997.132500] 25243 total pagecache pages [ 997.165836] 0 pages in swap cache [ 997.201176] Swap cache stats: add 0, delete 0, find 0/0 [ 997.222781] Free swap = 0kB [ 997.240084] Total swap = 0kB [ 997.251961] 1965979 pages RAM [ 997.263781] 0 pages HighMem/MovableOnly [ 997.284306] 338456 pages reserved [ 997.296488] 0 pages cma reserved [ 997.306447] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 997.346888] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 997.360349] CPU: 0 PID: 10059 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 997.368499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 997.378245] Call Trace: [ 997.380853] dump_stack+0x1b2/0x283 [ 997.384502] warn_alloc.cold+0x96/0x1af [ 997.388850] ? zone_watermark_ok_safe+0x250/0x250 [ 997.393892] ? wait_for_completion_io+0x10/0x10 [ 997.398626] __alloc_pages_nodemask+0x2129/0x2730 [ 997.403525] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 997.408847] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 997.415629] ? HARDIRQ_verbose+0x10/0x10 [ 997.420026] ? do_raw_spin_unlock+0x164/0x250 [ 997.424869] alloc_pages_current+0xe7/0x1e0 [ 997.429722] kvm_mmu_create+0xd1/0x1c0 [ 997.434474] kvm_arch_vcpu_init+0x282/0x890 [ 997.438822] ? alloc_pages_current+0xef/0x1e0 [ 997.443823] kvm_vcpu_init+0x26d/0x360 [ 997.447752] vmx_create_vcpu+0xf5/0x2950 [ 997.451927] ? __mutex_unlock_slowpath+0x75/0x780 [ 997.457018] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 997.462368] ? alloc_loaded_vmcs+0x240/0x240 [ 997.466819] kvm_vm_ioctl+0x4ae/0x1430 [ 997.470840] ? __lock_acquire+0x655/0x42a0 [ 997.475133] ? kvm_vcpu_release+0xa0/0xa0 [ 997.479393] ? trace_hardirqs_on+0x10/0x10 [ 997.484135] ? check_preemption_disabled+0x35/0x240 [ 997.489287] ? trace_hardirqs_on+0x10/0x10 [ 997.493677] ? check_preemption_disabled+0x35/0x240 [ 997.499947] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 997.505366] ? HARDIRQ_verbose+0x10/0x10 [ 997.509783] ? kvm_vcpu_release+0xa0/0xa0 [ 997.514095] do_vfs_ioctl+0x75a/0xfe0 [ 997.518038] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 997.523757] ? ioctl_preallocate+0x1a0/0x1a0 [ 997.528585] ? security_file_ioctl+0x76/0xb0 [ 997.533404] ? security_file_ioctl+0x83/0xb0 [ 997.538199] SyS_ioctl+0x7f/0xb0 [ 997.541583] ? do_vfs_ioctl+0xfe0/0xfe0 22:34:08 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008081100", @ANYBLOB="502adaf1cf99c058c06598b659628f94dd63c0260795ea6ddb31c1677b4e2afab6bb4393e7a65e1eb000d018a8b55ae7fa73d631b3cef02a65db1e7f25a6af5ab2e514337d8be34c9d12f3f12fedba9d8f8841596a9eb576b70420", @ANYBLOB="08001b0000000000"], 0x30}}, 0xc000) [ 997.545833] do_syscall_64+0x1d5/0x640 [ 997.550949] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 997.558452] RIP: 0033:0x45ca69 [ 997.562239] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 997.570386] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 997.578161] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 997.589133] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 22:34:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) fcntl$getownex(r3, 0x10, &(0x7f0000000080)) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$packet(0x11, 0x3, 0x300) syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00') getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r5}}, 0x20}}, 0x0) bind$bt_rfcomm(r2, &(0x7f0000000000)={0x1f, @any, 0x6}, 0xa) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 997.598460] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 997.606729] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 22:34:08 executing program 5: pkey_alloc(0x0, 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000c1001200090001007665745bd414d2f30d7cab636f663eb0cea2efdcb2b5084b8c2974f82549dd"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a80)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xf}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x4}}]}, 0x38}}, 0x0) getresuid(&(0x7f0000000180)=0x0, &(0x7f00000001c0), &(0x7f0000000240)) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000ac0)={{{@in=@multicast2, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@initdev}}, &(0x7f0000000a40)=0xe8) syz_mount_image$ext4(&(0x7f0000000300)='ext2\x00', &(0x7f0000000840)='./file0\x00', 0x2c5af7be, 0x2, &(0x7f0000000a00)=[{&(0x7f0000000880)="001a2bf127e7bee5d737ea9be02b0d4982a510298e98f348a38420d8ff379cadff69c50f500fe4cc9f87ef195d852bd5bca40ebb4e929dcee19146e5836b540fefec3d7eba603d694134ff6dfc8445e9a3af834bd766794f11f87d27301f2a9f32e3089a3175a8ca4c80a8379eccc91b6c4699d7bf450fedebb8adfaf7d65b3a1f802e4479b020bfc6a20e57af0d431546b4a5adffb16238a0fb8dc8495abffefeba0b2aa7f6ec1ab8be6879", 0xac, 0xf70}, {&(0x7f0000000940)="ca66cee5942908488e7aeaf8d78e2ffee69a6d70ff03475db245ea6e0549f3443a5ca6e9301f9d84c2042f476b33b3d843adbd01c5d90c31855c7f08d5fa6e5d6f3cd0ce6cae025cc72096ef71cdcbf786f12b8cc5cdd844304267d399d076be4c5bdb5e3298f8cdfb5ce40dc66109144cd6d10ac7d3dbdada7ed0a983da5696e716c7d25700aae93de50aad05b79a3a3c7346c94d8c2e27e73217cdf2d830e9655d582170f1ddc6e8833346adedd8d595e41587", 0xb4, 0x7fffffff}], 0x4010, &(0x7f0000000cc0)={[{@i_version='i_version'}, {@noinit_itable='noinit_itable'}], [{@subj_role={'subj_role', 0x3d, 'veth0_to_team\x00'}}, {@context={'context', 0x3d, 'root'}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@euid_lt={'euid<', r7}}]}) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000440)={{{@in6=@remote, @in=@rand_addr=0x64010101, 0x4e24, 0x80, 0x4e23, 0x4, 0xa, 0x0, 0xa0, 0x5c, r5, r6}, {0x4, 0x101, 0xfffffffffffffffe, 0xffffffff, 0x2, 0x2, 0x4, 0xe2c3}, {0x8, 0x1f, 0x4, 0x4}, 0xff800000, 0x0, 0x1, 0x0, 0x1, 0x2}, {{@in=@remote, 0x4d5, 0x2b}, 0xa, @in6=@loopback, 0x3504, 0x4, 0x3, 0x7a, 0x1f, 0x0, 0x5}}, 0xe8) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="08101b0000000000"], 0x30}}, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r9, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="a80000000208050000000000000000000c00000106000240600000000900010073797a30000000001400048008000140000000e60800014000000fff05000300010000000900010073797a31000000001c000480080001400000ff8c0800013c000000040800014000000002340004800800014000010001080002400000003f08000140000100010800024000008000080002400000000208000240000000000500030011000000439510c69e1e741dc810b953575124660b4d0855507ba1024b7d9eea32f44bc92ad6eb85be0f0fff5cec09769231379cfb80d5a972cf78742c02bc32d776bd5117ce6b6300"/248], 0xa8}, 0x1, 0x0, 0x0, 0x8050}, 0x4000) [ 997.736712] Cannot find add_set index 0 as target 22:34:09 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x286000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x1}, 0x14}}, 0x0) sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x48, r3, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x1}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x20}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'virt_wifi0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x60000}, 0x8000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) r5 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) eventfd2(0x7, 0x80002) fcntl$setstatus(r0, 0x4, 0x400) r6 = dup(r5) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r6, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 997.795053] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'. [ 997.851182] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 997.888513] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'. 22:34:09 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r5, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0x20, 0x203, 0x80000000, 0x9, r5}, &(0x7f0000000040)=0x10) 22:34:09 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r7, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[], 0x20}}, 0x0) sendmsg$AUDIT_SIGNAL_INFO(r6, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x3f2, 0x100, 0x70bd2d, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0xc001}, 0x44000004) connect$vsock_stream(r1, &(0x7f0000000000), 0x10) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) [ 998.040323] warn_alloc_show_mem: 1 callbacks suppressed [ 998.040327] Mem-Info: [ 998.057904] active_anon:435826 inactive_anon:11113 isolated_anon:0 [ 998.057904] active_file:5194 inactive_file:25550 isolated_file:0 [ 998.057904] unevictable:0 dirty:302 writeback:0 unstable:0 [ 998.057904] slab_reclaimable:49699 slab_unreclaimable:388535 [ 998.057904] mapped:63421 shmem:11299 pagetables:72074 bounce:0 [ 998.057904] free:441243 free_pcp:300 free_cma:0 [ 998.155365] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 998.197471] Cannot find add_set index 0 as target [ 998.214673] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 998.223954] Node 1 active_anon:358696kB inactive_anon:27140kB active_file:20760kB inactive_file:102196kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36572kB dirty:1208kB writeback:0kB shmem:27160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 998.259213] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 998.280159] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1010 sclass=netlink_route_socket pid=10135 comm=syz-executor.5 22:34:09 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000380)=""/285) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x0, 0x120000) r4 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) ioctl$PPPIOCSMAXCID(r4, 0x40047451, &(0x7f0000000000)=0x49) 22:34:09 executing program 2: syz_extract_tcp_res(&(0x7f0000000000), 0x7ff, 0x6) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$TIOCEXCL(r3, 0x540c) write$P9_RRENAME(r3, &(0x7f0000000080)={0x7, 0x15, 0x2}, 0x7) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) read$usbmon(r1, &(0x7f0000000040)=""/2, 0x2) syz_emit_ethernet(0x1286, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6da3896712503c002001000000000000000000000000000000000000000000000000000000000001010a010600000000fc0100000000000000000000000000002001000000000000000000000000000200000000000000000000ffffe0000002fe880000000000000000000000000001ff02000000000000000000000000000106030000000000000710000000030200970c929600000000000001070000000000000004010100003c04004f00000000fc010000000000000000000000000001fc0200000000000000000000000000012e000330640000002f14000300000000fc000000000000000000000000000001fe80000000000000000000000000000cfc00000000000000000000000000000400000000000000000000ffffffffffffff01000000000000000000000000000100000000000000000000000000000001fc020000000000000000000000000000fe8000000000000000000000000000aafc000000000000000000000000000000fc000000000000000000000000000001061d00000000000001010000e7f6d22b550d0fe0a88894971f5e1f60512624c054c4dc71fc83a62b90ec103729d5b94e2976a271cc86b9cd754189128e8ad58032f415d48f7c3dbffed66483a1f892d12dcbc971335a41c4510a28913ab301be8ab5a86c85ec5a576fa6aba1c80f5aa62f2d15f1f3b6bc05f4078b28d0883496cacac24410791f90d6e7cc9bd8e2b5281826a64e0196bebc11e87e341d4ea879614dd4171bf505e3fdc580de97e25abbf968ccf908ea6b5ff5aef9ffb35db79f7b40a608b1d2e36928eafdb07324804b21063b0760e8173b8eea49d996706041f4e4f1e491e562428d7fe0503c31e8f7561e0b9f00000000952f5331afe5892a6ff9357d90143ea869c0b0d663e9b4c95ca7d0bb9be1be5c1e4553f84b2e053babb85f97bcead282dd65436aca996e2f3d1da774a1bd86c045158d592e7554fd6b33baa37bac591d28ffdab1efaacea0edc781d48605a556b0046cdcf6c40583c0de7e5e42e46c1b094aa387adb2f91235442e6c5547062eae391b0a8937b3aad59496b06a61da013bbfbbe502d3755c8c0269e48de68dd2ae21e30131f37b6eea5b4bd1abf685b78eeaa343321a59d67925ae5b39cded815e2a2ea15eafdbad54cd5ed7c8bde3793493a6660d2f37adce17b2292039fb25afc2108755c5ea517349d338c4095837b04c75e02806adb8ef502d3107d7468f621cc1b70ba8ee26a81587866cac5123e9a728ea5238d2cbce783f6487cbca54f6ca27784f37369e2b369aea249f4bfbae4fa61d053734e2bd084589cf80d4b14f43db62d6d8c38474ccfef3490cfaa779a79540ef2a024f02a21759ca3fe7a2be4e5f2b37e965f6608fe313ea6fe622faefa0afedddbad7af15eb8d3eeb6c00b228a8c2e8fed91dd389090add51cbad5a3f262c42b20d6cf8ff0b382237e893cfb10144f7905e4bddbef77eb91c63cb91adf84785d2ec0e3f17271543de50c77be0f4ccd46dcd5a9503db57c7beba48d8cdd1d94326be365384fa73c9bc73a07f299b318edeb76b4498e2746e31b21bb586a9dc232da7a0798b707987c69f16f4c234f41446545632519d014823cc4c725fe14195a38a49e1a17e53807496bd82df5522ea0595896b4ab9e66c399dadbe1eb52529c35cb6e94d3cd6f1858762363c39f0f69ba79424b1ec366e606537f3ddc2bbb31209ab7ccbea0a920dcd8fd6cdd9442679557248381fa76d09e751636f25c215ecb2c29e314b7ef5a8cb04684ee7ebdef31966900eada877116d4a66f593725b562e173b7afeaac8631211c2e89954a297af79a0b2a286e57b541192a962f1eec6314b125f937e845e7313cffd89ee0c8a56adecbe7569f9b0fa5a111e68a27fce7f029fc470309fceed6981f4d85a11f6d194cae93465d5a3bdaf603b0e9d05043b436ead7d6f5bfc03613c9887dbd09e9c91fbc45d1b700d7d2e009805670e6d1dcd7be1acd6cf36a42a77a10140f17050df164079461063eecb502845635122b364a11e74d91f685e4c70cea60aea1314d000bd8601df4abd38afac1c62f6a45497e552e3f40eb5f0c853b494cd63a138b2c1035157b6e430b636ffb72c7cf84523eb879da772375edd1b8ae875fa4b8adef8381c701d40a479540f6bed2313d6d66ed6987c284cc2bd8d4258694b1edba2e33a6d47b7c30b8cb85729897fa5e7b21bb70c6dc5cc1e135ff1d49ada54bc92dbf5727eed6a816e0270ad77cbc76205c2d84bb35566b1ad83bae050a158eb528ca8cf4e826a7b48a9a7211a0c1f63c993d522579cbd368c60617f052e644f1802662c368bbec7950e34e00cadbcaddca923daa1fac1d4f80ef564dad4dbc8b2d1563873958a7e7df8487a4466afa7a36311b3420384036ef4eb5ad342098df8fc8392e20bd18313d31aabc93791b38e5b70370dc77f60b1fae3a031a84afa87e882532b18db01622735f62a70eeea1a543f56d1cc4da1b3968c22a1311282b06ea46d0ae110e51cfcd1b011385702742b350f0ef5a5a3dbb68dff6288caa7fa885b0d06dc8e83b59a50fd0c7c55ca586dcd4400558453e259929c5002d4182feb3b5e7977ac1e818285b4e9868d165bc327746726b86fe9bcea5c8c6ae42ef2147080c3c5c2b017a3162d3ca7cf6f27cd8a5398b1947b3d3142fcc4b2bc98037c365b07d3f0cec935c3526ecb5fb0617896e4b194ffd297929723ec970469999a1f8dd351f41be6167697e4a853de68764187d84282f40071d0a28b3b3843718c987689e5c13463a9038860d87d4dfca67af2eede0e32bfac5bf57b68d423af53b98ba71b45ad6149ff4aae9fc518766895582362bc0578032975e79bc1cd005acd866734ba19f1dcdbf074c3e47624cee27d8c723f5d55eba3db9a254d270231b237ee58b3de5287d2eff506dd625763f8d41ed1765fd66a2f1e60adb5078c5bbe25fbe4853b89e210be184847f803b788e2d1b1d58a390c6afaaf34116b0f94df9791a8cb32c3f828d77f9f41bb9dc8aceca90f87803e59fb7f785a837252613bd20a5bbd2034955acc7c6a996fb4ba88a321d3f1032ebb0a5d2dc288f18c57ea14d11b166dd507400feeb4f90a2c71e5d3e23902a19ea1f7c6383c93a66b10458f0943bdcb9da893ebafab9e01d747afef13461c4d94c52908b7c527965062d2b07eada6a440f48c68a33815b0cdd32d5a8568f03dbb57aed91e8a6878e9cda009edaee03afdc07e6ddc97426430120e108aec38290ddc37af327d51dd73a761c5895df6533070976c132cd9db837369c0ff6eb864d8352804984001644b0fa09768f6bd2f7e0b61598f4f98d05bccb28ff1488638d21604b2f02acbf867a72593c4e197f2860abc7b330636859745a3ed8d374ba6e851f88a604a473c44f8d6b3c937923d1a8e5707fcce25dbdf20a63b278fae9f7ac731abce5182c95bef19021bcef27286b370f4e4bad8e3b5b3cb523a8a8bff2ac064cc79d3e2ec1e9cf2a898a5ea1a44b4ce336e08acbb73f663de419ebffafde0a4579d6b43a27e0ea3b6c20415e683581897d41675890ee64683457d803d36d81779ffa7a1af4aec6000ac7a84d65432ee92827269d0ef2b54794b70a2e1abce630aa814dbb3f1c88897f64b209bd210659787b0cb4e83ed9a4fa39890b5ff8b6512d5e750882e3cfe10db441b1aaed880d7a45e5877cce068c4fa25fc3633a78148f4501c992a295319c4ac617715ad077876d5a0efc64925b205043eedde29e656a0802d39b7497c924540169d2ebb41ed903eacd488af48f16f958e69a74aacb8b5b1d5b1379e45a120adca38828b8649f3164a8580e4d2ebb4f0582b7ef0ae1f29f526e877944a5dfa06bd4ff85297e36cbb8f7fb5ca899bb71f2528744034478ef17aff1caec86e39ffbff39057ac21c137dbf75d07b1c48ab40843a28eb545595c0802e1f9fa179f5beb554577e7062df9b2ce2030bf423aaf1c22784bf927cf1618d4e140893eb912b54716b2fba0b89bde1399b461fb191c5caf471bb0559d19fd4a3cd0aa8cf4094beb971d5c5b978479cb82d7715cb29f620cd641446dea5573da5ffaf7b1155de037b44dab393add05fcd56f544c5d39f6c8b21497280fae10fb576f5d7596f983795cb0ac200a7c00fea4eed357c0da2d91a2f7e32947b0e82dc50d7509a33b074e81317ee92e37e9a6e69c4f863d7674bf0eb12ca57796cd4be3df363b6ce126607abd2d1a82d79545aca5a1f0dcf82eb3f7d3788b7e52d34a5c40b7cc483015b3cd5a1fc2eaf0fde79e39bbc1037b73430036e7770acd927c268ef7128299003240bdb5ac4b35a22a5b1516a94461da10e5d06b13d857e824ca61d7467f672f7bd18ccb4513fdfc7b0339202e96567ef9ea94c09e567ba0f3fa1c0c7992ed33d2385601f7d9e2977d8772a8c205f3b1ec9ae20abc5c44fffda2d70a60ef3411cbddc66c99e735c615bc0ac85bbcbe71bbeba61634d131282598a880bae3e5eac11635013277b346a0b157fbc3876ce0d3028aedab31e5c01c1953c7542e643885096fd74bee41d5e464f9b5f651988c24e8ac5bd102f3e34b1efb4a56ffb44c15aed5fb51577c9a0c38c1091c910c6253993207a9acc817abe3db61e2de6d36da878082c07dede862b3048a6384fee2eb6504f965630a9dc82020c4410bf691bdc8801bb963bebdeaa8a57ea532ab8f261ab752000a463b5f7a5367ae8db01c698f9b9bf4ae90770d4d3ea20b8e0d59aa7aed3b93b34cfcbb6f9491cd4f578e5af0489c7262e02fa8369caac2bfec493cd5194ffc0f783d82d3ccea90c832ed63bbbb12caff97f31b201a230387be4a2aa0befb28f7a33e02554549816e7105876ee646cfd0af44c1daf9a399d7409432ddc78b9f4b74fd82705ce3efccd25878f15ee6852faab143f48aaf7af390700fc74dddc2a1611c35de5babca5332cf407293e695ae08efb8bb7347a890f57cfe2946fd0aff6778f27b9536a0161486bf0446521125adc7bc9ab73221bd0cffd9d16ba9ca71651bae6f280e2e9f8c4c641de3ed279c4db183656fa702b87fb6a06ff42692503009a0cadee0ea87580b09e448d2d4d79f8ce8051b4444a6bb63133c0726194782dad44d040aea3ca4c126049ab02584b0349bf42b559448c29b8e91d7bfa63ff55c56362dae2d5cc01f89fa8ac69b31b1a39897e9762ef1a242d33327cfea22e7bbbd7cf761a26bb7391cb76b030f25f31f423c7673dfd8ed6af01c2e849d4a70a23edee77336870b13cd88dfbf6481e3f285f5191ee9e37dbff35afb1b43c92fa8531afeea9eaf055c4dd534e6c4f76876d83fa7b66788c5edbae688c8b7c6d62d87603b2d2b8d7ab793342a7875bd45072a4a7658bd0cf6e8894af2f183f7e6c9e00f620b6186f5920848a9b7980b47497fa7241f60c72bb0351078b4f01a8099d07fb0c5a6b6049464756a467e0fea3c4261d3fb72f7eaaba53becf27f9def4a6fc466fe23b1dd96eb94bec8a3072fe48ed9d8688fe91f8f262afdff1430227955bcb96d608bd980630fac912264fddf04fbb5d3e1d8ebe73a414c8ad0e26d101eecff9703de0e0bd26ecf1c7d7a99f508fc1e03efb0c461b30af2ffb75b21ae8ed6cd43c33766475b38b8a1e77d7918d9db89a93323d147e8e6d8dbceddbf65c552dfa9e71bd0e07bae6cc51bdabd4ac86d3e01725dfa30fc0cd15cdd68366bcc1d892924d88e4c5ba12d5798670b98088104d5056c21ac945bbfc9c4eabac878862d662590646ed9e83077212ea82abd6bbfdcfef2f6045956266c59f9277c28da52ef7392976c23c8f70e62f80a395443c658559c3303beab727545e687ddb8d8977311877ea9b0eb8efe182c64ace526f788bb2fb0b668573d893a0822dd54b7e706071b3684ad0a18259c62e2a6dec463bb25df4179ef58353fe1536e9eaae3dca05b39e4f5cb82142162706e56153931433ebf422148da95e96300556e420c0709409371eb664eba18836790bca3b92c628b86d2f5d832f75fe1dcdad04f078ab606f3425b4173ad740d808158fdaec80d9b8a5ea314a27e56e802967ac7c0cee06c299616e76810e081d18779a74291690111437e698a25caa2090a4a76eff43b5c107fee35741a234ba7dc3fbd92a41649a25057c9d503744050d6fb45bb565e8b044e44da8d3dea63c17000bcd091b977387f5253ab91aed53925929a8f71f2e5d053c637e823e8328bedb1272f315580086f07f3a2dc11f5fef645bc4732580eb0c2b9ff110ed6948252a18579d647ce33cc6b9525be08401dfbb2258e8a0a712a74a6ef5a9eb34ecb8fb0ff7ddf4e9745e58930b87493be52bbde1a7c3854f41b552eb507a338f093e4e3471b7597f260239815634ecf49a6e1e5785c278ced6506360485c41ac4debbdfcc04db6b8ef1da7c9c8efe7e567a919f44fc46cceca9953111e3befcd182f79e77e6c4be91318b4a20d967c73ca2801650758554a168599eb7222b0c481b21e325ff99275e2d5767d50d4fe9010b0da1919c3c8c321983cb06359b1e4efd9a9f6983bdc8bb86344a51abe91b539a2d3c1e46f9b6920685daf380032915e0d12e139e65765e067de822f6b2e8d2ed536638549556e6e57748ef2419fd409e29b3b07c2331000000000000"], 0x0) [ 998.297768] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 998.328389] Cannot find add_set index 0 as target [ 998.343366] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 998.349446] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 998.399368] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1010 sclass=netlink_route_socket pid=10148 comm=syz-executor.5 [ 998.416479] CPU: 1 PID: 10102 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 998.424574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 998.434287] Call Trace: [ 998.436990] dump_stack+0x1b2/0x283 [ 998.440472] lowmem_reserve[]: [ 998.440975] warn_alloc.cold+0x96/0x1af [ 998.440987] ? zone_watermark_ok_safe+0x250/0x250 [ 998.441008] ? wait_for_completion_io+0x10/0x10 [ 998.441026] __alloc_pages_nodemask+0x2129/0x2730 [ 998.449690] 0 [ 998.453491] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 998.453502] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 998.453524] ? HARDIRQ_verbose+0x10/0x10 [ 998.453540] alloc_pages_current+0xe7/0x1e0 [ 998.453557] kvm_mmu_create+0xd1/0x1c0 [ 998.453569] kvm_arch_vcpu_init+0x282/0x890 [ 998.453578] ? alloc_pages_current+0xef/0x1e0 [ 998.453592] kvm_vcpu_init+0x26d/0x360 [ 998.472307] Cannot find add_set index 0 as target [ 998.477794] vmx_create_vcpu+0xf5/0x2950 [ 998.477812] ? __mutex_unlock_slowpath+0x75/0x780 [ 998.477822] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 998.477837] ? alloc_loaded_vmcs+0x240/0x240 [ 998.527778] kvm_vm_ioctl+0x4ae/0x1430 [ 998.531680] ? __lock_acquire+0x655/0x42a0 [ 998.535945] ? kvm_vcpu_release+0xa0/0xa0 [ 998.540122] ? trace_hardirqs_on+0x10/0x10 [ 998.544367] ? check_preemption_disabled+0x35/0x240 [ 998.549383] ? trace_hardirqs_on+0x10/0x10 [ 998.553838] ? check_preemption_disabled+0x35/0x240 [ 998.559000] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 998.563934] ? HARDIRQ_verbose+0x10/0x10 [ 998.568069] ? kvm_vcpu_release+0xa0/0xa0 [ 998.572239] do_vfs_ioctl+0x75a/0xfe0 [ 998.576063] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 998.581719] ? ioctl_preallocate+0x1a0/0x1a0 [ 998.586587] ? security_file_ioctl+0x76/0xb0 [ 998.591256] ? security_file_ioctl+0x83/0xb0 [ 998.596782] SyS_ioctl+0x7f/0xb0 [ 998.600254] ? do_vfs_ioctl+0xfe0/0xfe0 [ 998.604263] do_syscall_64+0x1d5/0x640 [ 998.608263] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 998.613534] RIP: 0033:0x45ca69 [ 998.616720] RSP: 002b:00007f60e94a6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 998.624440] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 998.631817] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 998.639455] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 998.646773] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 998.654325] R13: 000000000000039c R14: 00000000004c637a R15: 00007f60e94a76d4 [ 998.709624] 2559 2559 2559 2559 22:34:10 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r2, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r2, 0x0, 0xf08, 0xfc, 0x9}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@newlink={0x30, 0x10, 0x4, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1d42f614f5ec3d96, 0x4b60}, [@IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x6}, @IFLA_PHYS_PORT_ID={0x7, 0x22, "16de88"}]}, 0x30}, 0x1, 0x0, 0x0, 0x40001}, 0x0) [ 998.736558] Node 0 DMA32 free:29688kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34240kB pagetables:55132kB bounce:0kB free_pcp:352kB local_pcp:240kB free_cma:0kB [ 998.811014] lowmem_reserve[]: 0 0 0 0 0 [ 998.815363] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 998.881022] lowmem_reserve[]: 0 0 0 0 0 [ 998.885200] Node 1 Normal free:1725356kB min:53592kB low:66988kB high:80384kB active_anon:359096kB inactive_anon:27140kB active_file:20760kB inactive_file:102196kB unevictable:0kB writepending:1208kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:125440kB pagetables:233052kB bounce:0kB free_pcp:1228kB local_pcp:712kB free_cma:0kB [ 998.926364] lowmem_reserve[]: 0 0 0 0 0 [ 998.930646] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 998.948406] Node 0 DMA32: 383*4kB (M) 250*8kB (UME) 485*16kB (UME) 228*32kB (UM) 32*64kB (UM) 22*128kB (UM) 8*256kB (ME) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 29596kB [ 998.977777] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 998.990039] Node 1 Normal: 6*4kB (UM) 183*8kB (UME) 6*16kB (UME) 15*32kB (UM) 1*64kB (U) 9*128kB (UM) 10*256kB (UE) 4*512kB (UE) 1*1024kB (M) 2*2048kB (UM) 418*4096kB (M) = 1725136kB [ 999.010448] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 999.039734] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 999.048873] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 999.071877] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 999.092001] 25254 total pagecache pages [ 999.096194] 0 pages in swap cache [ 999.099665] Swap cache stats: add 0, delete 0, find 0/0 [ 999.131212] Free swap = 0kB [ 999.134356] Total swap = 0kB 22:34:10 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x0, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:34:10 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000000)=0x40, 0x4) ioctl$EVIOCGABS3F(0xffffffffffffffff, 0x8018457f, &(0x7f0000000240)=""/131) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 22:34:10 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000000)=0x480007c) 22:34:10 executing program 0: prctl$PR_SET_DUMPABLE(0x4, 0x3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.stat\x00', 0x0, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x4000, 0x0) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r1, 0xc04064aa, &(0x7f0000000100)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x1, 0x0, [], 0x4, 0xa}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000040)='cgroup.type\x00', 0x2, 0x0) [ 999.151339] 1965979 pages RAM [ 999.154588] 0 pages HighMem/MovableOnly [ 999.158969] 338456 pages reserved [ 999.171186] 0 pages cma reserved 22:34:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$KVM_S390_UCAS_UNMAP(r3, 0x4018ae51, &(0x7f0000000000)={0x80000000, 0x0, 0x6}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r4}}, 0x20}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r9, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r9, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a80)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {}, {0xf}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x4}}]}, 0x38}}, 0x0) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={r9, @multicast2, @multicast1}, 0xc) 22:34:10 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) getsockopt$TIPC_NODE_RECVQ_DEPTH(r1, 0x10f, 0x83, &(0x7f0000000100), &(0x7f0000000180)=0x4) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x201, 0x0) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x103103, 0x0) ioctl$DRM_IOCTL_AGP_RELEASE(r4, 0x6431) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x100c0, 0x0) 22:34:10 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x7fffffff, 0x3) setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'virt_wifi0\x00'}, 0x18) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) socket$pppl2tp(0x18, 0x1, 0x1) [ 999.432512] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 999.459214] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 999.512174] CPU: 0 PID: 10184 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 999.520265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 999.529650] Call Trace: [ 999.532266] dump_stack+0x1b2/0x283 [ 999.535935] warn_alloc.cold+0x96/0x1af [ 999.540029] ? zone_watermark_ok_safe+0x250/0x250 [ 999.545063] ? wait_for_completion_io+0x10/0x10 [ 999.549763] __alloc_pages_nodemask+0x2129/0x2730 [ 999.554662] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 999.559539] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 999.564524] ? HARDIRQ_verbose+0x10/0x10 [ 999.568616] ? do_raw_spin_unlock+0x164/0x250 [ 999.573142] alloc_pages_current+0xe7/0x1e0 [ 999.577680] kvm_mmu_create+0xd1/0x1c0 [ 999.581701] kvm_arch_vcpu_init+0x282/0x890 [ 999.586210] ? alloc_pages_current+0xef/0x1e0 [ 999.590729] kvm_vcpu_init+0x26d/0x360 [ 999.594662] vmx_create_vcpu+0xf5/0x2950 [ 999.598789] ? __mutex_unlock_slowpath+0x75/0x780 [ 999.603723] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 999.608800] ? alloc_loaded_vmcs+0x240/0x240 [ 999.613253] kvm_vm_ioctl+0x4ae/0x1430 [ 999.617507] ? __lock_acquire+0x655/0x42a0 [ 999.622137] ? kvm_vcpu_release+0xa0/0xa0 [ 999.626412] ? trace_hardirqs_on+0x10/0x10 [ 999.630859] ? check_preemption_disabled+0x35/0x240 [ 999.636432] ? trace_hardirqs_on+0x10/0x10 [ 999.641402] ? check_preemption_disabled+0x35/0x240 [ 999.646453] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 999.651433] ? HARDIRQ_verbose+0x10/0x10 [ 999.655548] ? kvm_vcpu_release+0xa0/0xa0 [ 999.660427] do_vfs_ioctl+0x75a/0xfe0 [ 999.664452] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 999.670483] ? ioctl_preallocate+0x1a0/0x1a0 [ 999.674951] ? security_file_ioctl+0x76/0xb0 [ 999.679386] ? security_file_ioctl+0x83/0xb0 [ 999.684171] SyS_ioctl+0x7f/0xb0 [ 999.687563] ? do_vfs_ioctl+0xfe0/0xfe0 [ 999.691571] do_syscall_64+0x1d5/0x640 [ 999.695973] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 999.701382] RIP: 0033:0x45ca69 [ 999.704855] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 999.712994] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 999.721767] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 999.729064] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 999.736349] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 999.744194] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 999.903204] Unknown ioctl 25649 [ 999.929373] Unknown ioctl 25649 22:34:11 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f00000000c0)={{0x1, 0x17}, {0x1, 0x4}, 0x7ff, 0x2, 0x7}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRESDEC, @ANYBLOB="9308a4b5000000000000001193c05e91d3dc5f61f0d323e72f6f27a17bc21315aa4771cfdb85559c9f9ffae5c0e4343a0672f4f047773562a15880f802173df50eb0b72eca3b9a47b0437eb2ac113f4770cbb92e1fc598df59ad7ae81d8675ff1b241642995825a50e340ca236968057eaa230ea10f8746d59a1b07605fd9e76c53863dc", @ANYRES32=0x0, @ANYBLOB="08001b0000000000"], 0x30}}, 0x0) [ 1000.018467] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 22:34:11 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$EVIOCGPROP(r2, 0xc004743e, &(0x7f0000000280)=""/286) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) r5 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r6 = dup(r5) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r6, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r6, 0x80184132, &(0x7f0000000140)) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$IMGETVERSION(r6, 0x80044942, &(0x7f0000000180)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000080)=0x8) [ 1000.138566] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1000.181705] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 22:34:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000240)={0xaa, 0x1f, [], [@generic={0xff, 0xb8, "55cfd3adb8a43af0aa1a5c83f1ed1f552fded154a4eac5aff1863721999a25412f773d963c1e73d7842dcf6ce749bf0bb52ef4ede9af2ab0241d98062ceac38c48e6e6e1e775b6389f90b1dd0093b215a54aa05931f572c0a39bc65dccb9abbbd89657b34ac3782154f085d84353a93a2ee845efe43ddaf668fa49eef00d1c4e2ed229783fcd9236f70170e4d1545bc46801e8a74a20cc6c88a9d19d8877ae585d591f10f97cc5f0ac618822227dea370945251c9b07827e"}, @calipso={0x7, 0x40, {0x3, 0xe, 0x2, 0x1f, [0x1, 0x8, 0xd59, 0x3ff, 0x80000001, 0x3, 0x3]}}]}, 0x108) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$VIDIOC_TRY_EXT_CTRLS(r2, 0xc0205649, &(0x7f00000000c0)={0x9c0000, 0x6, 0x0, r3, 0x0, &(0x7f0000000040)={0x9a091c, 0x9, [], @p_u16=&(0x7f0000000000)=0x8000}}) ioctl$KVM_REINJECT_CONTROL(r4, 0xae71, &(0x7f0000000100)={0x8c}) 22:34:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000080)={0x5, 0x0, [{}, {}, {}, {}, {}]}) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0xca5b76591d203a72, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r4, 0x80046402, &(0x7f0000000040)=0x4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:34:11 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r4 = dup(r3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x100, 0x0) ioctl$PPPIOCSMAXCID(r4, 0x40047451, &(0x7f0000000140)=0x90007c) [ 1000.393357] warn_alloc_show_mem: 1 callbacks suppressed [ 1000.393361] Mem-Info: [ 1000.426945] active_anon:436042 inactive_anon:11113 isolated_anon:0 [ 1000.426945] active_file:5195 inactive_file:25561 isolated_file:2 [ 1000.426945] unevictable:0 dirty:340 writeback:0 unstable:0 [ 1000.426945] slab_reclaimable:49760 slab_unreclaimable:388563 [ 1000.426945] mapped:63435 shmem:11299 pagetables:72224 bounce:0 [ 1000.426945] free:440697 free_pcp:324 free_cma:0 [ 1000.499226] Cannot find add_set index 0 as target [ 1000.605198] Cannot find add_set index 0 as target [ 1000.647820] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1000.759094] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1000.783559] Node 1 active_anon:359760kB inactive_anon:27140kB active_file:20772kB inactive_file:102240kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36628kB dirty:1360kB writeback:0kB shmem:27160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1000.811463] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1000.840218] CPU: 1 PID: 10248 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 1000.848138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1000.857592] Call Trace: [ 1000.860209] dump_stack+0x1b2/0x283 [ 1000.862006] Node 0 [ 1000.863862] warn_alloc.cold+0x96/0x1af [ 1000.863874] ? zone_watermark_ok_safe+0x250/0x250 [ 1000.863894] ? wait_for_completion_io+0x10/0x10 [ 1000.869299] DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1000.870532] __alloc_pages_nodemask+0x2129/0x2730 [ 1000.870567] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1000.896520] lowmem_reserve[]: [ 1000.907243] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1000.907268] ? HARDIRQ_verbose+0x10/0x10 [ 1000.907280] ? do_raw_spin_unlock+0x164/0x250 [ 1000.907294] alloc_pages_current+0xe7/0x1e0 [ 1000.907311] kvm_mmu_create+0xd1/0x1c0 [ 1000.907324] kvm_arch_vcpu_init+0x282/0x890 [ 1000.907333] ? alloc_pages_current+0xef/0x1e0 [ 1000.907346] kvm_vcpu_init+0x26d/0x360 [ 1000.907361] vmx_create_vcpu+0xf5/0x2950 [ 1000.907381] ? __mutex_unlock_slowpath+0x75/0x780 [ 1000.953597] 0 [ 1000.956735] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1000.956754] ? alloc_loaded_vmcs+0x240/0x240 [ 1000.956772] kvm_vm_ioctl+0x4ae/0x1430 [ 1000.983090] 2559 [ 1000.984589] ? __lock_acquire+0x655/0x42a0 [ 1000.984601] ? kvm_vcpu_release+0xa0/0xa0 [ 1000.984613] ? trace_hardirqs_on+0x10/0x10 [ 1000.989399] 2559 [ 1000.991001] ? check_preemption_disabled+0x35/0x240 [ 1000.991021] ? trace_hardirqs_on+0x10/0x10 [ 1000.991028] ? check_preemption_disabled+0x35/0x240 [ 1000.991039] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1000.991052] ? HARDIRQ_verbose+0x10/0x10 [ 1000.991064] ? kvm_vcpu_release+0xa0/0xa0 [ 1000.991075] do_vfs_ioctl+0x75a/0xfe0 [ 1000.991089] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1000.991100] ? ioctl_preallocate+0x1a0/0x1a0 [ 1000.991122] ? security_file_ioctl+0x76/0xb0 [ 1000.991131] ? security_file_ioctl+0x83/0xb0 [ 1000.991141] SyS_ioctl+0x7f/0xb0 [ 1000.991148] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1000.991165] do_syscall_64+0x1d5/0x640 [ 1001.008875] 2559 [ 1001.012777] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1001.012786] RIP: 0033:0x45ca69 [ 1001.012791] RSP: 002b:00007f60e94a6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1001.012800] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1001.012806] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1001.012811] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1001.012816] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1001.012821] R13: 000000000000039c R14: 00000000004c637a R15: 00007f60e94a76d4 [ 1001.430871] 2559 [ 1001.432984] Node 0 DMA32 free:29400kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:8kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34240kB pagetables:55132kB bounce:0kB free_pcp:392kB local_pcp:216kB free_cma:0kB [ 1001.500879] lowmem_reserve[]: 0 0 0 0 0 [ 1001.504920] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1001.560902] lowmem_reserve[]: 0 0 0 0 0 [ 1001.564985] Node 1 Normal free:1721228kB min:53592kB low:66988kB high:80384kB active_anon:359572kB inactive_anon:27140kB active_file:20776kB inactive_file:102244kB unevictable:0kB writepending:1392kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:125504kB pagetables:233508kB bounce:0kB free_pcp:1072kB local_pcp:376kB free_cma:0kB [ 1001.630918] lowmem_reserve[]: 0 0 0 0 0 [ 1001.634971] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1001.670898] Node 0 DMA32: 384*4kB (ME) 249*8kB (ME) 481*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 29432kB [ 1001.710923] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1001.731692] Node 1 Normal: 73*4kB (UME) 10*8kB (UME) 6*16kB (UME) 2*32kB (ME) 2*64kB (UE) 7*128kB (UME) 2*256kB (ME) 3*512kB (U) 1*1024kB (U) 2*2048kB (UM) 418*4096kB (M) = 1720852kB [ 1001.770879] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1001.792426] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1001.811539] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1001.840896] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1001.849536] 25267 total pagecache pages [ 1001.860904] 0 pages in swap cache [ 1001.864383] Swap cache stats: add 0, delete 0, find 0/0 [ 1001.869963] Free swap = 0kB 22:34:13 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x0, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:34:13 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) chdir(&(0x7f0000000180)='./file0\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) write$binfmt_aout(r3, &(0x7f0000000180)=ANY=[], 0x201) fcntl$setstatus(r3, 0x4, 0x6100) write$binfmt_aout(r3, 0x0, 0x20) r4 = open(&(0x7f0000000100)='./bus\x00', 0x105162, 0x0) ftruncate(r4, 0x80006) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000100)=0x80007c) 22:34:13 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, r3, 0x8, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc040}, 0x4000000) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$FIDEDUPERANGE(r4, 0xc0189436, &(0x7f0000000000)={0x1, 0x7, 0x2, 0x0, 0x0, [{{r4}, 0x58e}, {{r5}, 0x3}]}) 22:34:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x581480, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r4}}, 0x20}}, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1001.892849] Total swap = 0kB [ 1001.896250] 1965979 pages RAM [ 1001.899454] 0 pages HighMem/MovableOnly [ 1001.911123] 338456 pages reserved [ 1001.915126] 0 pages cma reserved [ 1002.045010] nla_parse: 1 callbacks suppressed [ 1002.045017] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1002.166242] audit: type=1800 audit(1592001253.444:121): pid=10300 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="loop3" ino=142 res=0 [ 1002.190595] Cannot find add_set index 0 as target 22:34:13 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:34:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r5 = dup(r4) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r5, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) perf_event_open$cgroup(&(0x7f0000000000)={0x1, 0x70, 0x1f, 0x4, 0x4, 0x1f, 0x0, 0x6, 0x84000, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xd44, 0x1, @perf_config_ext={0x4, 0x8000}, 0x556, 0x7ff, 0x80, 0x3, 0x3, 0x2, 0x7}, r3, 0xa, r5, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1002.323530] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1002.363009] audit: type=1800 audit(1592001253.644:122): pid=10300 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="loop3" ino=142 res=0 [ 1002.406615] Cannot find add_set index 0 as target 22:34:13 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [0x0, 0x0, 0x0, 0xff0000ff], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'macvtap0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x388) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f0000000000)='\'*+\x00') 22:34:13 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$VHOST_SET_VRING_NUM(r1, 0x4008af10, &(0x7f0000000200)={0x2, 0xd78}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x11000000, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x10002}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x91}}, 0x0) r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x240040}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, r3, 0x100, 0x6, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_SECCTX={0x29, 0x7, 'system_u:object_r:auditctl_exec_t:s0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) [ 1002.700140] Cannot find add_set index 0 as target [ 1002.771196] Cannot find add_set index 0 as target [ 1002.802608] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1002.834837] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1002.869441] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1002.897741] CPU: 0 PID: 10318 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1002.906097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1002.916194] Call Trace: [ 1002.919352] dump_stack+0x1b2/0x283 [ 1002.924202] warn_alloc.cold+0x96/0x1af [ 1002.928224] ? zone_watermark_ok_safe+0x250/0x250 [ 1002.933303] ? wait_for_completion_io+0x10/0x10 [ 1002.940187] __alloc_pages_nodemask+0x2129/0x2730 [ 1002.945260] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1002.950295] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1002.955175] ? HARDIRQ_verbose+0x10/0x10 [ 1002.959246] ? do_raw_spin_unlock+0x164/0x250 [ 1002.964022] alloc_pages_current+0xe7/0x1e0 [ 1002.968651] kvm_mmu_create+0xd1/0x1c0 [ 1002.972651] kvm_arch_vcpu_init+0x282/0x890 [ 1002.977853] ? alloc_pages_current+0xef/0x1e0 [ 1002.982903] kvm_vcpu_init+0x26d/0x360 [ 1002.987151] vmx_create_vcpu+0xf5/0x2950 [ 1002.991252] ? __mutex_unlock_slowpath+0x75/0x780 [ 1002.996184] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1003.001829] ? alloc_loaded_vmcs+0x240/0x240 [ 1003.006449] kvm_vm_ioctl+0x4ae/0x1430 [ 1003.010421] ? __lock_acquire+0x655/0x42a0 [ 1003.014928] ? kvm_vcpu_release+0xa0/0xa0 [ 1003.019164] ? trace_hardirqs_on+0x10/0x10 [ 1003.023420] ? check_preemption_disabled+0x35/0x240 [ 1003.028583] ? trace_hardirqs_on+0x10/0x10 [ 1003.033151] ? check_preemption_disabled+0x35/0x240 [ 1003.038525] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1003.043904] ? HARDIRQ_verbose+0x10/0x10 [ 1003.047968] ? kvm_vcpu_release+0xa0/0xa0 [ 1003.052212] do_vfs_ioctl+0x75a/0xfe0 [ 1003.056570] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1003.062318] ? ioctl_preallocate+0x1a0/0x1a0 [ 1003.066942] ? security_file_ioctl+0x76/0xb0 [ 1003.071873] ? security_file_ioctl+0x83/0xb0 [ 1003.076289] SyS_ioctl+0x7f/0xb0 [ 1003.079795] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1003.083981] do_syscall_64+0x1d5/0x640 [ 1003.088027] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1003.093342] RIP: 0033:0x45ca69 22:34:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="0800bddf4215cf99cc30e7601b"], 0x30}}, 0x0) [ 1003.096699] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1003.104694] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1003.112147] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1003.119519] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1003.127404] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1003.135120] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1003.143233] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1003.148817] CPU: 1 PID: 10323 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 1003.156976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1003.166513] Call Trace: [ 1003.169181] dump_stack+0x1b2/0x283 [ 1003.172921] warn_alloc.cold+0x96/0x1af [ 1003.177214] ? zone_watermark_ok_safe+0x250/0x250 [ 1003.183204] ? wait_for_completion_io+0x10/0x10 [ 1003.187909] __alloc_pages_nodemask+0x2129/0x2730 [ 1003.192806] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1003.197877] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1003.203281] ? HARDIRQ_verbose+0x10/0x10 [ 1003.208071] ? do_raw_spin_unlock+0x164/0x250 [ 1003.212697] alloc_pages_current+0xe7/0x1e0 [ 1003.217617] kvm_mmu_create+0xd1/0x1c0 [ 1003.223082] kvm_arch_vcpu_init+0x282/0x890 [ 1003.227693] ? alloc_pages_current+0xef/0x1e0 [ 1003.232311] kvm_vcpu_init+0x26d/0x360 [ 1003.236335] vmx_create_vcpu+0xf5/0x2950 [ 1003.240427] ? __mutex_unlock_slowpath+0x75/0x780 [ 1003.245371] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1003.250416] ? alloc_loaded_vmcs+0x240/0x240 [ 1003.254876] kvm_vm_ioctl+0x4ae/0x1430 [ 1003.258894] ? __lock_acquire+0x655/0x42a0 [ 1003.263149] ? kvm_vcpu_release+0xa0/0xa0 [ 1003.267526] ? trace_hardirqs_on+0x10/0x10 [ 1003.271809] ? check_preemption_disabled+0x35/0x240 [ 1003.276856] ? trace_hardirqs_on+0x10/0x10 [ 1003.281357] ? check_preemption_disabled+0x35/0x240 [ 1003.286403] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1003.291369] ? HARDIRQ_verbose+0x10/0x10 [ 1003.295461] ? kvm_vcpu_release+0xa0/0xa0 [ 1003.300018] do_vfs_ioctl+0x75a/0xfe0 [ 1003.305112] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1003.311224] ? ioctl_preallocate+0x1a0/0x1a0 [ 1003.315762] ? security_file_ioctl+0x76/0xb0 [ 1003.320612] ? security_file_ioctl+0x83/0xb0 [ 1003.325040] SyS_ioctl+0x7f/0xb0 [ 1003.328421] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1003.332548] do_syscall_64+0x1d5/0x640 [ 1003.337144] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1003.343186] RIP: 0033:0x45ca69 [ 1003.346386] RSP: 002b:00007f60e94a6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1003.354192] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1003.362545] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1003.370517] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1003.378031] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1003.385872] R13: 000000000000039c R14: 00000000004c637a R15: 00007f60e94a76d4 22:34:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x141002, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000040)) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_WEIGHT={0x8, 0xf, 0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) [ 1003.469241] Cannot find add_set index 0 as target [ 1003.536266] warn_alloc_show_mem: 1 callbacks suppressed [ 1003.536270] Mem-Info: [ 1003.557201] active_anon:436664 inactive_anon:11113 isolated_anon:0 [ 1003.557201] active_file:5204 inactive_file:25570 isolated_file:0 [ 1003.557201] unevictable:0 dirty:364 writeback:0 unstable:0 [ 1003.557201] slab_reclaimable:49889 slab_unreclaimable:389229 22:34:14 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) sendmsg$SEG6_CMD_SETHMAC(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x74, 0x0, 0x800, 0x70bd2b, 0x25dfdbfe, {}, [@SEG6_ATTR_SECRET={0x18, 0x4, [0xbc17, 0x5, 0x5, 0xfffff800, 0xfffffffb]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xfffff800}, @SEG6_ATTR_DST={0x14, 0x1, @private1}, @SEG6_ATTR_DST={0x14, 0x1, @mcast1}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x4587}]}, 0x74}, 0x1, 0x0, 0x0, 0x40080}, 0x40000) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1003.557201] mapped:63446 shmem:11299 pagetables:72402 bounce:0 [ 1003.557201] free:438771 free_pcp:371 free_cma:0 22:34:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040)='ethtool\x00') sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r4, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [@ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x94}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x3f}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x8080) [ 1003.676304] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1003.786757] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1003.790533] Node 1 active_anon:362348kB inactive_anon:27140kB active_file:20800kB inactive_file:102276kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36772kB dirty:1456kB writeback:0kB shmem:27160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1003.878835] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10372 comm=syz-executor.5 [ 1003.917820] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 22:34:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r4 = dup(r3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$DRM_IOCTL_AGP_ALLOC(r4, 0xc0206434, &(0x7f0000000000)={0x101, 0x0, 0x0, 0xb3a}) ioctl$DRM_IOCTL_SG_ALLOC(r2, 0xc0106438, &(0x7f00000000c0)={0x400, r5}) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x41, 0x0, 0x0) syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) r8 = gettid() tkill(r8, 0x1004000000016) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext={0x3f, 0x401}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, r8, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1003.941491] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1003.988003] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10382 comm=syz-executor.5 [ 1004.034899] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1004.048879] lowmem_reserve[]: 0 2559 2559 2559 2559 22:34:15 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) accept4$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000180)=0x14, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=r2, @ANYBLOB="08001b000c000000"], 0x30}}, 0x40040) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r5}}, 0x20}}, 0x0) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0)='ethtool\x00') sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000003d80)={&(0x7f0000003cc0), 0xc, &(0x7f0000003d40)={&(0x7f0000003d00)=@getaddr={0x14, 0x16, 0x200, 0x70bd2b, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xbe92225cc289a5c}, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r8 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="220000001100ff07000000000000000010000000", @ANYRES32=r9, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={0x15c, r6, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_OURS={0x8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x7}, @ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x9}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x2}, @ETHTOOL_A_LINKMODES_OURS={0x10c, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x66, 0x5, "80d692f0b65772e905f1c13b22aca2b38af04de360acc8a52fc39605a402d490d2cc29f8030cc8a7b3b14198679206aa47f7884dcf62b51bc5b885c58f1f217eba58cf70ae5cfdedd3bdbdd7f5367be6969fdea36f7361873ba5e53026a360c88e64"}, @ETHTOOL_A_BITSET_VALUE={0x99, 0x4, "b551bd851b168014bbac14f9733dcf84c2e8319204ad17614e5373f3df3214a80ae649ca528785cfe2b9300fc62d03f8aaa96d0cef8826a6407e003584c3b540a87e12503ec20cf630c75ccce75131acb0cb351fcfe2985f0aafcfd8862fe4ca04f3e738716b40d972e5f8cdd9e0125be54822773126e178e98d098b9412e2bc2d3465556b81428d7a1641e6f017a1bb8289de7c4a"}]}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x8}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x7}]}, 0x15c}, 0x1, 0x0, 0x0, 0xb5}, 0x20000015) [ 1004.065031] Node 0 DMA32 free:29308kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:364kB local_pcp:204kB free_cma:0kB [ 1004.087321] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1004.117953] lowmem_reserve[]: 0 0 0 0 0 [ 1004.139338] CPU: 0 PID: 10356 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 1004.147431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1004.151231] Node 0 [ 1004.157143] Call Trace: [ 1004.157169] dump_stack+0x1b2/0x283 [ 1004.157186] warn_alloc.cold+0x96/0x1af [ 1004.157199] ? zone_watermark_ok_safe+0x250/0x250 [ 1004.175089] ? wait_for_completion_io+0x10/0x10 [ 1004.176229] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1004.179799] __alloc_pages_nodemask+0x2129/0x2730 [ 1004.179832] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1004.216137] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1004.221201] ? HARDIRQ_verbose+0x10/0x10 [ 1004.225373] ? do_raw_spin_unlock+0x164/0x250 [ 1004.230061] alloc_pages_current+0xe7/0x1e0 [ 1004.234430] kvm_mmu_create+0xd1/0x1c0 [ 1004.238347] kvm_arch_vcpu_init+0x282/0x890 [ 1004.242903] ? alloc_pages_current+0xef/0x1e0 [ 1004.247791] kvm_vcpu_init+0x26d/0x360 [ 1004.251044] lowmem_reserve[]: 0 [ 1004.251761] vmx_create_vcpu+0xf5/0x2950 [ 1004.251777] ? __mutex_unlock_slowpath+0x75/0x780 [ 1004.255372] 0 [ 1004.259146] ? lock_downgrade+0x6e0/0x6e0 [ 1004.259161] ? alloc_loaded_vmcs+0x240/0x240 [ 1004.259178] kvm_vm_ioctl+0x4ae/0x1430 [ 1004.273375] 0 [ 1004.274858] ? __lock_acquire+0x655/0x42a0 [ 1004.274874] ? kvm_vcpu_release+0xa0/0xa0 [ 1004.274898] ? trace_hardirqs_on+0x10/0x10 [ 1004.279478] 0 [ 1004.280951] ? __handle_mm_fault+0x1890/0x3670 [ 1004.280962] ? check_preemption_disabled+0x35/0x240 [ 1004.280978] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1004.280992] ? HARDIRQ_verbose+0x10/0x10 [ 1004.281005] ? kvm_vcpu_release+0xa0/0xa0 [ 1004.281016] do_vfs_ioctl+0x75a/0xfe0 [ 1004.281033] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1004.292088] 0 [ 1004.294292] ? ioctl_preallocate+0x1a0/0x1a0 22:34:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1004.294335] ? security_file_ioctl+0x76/0xb0 [ 1004.294344] ? security_file_ioctl+0x83/0xb0 [ 1004.294356] SyS_ioctl+0x7f/0xb0 [ 1004.301579] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1004.301598] do_syscall_64+0x1d5/0x640 [ 1004.301617] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1004.301625] RIP: 0033:0x45ca69 [ 1004.301635] RSP: 002b:00007f60e9464c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1004.301646] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1004.301651] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1004.301656] RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000 [ 1004.301661] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1004.301667] R13: 000000000000039c R14: 00000000004c637a R15: 00007f60e94656d4 22:34:15 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="30000000180001040000080000008fc0ef33ae225501568ae390eec170343a000000000005000000000c00090008000040", @ANYRES32=0x0, @ANYBLOB="41130000000000"], 0x21}}, 0x0) r2 = socket(0x1000000010, 0x80002, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendmmsg$alg(r2, &(0x7f0000000200), 0x10efe10675dec16, 0x0) r6 = dup(r1) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r7, 0x8982, &(0x7f0000000000)={0x3, 'veth0_to_hsr\x00', {0x14}, 0x5}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r8 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r9 = dup(r8) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r9, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$PPPIOCSMAXCID(r9, 0x40047451, &(0x7f0000000100)=0x80007c) 22:34:15 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="08001b0000000000ac38a45de8fd8bea89877b8e121c366aa1e71ba17057ba0dabcd6ccface20a5c05e433da6a639b7b4b6954a5332527"], 0x30}}, 0x0) uname(&(0x7f0000000240)=""/195) sendmsg$nl_route(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)=@ipmr_delroute={0x110, 0x19, 0x4, 0x70bd27, 0x25dfdbff, {0x80, 0x10, 0x0, 0x81, 0xfd, 0x4, 0xfd, 0x5}, [@RTA_METRICS={0xf2, 0x8, 0x0, 0x1, "5bcc56192df37186552b60e3cc1765f2ee34947777f8730f5aee334c71dc55a25d8a01915ddd1ab1ba9d82f1ac46ad6c4b521c82e3acbc45cc448eef2ecc4daabd2f0032955b3084d2de4efcec09b6998e4bac1ac9e2161810bcbdf4c73ccd8e8eaf8f97c0fe425280a3265444b4c06da9762ed8ee2e7cfd602ecf78583da1e991a838b703abd61892e1778c29f00e86f8d0dcdcbefe329262d8dd6fbeef71c9d5d2801ee711a477163db8d19282ac24b2da9fe85f318c11d3b88364e99d845eab9dd0efdffbfd733596d11c571a4ec3633f996c1ddb294b19ada1069f0e0b4123232265eee4e5a6a38aee2a4873"}]}, 0x110}, 0x1, 0x0, 0x0, 0x8055}, 0x0) [ 1004.524110] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1004.545795] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1004.551764] CPU: 1 PID: 10394 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 1004.559834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1004.569205] Call Trace: [ 1004.573228] dump_stack+0x1b2/0x283 [ 1004.577059] warn_alloc.cold+0x96/0x1af [ 1004.582541] ? zone_watermark_ok_safe+0x250/0x250 [ 1004.587455] ? wait_for_completion_io+0x10/0x10 [ 1004.592486] __alloc_pages_nodemask+0x2129/0x2730 [ 1004.597903] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1004.603901] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1004.610208] ? HARDIRQ_verbose+0x10/0x10 [ 1004.614326] ? do_raw_spin_unlock+0x164/0x250 [ 1004.618840] alloc_pages_current+0xe7/0x1e0 [ 1004.623910] kvm_mmu_create+0xd1/0x1c0 [ 1004.627821] kvm_arch_vcpu_init+0x282/0x890 [ 1004.632255] ? alloc_pages_current+0xef/0x1e0 [ 1004.637151] kvm_vcpu_init+0x26d/0x360 [ 1004.642465] vmx_create_vcpu+0xf5/0x2950 [ 1004.647029] ? __mutex_unlock_slowpath+0x75/0x780 [ 1004.652493] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1004.658611] ? alloc_loaded_vmcs+0x240/0x240 [ 1004.663231] kvm_vm_ioctl+0x4ae/0x1430 [ 1004.667227] ? __lock_acquire+0x655/0x42a0 [ 1004.671571] ? kvm_vcpu_release+0xa0/0xa0 [ 1004.675912] ? trace_hardirqs_on+0x10/0x10 [ 1004.680157] ? check_preemption_disabled+0x35/0x240 [ 1004.686011] ? trace_hardirqs_on+0x10/0x10 [ 1004.690768] ? check_preemption_disabled+0x35/0x240 [ 1004.696529] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1004.701911] ? HARDIRQ_verbose+0x10/0x10 [ 1004.706821] ? kvm_vcpu_release+0xa0/0xa0 [ 1004.711433] do_vfs_ioctl+0x75a/0xfe0 [ 1004.715400] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1004.721581] ? ioctl_preallocate+0x1a0/0x1a0 [ 1004.726024] ? security_file_ioctl+0x76/0xb0 [ 1004.730665] ? security_file_ioctl+0x83/0xb0 [ 1004.735707] SyS_ioctl+0x7f/0xb0 [ 1004.740806] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1004.744914] do_syscall_64+0x1d5/0x640 [ 1004.749006] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1004.754203] RIP: 0033:0x45ca69 [ 1004.757396] RSP: 002b:00007f10b3961c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1004.765246] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1004.772620] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000008 [ 1004.783058] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1004.791048] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1004.798695] R13: 000000000000039c R14: 00000000004c637a R15: 00007f10b39626d4 [ 1004.848356] Node 1 Normal free:1713448kB min:53592kB low:66988kB high:80384kB active_anon:362644kB inactive_anon:27140kB active_file:20804kB inactive_file:102272kB unevictable:0kB writepending:1456kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:126176kB pagetables:234568kB bounce:0kB free_pcp:820kB local_pcp:572kB free_cma:0kB [ 1004.967132] lowmem_reserve[]: 0 0 0 0 0 [ 1004.977849] Cannot find add_set index 0 as target [ 1004.983030] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1005.106807] Node 0 DMA32: 385*4kB (UME) 249*8kB (ME) 457*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 29052kB [ 1005.157529] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1005.184054] Node 1 Normal: 49*4kB (UME) 181*8kB (UME) 133*16kB (UME) 32*32kB (UME) 8*64kB (UME) 9*128kB (UME) 5*256kB (UME) 1*512kB (E) 1*1024kB (E) 3*2048kB (UME) 415*4096kB (M) = 1715260kB [ 1005.246670] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1005.249780] warn_alloc_show_mem: 1 callbacks suppressed [ 1005.249784] Mem-Info: [ 1005.271438] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1005.288854] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1005.313391] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1005.323309] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1005.325264] active_anon:436782 inactive_anon:11113 isolated_anon:0 [ 1005.325264] active_file:5203 inactive_file:25584 isolated_file:2 [ 1005.325264] unevictable:0 dirty:386 writeback:0 unstable:0 [ 1005.325264] slab_reclaimable:49949 slab_unreclaimable:389440 [ 1005.325264] mapped:63472 shmem:11299 pagetables:72424 bounce:0 [ 1005.325264] free:438497 free_pcp:243 free_cma:0 [ 1005.336737] CPU: 1 PID: 10407 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1005.375406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1005.384814] Call Trace: [ 1005.387429] dump_stack+0x1b2/0x283 [ 1005.391092] warn_alloc.cold+0x96/0x1af [ 1005.395179] ? zone_watermark_ok_safe+0x250/0x250 [ 1005.400224] ? wait_for_completion_io+0x10/0x10 [ 1005.405386] __alloc_pages_nodemask+0x2129/0x2730 [ 1005.410415] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1005.415420] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1005.420299] ? HARDIRQ_verbose+0x10/0x10 [ 1005.424397] ? do_raw_spin_unlock+0x164/0x250 [ 1005.428927] alloc_pages_current+0xe7/0x1e0 [ 1005.433279] kvm_mmu_create+0xd1/0x1c0 [ 1005.437200] kvm_arch_vcpu_init+0x282/0x890 [ 1005.441583] ? alloc_pages_current+0xef/0x1e0 [ 1005.446111] kvm_vcpu_init+0x26d/0x360 [ 1005.450135] vmx_create_vcpu+0xf5/0x2950 [ 1005.454221] ? __mutex_unlock_slowpath+0x75/0x780 [ 1005.459172] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1005.464334] ? alloc_loaded_vmcs+0x240/0x240 [ 1005.468972] kvm_vm_ioctl+0x4ae/0x1430 [ 1005.473038] ? __lock_acquire+0x655/0x42a0 [ 1005.477307] ? kvm_vcpu_release+0xa0/0xa0 [ 1005.481533] ? trace_hardirqs_on+0x10/0x10 [ 1005.485798] ? check_preemption_disabled+0x35/0x240 [ 1005.490846] ? trace_hardirqs_on+0x10/0x10 [ 1005.495401] ? check_preemption_disabled+0x35/0x240 [ 1005.500751] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1005.505889] ? HARDIRQ_verbose+0x10/0x10 [ 1005.510497] ? kvm_vcpu_release+0xa0/0xa0 [ 1005.514770] do_vfs_ioctl+0x75a/0xfe0 [ 1005.518637] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1005.524421] ? ioctl_preallocate+0x1a0/0x1a0 [ 1005.528949] ? security_file_ioctl+0x76/0xb0 [ 1005.533489] ? security_file_ioctl+0x83/0xb0 [ 1005.537926] SyS_ioctl+0x7f/0xb0 [ 1005.541781] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1005.545813] do_syscall_64+0x1d5/0x640 [ 1005.549727] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1005.554940] RIP: 0033:0x45ca69 [ 1005.558142] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1005.566236] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1005.573692] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1005.575173] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1005.581093] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1005.581099] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1005.581105] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1005.583259] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1005.649034] 25293 total pagecache pages [ 1005.654369] 0 pages in swap cache [ 1005.658960] Swap cache stats: add 0, delete 0, find 0/0 [ 1005.665670] Free swap = 0kB [ 1005.669746] Total swap = 0kB [ 1005.674220] 1965979 pages RAM [ 1005.678508] 0 pages HighMem/MovableOnly [ 1005.687392] 338456 pages reserved [ 1005.692537] 0 pages cma reserved [ 1005.783815] Node 1 active_anon:362420kB inactive_anon:27140kB active_file:20804kB inactive_file:102332kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36776kB dirty:1544kB writeback:0kB shmem:27160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1005.785155] Cannot find add_set index 0 as target [ 1005.894050] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1005.960666] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1005.965828] Node 0 DMA32 free:28308kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:8kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:284kB local_pcp:152kB free_cma:0kB [ 1006.030655] lowmem_reserve[]: 0 0 0 0 0 [ 1006.034705] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1006.093732] lowmem_reserve[]: 0 0 0 0 0 [ 1006.108069] Node 1 Normal free:1717996kB min:53592kB low:66988kB high:80384kB active_anon:362236kB inactive_anon:27140kB active_file:20808kB inactive_file:102356kB unevictable:0kB writepending:1580kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:125920kB pagetables:234264kB bounce:0kB free_pcp:1248kB local_pcp:724kB free_cma:0kB [ 1006.185359] lowmem_reserve[]: 0 0 0 0 0 [ 1006.199048] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1006.220046] Node 0 DMA32: 385*4kB (UME) 249*8kB (ME) 410*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 28300kB [ 1006.243796] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1006.256848] Node 1 Normal: 34*4kB (UME) 42*8kB (UME) 53*16kB (UME) 54*32kB (UME) 10*64kB (UME) 26*128kB (UME) 13*256kB (UME) 1*512kB (E) 1*1024kB (E) 3*2048kB (UME) 415*4096kB (M) = 1717864kB [ 1006.281860] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1006.295463] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1006.307005] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1006.322800] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 22:34:17 executing program 2: r0 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x4000000, r0) pkey_free(r0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000000)=""/177) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 22:34:17 executing program 5: socket$nl_route(0x10, 0x3, 0x0) 22:34:17 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:34:17 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) 22:34:17 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xfffffffffffffef7) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) getsockopt$inet_mreqn(r3, 0x0, 0x24, &(0x7f0000000040)={@broadcast, @multicast2}, &(0x7f0000000080)=0xc) [ 1006.335966] 25300 total pagecache pages [ 1006.340303] 0 pages in swap cache [ 1006.347382] Swap cache stats: add 0, delete 0, find 0/0 [ 1006.353786] Free swap = 0kB [ 1006.356936] Total swap = 0kB [ 1006.359970] 1965979 pages RAM [ 1006.364846] 0 pages HighMem/MovableOnly [ 1006.368939] 338456 pages reserved [ 1006.375281] 0 pages cma reserved 22:34:17 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x2, 0x2000) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x2000, 0x0) ioctl$KVM_GET_DEBUGREGS(r1, 0x8080aea1, &(0x7f00000000c0)) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 22:34:17 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) [ 1006.760220] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1006.788560] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1006.794065] CPU: 1 PID: 10455 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1006.802304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1006.811668] Call Trace: [ 1006.814274] dump_stack+0x1b2/0x283 [ 1006.817931] warn_alloc.cold+0x96/0x1af [ 1006.822149] ? zone_watermark_ok_safe+0x250/0x250 [ 1006.827147] ? wait_for_completion_io+0x10/0x10 [ 1006.832045] __alloc_pages_nodemask+0x2129/0x2730 [ 1006.836923] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1006.841905] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1006.846805] ? HARDIRQ_verbose+0x10/0x10 [ 1006.850884] ? do_raw_spin_unlock+0x164/0x250 [ 1006.855398] alloc_pages_current+0xe7/0x1e0 [ 1006.859909] kvm_mmu_create+0xd1/0x1c0 [ 1006.863810] kvm_arch_vcpu_init+0x282/0x890 [ 1006.868221] ? alloc_pages_current+0xef/0x1e0 [ 1006.872727] kvm_vcpu_init+0x26d/0x360 [ 1006.876846] vmx_create_vcpu+0xf5/0x2950 [ 1006.880924] ? __mutex_unlock_slowpath+0x75/0x780 [ 1006.885852] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1006.891072] ? alloc_loaded_vmcs+0x240/0x240 [ 1006.897183] kvm_vm_ioctl+0x4ae/0x1430 [ 1006.901275] ? __lock_acquire+0x655/0x42a0 [ 1006.906034] ? kvm_vcpu_release+0xa0/0xa0 [ 1006.910397] ? trace_hardirqs_on+0x10/0x10 [ 1006.914745] ? check_preemption_disabled+0x35/0x240 [ 1006.919988] ? trace_hardirqs_on+0x10/0x10 [ 1006.924630] ? check_preemption_disabled+0x35/0x240 [ 1006.929870] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1006.935265] ? HARDIRQ_verbose+0x10/0x10 [ 1006.940578] ? kvm_vcpu_release+0xa0/0xa0 [ 1006.944843] do_vfs_ioctl+0x75a/0xfe0 [ 1006.948849] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1006.954710] ? ioctl_preallocate+0x1a0/0x1a0 [ 1006.959351] ? security_file_ioctl+0x76/0xb0 [ 1006.963933] ? security_file_ioctl+0x83/0xb0 [ 1006.968377] SyS_ioctl+0x7f/0xb0 [ 1006.971758] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1006.975752] do_syscall_64+0x1d5/0x640 [ 1006.979707] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1006.985351] RIP: 0033:0x45ca69 [ 1006.988716] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1006.996710] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1007.004516] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1007.011782] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1007.019149] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1007.026516] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 22:34:18 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clock_getres(0x2, &(0x7f0000000000)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:34:18 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$FITRIM(r3, 0xc0185879, &(0x7f0000000000)={0x7, 0x3f, 0xffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) 22:34:18 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r1 = accept$inet6(r0, &(0x7f0000000000), &(0x7f0000000040)=0x1c) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) setsockopt$sock_void(r1, 0x1, 0x48, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) fremovexattr(r5, &(0x7f0000000080)=@known='trusted.overlay.metacopy\x00') 22:34:18 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x4, 0x0) ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5, @bcast, @bpq0='bpq0\x00', 0x8, [@bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default]}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[], 0x30}}, 0x0) 22:34:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f000001d080)={&(0x7f0000000100)={0x1c, r6, 0x709, 0x0, 0x0, {}, [@NL80211_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x8c, r6, 0x200, 0x3, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}, @NL80211_ATTR_STA_PLINK_ACTION={0x5}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x5d, 0xbe, "7386b01613b78d85f2b65f777a5f894616edb2c6f7c8a73576fd00ceb048934f9c77ca39a0097510dee57f86b647ba88d12cd0772ece34116f961a912d03a17221df6b62c502ac319703cececb02d5080fd55155b0ed8eacf4"}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x9}]}, 0x8c}}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1007.052078] warn_alloc_show_mem: 2 callbacks suppressed [ 1007.052082] Mem-Info: [ 1007.059993] active_anon:436539 inactive_anon:11113 isolated_anon:0 [ 1007.059993] active_file:5209 inactive_file:25825 isolated_file:0 [ 1007.059993] unevictable:0 dirty:400 writeback:0 unstable:0 [ 1007.059993] slab_reclaimable:49956 slab_unreclaimable:388415 [ 1007.059993] mapped:63477 shmem:11299 pagetables:72434 bounce:0 [ 1007.059993] free:439441 free_pcp:337 free_cma:0 [ 1007.096168] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1007.149087] Cannot find add_set index 0 as target 22:34:18 executing program 5: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GSO_MAX_SEGS={0x8, 0x28, 0xd01}, @IFLA_GROUP={0x8, 0x1b, 0xffffffff}]}, 0x30}, 0x1, 0x0, 0x0, 0x20040080}, 0x0) [ 1007.193335] Node 1 active_anon:361448kB inactive_anon:27140kB active_file:20816kB inactive_file:103500kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36896kB dirty:1600kB writeback:0kB shmem:27160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1007.228606] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1007.257897] Cannot find add_set index 0 as target [ 1007.297541] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1007.336726] Cannot find add_set index 0 as target [ 1007.420130] Cannot find add_set index 0 as target [ 1007.424567] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1007.446603] Node 0 DMA32 free:28136kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:304kB local_pcp:116kB free_cma:0kB [ 1007.455712] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1007.495102] lowmem_reserve[]: 0 0 0 0 0 [ 1007.500058] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1007.550127] lowmem_reserve[]: 0 0 0 0 0 [ 1007.560698] Cannot find add_set index 0 as target [ 1007.573127] Node 1 Normal free:1714512kB min:53592kB low:66988kB high:80384kB active_anon:361548kB inactive_anon:27140kB active_file:20816kB inactive_file:104100kB unevictable:0kB writepending:860kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:126688kB pagetables:235232kB bounce:0kB free_pcp:584kB local_pcp:308kB free_cma:0kB 22:34:19 executing program 1: sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="2000000011000d040000000000000000100000004a8c228c248ded2dea7bbd2ea8276d63df3c30a3cdb9c939488980a92563e92ebb96e7a5f3c1547e117c36e749f6a66e6fabe3e0ff66275dbeed9ad3fdf84a0c052ea4c1e9969e6a5a71f6428c933ddf69b7a3417033702fc864619a9dc69d791e70f8c61efbda32e486469df33c8c7d2ff15600b3a831bede28294a23b6be060a7af23831433dfd", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0) setsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x1a, &(0x7f0000000180)="b1715fc82afa64b8e3a7bf21eb97d2b68e54f2e01c065e5da42f3f37354bf5210154e8a4940fcd317836af75134d", 0x2e) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x2000, 0x0) ioctl$NS_GET_PARENT(r2, 0xb702, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) r4 = gettid() tkill(r4, 0x10) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xa01a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_config_ext={0x0, 0x5}, 0xa48, 0x0, 0x0, 0x0, 0x0, 0x4}, r4, 0xa, 0xffffffffffffffff, 0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r6 = dup(r5) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r6, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$TIOCGPGRP(r6, 0x540f, &(0x7f0000000140)) ioctl$KVM_RUN(r3, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1007.638255] Cannot find add_set index 0 as target [ 1007.648056] lowmem_reserve[]: 0 0 0 0 0 [ 1007.655014] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1007.694447] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1007.728384] Node 0 DMA32: 385*4kB (UME) 250*8kB (UME) 389*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27972kB [ 1007.756235] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1007.783450] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1007.865076] Node 1 Normal: 3*4kB (UM) 123*8kB (UME) 20*16kB (UM) 19*32kB (UME) 2*64kB (U) 3*128kB (UM) 18*256kB (UME) 2*512kB (U) 1*1024kB (E) 3*2048kB (UME) 415*4096kB (M) = 1715076kB [ 1007.888264] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1007.941352] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1007.973259] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1008.006525] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1008.034560] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1008.039745] 25313 total pagecache pages [ 1008.053933] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1008.059356] CPU: 0 PID: 10563 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 1008.067447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1008.076426] 0 pages in swap cache [ 1008.076940] Call Trace: [ 1008.083172] dump_stack+0x1b2/0x283 [ 1008.088594] warn_alloc.cold+0x96/0x1af [ 1008.089972] Swap cache stats: add 0, delete 0, find 0/0 [ 1008.093121] ? zone_watermark_ok_safe+0x250/0x250 [ 1008.093144] ? wait_for_completion_io+0x10/0x10 [ 1008.093161] __alloc_pages_nodemask+0x2129/0x2730 [ 1008.093195] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1008.120696] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1008.120904] Free swap = 0kB [ 1008.125563] ? HARDIRQ_verbose+0x10/0x10 [ 1008.125574] ? do_raw_spin_unlock+0x164/0x250 [ 1008.125592] alloc_pages_current+0xe7/0x1e0 [ 1008.129393] Total swap = 0kB [ 1008.133270] kvm_mmu_create+0xd1/0x1c0 [ 1008.133286] kvm_arch_vcpu_init+0x282/0x890 [ 1008.133298] ? alloc_pages_current+0xef/0x1e0 [ 1008.133312] kvm_vcpu_init+0x26d/0x360 [ 1008.133327] vmx_create_vcpu+0xf5/0x2950 [ 1008.133344] ? __mutex_unlock_slowpath+0x75/0x780 [ 1008.133353] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1008.133366] ? alloc_loaded_vmcs+0x240/0x240 [ 1008.159434] 1965979 pages RAM [ 1008.162887] kvm_vm_ioctl+0x4ae/0x1430 [ 1008.162901] ? __lock_acquire+0x655/0x42a0 [ 1008.162911] ? kvm_vcpu_release+0xa0/0xa0 [ 1008.162923] ? trace_hardirqs_on+0x10/0x10 [ 1008.167506] 0 pages HighMem/MovableOnly [ 1008.172023] ? check_preemption_disabled+0x35/0x240 [ 1008.172042] ? trace_hardirqs_on+0x10/0x10 [ 1008.172049] ? check_preemption_disabled+0x35/0x240 [ 1008.172060] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1008.172072] ? HARDIRQ_verbose+0x10/0x10 [ 1008.172083] ? kvm_vcpu_release+0xa0/0xa0 [ 1008.172095] do_vfs_ioctl+0x75a/0xfe0 [ 1008.177720] 338456 pages reserved [ 1008.181868] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1008.181881] ? ioctl_preallocate+0x1a0/0x1a0 [ 1008.181902] ? security_file_ioctl+0x76/0xb0 [ 1008.181914] ? security_file_ioctl+0x83/0xb0 [ 1008.208270] 0 pages cma reserved [ 1008.211103] SyS_ioctl+0x7f/0xb0 [ 1008.211112] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1008.211130] do_syscall_64+0x1d5/0x640 [ 1008.276036] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1008.281250] RIP: 0033:0x45ca69 [ 1008.284469] RSP: 002b:00007f10b3961c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1008.292367] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1008.299662] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 22:34:19 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x0, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:34:19 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f0000000000)={0x0, 0x75, "68faca18fe1af27f85c5aacb29b59fdd07c083003b1354d96fd7a2f8812ba163add63ef6c22ea34b312060ca4104f719afab67afee91f33b14416c25643e7ee89d1a70ab4232e81608a28f8f9b0cca567c8e9167183dcbdecb25de198e23a58c6788a3008f0b582e132915d4ad7f3c6fb6acdce29f"}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="08001b009d0107d9"], 0x30}}, 0x0) 22:34:19 executing program 2: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f00000004c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0x1b8, 0x1, 0x2, 0x301, 0x0, 0x0, {0x2, 0x0, 0x8}, [@CTA_EXPECT_MASK={0x38, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @dev={0xfe, 0x80, [], 0x2a}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0xad4}, @CTA_EXPECT_MASK={0x70, 0x3, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @empty}}}]}, @CTA_EXPECT_MASTER={0x74, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x2d}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x41}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @broadcast}}}]}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x9}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x75}, @CTA_EXPECT_MASK={0x68, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x14, 0x4, @ipv4={[], [], @empty}}}}]}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x4000005}, 0x6000) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}, 0x1, 0x0, 0x0, 0x40800}, 0x4000001) ioctl$SIOCX25SCALLUSERDATA(r0, 0x89e5, &(0x7f0000000100)={0x55, "40b4b7f08a619c62434fa85ffd806922197fb8f8b86af602b84451a38507e1606920c0f1f7cd6f2880faf166c07d0df2fad950ad4e922301f7d60c722a1ee01fc535c92d76a29aab866ca6f12b3a545ce9166d4c0b4ea1bde91633868288fc9166074d01c5b159afe0bf695255ca8913a08d0f729653441d3f6b30af510844b9"}) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x185480, 0x0) ioctl$EVIOCGLED(r6, 0x80404519, &(0x7f0000000080)=""/102) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) [ 1008.307309] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1008.314602] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1008.322087] R13: 000000000000039c R14: 00000000004c637a R15: 00007f10b39626d4 [ 1008.442585] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 22:34:19 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x50, 0x1405, 0x2, 0x70bd2a, 0x25dfdbff, "", [{{0x8, 0x1, 0x1}, {0x8, 0x3, 0x3}}, {{0x8, 0x1, 0x2}, {0x8}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x3}}, {{0x8, 0x1, 0x1}, {0x8, 0x3, 0x2}}]}, 0x50}, 0x1, 0x0, 0x0, 0x8800}, 0x20000001) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) [ 1008.496244] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=10593 comm=syz-executor.2 [ 1008.568349] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1008.577738] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=10593 comm=syz-executor.2 22:34:20 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000001300)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x602000}, 0xc, &(0x7f00000012c0)={&(0x7f0000000440)={0xe64, 0xd, 0xa, 0x801, 0x0, 0x0, {0x3, 0x0, 0x5}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x73c, 0x3, 0x0, 0x1, [{0x29c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0xc4, 0x6, 0x1, 0x0, "d88bc1ba586f7a61e9eb7d976a7400af86d4a3bd0755f669ad861879ef5b8e1ebed432db44adf1c09d0666121ca5b6acea0d6cc148a52ea4219941f42f3131da9e2b35d81b10dfd8329142c4a6ad261600cae9f7d4f7ee08814b5f0ce6c92ddfd0ce0633a9b8cf88908e12bc478418ea3a428761253a8e15de0eceafae4623f960616709a59b76f9819405da146206be52630a452dc08fd39435249336be406b7106664145cf73cf9aaef2ca76e7378779ff6309daece6b379a23db8a423bdbf"}, @NFTA_SET_ELEM_DATA={0x84, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x72, 0x1, "ba64ed732fa3c0d697a4983be336498a2993fda1b63bae62cd9f3d6e43b1b2ee7856313084f81bc1a99efe3069c61d9963e5aff18582ed4b3d15e0b1f02a34ba1b6c8e61cfba753a84e325fb06261c20e8fbcb5e85984abb07f1103b5923d4ca48a6548ebbd7c2644b7810260419"}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}]}, @NFTA_SET_ELEM_EXPR={0x4}, @NFTA_SET_ELEM_KEY={0x14c, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0xe5, 0x1, "0b79c424976add7dbf5e8b0456ca7911d2fc5115d1c9ab642521d053268bc5146e094fd76180128fc4d4f0c60135589c7b7c09e96925f50ec352db05a8c18713d9ca8a307e3da5902fad879c0adef8e2c7bf3f11d60a15d96ad7280b6f852c19e27bb2f72b149b9d8545df99cfcf181dc88e2e8c332473915f9f16dbde9823162bfd44e91014c62b90f7af6a1d7e891acc9413f04293e066d3cc6f3c65e2cb1a3ed4fdbc8d3e74d0474100e2e3573fafbde6b2598349ba979537475f2ce6bf1fdd154b67d47dcce430b072043a281ed2bbd5291fd69f1bfc7864b19011ebdac898"}, @NFTA_DATA_VERDICT={0x60, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}]}]}, {0x1bc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz1\x00'}, @NFTA_SET_ELEM_USERDATA={0x9, 0x6, 0x1, 0x0, "2ea7553e74"}, @NFTA_SET_ELEM_KEY_END={0xcc, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0xc6, 0x1, "7dfdcb1f9ea22a5e5526409ef1063b80dc97f2b2fd1c7342e452b645ae518602b2efd0d0408a70e3f1df074aa8f612a22fe4e96a0c400ae85c1fb57080222130f552abde6d3d5ae3d2b9b458007842e83dbe8c257ed9efeb2829314f4a137462ac4aaaa0284814d5ca9fa73e3e76a2a7289a8e0e6fabaf58b55b07cebbff46ec312c96715f55963ceede545446bf2c399a99f24ccfaf5547ac6fa40647179c760b541b46febd1c785557abda3150cd802f8c7b867b04928364accad9fdec8cd3db98"}]}, @NFTA_SET_ELEM_USERDATA={0x43, 0x6, 0x1, 0x0, "2823c51567cd5e0183bee2829806e7966eaadf7ee846b2d27d555e7a00b46e9c3975d670e36df5a3d184512bbc0690ca568f59b5ac05e964f504faa6449448"}, @NFTA_SET_ELEM_USERDATA={0x8b, 0x6, 0x1, 0x0, "fd1ac3d54ca8a6cd02ba490ec9763a8262e810b6d6948751c0a3b1414a041b001384ec21e512541c471700d79dce82d7b69dee39426dc11d7720f4a637815879cd71cfb4c8d6634ff2960c905ea839c9fb17881755fc16947b57d6b8eb55f16d45730ae9b1fe5329af3576cf4aadfbcfc10a1640059bc04af53ba1e7678acf5e0afabbc4fd937a"}, @NFTA_SET_ELEM_EXPR={0x4}]}, {0x230, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPR={0x4}, @NFTA_SET_ELEM_KEY={0x21c, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x95, 0x1, "d8e82e364051fcdf29241b179733999b6d61784309420653aceecbbce143cb82987e5d3d3ee6108260fd878750acd587ab734ceb925f4e7c36980972e4079cba0188fc9c2cfd96fd2dd24dca87c14bac06f95132d831e06a1fe417e332cb873850411c9cfe3fe996712e73571dccd554c6bd38c983dfd4ee36df4567b6b6c738bf54736579c35da23f1196a1f219eecf1a"}, @NFTA_DATA_VERDICT={0x4c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}, @NFTA_DATA_VALUE={0xe5, 0x1, "4408b67f1ec65c4f2bb4aa75228110831c69abab210988bbc5b1b5d8280257764dc382a67ee3720d950ddceb150f25cbec45a48cb167e6c842713b7810764a161c9b86686291b93e5b33297bd024f261f7625b7ba9ca02ce74f71809deb2d47ad4efd7b44446b489476e79f742fc41da0cbe213de0200f5a13f0d54886b9b8a453eea908039e9808f0d8288d7455c45c968c35f9e2037005a720e334fbb8f1e90aafd69952386d859a34554a7b1b4b1be6bc84a48a24e59ffc7a0a3ca9d2e07978cb3f78866d12d686e372ec45e724cf649ded90eb3a33cfd53cafb2d19034c475"}, @NFTA_DATA_VALUE={0x4b, 0x1, "f142f0396edd16fec03772c040fe74d21c8bfe72a4a01abb1a009e9973e78926726b294837295dc83e295c098e1cec483406c9a2e3b78f422dfa3d5d52e2a361028936806aa1ff"}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x930}]}, {0xb0, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0xa, 0x6, 0x1, 0x0, "59530eb67b25"}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x4}, @NFTA_SET_ELEM_DATA={0x94, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6d, 0x1, "806be43d57320343e3349a61d86eb2dd07722cde47216d42e4699e04d90d05af2d22c05e4d492676ae46b736ebebd9047ec70bb5837c13c41f9bd231a35e39a0d07e97cbb0427a00b5c3463b88409f4071399e026b6aad5d21a2e5420c46a7a1360e7b9a971d548d17"}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}]}]}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x3ac, 0x3, 0x0, 0x1, [{0x398, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz1\x00'}, @NFTA_SET_ELEM_FLAGS={0x8}, @NFTA_SET_ELEM_KEY={0x90, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x8a, 0x1, "eadf303dbad56162b7ea0b40bc9b7fc29638723771a103b7ce11f74de8377821c7eec293341d1e9a18cea99f50349ef7761c270a5220a079e1a167ea5efeaf24fac6994cf10e7d7cd0301d0f5fb83caadb6ceb91ee01a603de254d6bf060128e47dae05ee879a2c9c8ec2657763312b5f91bbf52edada4f1d5d7de940ff9a72764ea7bc9de27"}]}, @NFTA_SET_ELEM_EXPR={0x4}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x6}, @NFTA_SET_ELEM_USERDATA={0xf6, 0x6, 0x1, 0x0, "46b473f1421ff1a4d52b2cb1853eea9e77e88759b95b35ae27c93f722f4589c0917a236621aea12cdb161f36aa1a5119e47aaf916f7c6508e423acdbeb59788440b8dace32802845a59a0a519b53298d827bdd8f3312dc2a8c5426135f87fdb8eb9355e3fcb8369c28b029f7b4722fc7550c1e734ef3a2243e0f91d72f7467c8a7fbe7489d97c6b43e3f2a28b290a405c0536c90dedb16427bbcdc33109b1636e32553be39edc92b8e5dc927f85c2323628a1a6a860aed1d66446582df8e92fb2ebee93f0455c1c8af6e799693f8e8da4506505d72dccd1344947fe0a8a93b2ee50c34f1c04e4ede37e81daf234c8efa453d"}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}, @NFTA_SET_ELEM_USERDATA={0xb3, 0x6, 0x1, 0x0, "365a75a90037c2324fa05966186a29e57f50f01f24fc945f85045b43d9043ab7356b0d5fd636d17f2f0a7b655db52b4b33c451cb47fda07ae6cd3cfe0cba7d6f4bebcfb1b02af20c7031294f20acec7b2bcbb2224324457b8fa1ca2ae7a650f93d8a38081d13fae4c02a4b560dae24166560d388630bfb818afc44cb8732b6d478914de05a46a2f65367c02af917b654fac23698c657ce1faacfdb245b8533d624c704fb9302dae3e382cb6c141127"}, @NFTA_SET_ELEM_DATA={0x11c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VALUE={0x80, 0x1, "0e6224eb7540856c6378327657c4d1458106adadd362b6383c369741a9e9e5dbeb53bb2049947da7e69c9e846f1b22eb63aba73aa0589c0c49c62bf870c05fafd999c6c55d4bab5bd177ebba34d2f5befa0c7a27a7560d9f8a5f05dc8f36af8d2ff3980785f03ca6162c7286577910afaf40de36af313ce9bb0a534d"}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0x27, 0x1, "b6d75bebbdddd0259176c790ecb61f5b5b4ce4d6d50310cd7e03ee7294894e47ef7476"}]}]}, {0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7ff}]}]}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x32c, 0x3, 0x0, 0x1, [{0x328, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0xb4, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x34, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VERDICT={0x58, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}]}, @NFTA_SET_ELEM_KEY={0x70, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6b, 0x1, "1c762008f0c021bdb1eeb9b0e7031185508aa202253439cc87ea3d35632a94eb68c87850fb914f62faf03ad85761f5fb6095d5aec9c0cc112ef1f1394a4b44137760b4e415692d28bbf54226f182f8275184ab6c90c3502edb80a14612b71019ef121a5b1c7fa5"}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x3ff}, @NFTA_SET_ELEM_FLAGS={0x8}, @NFTA_SET_ELEM_DATA={0x1ec, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0xd6, 0x1, "b285ad6ecb548f803db49fa18dd886bf4e55212eee5fb5786e1c22370a07b0eee5d20fe4bef307830ed255d6e64956f0153a673239b99e0eb04d6833519d3f5ce634556f682a2eeb805183e0b340648be5b073369612cb841f6cedf8c2dc70d131615ebb40acd5a907da166c7a2797c36722c7af5935b582e078ddd19d2c2d717b1fe9b8110ef91c4887f3b590e5c45cbca774303cdf9d52645721a469215dd4682d1ea5fa2b37c4d7fc2888e097c49aef3cb5c52257b9eb47527f084c09ff2034b3a65002c0bc20e4d251d135501e77e056"}, @NFTA_DATA_VALUE={0xa9, 0x1, "8305273229633a3fb5c0defa4a4dece7377b791c7d4e660871f4490e8938145a4cde602920656820fa9dab21dffc01a3e2c0fb0e841f2045be70637d945cca5610296bbffde9246a96235832fc6c62a4eb02a6707ef97c261d92f296e5703e875b30084296f45876833eaa16b6e74b6178902cb4d858c99253818717b1070d9be92b8cf4a64895a1f7bea310b676bb90d837cc26cd8c66beac40fa8abec827a523fadcdcf8"}, @NFTA_DATA_VERDICT={0x4c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}]}, 0xe64}, 0x1, 0x0, 0x0, 0xa080}, 0x80) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000380)={0x2, 0x79, 0x8, 0x80, 0x10001}) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) mkdir(&(0x7f0000000140)='./bus\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f00000000c0)='bpf\x00', 0x1, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000002c0)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x318, 0x0, 0xffffff80, 0x178, 0x0, 0x178, 0x248, 0x258, 0x258, 0x248, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x128, 0x168, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6, 0x0, 0x80}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [0x0, 0xffffff00, 0x0, 0xff000000], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x0, 0x0, 0x4}, {0x2, 0x0, 0x2}, {0x0, 0x2, 0x1}, 0x0, 0x20000000}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x378) syz_emit_ethernet(0x4a, &(0x7f0000000100)=ANY=[], 0x0) [ 1008.659562] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1008.833565] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1008.861561] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1008.882019] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2573 sclass=netlink_route_socket pid=10620 comm=syz-executor.2 [ 1008.902669] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1008.910024] CPU: 0 PID: 10583 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1008.918462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1008.928500] Call Trace: [ 1008.931774] dump_stack+0x1b2/0x283 [ 1008.935532] warn_alloc.cold+0x96/0x1af [ 1008.939683] ? zone_watermark_ok_safe+0x250/0x250 [ 1008.946869] ? wait_for_completion_io+0x10/0x10 [ 1008.952314] __alloc_pages_nodemask+0x2129/0x2730 [ 1008.957424] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1008.962674] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1008.964194] overlayfs: upper fs is r/o, try multi-lower layers mount [ 1008.967643] ? HARDIRQ_verbose+0x10/0x10 [ 1008.967656] ? do_raw_spin_unlock+0x164/0x250 [ 1008.967677] alloc_pages_current+0xe7/0x1e0 [ 1008.988740] kvm_mmu_create+0xd1/0x1c0 [ 1008.993203] kvm_arch_vcpu_init+0x282/0x890 [ 1008.998187] ? alloc_pages_current+0xef/0x1e0 [ 1009.002327] Cannot find add_set index 0 as target [ 1009.002912] kvm_vcpu_init+0x26d/0x360 [ 1009.002932] vmx_create_vcpu+0xf5/0x2950 [ 1009.002949] ? __mutex_unlock_slowpath+0x75/0x780 [ 1009.022568] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1009.027799] ? alloc_loaded_vmcs+0x240/0x240 [ 1009.032456] kvm_vm_ioctl+0x4ae/0x1430 [ 1009.036482] ? __lock_acquire+0x655/0x42a0 [ 1009.041003] ? kvm_vcpu_release+0xa0/0xa0 [ 1009.045391] ? trace_hardirqs_on+0x10/0x10 [ 1009.049654] ? check_preemption_disabled+0x35/0x240 [ 1009.054876] ? trace_hardirqs_on+0x10/0x10 [ 1009.059167] ? check_preemption_disabled+0x35/0x240 [ 1009.064227] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1009.069584] ? HARDIRQ_verbose+0x10/0x10 [ 1009.073763] ? kvm_vcpu_release+0xa0/0xa0 [ 1009.077948] do_vfs_ioctl+0x75a/0xfe0 [ 1009.082132] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1009.087911] ? ioctl_preallocate+0x1a0/0x1a0 [ 1009.092478] ? security_file_ioctl+0x76/0xb0 [ 1009.096918] ? security_file_ioctl+0x83/0xb0 [ 1009.101503] SyS_ioctl+0x7f/0xb0 [ 1009.104884] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1009.108884] do_syscall_64+0x1d5/0x640 [ 1009.112803] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1009.118094] RIP: 0033:0x45ca69 [ 1009.121389] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 22:34:20 executing program 5: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) ioctl$SIOCX25SCAUSEDIAG(r0, 0x89ec, &(0x7f0000000300)={0x9d, 0x1f}) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000100)='security.capability\x00', &(0x7f0000000140)=@v2={0x2000000, [{0x9, 0x60000}, {0x0, 0x7}]}, 0x14, 0x2) r3 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9) socket$inet6(0xa, 0x80000, 0x9) socketpair(0x2b, 0x80801, 0x2, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r6, 0x1}, 0x14}}, 0x0) sendmsg$L2TP_CMD_SESSION_MODIFY(r4, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x58, r6, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e21}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e23}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @ipv4={[], [], @empty}}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_DEBUG={0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x4800}, 0x24000850) keyctl$search(0xa, 0x0, &(0x7f0000000000)='pkcs7_test\x00', &(0x7f0000000040)={'syz', 0x3}, r3) 22:34:20 executing program 3: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0xcc0, 0x8001) getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000080)=0x1000, &(0x7f0000000140)=0x2) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x80880, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r5 = dup(r4) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r5, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) r7 = dup(r6) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000340)={0x9e0000, 0x4, 0xffffff05, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x980909, 0xfffffffb, [], @p_u16=&(0x7f00000001c0)=0x1ff}}) ioctl$SG_GET_KEEP_ORPHAN(r8, 0x2288, &(0x7f0000000380)) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r7, 0xc0182101, &(0x7f0000000080)={r9, 0x400080000000000, 0x7}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r5, 0x80082102, &(0x7f0000000180)=r9) ioctl$PPPIOCSMAXCID(r1, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1009.129113] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1009.136512] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1009.143799] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1009.151176] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1009.158459] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1009.184240] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1009.209095] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2573 sclass=netlink_route_socket pid=10619 comm=syz-executor.2 [ 1009.226858] Cannot find add_set index 0 as target 22:34:20 executing program 2: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x8, 0x0, 0x25dfdbfe, {0x10, 0x0, 0x0, r5, 0x0, 0x808}}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x8000) setsockopt$RDS_GET_MR_FOR_DEST(r0, 0x114, 0x7, &(0x7f0000000200)={@xdp={0x2c, 0x9, r5, 0xc}, {&(0x7f0000000140)=""/86, 0x56}, &(0x7f00000001c0), 0x10}, 0xa0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000cedf886e6a838ff3d7b9f8611700000000000000000048000000009477f4e50000000000000000000000aa0000000066658546c6b70b0344ab097973ecb1add35b89b53b17bb690000000000000093229210819491fb5a74870d7c0ea8b7a313bf609114d7439d3850a81d2ca61b2f37fe5aa25975443a7d81250d1d4230ddf195fdc22a7c1800f0526b40874a5088cd19cc2c08e4f618ed926f6bef29adfb6fd62d7d7b4c91bb25b87ec65b367879d1c3264fed3dfb6b469d93bb639a6dbfd9b016ae8757f7cd4917b0b40ad6b0a5ef7c5f51ceae601c11bc99fdd850b38d47d7c7043ab0f24b03eed6b3f62a4eeaa612fcf8172b212bf2c9a5b1fceddd684ffd0ee7065f9eb2082dcedcd1", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) r6 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r7 = dup(r6) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r7, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$KVM_CHECK_EXTENSION_VM(r7, 0xae03, 0x7) 22:34:20 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) write$binfmt_elf64(r0, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x5, 0xff, 0x4, 0x5, 0x7, 0x3, 0x3e, 0x1, 0x22b, 0x40, 0x3e5, 0x7ff, 0x8000, 0x38, 0x1, 0x6, 0xc1, 0x8000}, [{0x4, 0x3, 0x645, 0x5, 0x9, 0x8, 0xffff, 0x800}, {0x3, 0xfff, 0x100000001, 0x5, 0x100, 0x0, 0xfffffffffffffff8, 0xffff}], "", [[], [], [], [], [], [], [], []]}, 0x8b0) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000b00)={0x0, @bt={0x1, 0xffffffff, 0x0, 0x0, 0x7e1f, 0x3, 0xe3a, 0x9, 0x0, 0x1000, 0xca6, 0x81, 0x1ff, 0xffffb657, 0x14, 0x8, {0x4}, 0x2, 0x1}}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 22:34:20 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xffff, 0x1100) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) r4 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCOUTQNSD(r4, 0x894b, &(0x7f0000000080)) [ 1009.343244] Mem-Info: [ 1009.346706] active_anon:436212 inactive_anon:11113 isolated_anon:0 [ 1009.346706] active_file:5212 inactive_file:26319 isolated_file:0 [ 1009.346706] unevictable:0 dirty:238 writeback:0 unstable:0 [ 1009.346706] slab_reclaimable:50127 slab_unreclaimable:388813 [ 1009.346706] mapped:63493 shmem:11299 pagetables:72600 bounce:0 [ 1009.346706] free:438406 free_pcp:247 free_cma:0 22:34:20 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x0, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1009.477675] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1009.580503] Node 1 active_anon:359840kB inactive_anon:27140kB active_file:20832kB inactive_file:105472kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36860kB dirty:952kB writeback:0kB shmem:27160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1009.660454] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1009.752372] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1009.757542] Node 0 DMA32 free:27956kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:232kB local_pcp:100kB free_cma:0kB [ 1009.830177] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1009.860463] lowmem_reserve[]: 0 0 0 0 0 [ 1009.864854] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1009.894987] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1009.900148] CPU: 0 PID: 10658 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1009.908304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1009.917880] Call Trace: [ 1009.920486] dump_stack+0x1b2/0x283 [ 1009.924136] warn_alloc.cold+0x96/0x1af [ 1009.928221] ? zone_watermark_ok_safe+0x250/0x250 [ 1009.933139] ? wait_for_completion_io+0x10/0x10 [ 1009.937859] __alloc_pages_nodemask+0x2129/0x2730 [ 1009.942751] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1009.947762] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1009.952908] ? HARDIRQ_verbose+0x10/0x10 [ 1009.957078] ? do_raw_spin_unlock+0x164/0x250 [ 1009.962036] alloc_pages_current+0xe7/0x1e0 [ 1009.966703] kvm_mmu_create+0xd1/0x1c0 [ 1009.971022] kvm_arch_vcpu_init+0x282/0x890 [ 1009.975481] ? alloc_pages_current+0xef/0x1e0 [ 1009.980003] kvm_vcpu_init+0x26d/0x360 [ 1009.983910] vmx_create_vcpu+0xf5/0x2950 [ 1009.988000] ? __mutex_unlock_slowpath+0x75/0x780 [ 1009.993209] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1009.998265] ? alloc_loaded_vmcs+0x240/0x240 [ 1010.002713] kvm_vm_ioctl+0x4ae/0x1430 [ 1010.006701] ? __lock_acquire+0x655/0x42a0 [ 1010.011071] ? kvm_vcpu_release+0xa0/0xa0 [ 1010.015226] ? trace_hardirqs_on+0x10/0x10 [ 1010.019560] ? check_preemption_disabled+0x35/0x240 [ 1010.024642] ? trace_hardirqs_on+0x10/0x10 [ 1010.028873] ? check_preemption_disabled+0x35/0x240 [ 1010.033894] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1010.038938] ? HARDIRQ_verbose+0x10/0x10 [ 1010.043006] ? kvm_vcpu_release+0xa0/0xa0 [ 1010.047165] do_vfs_ioctl+0x75a/0xfe0 [ 1010.050980] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1010.056626] ? ioctl_preallocate+0x1a0/0x1a0 [ 1010.061514] ? security_file_ioctl+0x76/0xb0 [ 1010.067066] ? security_file_ioctl+0x83/0xb0 [ 1010.071506] SyS_ioctl+0x7f/0xb0 [ 1010.075170] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1010.079779] do_syscall_64+0x1d5/0x640 [ 1010.083848] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1010.089146] RIP: 0033:0x45ca69 [ 1010.092336] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1010.100094] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1010.107385] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1010.114918] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1010.122504] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1010.129883] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1010.196214] lowmem_reserve[]: 0 0 0 0 0 [ 1010.212839] Node 1 Normal free:1715172kB min:53592kB low:66988kB high:80384kB active_anon:359996kB inactive_anon:27140kB active_file:20832kB inactive_file:105536kB unevictable:0kB writepending:964kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:126368kB pagetables:235056kB bounce:0kB free_pcp:1248kB local_pcp:624kB free_cma:0kB [ 1010.280872] lowmem_reserve[]: 0 0 0 0 0 [ 1010.295875] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1010.329662] Node 0 DMA32: 385*4kB (UME) 250*8kB (UME) 386*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27924kB [ 1010.368157] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1010.407118] Node 1 Normal: 83*4kB (UME) 4*8kB (ME) 3*16kB (UM) 10*32kB (UME) 21*64kB (UM) 5*128kB (UE) 6*256kB (UM) 3*512kB (U) 3*1024kB (UE) 3*2048kB (UME) 415*4096kB (M) = 1714844kB [ 1010.460186] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1010.474345] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1010.483596] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1010.498820] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1010.509184] 25324 total pagecache pages [ 1010.519719] 0 pages in swap cache [ 1010.524407] Swap cache stats: add 0, delete 0, find 0/0 [ 1010.536418] Free swap = 0kB [ 1010.539799] Total swap = 0kB [ 1010.544448] 1965979 pages RAM [ 1010.548210] 0 pages HighMem/MovableOnly [ 1010.558642] 338456 pages reserved [ 1010.563325] 0 pages cma reserved 22:34:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = gettid() tkill(r3, 0x1004000000016) r4 = syz_open_procfs(r3, &(0x7f0000000000)='net/psched\x00') ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f00000000c0)={0x7fff, 0x5, 0x8, 0x8a, 0x2, "586ad13464b793d957bb4b0e84f1fe88c1936f", 0x20, 0x5}) dup(0xffffffffffffffff) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:34:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x0, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:34:21 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) socket$inet6_udplite(0xa, 0x2, 0x88) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r7, 0x84, 0x7, &(0x7f0000000000)={0x7}, 0x4) [ 1010.732566] Cannot find add_set index 0 as target [ 1010.819431] Cannot find add_set index 0 as target [ 1010.858102] Cannot find add_set index 0 as target [ 1010.873162] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1010.906910] Cannot find add_set index 0 as target [ 1010.923762] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1010.943178] CPU: 0 PID: 10682 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1010.951633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1010.961003] Call Trace: [ 1010.963622] dump_stack+0x1b2/0x283 [ 1010.967624] warn_alloc.cold+0x96/0x1af [ 1010.971744] ? zone_watermark_ok_safe+0x250/0x250 [ 1010.977122] ? wait_for_completion_io+0x10/0x10 [ 1010.981937] __alloc_pages_nodemask+0x2129/0x2730 [ 1010.985686] Cannot find add_set index 0 as target [ 1010.986812] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1010.986826] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1011.001927] ? HARDIRQ_verbose+0x10/0x10 [ 1011.006015] ? do_raw_spin_unlock+0x164/0x250 [ 1011.010640] alloc_pages_current+0xe7/0x1e0 [ 1011.015116] kvm_mmu_create+0xd1/0x1c0 [ 1011.019071] kvm_arch_vcpu_init+0x282/0x890 [ 1011.023419] ? alloc_pages_current+0xef/0x1e0 [ 1011.028036] kvm_vcpu_init+0x26d/0x360 [ 1011.031943] vmx_create_vcpu+0xf5/0x2950 [ 1011.036603] ? __mutex_unlock_slowpath+0x75/0x780 [ 1011.041748] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1011.047556] ? alloc_loaded_vmcs+0x240/0x240 [ 1011.051998] kvm_vm_ioctl+0x4ae/0x1430 [ 1011.056078] ? __lock_acquire+0x655/0x42a0 [ 1011.060657] ? kvm_vcpu_release+0xa0/0xa0 [ 1011.066302] ? trace_hardirqs_on+0x10/0x10 [ 1011.070554] ? check_preemption_disabled+0x35/0x240 [ 1011.075607] ? trace_hardirqs_on+0x10/0x10 [ 1011.080434] ? check_preemption_disabled+0x35/0x240 [ 1011.085731] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1011.090684] ? HARDIRQ_verbose+0x10/0x10 [ 1011.095119] ? kvm_vcpu_release+0xa0/0xa0 [ 1011.099471] do_vfs_ioctl+0x75a/0xfe0 [ 1011.103312] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1011.108953] ? ioctl_preallocate+0x1a0/0x1a0 [ 1011.113773] ? security_file_ioctl+0x76/0xb0 [ 1011.118202] ? security_file_ioctl+0x83/0xb0 [ 1011.122643] SyS_ioctl+0x7f/0xb0 [ 1011.126620] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1011.130599] do_syscall_64+0x1d5/0x640 [ 1011.134493] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1011.139720] RIP: 0033:0x45ca69 [ 1011.142910] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1011.150750] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1011.158021] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1011.165313] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1011.173020] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1011.180375] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1011.188334] Cannot find add_set index 0 as target [ 1011.200432] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1011.229331] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1011.240781] CPU: 0 PID: 10677 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 1011.248859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1011.258244] Call Trace: [ 1011.260851] dump_stack+0x1b2/0x283 [ 1011.264502] warn_alloc.cold+0x96/0x1af [ 1011.268850] ? zone_watermark_ok_safe+0x250/0x250 [ 1011.274067] ? wait_for_completion_io+0x10/0x10 [ 1011.278792] __alloc_pages_nodemask+0x2129/0x2730 [ 1011.283680] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1011.288546] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1011.293594] ? HARDIRQ_verbose+0x10/0x10 [ 1011.297688] ? do_raw_spin_unlock+0x164/0x250 [ 1011.302469] alloc_pages_current+0xe7/0x1e0 [ 1011.306906] kvm_mmu_create+0xd1/0x1c0 [ 1011.310902] kvm_arch_vcpu_init+0x282/0x890 [ 1011.316900] ? alloc_pages_current+0xef/0x1e0 [ 1011.321944] kvm_vcpu_init+0x26d/0x360 [ 1011.325855] vmx_create_vcpu+0xf5/0x2950 [ 1011.329944] ? __mutex_unlock_slowpath+0x75/0x780 [ 1011.335496] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1011.340795] ? alloc_loaded_vmcs+0x240/0x240 [ 1011.345335] kvm_vm_ioctl+0x4ae/0x1430 [ 1011.349479] ? __lock_acquire+0x655/0x42a0 [ 1011.354189] ? kvm_vcpu_release+0xa0/0xa0 [ 1011.358532] ? trace_hardirqs_on+0x10/0x10 [ 1011.363749] ? check_preemption_disabled+0x35/0x240 [ 1011.369142] ? trace_hardirqs_on+0x10/0x10 [ 1011.373490] ? check_preemption_disabled+0x35/0x240 [ 1011.378730] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1011.383900] ? HARDIRQ_verbose+0x10/0x10 [ 1011.388175] ? kvm_vcpu_release+0xa0/0xa0 [ 1011.392344] do_vfs_ioctl+0x75a/0xfe0 [ 1011.397952] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1011.403871] ? ioctl_preallocate+0x1a0/0x1a0 [ 1011.408404] ? security_file_ioctl+0x76/0xb0 [ 1011.414428] ? security_file_ioctl+0x83/0xb0 [ 1011.419223] SyS_ioctl+0x7f/0xb0 [ 1011.422970] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1011.427592] do_syscall_64+0x1d5/0x640 [ 1011.431594] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1011.437711] RIP: 0033:0x45ca69 [ 1011.440904] RSP: 002b:00007f10b3961c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1011.449568] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1011.457198] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1011.464657] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1011.472318] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1011.480852] R13: 000000000000039c R14: 00000000004c637a R15: 00007f10b39626d4 [ 1011.535985] Cannot find add_set index 0 as target [ 1011.591826] Cannot find add_set index 0 as target [ 1011.615814] Cannot find add_set index 0 as target [ 1011.625672] warn_alloc_show_mem: 2 callbacks suppressed [ 1011.641598] Cannot find add_set index 0 as target [ 1011.642292] Mem-Info: [ 1011.655924] active_anon:436153 inactive_anon:11113 isolated_anon:0 [ 1011.655924] active_file:5214 inactive_file:26442 isolated_file:0 [ 1011.655924] unevictable:0 dirty:262 writeback:0 unstable:0 [ 1011.655924] slab_reclaimable:50150 slab_unreclaimable:389129 [ 1011.655924] mapped:63506 shmem:11299 pagetables:72626 bounce:0 [ 1011.655924] free:438042 free_pcp:257 free_cma:0 [ 1011.659171] Cannot find add_set index 0 as target 22:34:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x0, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1011.697504] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1011.744826] Cannot find add_set index 0 as target 22:34:23 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) r1 = socket$caif_seqpacket(0x25, 0x5, 0x1) fremovexattr(r1, &(0x7f0000000200)=@known='user.syz\x00') ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/237) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x408000, 0x0) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x7, 0x1, 0x3, 0x0, 0x0, {0x2, 0x0, 0x3}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000880) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1011.914316] Node 1 active_anon:360104kB inactive_anon:27140kB active_file:20840kB inactive_file:105764kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37812kB dirty:1048kB writeback:0kB shmem:27160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1012.035691] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1012.080052] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1012.091882] Node 0 DMA32 free:27924kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:220kB local_pcp:124kB free_cma:0kB [ 1012.107047] syz-executor.4: [ 1012.131301] lowmem_reserve[]: 0 0 0 0 0 22:34:23 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001800)='/dev/vga_arbiter\x00', 0xd0c237f350ca147f, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r1, 0x40186f40, 0x76006e) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00') sendmsg$DEVLINK_CMD_PORT_SET(r1, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYRES16=r2, @ANYBLOB="00042cbd7000fedbdf25060000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000006000400000000000e0001006e657464657673696d0000000f0002000c4f7464657673696d30000008000300010000000600040000000000080001007063690011000200303030303a30303a31302e3000000000080003000200000006000400000000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000000000006000400030000"], 0xd0}, 0x1, 0x0, 0x0, 0x400c0}, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000001a00)={&(0x7f0000001840)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000019c0)={&(0x7f0000001880)={0x118, r2, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}}]}, 0x118}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) [ 1012.150322] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 22:34:23 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r4 = dup(r3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$PPPIOCSMAXCID(r4, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1012.157538] page allocation failure: order:0 [ 1012.227129] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1012.233398] lowmem_reserve[]: 0 0 0 0 0 [ 1012.255407] ubi0: attaching mtd0 [ 1012.265567] Node 1 Normal free:1712188kB min:53592kB low:66988kB high:80384kB active_anon:360196kB inactive_anon:27140kB active_file:20904kB inactive_file:105784kB unevictable:0kB writepending:1056kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:126656kB pagetables:235480kB bounce:0kB free_pcp:900kB local_pcp:620kB free_cma:0kB [ 1012.275635] syz-executor.4 cpuset= [ 1012.312151] ubi0: scanning is finished [ 1012.383092] / mems_allowed=0-1 [ 1012.396428] CPU: 0 PID: 10702 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1012.404465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1012.409881] lowmem_reserve[]: [ 1012.414377] Call Trace: [ 1012.414402] dump_stack+0x1b2/0x283 [ 1012.414420] warn_alloc.cold+0x96/0x1af [ 1012.414431] ? zone_watermark_ok_safe+0x250/0x250 [ 1012.414451] ? wait_for_completion_io+0x10/0x10 [ 1012.438171] __alloc_pages_nodemask+0x2129/0x2730 [ 1012.443673] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1012.448630] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1012.453743] ? HARDIRQ_verbose+0x10/0x10 [ 1012.458277] ? do_raw_spin_unlock+0x164/0x250 [ 1012.463756] alloc_pages_current+0xe7/0x1e0 [ 1012.468513] kvm_mmu_create+0xd1/0x1c0 [ 1012.472864] kvm_arch_vcpu_init+0x282/0x890 [ 1012.477614] ? alloc_pages_current+0xef/0x1e0 [ 1012.482848] kvm_vcpu_init+0x26d/0x360 [ 1012.486739] vmx_create_vcpu+0xf5/0x2950 [ 1012.491345] ? __mutex_unlock_slowpath+0x75/0x780 [ 1012.496485] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1012.502085] ? alloc_loaded_vmcs+0x240/0x240 [ 1012.507084] kvm_vm_ioctl+0x4ae/0x1430 [ 1012.511207] ? __lock_acquire+0x655/0x42a0 [ 1012.517208] ? kvm_vcpu_release+0xa0/0xa0 [ 1012.521922] ? trace_hardirqs_on+0x10/0x10 [ 1012.526149] ? check_preemption_disabled+0x35/0x240 [ 1012.531843] ? trace_hardirqs_on+0x10/0x10 [ 1012.536120] ? check_preemption_disabled+0x35/0x240 [ 1012.541314] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1012.546348] ? HARDIRQ_verbose+0x10/0x10 [ 1012.550445] ? kvm_vcpu_release+0xa0/0xa0 [ 1012.554614] do_vfs_ioctl+0x75a/0xfe0 [ 1012.558412] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1012.564061] ? ioctl_preallocate+0x1a0/0x1a0 [ 1012.568596] ? security_file_ioctl+0x76/0xb0 [ 1012.573195] ? security_file_ioctl+0x83/0xb0 [ 1012.577619] SyS_ioctl+0x7f/0xb0 [ 1012.581515] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1012.585722] do_syscall_64+0x1d5/0x640 [ 1012.589617] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1012.594890] RIP: 0033:0x45ca69 [ 1012.598156] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1012.606070] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1012.613334] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1012.620711] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1012.628243] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1012.635896] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1012.648414] 0 0 0 0 0 [ 1012.676981] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB 22:34:24 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000140)) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) fsetxattr$security_capability(r0, &(0x7f0000000000)='security.capability\x00', &(0x7f0000000080)=@v2={0x2000000, [{0x8, 0x6c82}, {0x81, 0x3}]}, 0x14, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1012.753735] Node 0 DMA32: 384*4kB (ME) 249*8kB (ME) 378*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27784kB [ 1012.800445] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1012.827856] Node 1 Normal: 34*4kB (U) 30*8kB (UME) 4*16kB (UME) 1*32kB (U) 2*64kB (UE) 4*128kB (U) 9*256kB (UM) 4*512kB (U) 2*1024kB (UE) 2*2048kB (ME) 415*4096kB (M) = 1711448kB [ 1012.901250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1012.961678] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1012.980811] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1012.991039] warn_alloc_show_mem: 1 callbacks suppressed [ 1012.991043] Mem-Info: [ 1012.998406] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1013.024430] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1013.049719] active_anon:436244 inactive_anon:11113 isolated_anon:0 [ 1013.049719] active_file:5231 inactive_file:26471 isolated_file:0 [ 1013.049719] unevictable:0 dirty:152 writeback:0 unstable:0 [ 1013.049719] slab_reclaimable:50162 slab_unreclaimable:389115 [ 1013.049719] mapped:63834 shmem:11299 pagetables:72688 bounce:0 [ 1013.049719] free:437694 free_pcp:260 free_cma:0 [ 1013.055776] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1013.097087] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1013.112034] ubi0: VID header offset: 64 (aligned 64), data offset: 128 22:34:24 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0xd0002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0xc) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB="340500004b81aee12a8a5d9cb054572009d1b4a816442a04b8ff6d84d1b1e658e8932ab268ca6bfd278e0e8d1c520a3421ecbb655405444491a1ab15dadc23f5dd7cda133cdeda33d54d8878e0e30f50dfd95c82fcb1465b07000000f40c890600ae1de149b9d3ec23c6fd1050da5cb8c02e5ca34717f300cbb22cae340ce63394", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES32, @ANYRES32=0xee01, @ANYRES32=r2, @ANYBLOB="000000001d5c5dc94660bfe12f7141d36638ce19a1a86b882de6c5aa1b73bb29a625339329eb1b96174f893d541ae078d3896daac177dd7295427c755199592eff96b59cf81128dc31e74f"], 0x58, 0x4}, 0x4040000) fchown(0xffffffffffffffff, 0x0, r2) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000016c0)=0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0xc) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB="340500004b81aee12a8a5d9cb054572009d1b4a816442a04b8ff6d84d1b1e658e8932ab268ca6bfd278e0e8d1c520a3421ecbb655405444491a1ab15dadc23f5dd7cda133cdeda33d54d8878e0e30f50dfd95c82fcb1465b07000000f40c890600ae1de149b9d3ec23c6fd1050da5cb8c02e5ca34717f300cbb22cae340ce63394", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r3, @ANYRES32, @ANYRES32, @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r6, @ANYBLOB, @ANYRES32=r7, @ANYRES32=0xee01, @ANYRES32=r8, @ANYBLOB="000000001d5c5dc94660bfe12f7141d36638ce19a1a86b882de6c5aa1b73bb29a625339329eb1b96174f893d541ae078d3896daac177dd7295427c755199592eff96b59cf81128dc31e74f"], 0x58, 0x4}, 0x4040000) fchown(0xffffffffffffffff, 0x0, r8) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f00000001c0)={{}, {0x1, 0x2}, [{0x2, 0x1}, {0x2, 0x4}], {0x4, 0x2}, [{0x8, 0x6}, {}, {0x8, 0x4, r2}, {0x8, 0x3, r8}], {0x10, 0x4}, {0x20, 0x5}}, 0x54, 0x1) r9 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1013.119481] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1013.141316] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1013.150822] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 4182025268 [ 1013.180422] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1013.190567] ubi0: background thread "ubi_bgt0d" started, PID 10762 22:34:24 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000170000142c00fe800000000000000000004800000000fe8000000000000000000000000000aa000000006050d6cd0e8726aae91c897db2f35be58bf54d71151555", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) [ 1013.198905] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1013.235291] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 1013.241390] ubi: mtd0 is already attached to ubi0 [ 1013.253316] 25348 total pagecache pages [ 1013.281920] Node 1 active_anon:360068kB inactive_anon:27140kB active_file:20904kB inactive_file:105884kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37024kB dirty:608kB writeback:0kB shmem:27160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1013.284776] 0 pages in swap cache 22:34:24 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000170000142c00fe800000000000000000004800000000fe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="500000dd8f780000"], 0x0) 22:34:24 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r1) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1013.353618] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 1013.364101] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1013.389707] Swap cache stats: add 0, delete 0, find 0/0 [ 1013.440854] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1013.446152] Node 0 DMA32 free:27784kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:272kB local_pcp:188kB free_cma:0kB [ 1013.469140] Free swap = 0kB [ 1013.541593] Total swap = 0kB [ 1013.557396] 1965979 pages RAM [ 1013.559862] lowmem_reserve[]: 0 0 0 0 0 [ 1013.577668] 0 pages HighMem/MovableOnly [ 1013.596415] 338456 pages reserved [ 1013.604384] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1013.610908] 0 pages cma reserved [ 1013.706574] lowmem_reserve[]: 0 0 0 0 0 [ 1013.718611] Node 1 Normal free:1714252kB min:53592kB low:66988kB high:80384kB active_anon:360068kB inactive_anon:27140kB active_file:20904kB inactive_file:105884kB unevictable:0kB writepending:608kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:126496kB pagetables:235212kB bounce:0kB free_pcp:1224kB local_pcp:652kB free_cma:0kB 22:34:25 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x2000, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000080)=0x6) [ 1013.795920] lowmem_reserve[]: 0 0 0 0 0 [ 1013.805543] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1013.840746] Node 0 DMA32: 385*4kB (UME) 250*8kB (UME) 368*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27636kB [ 1013.883352] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1013.908436] Node 1 Normal: 69*4kB (UME) 15*8kB (ME) 4*16kB (ME) 2*32kB (UE) 0*64kB 10*128kB (UE) 13*256kB (UM) 5*512kB (U) 2*1024kB (UE) 2*2048kB (ME) 415*4096kB (M) = 1713676kB [ 1013.949791] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1013.981290] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1014.006622] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1014.032801] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1014.047041] 25353 total pagecache pages 22:34:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) r3 = gettid() tkill(r3, 0x1004000000016) syz_open_procfs(r3, &(0x7f00000002c0)='net/udp\x00') ioctl$SIOCX25GCALLUSERDATA(0xffffffffffffffff, 0x89e4, &(0x7f0000000180)={0x53, "bcee9d24b9bf42d5f1a47e89f1273aff18af10afced424181b51ee0fe048daed012a8bd39534f319ea7c28ea000d95cf2ca4ded615f2b10609dfac82c21dbfa25dab45c5f1d71fcb0b22e2d90128b8ca5d1b957bbd2735cb77336017b180cdb305e571a61ca24518c37f1963c2139a95410600"}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r5 = dup(r4) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000340)={0x0, 0x0}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r5, 0x4010ae74, &(0x7f00000000c0)={0x7, 0x6, 0xfffb}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0xff, 0x1, 0x0, 0x0, 0x1, 0x10a00, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000140)}, 0x4, 0x0, 0xfffffffe, 0x0, 0x2000000000000000, 0x4, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) ioctl$DRM_IOCTL_GET_CAP(0xffffffffffffffff, 0xc010640c, &(0x7f0000000000)={0x6}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1014.080393] 0 pages in swap cache [ 1014.088257] Swap cache stats: add 0, delete 0, find 0/0 [ 1014.107735] Free swap = 0kB [ 1014.116563] Total swap = 0kB 22:34:25 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x0, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1014.130256] 1965979 pages RAM [ 1014.146419] 0 pages HighMem/MovableOnly [ 1014.156419] 338456 pages reserved [ 1014.172049] 0 pages cma reserved 22:34:25 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) r3 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r4 = dup(r3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r5 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r6 = dup(r5) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$packet(0x11, 0x3, 0x300) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="2000000011000d0400000000f0ff100000000000", @ANYRES32=r7, @ANYBLOB="0000000000000000dafceecab7865dcbc0418e8598c31a698db6123092e6e3d6b7b8e3a913c69372f6a05ce4962dfc035731cfb1cac21776bebb9731718f427cac836e0cee4b30f455cb915e990c94409ad4840090b71c9cd2d4023242b24670b0c5625b8f26f308b8a5ecdba694cf785aa8f43e3f43999259cbe3f3c4fffe88beeda739a6cb857ba82336dec6f48044d91edde87cf62c5fe79e030ff9ce15c7cb2423c63cc55fb8db4acfd0c66fd8128e1797be37a907f7d8ffbd12503cac56d7bb899eef9a494cd6eb26a03d59c638920fe9615a22504e0f3ca802e3f45ce9"], 0x20}}, 0x0) r8 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r9) ioctl$SIOCAX25DELUID(0xffffffffffffffff, 0x89e2, &(0x7f0000000080)={0x3, @default}) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r6, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x8000ffffffff) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1014.357014] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1014.397194] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1014.404896] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1014.434284] CPU: 1 PID: 10832 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1014.442713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1014.452424] Call Trace: [ 1014.455119] dump_stack+0x1b2/0x283 [ 1014.459231] warn_alloc.cold+0x96/0x1af [ 1014.463579] ? zone_watermark_ok_safe+0x250/0x250 [ 1014.468559] ? wait_for_completion_io+0x10/0x10 [ 1014.473432] __alloc_pages_nodemask+0x2129/0x2730 [ 1014.478325] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1014.483515] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1014.488575] ? HARDIRQ_verbose+0x10/0x10 [ 1014.492660] ? do_raw_spin_unlock+0x164/0x250 [ 1014.497537] alloc_pages_current+0xe7/0x1e0 [ 1014.501977] kvm_mmu_create+0xd1/0x1c0 [ 1014.506061] kvm_arch_vcpu_init+0x282/0x890 [ 1014.511390] ? alloc_pages_current+0xef/0x1e0 [ 1014.515918] kvm_vcpu_init+0x26d/0x360 [ 1014.519838] vmx_create_vcpu+0xf5/0x2950 [ 1014.523929] ? __mutex_unlock_slowpath+0x75/0x780 [ 1014.528932] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1014.534206] ? alloc_loaded_vmcs+0x240/0x240 [ 1014.538646] kvm_vm_ioctl+0x4ae/0x1430 [ 1014.544013] ? __lock_acquire+0x655/0x42a0 [ 1014.548272] ? kvm_vcpu_release+0xa0/0xa0 [ 1014.552438] ? trace_hardirqs_on+0x10/0x10 [ 1014.556711] ? check_preemption_disabled+0x35/0x240 [ 1014.562602] ? trace_hardirqs_on+0x10/0x10 [ 1014.566956] ? check_preemption_disabled+0x35/0x240 [ 1014.572030] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1014.577286] ? HARDIRQ_verbose+0x10/0x10 [ 1014.581369] ? kvm_vcpu_release+0xa0/0xa0 [ 1014.586231] do_vfs_ioctl+0x75a/0xfe0 [ 1014.590056] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1014.595877] ? ioctl_preallocate+0x1a0/0x1a0 [ 1014.600409] ? security_file_ioctl+0x76/0xb0 [ 1014.604980] ? security_file_ioctl+0x83/0xb0 [ 1014.610476] SyS_ioctl+0x7f/0xb0 [ 1014.613913] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1014.617994] do_syscall_64+0x1d5/0x640 [ 1014.621917] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1014.627343] RIP: 0033:0x45ca69 [ 1014.630809] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1014.639035] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1014.647883] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1014.655816] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1014.663235] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1014.670981] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1014.712866] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1014.738480] CPU: 1 PID: 10819 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 1014.746845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1014.756565] Call Trace: [ 1014.759176] dump_stack+0x1b2/0x283 [ 1014.763026] warn_alloc.cold+0x96/0x1af [ 1014.767292] ? zone_watermark_ok_safe+0x250/0x250 [ 1014.772260] ? wait_for_completion_io+0x10/0x10 [ 1014.776956] __alloc_pages_nodemask+0x2129/0x2730 [ 1014.781944] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1014.787355] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1014.792500] ? HARDIRQ_verbose+0x10/0x10 [ 1014.796710] ? do_raw_spin_unlock+0x164/0x250 [ 1014.801531] alloc_pages_current+0xe7/0x1e0 [ 1014.806534] kvm_mmu_create+0xd1/0x1c0 [ 1014.810768] kvm_arch_vcpu_init+0x282/0x890 [ 1014.815770] ? alloc_pages_current+0xef/0x1e0 [ 1014.821321] kvm_vcpu_init+0x26d/0x360 [ 1014.825351] vmx_create_vcpu+0xf5/0x2950 [ 1014.829874] ? __mutex_unlock_slowpath+0x75/0x780 [ 1014.837564] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1014.843340] ? alloc_loaded_vmcs+0x240/0x240 [ 1014.847973] kvm_vm_ioctl+0x4ae/0x1430 [ 1014.852063] ? __lock_acquire+0x655/0x42a0 [ 1014.856500] ? kvm_vcpu_release+0xa0/0xa0 [ 1014.860674] ? trace_hardirqs_on+0x10/0x10 [ 1014.865145] ? check_preemption_disabled+0x35/0x240 [ 1014.871157] ? trace_hardirqs_on+0x10/0x10 [ 1014.875781] ? check_preemption_disabled+0x35/0x240 [ 1014.881001] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1014.886043] ? HARDIRQ_verbose+0x10/0x10 [ 1014.890636] ? kvm_vcpu_release+0xa0/0xa0 [ 1014.895599] do_vfs_ioctl+0x75a/0xfe0 [ 1014.899675] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1014.905576] ? ioctl_preallocate+0x1a0/0x1a0 [ 1014.910628] ? security_file_ioctl+0x76/0xb0 [ 1014.915182] ? security_file_ioctl+0x83/0xb0 [ 1014.920111] SyS_ioctl+0x7f/0xb0 [ 1014.923589] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1014.927803] do_syscall_64+0x1d5/0x640 [ 1014.932001] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1014.937872] RIP: 0033:0x45ca69 [ 1014.941068] RSP: 002b:00007f10b3961c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1014.948974] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1014.956912] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1014.964202] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1014.972013] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1014.979606] R13: 000000000000039c R14: 00000000004c637a R15: 00007f10b39626d4 [ 1014.999362] Mem-Info: [ 1015.006798] active_anon:436200 inactive_anon:11114 isolated_anon:0 [ 1015.006798] active_file:5232 inactive_file:26476 isolated_file:0 [ 1015.006798] unevictable:0 dirty:173 writeback:0 unstable:0 [ 1015.006798] slab_reclaimable:50207 slab_unreclaimable:389504 [ 1015.006798] mapped:63537 shmem:11300 pagetables:72650 bounce:0 [ 1015.006798] free:437360 free_pcp:260 free_cma:0 22:34:26 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400204) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1015.115655] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1015.146244] Node 1 active_anon:360292kB inactive_anon:27144kB active_file:20916kB inactive_file:105900kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37152kB dirty:744kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1015.207774] Cannot find add_set index 0 as target [ 1015.236000] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1015.283814] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1015.289782] Node 0 DMA32 free:27628kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:364kB local_pcp:180kB free_cma:0kB [ 1015.328407] lowmem_reserve[]: 0 0 0 0 0 [ 1015.347402] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1015.383178] Cannot find add_set index 0 as target [ 1015.435598] lowmem_reserve[]: 0 0 0 0 0 22:34:26 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$VIDIOC_S_HW_FREQ_SEEK(r2, 0x40305652, &(0x7f0000000080)={0x80000001, 0x2, 0x1f, 0x9, 0xeb, 0x9, 0xd8c}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) fsetxattr$security_evm(r5, &(0x7f0000000000)='security.evm\x00', &(0x7f0000000140)=@v2={0x5, 0xca, 0xc, 0x7, 0xf7, "2e2775872fef21b282d41c5cbe693ea3e5325b3159214718146135d9400b1f84937167fa870689e6adb29930133333eaacf1e973c3ebb10da316b120c1e2c73a9c99e104dd5701ec35ce99e676d08a6a402aba976c7fe9fa12092bb48a88f73d86681368c3c44e6b3554fe9d5af0b23ab05ca811f77f70e15f89b72e454989c51aa8732027f8e14a20c92215bef62bf3f57571183a330eb0a69b793e4f25878aac06594af223d5b1c771b7e6a7e87a44e842b9d8e4193ebe50c79de9fb095c4e55d82eaa3c1558d073b5c65e7ab792803b75f152efdefa4e16ef9f9cd0faecb7905961cc222dd4b4566416101bc2a9db451dd89563de28"}, 0x100, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1015.463840] Node 1 Normal free:1711608kB min:53592kB low:66988kB high:80384kB active_anon:360192kB inactive_anon:27144kB active_file:20916kB inactive_file:105900kB unevictable:0kB writepending:744kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:126592kB pagetables:235440kB bounce:0kB free_pcp:1032kB local_pcp:704kB free_cma:0kB [ 1015.548968] lowmem_reserve[]: 0 0 0 0 0 [ 1015.563038] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1015.606326] Node 0 DMA32: 385*4kB (UME) 249*8kB (ME) 368*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27628kB [ 1015.622956] Cannot find add_set index 0 as target [ 1015.659950] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1015.683895] Node 1 Normal: 3*4kB (ME) 42*8kB (UME) 22*16kB (UM) 30*32kB (UE) 14*64kB (UE) 17*128kB (U) 2*256kB (UM) 2*512kB (U) 2*1024kB (UE) 2*2048kB (ME) 415*4096kB (M) = 1712252kB [ 1015.728151] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1015.732842] Cannot find add_set index 0 as target [ 1015.754473] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1015.767862] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1015.807207] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1015.844708] 25359 total pagecache pages [ 1015.849652] 0 pages in swap cache [ 1015.870099] Swap cache stats: add 0, delete 0, find 0/0 [ 1015.876493] Free swap = 0kB [ 1015.887879] Total swap = 0kB [ 1015.900237] 1965979 pages RAM [ 1015.903837] 0 pages HighMem/MovableOnly [ 1015.907832] 338456 pages reserved 22:34:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x0, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1015.930087] 0 pages cma reserved [ 1016.221147] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1016.237480] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1016.244051] CPU: 0 PID: 10900 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1016.252076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1016.261645] Call Trace: [ 1016.264266] dump_stack+0x1b2/0x283 [ 1016.267930] warn_alloc.cold+0x96/0x1af [ 1016.272071] ? zone_watermark_ok_safe+0x250/0x250 [ 1016.277013] ? wait_for_completion_io+0x10/0x10 [ 1016.282126] __alloc_pages_nodemask+0x2129/0x2730 [ 1016.287011] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1016.291945] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1016.297008] ? HARDIRQ_verbose+0x10/0x10 [ 1016.301180] ? do_raw_spin_unlock+0x164/0x250 [ 1016.306027] alloc_pages_current+0xe7/0x1e0 [ 1016.310536] kvm_mmu_create+0xd1/0x1c0 [ 1016.314450] kvm_arch_vcpu_init+0x282/0x890 [ 1016.318940] ? alloc_pages_current+0xef/0x1e0 [ 1016.323875] kvm_vcpu_init+0x26d/0x360 [ 1016.327938] vmx_create_vcpu+0xf5/0x2950 [ 1016.332013] ? __mutex_unlock_slowpath+0x75/0x780 [ 1016.337045] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1016.342186] ? alloc_loaded_vmcs+0x240/0x240 [ 1016.346729] kvm_vm_ioctl+0x4ae/0x1430 [ 1016.352452] ? __lock_acquire+0x655/0x42a0 [ 1016.358012] ? kvm_vcpu_release+0xa0/0xa0 [ 1016.362649] ? trace_hardirqs_on+0x10/0x10 [ 1016.367399] ? check_preemption_disabled+0x35/0x240 [ 1016.372899] ? trace_hardirqs_on+0x10/0x10 [ 1016.377307] ? check_preemption_disabled+0x35/0x240 [ 1016.383294] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1016.388236] ? HARDIRQ_verbose+0x10/0x10 [ 1016.392412] ? kvm_vcpu_release+0xa0/0xa0 [ 1016.396557] do_vfs_ioctl+0x75a/0xfe0 [ 1016.400366] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1016.406123] ? ioctl_preallocate+0x1a0/0x1a0 [ 1016.410775] ? security_file_ioctl+0x76/0xb0 [ 1016.415224] ? security_file_ioctl+0x83/0xb0 [ 1016.419711] SyS_ioctl+0x7f/0xb0 [ 1016.423227] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1016.427288] do_syscall_64+0x1d5/0x640 [ 1016.431325] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1016.436519] RIP: 0033:0x45ca69 [ 1016.439892] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1016.447922] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1016.455749] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1016.463210] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1016.472165] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1016.479463] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1016.696297] warn_alloc_show_mem: 1 callbacks suppressed [ 1016.696301] Mem-Info: [ 1016.721581] active_anon:436228 inactive_anon:11114 isolated_anon:0 [ 1016.721581] active_file:5234 inactive_file:26485 isolated_file:0 [ 1016.721581] unevictable:0 dirty:194 writeback:0 unstable:0 [ 1016.721581] slab_reclaimable:50201 slab_unreclaimable:389258 [ 1016.721581] mapped:63556 shmem:11300 pagetables:72675 bounce:0 [ 1016.721581] free:437557 free_pcp:332 free_cma:0 [ 1016.815516] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1016.859295] Node 1 active_anon:360304kB inactive_anon:27144kB active_file:20920kB inactive_file:105936kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37152kB dirty:776kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1016.928359] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1017.008615] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1017.027269] Node 0 DMA32 free:27620kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:328kB local_pcp:160kB free_cma:0kB [ 1017.090089] lowmem_reserve[]: 0 0 0 0 0 [ 1017.094957] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 22:34:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1017.160491] lowmem_reserve[]: 0 0 0 0 0 [ 1017.169557] Node 1 Normal free:1711916kB min:53592kB low:66988kB high:80384kB active_anon:360216kB inactive_anon:27144kB active_file:20920kB inactive_file:105948kB unevictable:0kB writepending:796kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:126560kB pagetables:235440kB bounce:0kB free_pcp:1048kB local_pcp:380kB free_cma:0kB [ 1017.243578] lowmem_reserve[]: 0 0 0 0 0 [ 1017.252625] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1017.287811] Node 0 DMA32: 385*4kB (UME) 250*8kB (UME) 367*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27620kB [ 1017.363688] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1017.415274] Node 1 Normal: 82*4kB (UM) 262*8kB (UM) 112*16kB (U) 11*32kB (U) 3*64kB (UM) 2*128kB (UM) 0*256kB 3*512kB (U) 2*1024kB (UE) 2*2048kB (ME) 415*4096kB (M) = 1712536kB [ 1017.452066] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1017.512246] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1017.545606] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1017.566716] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1017.592364] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1017.592958] syz-executor.1 cpuset= [ 1017.613184] 25371 total pagecache pages [ 1017.618063] / mems_allowed=0-1 [ 1017.630978] 0 pages in swap cache [ 1017.640690] Swap cache stats: add 0, delete 0, find 0/0 [ 1017.645106] CPU: 0 PID: 10912 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 1017.653065] Free swap = 0kB [ 1017.654149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1017.654155] Call Trace: [ 1017.654189] dump_stack+0x1b2/0x283 [ 1017.660574] Total swap = 0kB [ 1017.666708] warn_alloc.cold+0x96/0x1af [ 1017.666720] ? zone_watermark_ok_safe+0x250/0x250 [ 1017.666741] ? wait_for_completion_io+0x10/0x10 [ 1017.678832] 1965979 pages RAM [ 1017.680518] __alloc_pages_nodemask+0x2129/0x2730 [ 1017.680550] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1017.680561] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1017.680585] ? HARDIRQ_verbose+0x10/0x10 22:34:29 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) r3 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x4000000, r3) pkey_free(r3) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r4}}, 0x20}}, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r1, 0x8905, &(0x7f0000000000)) [ 1017.688781] 0 pages HighMem/MovableOnly [ 1017.691072] ? do_raw_spin_unlock+0x164/0x250 [ 1017.691088] alloc_pages_current+0xe7/0x1e0 [ 1017.691104] kvm_mmu_create+0xd1/0x1c0 [ 1017.691116] kvm_arch_vcpu_init+0x282/0x890 [ 1017.691127] ? alloc_pages_current+0xef/0x1e0 [ 1017.698554] 338456 pages reserved [ 1017.699770] kvm_vcpu_init+0x26d/0x360 [ 1017.699787] vmx_create_vcpu+0xf5/0x2950 [ 1017.699804] ? __mutex_unlock_slowpath+0x75/0x780 [ 1017.699814] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1017.699832] ? alloc_loaded_vmcs+0x240/0x240 22:34:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x0, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1017.712488] 0 pages cma reserved [ 1017.714243] kvm_vm_ioctl+0x4ae/0x1430 [ 1017.714264] ? __lock_acquire+0x655/0x42a0 [ 1017.778838] ? kvm_vcpu_release+0xa0/0xa0 [ 1017.783017] ? trace_hardirqs_on+0x10/0x10 [ 1017.787311] ? check_preemption_disabled+0x35/0x240 [ 1017.792356] ? trace_hardirqs_on+0x10/0x10 [ 1017.796650] ? check_preemption_disabled+0x35/0x240 [ 1017.801688] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1017.806645] ? HARDIRQ_verbose+0x10/0x10 [ 1017.810732] ? kvm_vcpu_release+0xa0/0xa0 [ 1017.814897] do_vfs_ioctl+0x75a/0xfe0 [ 1017.819106] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1017.825129] ? ioctl_preallocate+0x1a0/0x1a0 [ 1017.829609] ? security_file_ioctl+0x76/0xb0 [ 1017.834042] ? security_file_ioctl+0x83/0xb0 [ 1017.838527] SyS_ioctl+0x7f/0xb0 [ 1017.841922] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1017.845931] do_syscall_64+0x1d5/0x640 [ 1017.850028] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1017.856141] RIP: 0033:0x45ca69 [ 1017.859356] RSP: 002b:00007f10b3961c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1017.867170] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1017.874691] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1017.882094] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1017.890514] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1017.898545] R13: 000000000000039c R14: 00000000004c637a R15: 00007f10b39626d4 22:34:29 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) write$P9_RCLUNK(r2, &(0x7f0000000000)={0x7, 0x79, 0x2}, 0x7) 22:34:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x0, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:34:29 executing program 5: r0 = gettid() tkill(r0, 0x1004000000016) r1 = syz_open_procfs(r0, &(0x7f0000000040)='oom_adj\x00') ioctl$KVM_PPC_ALLOCATE_HTAB(r1, 0xc004aea7, &(0x7f0000000080)=0x5) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="400000000000000000009e38000674c156c9f83cbc0e5f9bbca50c402d327656b8d603c305e58865c6eabf589f6fd50ce5d7d80d923ed1fd0ba273a9c006f6fcc139583a99e50e05142e0841cf86f66e978a8be0d615fe397f60b364db7c83bc2e00db8b091162d58f1dcd15c19a3359bb79fb70c395d1c4c85387fdd29e04f1f5693d263477c0b031776a8fc15462ff6b7da3f2a264c28ba1683d0c4a12d554cff43aa4bea23192a53515f98cc497edd8d7", @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="08001b0000000000"], 0x30}}, 0x0) prctl$PR_GET_TSC(0x19, &(0x7f0000000000)) [ 1018.356245] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1018.387956] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1018.407554] CPU: 1 PID: 10947 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1018.413425] Mem-Info: [ 1018.415775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1018.415781] Call Trace: [ 1018.415811] dump_stack+0x1b2/0x283 [ 1018.415827] warn_alloc.cold+0x96/0x1af [ 1018.415840] ? zone_watermark_ok_safe+0x250/0x250 [ 1018.418847] active_anon:436348 inactive_anon:11114 isolated_anon:0 [ 1018.418847] active_file:5236 inactive_file:26495 isolated_file:0 [ 1018.418847] unevictable:0 dirty:203 writeback:11 unstable:0 [ 1018.418847] slab_reclaimable:50243 slab_unreclaimable:390040 [ 1018.418847] mapped:63570 shmem:11300 pagetables:72768 bounce:0 [ 1018.418847] free:436390 free_pcp:288 free_cma:0 [ 1018.427938] ? wait_for_completion_io+0x10/0x10 [ 1018.427957] __alloc_pages_nodemask+0x2129/0x2730 [ 1018.427983] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1018.427993] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1018.428016] ? HARDIRQ_verbose+0x10/0x10 [ 1018.428027] ? do_raw_spin_unlock+0x164/0x250 [ 1018.428042] alloc_pages_current+0xe7/0x1e0 [ 1018.428058] kvm_mmu_create+0xd1/0x1c0 [ 1018.428072] kvm_arch_vcpu_init+0x282/0x890 [ 1018.428082] ? alloc_pages_current+0xef/0x1e0 [ 1018.428095] kvm_vcpu_init+0x26d/0x360 [ 1018.428113] vmx_create_vcpu+0xf5/0x2950 [ 1018.446002] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1018.481122] ? __mutex_unlock_slowpath+0x75/0x780 [ 1018.481133] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1018.481149] ? alloc_loaded_vmcs+0x240/0x240 [ 1018.481165] kvm_vm_ioctl+0x4ae/0x1430 [ 1018.481176] ? __lock_acquire+0x655/0x42a0 [ 1018.481189] ? kvm_vcpu_release+0xa0/0xa0 [ 1018.481200] ? trace_hardirqs_on+0x10/0x10 [ 1018.481210] ? check_preemption_disabled+0x35/0x240 [ 1018.481224] ? trace_hardirqs_on+0x10/0x10 [ 1018.481231] ? check_preemption_disabled+0x35/0x240 [ 1018.481243] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1018.481257] ? HARDIRQ_verbose+0x10/0x10 [ 1018.481272] ? kvm_vcpu_release+0xa0/0xa0 [ 1018.533798] Node 1 active_anon:360784kB inactive_anon:27144kB active_file:20924kB inactive_file:105980kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37168kB dirty:812kB writeback:44kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1018.537445] do_vfs_ioctl+0x75a/0xfe0 [ 1018.537461] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1018.537471] ? ioctl_preallocate+0x1a0/0x1a0 [ 1018.537492] ? security_file_ioctl+0x76/0xb0 [ 1018.607663] Node 0 [ 1018.610315] ? security_file_ioctl+0x83/0xb0 [ 1018.610328] SyS_ioctl+0x7f/0xb0 [ 1018.610337] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1018.610350] do_syscall_64+0x1d5/0x640 [ 1018.610370] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1018.624726] DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1018.625127] RIP: 0033:0x45ca69 [ 1018.633401] lowmem_reserve[]: [ 1018.657918] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1018.657930] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1018.657935] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1018.657940] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1018.657944] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1018.657949] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 22:34:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x0, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1018.976419] 0 2559 2559 2559 2559 [ 1018.984943] Node 0 DMA32 free:27620kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:272kB local_pcp:144kB free_cma:0kB [ 1019.087259] lowmem_reserve[]: 0 0 0 0 0 [ 1019.096704] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1019.200492] lowmem_reserve[]: 0 0 0 0 0 [ 1019.218820] Node 1 Normal free:1707340kB min:53592kB low:66988kB high:80384kB active_anon:360976kB inactive_anon:27144kB active_file:20928kB inactive_file:105996kB unevictable:0kB writepending:848kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:126976kB pagetables:235908kB bounce:0kB free_pcp:1016kB local_pcp:472kB free_cma:0kB [ 1019.219322] syz-executor.4: [ 1019.295103] lowmem_reserve[]: 0 0 0 0 0 [ 1019.322503] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1019.325038] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1019.363955] Node 0 [ 1019.369244] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1019.369276] CPU: 1 PID: 10961 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1019.369282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1019.369286] Call Trace: [ 1019.369307] dump_stack+0x1b2/0x283 [ 1019.383526] DMA32: [ 1019.386030] warn_alloc.cold+0x96/0x1af [ 1019.386044] ? zone_watermark_ok_safe+0x250/0x250 [ 1019.386067] ? wait_for_completion_io+0x10/0x10 [ 1019.415861] 385*4kB [ 1019.418066] __alloc_pages_nodemask+0x2129/0x2730 [ 1019.418102] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1019.428587] (UME) [ 1019.431217] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1019.431245] ? HARDIRQ_verbose+0x10/0x10 [ 1019.431257] ? do_raw_spin_unlock+0x164/0x250 [ 1019.431273] alloc_pages_current+0xe7/0x1e0 [ 1019.431292] kvm_mmu_create+0xd1/0x1c0 [ 1019.431307] kvm_arch_vcpu_init+0x282/0x890 [ 1019.431316] ? alloc_pages_current+0xef/0x1e0 [ 1019.431330] kvm_vcpu_init+0x26d/0x360 [ 1019.431344] vmx_create_vcpu+0xf5/0x2950 [ 1019.431359] ? __mutex_unlock_slowpath+0x75/0x780 [ 1019.431368] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1019.431380] ? alloc_loaded_vmcs+0x240/0x240 [ 1019.431395] kvm_vm_ioctl+0x4ae/0x1430 [ 1019.431407] ? __lock_acquire+0x655/0x42a0 [ 1019.439172] 250*8kB [ 1019.443577] ? kvm_vcpu_release+0xa0/0xa0 [ 1019.443592] ? trace_hardirqs_on+0x10/0x10 [ 1019.443601] ? check_preemption_disabled+0x35/0x240 [ 1019.443616] ? trace_hardirqs_on+0x10/0x10 [ 1019.443623] ? check_preemption_disabled+0x35/0x240 [ 1019.443634] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1019.443649] ? HARDIRQ_verbose+0x10/0x10 [ 1019.443660] ? kvm_vcpu_release+0xa0/0xa0 [ 1019.443672] do_vfs_ioctl+0x75a/0xfe0 [ 1019.443685] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1019.443697] ? ioctl_preallocate+0x1a0/0x1a0 [ 1019.463555] (UME) [ 1019.466847] ? security_file_ioctl+0x76/0xb0 [ 1019.466858] ? security_file_ioctl+0x83/0xb0 [ 1019.466872] SyS_ioctl+0x7f/0xb0 [ 1019.466882] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1019.466899] do_syscall_64+0x1d5/0x640 [ 1019.488700] 367*16kB [ 1019.490146] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1019.490156] RIP: 0033:0x45ca69 [ 1019.490161] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1019.490171] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1019.490175] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1019.490181] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1019.490186] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1019.490191] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1019.551400] warn_alloc_show_mem: 1 callbacks suppressed [ 1019.551404] Mem-Info: [ 1019.568465] (UME) [ 1019.577959] active_anon:436396 inactive_anon:11114 isolated_anon:0 [ 1019.577959] active_file:5237 inactive_file:26499 isolated_file:0 [ 1019.577959] unevictable:0 dirty:212 writeback:0 unstable:0 [ 1019.577959] slab_reclaimable:50282 slab_unreclaimable:390111 [ 1019.577959] mapped:63599 shmem:11300 pagetables:72788 bounce:0 [ 1019.577959] free:436223 free_pcp:321 free_cma:0 [ 1019.606790] 229*32kB [ 1019.664335] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1019.794590] (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27620kB [ 1019.808610] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1019.839676] Node 1 Normal: 1*4kB (M) 159*8kB (UM) 62*16kB (UE) 12*32kB (UE) 14*64kB (UM) 2*128kB (UE) 4*256kB (U) 2*512kB (ME) 1*1024kB (M) 2*2048kB (UE) 414*4096kB (M) = 1706716kB [ 1019.864814] Node 1 active_anon:360976kB inactive_anon:27144kB active_file:20928kB inactive_file:105996kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37284kB dirty:848kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1019.877185] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1019.937362] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1019.954666] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1019.964145] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1020.021670] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1020.034523] Node 0 DMA32 free:27620kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:268kB local_pcp:124kB free_cma:0kB [ 1020.041730] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1020.100143] 25390 total pagecache pages [ 1020.106364] lowmem_reserve[]: 0 0 0 0 0 [ 1020.116794] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1020.121661] 0 pages in swap cache 22:34:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000000)=0x5) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1020.188195] lowmem_reserve[]: 0 0 0 0 0 [ 1020.193436] Swap cache stats: add 0, delete 0, find 0/0 [ 1020.195534] Node 1 [ 1020.198994] Free swap = 0kB [ 1020.198997] Total swap = 0kB [ 1020.199005] 1965979 pages RAM [ 1020.199008] 0 pages HighMem/MovableOnly [ 1020.199012] 338456 pages reserved [ 1020.199016] 0 pages cma reserved [ 1020.283571] Normal free:1708376kB min:53592kB low:66988kB high:80384kB active_anon:360780kB inactive_anon:27144kB active_file:20932kB inactive_file:106016kB unevictable:0kB writepending:872kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:126848kB pagetables:235924kB bounce:0kB free_pcp:1004kB local_pcp:232kB free_cma:0kB [ 1020.397609] lowmem_reserve[]: 0 0 0 0 0 [ 1020.415476] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1020.470651] Node 0 DMA32: 385*4kB (UME) 250*8kB (UME) 367*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27620kB [ 1020.522522] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1020.536243] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1020.561938] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1020.569255] Node 1 Normal: 1*4kB (U) 166*8kB (UME) 86*16kB (UME) 11*32kB (UME) 14*64kB (UM) 2*128kB (UE) 0*256kB 4*512kB (UME) 1*1024kB (M) 2*2048kB (UE) 414*4096kB (M) = 1707124kB [ 1020.591512] CPU: 1 PID: 10976 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 1020.599785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1020.609380] Call Trace: [ 1020.611985] dump_stack+0x1b2/0x283 [ 1020.615656] warn_alloc.cold+0x96/0x1af [ 1020.619703] ? zone_watermark_ok_safe+0x250/0x250 [ 1020.624747] ? wait_for_completion_io+0x10/0x10 [ 1020.629468] __alloc_pages_nodemask+0x2129/0x2730 [ 1020.634790] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1020.639829] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1020.645481] ? HARDIRQ_verbose+0x10/0x10 [ 1020.649553] ? do_raw_spin_unlock+0x164/0x250 [ 1020.654322] alloc_pages_current+0xe7/0x1e0 [ 1020.658748] kvm_mmu_create+0xd1/0x1c0 [ 1020.662763] kvm_arch_vcpu_init+0x282/0x890 [ 1020.667403] ? alloc_pages_current+0xef/0x1e0 [ 1020.672085] kvm_vcpu_init+0x26d/0x360 [ 1020.676136] vmx_create_vcpu+0xf5/0x2950 [ 1020.682932] ? __mutex_unlock_slowpath+0x75/0x780 [ 1020.688085] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1020.693203] ? alloc_loaded_vmcs+0x240/0x240 [ 1020.700100] kvm_vm_ioctl+0x4ae/0x1430 [ 1020.704639] ? __lock_acquire+0x655/0x42a0 [ 1020.708879] ? kvm_vcpu_release+0xa0/0xa0 [ 1020.713412] ? trace_hardirqs_on+0x10/0x10 [ 1020.718157] ? check_preemption_disabled+0x35/0x240 [ 1020.723286] ? trace_hardirqs_on+0x10/0x10 [ 1020.727545] ? check_preemption_disabled+0x35/0x240 [ 1020.732571] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1020.737514] ? HARDIRQ_verbose+0x10/0x10 [ 1020.741785] ? kvm_vcpu_release+0xa0/0xa0 [ 1020.746550] do_vfs_ioctl+0x75a/0xfe0 [ 1020.750359] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1020.756123] ? ioctl_preallocate+0x1a0/0x1a0 [ 1020.760562] ? security_file_ioctl+0x76/0xb0 [ 1020.764979] ? security_file_ioctl+0x83/0xb0 [ 1020.769490] SyS_ioctl+0x7f/0xb0 [ 1020.772854] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1020.776936] do_syscall_64+0x1d5/0x640 [ 1020.780859] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1020.786148] RIP: 0033:0x45ca69 [ 1020.789477] RSP: 002b:00007f10b3961c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1020.797528] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1020.805853] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1020.813124] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1020.820952] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1020.828236] R13: 000000000000039c R14: 00000000004c637a R15: 00007f10b39626d4 [ 1020.878287] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1020.900585] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1020.909249] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1020.939847] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1020.961349] 25397 total pagecache pages [ 1020.965378] 0 pages in swap cache [ 1020.968832] Swap cache stats: add 0, delete 0, find 0/0 [ 1020.995268] Free swap = 0kB [ 1020.998475] Total swap = 0kB [ 1021.002885] 1965979 pages RAM [ 1021.006008] 0 pages HighMem/MovableOnly [ 1021.008002] Mem-Info: [ 1021.012750] 338456 pages reserved [ 1021.028928] active_anon:436393 inactive_anon:11114 isolated_anon:0 [ 1021.028928] active_file:5239 inactive_file:26508 isolated_file:0 [ 1021.028928] unevictable:0 dirty:226 writeback:0 unstable:0 [ 1021.028928] slab_reclaimable:50314 slab_unreclaimable:389935 [ 1021.028928] mapped:63591 shmem:11300 pagetables:72828 bounce:0 [ 1021.028928] free:436401 free_pcp:234 free_cma:0 [ 1021.029875] 0 pages cma reserved [ 1021.076107] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 22:34:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x0, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1021.211189] Node 1 active_anon:361064kB inactive_anon:27144kB active_file:20936kB inactive_file:106032kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37252kB dirty:904kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1021.289805] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1021.360067] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1021.365360] Node 0 DMA32 free:27620kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:244kB local_pcp:132kB free_cma:0kB 22:34:32 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a80)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xf}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x4}}]}, 0x38}}, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r8}}, 0x20}}, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r9, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@mpls_delroute={0x48, 0x19, 0x0, 0x70bd25, 0x25dfdbfb, {0x1c, 0x10, 0x80, 0x5, 0x0, 0x2, 0xff, 0x7, 0xa00}, [@RTA_OIF={0x8, 0x4, r5}, @RTA_OIF={0x8, 0x4, r8}, @RTA_DST={0x8}, @RTA_MULTIPATH={0xc, 0x9, {0x1, 0x3, 0xff}}, @RTA_TTL_PROPAGATE={0x5, 0x1a, 0x1}]}, 0x48}}, 0x0) [ 1021.492340] lowmem_reserve[]: 0 0 0 0 0 [ 1021.496554] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1021.554772] lowmem_reserve[]: 0 0 0 0 0 [ 1021.558448] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1021.564415] Node 1 Normal free:1706196kB min:53592kB low:66988kB high:80384kB active_anon:361164kB inactive_anon:27144kB active_file:20936kB inactive_file:106032kB unevictable:0kB writepending:904kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:127072kB pagetables:236216kB bounce:0kB free_pcp:1288kB local_pcp:692kB free_cma:0kB [ 1021.590394] syz-executor.4 cpuset= [ 1021.641357] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1021.649796] lowmem_reserve[]: 0 0 0 0 0 [ 1021.657769] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1021.678092] / mems_allowed=0-1 [ 1021.682110] CPU: 0 PID: 10990 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1021.690099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1021.699996] Call Trace: [ 1021.702686] dump_stack+0x1b2/0x283 [ 1021.706333] warn_alloc.cold+0x96/0x1af [ 1021.710326] ? zone_watermark_ok_safe+0x250/0x250 [ 1021.715280] ? wait_for_completion_io+0x10/0x10 [ 1021.720484] __alloc_pages_nodemask+0x2129/0x2730 [ 1021.725457] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1021.730485] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1021.735490] ? HARDIRQ_verbose+0x10/0x10 [ 1021.739811] ? do_raw_spin_unlock+0x164/0x250 [ 1021.744459] alloc_pages_current+0xe7/0x1e0 [ 1021.748934] kvm_mmu_create+0xd1/0x1c0 [ 1021.752870] kvm_arch_vcpu_init+0x282/0x890 [ 1021.757227] ? alloc_pages_current+0xef/0x1e0 [ 1021.761757] kvm_vcpu_init+0x26d/0x360 [ 1021.765684] vmx_create_vcpu+0xf5/0x2950 [ 1021.769868] ? __mutex_unlock_slowpath+0x75/0x780 [ 1021.776255] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1021.781332] ? alloc_loaded_vmcs+0x240/0x240 [ 1021.785773] kvm_vm_ioctl+0x4ae/0x1430 [ 1021.789715] ? __lock_acquire+0x655/0x42a0 [ 1021.794070] ? kvm_vcpu_release+0xa0/0xa0 [ 1021.798333] ? trace_hardirqs_on+0x10/0x10 [ 1021.802613] ? check_preemption_disabled+0x35/0x240 [ 1021.807670] ? trace_hardirqs_on+0x10/0x10 [ 1021.812063] ? check_preemption_disabled+0x35/0x240 [ 1021.817115] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1021.822681] ? HARDIRQ_verbose+0x10/0x10 [ 1021.827037] ? kvm_vcpu_release+0xa0/0xa0 [ 1021.831207] do_vfs_ioctl+0x75a/0xfe0 [ 1021.835208] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1021.841041] ? ioctl_preallocate+0x1a0/0x1a0 [ 1021.846495] ? security_file_ioctl+0x76/0xb0 [ 1021.851186] ? security_file_ioctl+0x83/0xb0 [ 1021.855712] SyS_ioctl+0x7f/0xb0 [ 1021.859097] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1021.863204] do_syscall_64+0x1d5/0x640 [ 1021.867142] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1021.872500] RIP: 0033:0x45ca69 [ 1021.875890] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1021.883715] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1021.891256] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1021.899199] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1021.906618] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1021.914198] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1021.932734] Node 0 DMA32: 385*4kB (UME) 249*8kB (ME) 367*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27612kB [ 1021.950199] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1021.953232] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1021.961450] Node 1 Normal: 1*4kB (M) 154*8kB (U) 5*16kB (U) 11*32kB (UE) 19*64kB (UE) 9*128kB (UE) 3*256kB (UME) 0*512kB 1*1024kB (M) 2*2048kB (UE) 414*4096kB (M) = 1705668kB [ 1021.986780] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1021.995882] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1022.006323] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1022.015839] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1022.026754] 25405 total pagecache pages [ 1022.031836] 0 pages in swap cache [ 1022.035380] Swap cache stats: add 0, delete 0, find 0/0 [ 1022.041558] Free swap = 0kB [ 1022.044621] Total swap = 0kB [ 1022.047775] 1965979 pages RAM [ 1022.058697] 0 pages HighMem/MovableOnly [ 1022.075449] 338456 pages reserved [ 1022.086645] 0 pages cma reserved 22:34:33 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x0, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:34:33 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYRES64=r0, @ANYRES32=0x0, @ANYBLOB="160000000000000003ba12304f4d0aab20b4487f067fec4b816b9d9ceb82d48e07dddcdd10fd6bcaa06834c04148c9437032f9613be39ac9da50f2a4c0f2dffee78021007a04cbebf78b97d76fb10e8dbae4112593e19b7b71ece74275a05d1fb8a64205b5aeee0da92504063c17b12bf9a348ae707ea629a879d45c66ed4b3bcb6571985b3035a250"], 0x30}}, 0x20000000) [ 1022.111548] Mem-Info: [ 1022.117342] active_anon:436440 inactive_anon:11114 isolated_anon:0 [ 1022.117342] active_file:5240 inactive_file:26514 isolated_file:0 [ 1022.117342] unevictable:0 dirty:237 writeback:0 unstable:0 [ 1022.117342] slab_reclaimable:50324 slab_unreclaimable:390459 [ 1022.117342] mapped:63595 shmem:11300 pagetables:72844 bounce:0 [ 1022.117342] free:435646 free_pcp:284 free_cma:0 [ 1022.165761] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1022.205360] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. 22:34:33 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f00000029c0)='/dev/vcs#\x00', 0xfffffffffffffbff, 0x14000) r5 = gettid() tkill(r5, 0x1004000000016) sendmsg$nl_netfilter(r1, &(0x7f0000002c00)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000002bc0)={&(0x7f0000002a00)={0x190, 0x5, 0x7, 0x3, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x2}, [@nested={0x8c, 0x73, 0x0, 0x1, [@generic="b2fa935e8c5e226caf5d7a91550a0ad60c7895a8bff0a10e12ea08404e353721f84ee7c5f51eb1fabed8479b8ec098d089a3168adb1e5f704594ac4a4e2db0c9c3baa63ee5d25a368337754ebf6f041cb77f84163ccdb97a19fb944d9c5a22981ff7570edb5d1825568a926d9d1bca83bb6d0bd9c1e50839f93c686e36921d30", @typed={0x8, 0x7e, 0x0, 0x0, @fd=r4}]}, @typed={0x8, 0x5, 0x0, 0x0, @pid=r5}, @nested={0x37, 0x85, 0x0, 0x1, [@generic="27eef099c3c90c2508c564516481a7a8c0a99622ab34eb", @typed={0xc, 0x43, 0x0, 0x0, @u64=0xffff}, @typed={0xc, 0x96, 0x0, 0x0, @u64=0x1}, @generic="6908a4dd"]}, @generic="fcb78e080196a2aef41182a36fb8c1d54de809cb5100db5489023bdca28dd3cf9cd8f4c20164821ee819ede2c7a8338ba7beea86e479d1129c6bf65ed08b2e16a1ac7313e249565d9b23b83379b208dc59e65da79946e796272b4b8d3a789eaac33f61ab871087af1a5d2e642298b8518d940d8a57b7aa3b8ba2d0bbb59ffc787b0a0c9177e32c5d41c3cd8a3a158b2726ca86ab056694ffb268f203f832dfca634ece8c419f3fd2221e0d4a7c73"]}, 0x190}, 0x1, 0x0, 0x0, 0x44840}, 0x4) [ 1022.232550] Node 1 active_anon:361152kB inactive_anon:27144kB active_file:20940kB inactive_file:106056kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37368kB dirty:948kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1022.321415] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1022.408081] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1022.422575] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1022.446544] Node 0 DMA32 free:27612kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:224kB local_pcp:128kB free_cma:0kB [ 1022.478187] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1022.506196] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1022.524403] CPU: 0 PID: 11016 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 1022.532350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1022.542414] Call Trace: [ 1022.545143] dump_stack+0x1b2/0x283 [ 1022.548890] warn_alloc.cold+0x96/0x1af [ 1022.553200] ? zone_watermark_ok_safe+0x250/0x250 [ 1022.559263] ? wait_for_completion_io+0x10/0x10 [ 1022.564279] __alloc_pages_nodemask+0x2129/0x2730 [ 1022.569258] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1022.574969] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1022.579976] ? HARDIRQ_verbose+0x10/0x10 [ 1022.584075] ? do_raw_spin_unlock+0x164/0x250 [ 1022.588690] alloc_pages_current+0xe7/0x1e0 [ 1022.593039] kvm_mmu_create+0xd1/0x1c0 [ 1022.597043] kvm_arch_vcpu_init+0x282/0x890 [ 1022.601494] ? alloc_pages_current+0xef/0x1e0 [ 1022.606457] kvm_vcpu_init+0x26d/0x360 [ 1022.610397] vmx_create_vcpu+0xf5/0x2950 [ 1022.614726] ? __mutex_unlock_slowpath+0x75/0x780 [ 1022.619708] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1022.624964] ? alloc_loaded_vmcs+0x240/0x240 [ 1022.629498] kvm_vm_ioctl+0x4ae/0x1430 [ 1022.633678] ? __lock_acquire+0x655/0x42a0 [ 1022.638855] ? kvm_vcpu_release+0xa0/0xa0 [ 1022.643122] ? trace_hardirqs_on+0x10/0x10 [ 1022.647381] ? check_preemption_disabled+0x35/0x240 [ 1022.652435] ? trace_hardirqs_on+0x10/0x10 [ 1022.657067] ? check_preemption_disabled+0x35/0x240 [ 1022.662435] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1022.667436] ? HARDIRQ_verbose+0x10/0x10 [ 1022.671646] ? kvm_vcpu_release+0xa0/0xa0 [ 1022.675998] do_vfs_ioctl+0x75a/0xfe0 [ 1022.679929] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1022.685752] ? ioctl_preallocate+0x1a0/0x1a0 [ 1022.690493] ? security_file_ioctl+0x76/0xb0 [ 1022.695444] ? security_file_ioctl+0x83/0xb0 [ 1022.701129] SyS_ioctl+0x7f/0xb0 [ 1022.704521] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1022.708524] do_syscall_64+0x1d5/0x640 [ 1022.713314] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1022.718784] RIP: 0033:0x45ca69 [ 1022.722089] RSP: 002b:00007f10b3961c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1022.730079] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1022.737390] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1022.745418] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1022.752868] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1022.760457] R13: 000000000000039c R14: 00000000004c637a R15: 00007f10b39626d4 [ 1022.802907] lowmem_reserve[]: 0 0 0 0 0 [ 1022.807203] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1022.835722] lowmem_reserve[]: 0 0 0 0 0 [ 1022.840850] Node 1 Normal free:1704144kB min:53592kB low:66988kB high:80384kB active_anon:361252kB inactive_anon:27144kB active_file:20940kB inactive_file:106056kB unevictable:0kB writepending:948kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:127200kB pagetables:236280kB bounce:0kB free_pcp:784kB local_pcp:584kB free_cma:0kB [ 1022.873815] lowmem_reserve[]: 0 0 0 0 0 [ 1022.878153] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1022.895352] Node 0 DMA32: 385*4kB (UME) 250*8kB (UME) 366*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27604kB [ 1022.913506] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1022.925788] Node 1 Normal: 12*4kB (UE) 2*8kB (ME) 101*16kB (UME) 13*32kB (UE) 16*64kB (UE) 4*128kB (UME) 4*256kB (UE) 1*512kB (U) 1*1024kB (M) 1*2048kB (E) 414*4096kB (M) = 1703984kB [ 1022.945527] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1022.957091] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1022.966744] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1022.976587] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1022.986719] 25414 total pagecache pages [ 1022.992008] 0 pages in swap cache [ 1022.995757] Swap cache stats: add 0, delete 0, find 0/0 22:34:34 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x0, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1023.014726] Free swap = 0kB [ 1023.019188] Total swap = 0kB [ 1023.027076] 1965979 pages RAM [ 1023.035187] 0 pages HighMem/MovableOnly [ 1023.045027] 338456 pages reserved [ 1023.048692] 0 pages cma reserved 22:34:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x408440, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xfffffffffffffe83}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="02020609100000000000004c9e0000000200130002000000000000000000004105000600200000000a00000000000000000500e50008070000001f00000000000009200000000000020001000000000000000002000098a805000500000000000a"], 0x80}}, 0x0) sendmmsg(r2, &(0x7f0000000180), 0x393, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r5}}, 0x20}}, 0x0) write$nbd(r3, &(0x7f0000000080)={0x67446698, 0x1, 0x3, 0x3, 0x1, "c79ccbac5bc02d5aa5564df4a6e91fc28d9e6460e5c3482de630e75034fd80691059d01e5be208de7816a4c8dddbb49de3e5a25ed70a5b3ed97f8e5557f537f37deb7601c88ec988cb9e5a3b4a1e0d6ae848b4ff4c8a12bf8f87d636d660449e330180d7a0b3fdda6da591bf5d49f990e212ec6edfa01d6b6507601d5c38266457c495848d659c5a55db127b2e0fc21b29a1ba1444beec36af55e799fc39cabae961a234b74a0e954a770904e7b96aec7d7ddcca97950bea126495d605ebe0626a39db9adea1c750ac71e7a818b88c4bb533f4b3944bb801d806d88c2972c048a8be115ab1478be04721f2d2974c27c0a024d3f74a67eb6cd7416d5c1e"}, 0x10d) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:34:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x408440, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xfffffffffffffe83}}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="02020609100000000000004c9e0000000200130002000000000000000000004105000600200000000a00000000000000000500e50008070000001f00000000000009200000000000020001000000000000000002000098a805000500000000000a"], 0x80}}, 0x0) sendmmsg(r2, &(0x7f0000000180), 0x393, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r5}}, 0x20}}, 0x0) write$nbd(r3, &(0x7f0000000080)={0x67446698, 0x1, 0x3, 0x3, 0x1, "c79ccbac5bc02d5aa5564df4a6e91fc28d9e6460e5c3482de630e75034fd80691059d01e5be208de7816a4c8dddbb49de3e5a25ed70a5b3ed97f8e5557f537f37deb7601c88ec988cb9e5a3b4a1e0d6ae848b4ff4c8a12bf8f87d636d660449e330180d7a0b3fdda6da591bf5d49f990e212ec6edfa01d6b6507601d5c38266457c495848d659c5a55db127b2e0fc21b29a1ba1444beec36af55e799fc39cabae961a234b74a0e954a770904e7b96aec7d7ddcca97950bea126495d605ebe0626a39db9adea1c750ac71e7a818b88c4bb533f4b3944bb801d806d88c2972c048a8be115ab1478be04721f2d2974c27c0a024d3f74a67eb6cd7416d5c1e"}, 0x10d) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1023.453778] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1023.478118] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1023.484187] CPU: 0 PID: 11037 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1023.492202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1023.501994] Call Trace: [ 1023.504702] dump_stack+0x1b2/0x283 [ 1023.508355] warn_alloc.cold+0x96/0x1af [ 1023.512622] ? zone_watermark_ok_safe+0x250/0x250 [ 1023.517495] ? wait_for_completion_io+0x10/0x10 [ 1023.522298] __alloc_pages_nodemask+0x2129/0x2730 [ 1023.527191] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1023.532151] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1023.537033] ? HARDIRQ_verbose+0x10/0x10 [ 1023.541132] ? do_raw_spin_unlock+0x164/0x250 [ 1023.545797] alloc_pages_current+0xe7/0x1e0 [ 1023.550145] kvm_mmu_create+0xd1/0x1c0 [ 1023.554671] kvm_arch_vcpu_init+0x282/0x890 [ 1023.559345] ? alloc_pages_current+0xef/0x1e0 [ 1023.563883] kvm_vcpu_init+0x26d/0x360 [ 1023.567805] vmx_create_vcpu+0xf5/0x2950 [ 1023.571903] ? __mutex_unlock_slowpath+0x75/0x780 [ 1023.576763] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1023.581805] ? alloc_loaded_vmcs+0x240/0x240 [ 1023.586242] kvm_vm_ioctl+0x4ae/0x1430 [ 1023.590143] ? __lock_acquire+0x655/0x42a0 [ 1023.594392] ? kvm_vcpu_release+0xa0/0xa0 [ 1023.598689] ? trace_hardirqs_on+0x10/0x10 [ 1023.603157] ? check_preemption_disabled+0x35/0x240 [ 1023.608304] ? trace_hardirqs_on+0x10/0x10 [ 1023.612573] ? check_preemption_disabled+0x35/0x240 [ 1023.617616] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1023.622733] ? HARDIRQ_verbose+0x10/0x10 [ 1023.626814] ? kvm_vcpu_release+0xa0/0xa0 [ 1023.630977] do_vfs_ioctl+0x75a/0xfe0 [ 1023.634797] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1023.640567] ? ioctl_preallocate+0x1a0/0x1a0 [ 1023.645020] ? security_file_ioctl+0x76/0xb0 [ 1023.649456] ? security_file_ioctl+0x83/0xb0 [ 1023.653900] SyS_ioctl+0x7f/0xb0 [ 1023.657280] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1023.661270] do_syscall_64+0x1d5/0x640 [ 1023.665183] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1023.670390] RIP: 0033:0x45ca69 [ 1023.673588] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1023.681309] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1023.688612] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1023.695923] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1023.703335] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1023.710807] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 22:34:35 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r3 = gettid() tkill(r3, 0x1004000000016) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r2, 0xc01064bd, &(0x7f00000001c0)={&(0x7f0000000140)="e2d7c4da4ccbf26f1ea214d88a2d15209a76526fff273a27083eef367869855d7a99a11287763b6c5778103f5406ff4fa459521fe16842fa270d55ab491f85e67dadb116c974479d88ed58d0b688ce3d98d133497e5833e52ab3", 0x5a, 0x0}) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r2, 0xc01064bd, &(0x7f0000000200)={&(0x7f0000000080)="b734eaf3a40bb82e1cb165ef78366089102a29f760e374653605598690e6a1a42aa9eebffdbcf3b6ace8087650aa9e91c33d539a8e98a295e719a7c423453b3747d79e3823de9d97c5dd0adf91649e390e25a4ac28b9bdfb8784c427af4fbec8e48806d92b29885c9d4421bff4c6d25f0e95e645939bd245dbf974b874392bffbbf0f53643c7345c484b81a70d133c0ef33c7666b42df44f9428d0442e4b620ff67481d1165a28b6553e763357e7c12d1b2b970055586973a56502312b4e3e", 0xbf, r6}) setreuid(0x0, r5) r7 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r8 = dup(r7) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r8, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001340)={r8, &(0x7f0000000280)="88c372db4cb9db40e30ef8a783deb2f6c2e721f80a6737517d701043316344bb7f245c497ef0db663c8763f711fd0ea7cf63ecec1552993b85ec15e94ccb9773247e19205faa2a9b0bbecb47f531f1d41e4e1863d073c747eb6062be7aaead6577d47a5be13fcba325b1cf7ed638f615a6d09edbbfac7337ec499b82517303f60cfbdea321ce49aa73d75e2b234d86717c08bfca227a72517339e550933824c617181e8757972e57022a40e23975b1d7", &(0x7f0000000340)=""/4096}, 0x20) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000000)={0x5b25, 0xdcb7, {r3}, {r5}, 0x1, 0x8}) sched_setaffinity(r9, 0x8, &(0x7f0000000040)=0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:34:35 executing program 1 (fault-call:6 fault-nth:0): mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1023.818525] warn_alloc_show_mem: 1 callbacks suppressed [ 1023.818530] Mem-Info: [ 1023.827623] active_anon:436590 inactive_anon:11114 isolated_anon:0 [ 1023.827623] active_file:5239 inactive_file:26521 isolated_file:2 [ 1023.827623] unevictable:0 dirty:261 writeback:0 unstable:0 [ 1023.827623] slab_reclaimable:50348 slab_unreclaimable:390455 [ 1023.827623] mapped:63608 shmem:11300 pagetables:72975 bounce:0 [ 1023.827623] free:435191 free_pcp:298 free_cma:0 [ 1023.915970] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1023.948890] Node 1 active_anon:361852kB inactive_anon:27144kB active_file:20948kB inactive_file:106080kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37320kB dirty:1044kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1023.983207] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1024.016584] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1024.026782] Node 0 DMA32 free:27480kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:308kB local_pcp:128kB free_cma:0kB [ 1024.076267] FAULT_INJECTION: forcing a failure. [ 1024.076267] name failslab, interval 1, probability 0, space 0, times 0 [ 1024.089141] CPU: 0 PID: 11058 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 1024.097563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1024.107436] Call Trace: [ 1024.110046] dump_stack+0x1b2/0x283 [ 1024.113790] should_fail.cold+0x10a/0x154 [ 1024.117961] should_failslab+0xd6/0x130 [ 1024.122213] kmem_cache_alloc+0x28e/0x3c0 [ 1024.126378] getname_flags+0xc8/0x550 [ 1024.130291] ? SyS_mkdir+0x20/0x20 [ 1024.134078] do_rmdir+0x84/0x340 [ 1024.137496] ? kern_path_create+0x40/0x40 [ 1024.141745] ? fput+0xb/0x140 [ 1024.144870] ? SyS_write+0x14d/0x210 [ 1024.148644] ? SyS_read+0x210/0x210 [ 1024.152465] ? SyS_clock_settime+0x1a0/0x1a0 [ 1024.156980] ? do_syscall_64+0x4c/0x640 [ 1024.161056] ? SyS_mkdir+0x20/0x20 [ 1024.165038] do_syscall_64+0x1d5/0x640 [ 1024.171033] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1024.176416] RIP: 0033:0x45ca69 [ 1024.179660] RSP: 002b:00007f10b3940c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 1024.187759] RAX: ffffffffffffffda RBX: 00000000004fc3c0 RCX: 000000000045ca69 [ 1024.195562] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0 [ 1024.205348] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1024.212741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1024.220197] R13: 00000000000008c7 R14: 00000000004cba1d R15: 00007f10b39416d4 [ 1024.241278] lowmem_reserve[]: 0 0 0 0 0 [ 1024.246431] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1024.277331] lowmem_reserve[]: 0 0 0 0 0 [ 1024.283900] Node 1 Normal free:1703104kB min:53592kB low:66988kB high:80384kB active_anon:361968kB inactive_anon:27148kB active_file:20952kB inactive_file:106124kB unevictable:0kB writepending:1136kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:127360kB pagetables:236796kB bounce:0kB free_pcp:916kB local_pcp:724kB free_cma:0kB [ 1024.317342] lowmem_reserve[]: 0 0 0 0 0 [ 1024.323377] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1024.341361] Node 0 DMA32: 384*4kB (ME) 252*8kB (UME) 359*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27504kB [ 1024.359108] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 22:34:35 executing program 1 (fault-call:6 fault-nth:1): mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1024.374810] Node 1 Normal: 4*4kB (UM) 10*8kB (U) 52*16kB (UM) 2*32kB (U) 22*64kB (UME) 6*128kB (UE) 3*256kB (UE) 2*512kB (UM) 0*1024kB 1*2048kB (E) 414*4096kB (M) = 1702752kB [ 1024.392482] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1024.413216] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1024.422935] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1024.433917] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1024.447099] 25423 total pagecache pages [ 1024.458815] 0 pages in swap cache [ 1024.470187] Swap cache stats: add 0, delete 0, find 0/0 [ 1024.485478] Free swap = 0kB [ 1024.495808] Total swap = 0kB [ 1024.505983] 1965979 pages RAM [ 1024.511905] 0 pages HighMem/MovableOnly [ 1024.530652] 338456 pages reserved 22:34:35 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x0, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1024.539493] 0 pages cma reserved [ 1024.647038] FAULT_INJECTION: forcing a failure. [ 1024.647038] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1024.658963] CPU: 0 PID: 11061 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 1024.667037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1024.676406] Call Trace: [ 1024.679107] dump_stack+0x1b2/0x283 [ 1024.682779] should_fail.cold+0x10a/0x154 [ 1024.687695] __alloc_pages_nodemask+0x22b/0x2730 [ 1024.692921] ? check_preemption_disabled+0x35/0x240 [ 1024.699297] ? HARDIRQ_verbose+0x10/0x10 [ 1024.703470] ? _copy_from_user+0x94/0x100 [ 1024.708245] ? get_pid_task+0x91/0x130 [ 1024.712745] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1024.717615] ? trace_hardirqs_on+0x10/0x10 [ 1024.722397] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1024.727532] ? HARDIRQ_verbose+0x10/0x10 [ 1024.731870] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1024.737844] ? __fdget_pos+0xa6/0xc0 [ 1024.741611] cache_grow_begin+0x91/0x410 [ 1024.746031] cache_alloc_refill+0x28c/0x360 [ 1024.750461] kmem_cache_alloc+0x333/0x3c0 [ 1024.754840] getname_flags+0xc8/0x550 [ 1024.758744] ? SyS_mkdir+0x20/0x20 [ 1024.762328] do_rmdir+0x84/0x340 [ 1024.765714] ? kern_path_create+0x40/0x40 [ 1024.769966] ? fput+0xb/0x140 [ 1024.773200] ? SyS_write+0x14d/0x210 [ 1024.776930] ? SyS_read+0x210/0x210 [ 1024.780695] ? SyS_clock_settime+0x1a0/0x1a0 [ 1024.786474] ? do_syscall_64+0x4c/0x640 [ 1024.792358] ? SyS_mkdir+0x20/0x20 [ 1024.795935] do_syscall_64+0x1d5/0x640 [ 1024.800890] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1024.806086] RIP: 0033:0x45ca69 [ 1024.809400] RSP: 002b:00007f10b3961c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 1024.817382] RAX: ffffffffffffffda RBX: 00000000004fc3c0 RCX: 000000000045ca69 [ 1024.824941] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0 [ 1024.832673] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1024.840093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1024.847475] R13: 00000000000008c7 R14: 00000000004cba1d R15: 00007f10b39626d4 [ 1024.916844] overlayfs: invalid redirect () 22:34:36 executing program 1 (fault-call:6 fault-nth:2): mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1025.132387] FAULT_INJECTION: forcing a failure. [ 1025.132387] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1025.144310] CPU: 0 PID: 11074 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 1025.152381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1025.161842] Call Trace: [ 1025.164592] dump_stack+0x1b2/0x283 [ 1025.168251] should_fail.cold+0x10a/0x154 [ 1025.172556] __alloc_pages_nodemask+0x22b/0x2730 [ 1025.177449] ? __lock_acquire+0x655/0x42a0 [ 1025.181815] ? trace_hardirqs_on+0x10/0x10 [ 1025.186082] ? check_preemption_disabled+0x35/0x240 [ 1025.191136] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1025.196042] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1025.201102] ? HARDIRQ_verbose+0x10/0x10 [ 1025.205202] ? ____cache_alloc_node+0x153/0x1c0 [ 1025.210448] ? lock_acquire+0x170/0x3f0 [ 1025.214447] cache_grow_begin+0x91/0x410 [ 1025.218544] ? do_raw_spin_unlock+0x164/0x250 [ 1025.223432] ____cache_alloc_node+0x16d/0x1c0 [ 1025.224194] syz-executor.4: [ 1025.227967] ? check_preemption_disabled+0x35/0x240 [ 1025.227983] kmem_cache_alloc+0x1e5/0x3c0 [ 1025.227998] getname_flags+0xc8/0x550 [ 1025.228009] ? SyS_mkdir+0x20/0x20 [ 1025.240344] page allocation failure: order:0 [ 1025.240513] do_rmdir+0x84/0x340 [ 1025.249258] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1025.252266] ? kern_path_create+0x40/0x40 [ 1025.252276] ? fput+0xb/0x140 [ 1025.252287] ? SyS_write+0x14d/0x210 [ 1025.252297] ? SyS_read+0x210/0x210 [ 1025.252311] ? SyS_clock_settime+0x1a0/0x1a0 [ 1025.264100] (null) [ 1025.265765] ? do_syscall_64+0x4c/0x640 [ 1025.265776] ? SyS_mkdir+0x20/0x20 [ 1025.265788] do_syscall_64+0x1d5/0x640 [ 1025.274087] syz-executor.4 cpuset= [ 1025.276809] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1025.276821] RIP: 0033:0x45ca69 [ 1025.276825] RSP: 002b:00007f10b3961c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 1025.291383] / [ 1025.295320] RAX: ffffffffffffffda RBX: 00000000004fc3c0 RCX: 000000000045ca69 22:34:36 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001112", @ANYRES32=0x0, @ANYBLOB="08cbef0000000000"], 0x30}}, 0x0) [ 1025.295329] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0 [ 1025.307982] mems_allowed=0-1 [ 1025.316705] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1025.316711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1025.316716] R13: 00000000000008c7 R14: 00000000004cba1d R15: 00007f10b39626d4 [ 1025.446440] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1025.488529] CPU: 1 PID: 11063 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1025.496895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1025.506956] Call Trace: [ 1025.509723] dump_stack+0x1b2/0x283 [ 1025.513420] warn_alloc.cold+0x96/0x1af [ 1025.517610] ? zone_watermark_ok_safe+0x250/0x250 [ 1025.522600] ? wait_for_completion_io+0x10/0x10 [ 1025.527561] __alloc_pages_nodemask+0x2129/0x2730 [ 1025.532627] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1025.537491] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1025.542365] ? HARDIRQ_verbose+0x10/0x10 [ 1025.546443] ? do_raw_spin_unlock+0x164/0x250 [ 1025.550963] alloc_pages_current+0xe7/0x1e0 [ 1025.555765] kvm_mmu_create+0xd1/0x1c0 [ 1025.559676] kvm_arch_vcpu_init+0x282/0x890 [ 1025.564016] ? alloc_pages_current+0xef/0x1e0 [ 1025.568681] kvm_vcpu_init+0x26d/0x360 [ 1025.572787] vmx_create_vcpu+0xf5/0x2950 [ 1025.577024] ? __mutex_unlock_slowpath+0x75/0x780 [ 1025.581998] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1025.587250] ? alloc_loaded_vmcs+0x240/0x240 [ 1025.592215] kvm_vm_ioctl+0x4ae/0x1430 [ 1025.596352] ? __lock_acquire+0x655/0x42a0 [ 1025.602102] ? kvm_vcpu_release+0xa0/0xa0 [ 1025.606557] ? retint_kernel+0x2d/0x2d [ 1025.610582] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1025.616545] ? trace_hardirqs_on+0x10/0x10 [ 1025.621032] ? check_preemption_disabled+0x35/0x240 [ 1025.626665] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1025.633160] ? HARDIRQ_verbose+0x10/0x10 [ 1025.637332] ? kvm_vcpu_release+0xa0/0xa0 [ 1025.641497] do_vfs_ioctl+0x75a/0xfe0 [ 1025.645543] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1025.652497] ? ioctl_preallocate+0x1a0/0x1a0 [ 1025.657030] ? security_file_ioctl+0x76/0xb0 [ 1025.660807] overlayfs: invalid redirect () [ 1025.662087] ? security_file_ioctl+0x83/0xb0 [ 1025.662102] SyS_ioctl+0x7f/0xb0 [ 1025.662109] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1025.662124] do_syscall_64+0x1d5/0x640 [ 1025.683640] entry_SYSCALL_64_after_hwframe+0x46/0xbb 22:34:36 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="8005000000005306540a47fb", @ANYRES32=0x0, @ANYBLOB="08001b0000000000"], 0x30}}, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r2 = fcntl$getown(r1, 0x9) fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x1, 0x2, 0x6, 0xc30, r2}) [ 1025.688851] RIP: 0033:0x45ca69 [ 1025.692047] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1025.700455] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1025.707825] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1025.715387] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1025.723112] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1025.730668] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 22:34:37 executing program 1 (fault-call:6 fault-nth:3): mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1025.744194] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1025.800952] Cannot find add_set index 0 as target [ 1025.820564] Mem-Info: [ 1025.823447] active_anon:436720 inactive_anon:11114 isolated_anon:0 [ 1025.823447] active_file:5253 inactive_file:26539 isolated_file:0 [ 1025.823447] unevictable:0 dirty:22 writeback:35 unstable:0 [ 1025.823447] slab_reclaimable:50369 slab_unreclaimable:391241 [ 1025.823447] mapped:63623 shmem:11300 pagetables:73015 bounce:0 [ 1025.823447] free:434190 free_pcp:384 free_cma:0 [ 1025.871077] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1025.872149] Cannot find add_set index 0 as target [ 1025.928592] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 22:34:37 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x482, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x18, 0x140b, 0x1, 0x70bd28, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x18}}, 0x4000080) [ 1025.964842] Node 1 active_anon:362172kB inactive_anon:27144kB active_file:20996kB inactive_file:106152kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37380kB dirty:88kB writeback:40kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1026.003360] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1026.042469] FAULT_INJECTION: forcing a failure. [ 1026.042469] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1026.059932] CPU: 1 PID: 11083 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 1026.067953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1026.078103] Call Trace: [ 1026.080711] dump_stack+0x1b2/0x283 [ 1026.084449] should_fail.cold+0x10a/0x154 [ 1026.088848] __alloc_pages_nodemask+0x22b/0x2730 [ 1026.093813] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1026.098974] ? __lock_acquire+0x655/0x42a0 [ 1026.103428] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1026.108697] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1026.113941] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1026.118926] ? HARDIRQ_verbose+0x10/0x10 [ 1026.123419] ? ____cache_alloc_node+0x153/0x1c0 [ 1026.129450] ? cache_grow_begin+0x3f/0x410 [ 1026.133794] cache_grow_begin+0x91/0x410 [ 1026.137882] fallback_alloc+0x205/0x2b0 [ 1026.142025] kmem_cache_alloc+0x1e5/0x3c0 [ 1026.146633] getname_flags+0xc8/0x550 [ 1026.150548] ? SyS_mkdir+0x20/0x20 [ 1026.154930] do_rmdir+0x84/0x340 [ 1026.158317] ? kern_path_create+0x40/0x40 [ 1026.162767] ? fput+0xb/0x140 [ 1026.165892] ? SyS_write+0x14d/0x210 [ 1026.169626] ? SyS_read+0x210/0x210 [ 1026.173298] ? SyS_clock_settime+0x1a0/0x1a0 [ 1026.177758] ? do_syscall_64+0x4c/0x640 [ 1026.181776] ? SyS_mkdir+0x20/0x20 [ 1026.185336] do_syscall_64+0x1d5/0x640 [ 1026.189247] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1026.194451] RIP: 0033:0x45ca69 [ 1026.197679] RSP: 002b:00007f10b3961c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 1026.205399] RAX: ffffffffffffffda RBX: 00000000004fc3c0 RCX: 000000000045ca69 [ 1026.212684] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0 [ 1026.219965] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1026.227871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1026.235534] R13: 00000000000008c7 R14: 00000000004cba1d R15: 00007f10b39626d4 22:34:37 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000000)=0xffffffc1) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0xc810) [ 1026.276090] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1026.281918] Node 0 DMA32 free:27504kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:280kB local_pcp:168kB free_cma:0kB [ 1026.315972] lowmem_reserve[]: 0 0 0 0 0 [ 1026.323876] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1026.353338] lowmem_reserve[]: 0 0 0 0 0 [ 1026.357564] Node 1 Normal free:1698820kB min:53592kB low:66988kB high:80384kB active_anon:362180kB inactive_anon:27144kB active_file:20996kB inactive_file:106176kB unevictable:0kB writepending:132kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:127392kB pagetables:236800kB bounce:0kB free_pcp:772kB local_pcp:592kB free_cma:0kB [ 1026.399872] lowmem_reserve[]: 0 0 0 0 0 [ 1026.404017] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1026.420854] Node 0 DMA32: 384*4kB (ME) 252*8kB (UME) 359*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27504kB [ 1026.437205] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1026.449852] Node 1 Normal: 82*4kB (UME) 37*8kB (UME) 15*16kB (UE) 7*32kB (UE) 3*64kB (UME) 4*128kB (UM) 2*256kB (UE) 1*512kB (U) 0*1024kB 2*2048kB (UE) 413*4096kB (M) = 1698560kB [ 1026.469178] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 22:34:37 executing program 1 (fault-call:6 fault-nth:4): mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1026.497347] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1026.511593] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1026.531888] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1026.541771] 25445 total pagecache pages [ 1026.546318] 0 pages in swap cache [ 1026.562320] Swap cache stats: add 0, delete 0, find 0/0 [ 1026.572542] Free swap = 0kB [ 1026.576566] Total swap = 0kB [ 1026.583314] 1965979 pages RAM [ 1026.587253] 0 pages HighMem/MovableOnly [ 1026.594181] 338456 pages reserved 22:34:37 executing program 5: socket$nl_route(0x10, 0x3, 0x0) keyctl$join(0x1, &(0x7f0000000000)={'syz', 0x2}) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_mr_vif\x00') r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000001d080)={&(0x7f0000000100)={0x1c, r4, 0x709, 0x0, 0x0, {}, [@NL80211_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r6 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r7}}, 0x20}}, 0x0) recvmsg$can_raw(r5, &(0x7f0000000580)={&(0x7f0000000240)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)=""/13, 0xd}, {&(0x7f0000000300)=""/87, 0x57}, {&(0x7f0000000380)=""/210, 0xd2}], 0x3, &(0x7f00000004c0)=""/191, 0xbf}, 0x2040) sendmsg$NL80211_CMD_SET_MPATH(r2, &(0x7f0000000640)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x34, r4, 0x200, 0x70bd29, 0x25dfdbff, {}, [@NL80211_ATTR_MAC={0xa, 0x6, @remote}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r8}, @NL80211_ATTR_MAC={0xa, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000800}, 0x40001) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r9, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="0000e5d6e95099cb59c5d27d613f2c249500", @ANYRES32=0x0, @ANYBLOB="08001b0000000000"], 0x30}}, 0x0) [ 1026.598482] 0 pages cma reserved [ 1026.627148] FAULT_INJECTION: forcing a failure. [ 1026.627148] name failslab, interval 1, probability 0, space 0, times 0 [ 1026.658990] CPU: 0 PID: 11095 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 1026.667018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1026.676574] Call Trace: [ 1026.679183] dump_stack+0x1b2/0x283 [ 1026.682830] should_fail.cold+0x10a/0x154 [ 1026.687165] should_failslab+0xd6/0x130 [ 1026.691207] kmem_cache_alloc+0x28e/0x3c0 [ 1026.697814] __d_alloc+0x2a/0x9b0 [ 1026.701299] d_alloc+0x46/0x240 [ 1026.704620] __lookup_hash+0x51/0x180 [ 1026.708480] do_rmdir+0x1f0/0x340 [ 1026.712248] ? kern_path_create+0x40/0x40 [ 1026.716570] ? fput+0xb/0x140 [ 1026.719733] ? SyS_read+0x210/0x210 [ 1026.723546] ? SyS_clock_settime+0x1a0/0x1a0 [ 1026.728003] ? do_syscall_64+0x4c/0x640 [ 1026.732123] ? SyS_mkdir+0x20/0x20 [ 1026.735725] do_syscall_64+0x1d5/0x640 [ 1026.739641] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1026.744882] RIP: 0033:0x45ca69 [ 1026.748078] RSP: 002b:00007f10b3961c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 1026.756043] RAX: ffffffffffffffda RBX: 00000000004fc3c0 RCX: 000000000045ca69 [ 1026.763327] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0 [ 1026.770696] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1026.777980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1026.785617] R13: 00000000000008c7 R14: 00000000004cba1d R15: 00007f10b39626d4 [ 1026.886802] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 22:34:38 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:34:38 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', 0x0, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1026.973408] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1026.995578] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 22:34:38 executing program 1 (fault-call:6 fault-nth:5): mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:34:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$NFNL_MSG_ACCT_GET(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x6c, 0x1, 0x7, 0x301, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x3ff}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x9}, @NFACCT_FLAGS={0x8}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0xffc00000000}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x5}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x9}]}, 0x6c}, 0x1, 0x0, 0x0, 0x810}, 0x40010) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8, 0x1b, 0x200}]}, 0x30}}, 0x0) 22:34:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="2000000500000004080000000000eeff10000000", @ANYRES32=r6, @ANYBLOB="000000000000c000018000000000000027d054f9dbb5f25a94981a1ad448d0df89ab470c1a2b18d7910e438fd98dbace00000000372c"], 0x20}}, 0x0) getsockopt$TIPC_IMPORTANCE(r4, 0x10f, 0x7f, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f0000000000)={0x2}) [ 1027.256779] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1027.306941] FAULT_INJECTION: forcing a failure. [ 1027.306941] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1027.318779] CPU: 0 PID: 11124 Comm: syz-executor.1 Not tainted 4.14.184-syzkaller #0 [ 1027.320993] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1793 sclass=netlink_route_socket pid=11126 comm=syz-executor.5 [ 1027.327222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1027.327228] Call Trace: [ 1027.327254] dump_stack+0x1b2/0x283 [ 1027.327273] should_fail.cold+0x10a/0x154 [ 1027.327303] __alloc_pages_nodemask+0x22b/0x2730 [ 1027.364767] ? trace_hardirqs_on+0x10/0x10 [ 1027.369112] ? check_preemption_disabled+0x35/0x240 [ 1027.374248] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1027.379118] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1027.384067] ? trace_hardirqs_on+0x10/0x10 [ 1027.388326] ? HARDIRQ_verbose+0x10/0x10 [ 1027.392413] ? ____cache_alloc_node+0x153/0x1c0 [ 1027.397107] ? lock_acquire+0x170/0x3f0 [ 1027.401101] cache_grow_begin+0x91/0x410 [ 1027.405187] ? do_raw_spin_unlock+0x164/0x250 [ 1027.409725] ____cache_alloc_node+0x16d/0x1c0 [ 1027.415216] ? check_preemption_disabled+0x35/0x240 [ 1027.420269] kmem_cache_alloc+0x1e5/0x3c0 [ 1027.424445] __d_alloc+0x2a/0x9b0 [ 1027.427925] d_alloc+0x46/0x240 [ 1027.431232] __lookup_hash+0x51/0x180 [ 1027.435052] do_rmdir+0x1f0/0x340 [ 1027.438526] ? kern_path_create+0x40/0x40 [ 1027.442852] ? fput+0xb/0x140 [ 1027.445980] ? SyS_read+0x210/0x210 [ 1027.448659] syz-executor.4: [ 1027.449613] ? SyS_clock_settime+0x1a0/0x1a0 [ 1027.449626] ? do_syscall_64+0x4c/0x640 [ 1027.449637] ? SyS_mkdir+0x20/0x20 [ 1027.449648] do_syscall_64+0x1d5/0x640 [ 1027.449665] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1027.458173] page allocation failure: order:0 [ 1027.461144] RIP: 0033:0x45ca69 [ 1027.461151] RSP: 002b:00007f10b3961c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 1027.461163] RAX: ffffffffffffffda RBX: 00000000004fc3c0 RCX: 000000000045ca69 [ 1027.461168] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0 [ 1027.461172] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1027.461177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1027.461181] R13: 00000000000008c7 R14: 00000000004cba1d R15: 00007f10b39626d4 [ 1027.547611] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 22:34:38 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0xffffffffffff8000, 0x2000) r3 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14008452e27d858a00003a0000042abd7000ffdb"], 0x14}}, 0x0) r7 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r8 = dup(r7) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r8, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="540000000714000328bd7000fedbdf2505005400000000000500540000000000090d020073797a30000400000900020073797a30000000000900020073797a32000000000800010002000000080044005d8eb96e52e2370ab1cfe8bfdc7d1cc366dd1e687a6c9cb9d3276b63106be222b7731718548a2b8fbc9727d445569edc6cbf6ee096a753c40f37e8305c4e5262d9ca8f6b43ac0d3e574038243c54c975edbc390764215e1ef6e0d02770878de700"/186, @ANYRES32=r8, @ANYBLOB], 0x54}}, 0x1) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) [ 1027.648864] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1027.678023] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1027.694482] CPU: 1 PID: 11107 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1027.702589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1027.712653] Call Trace: [ 1027.715789] dump_stack+0x1b2/0x283 [ 1027.719439] warn_alloc.cold+0x96/0x1af [ 1027.723434] ? zone_watermark_ok_safe+0x250/0x250 [ 1027.728407] ? wait_for_completion_io+0x10/0x10 [ 1027.733318] __alloc_pages_nodemask+0x2129/0x2730 [ 1027.738329] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1027.743235] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1027.748197] ? HARDIRQ_verbose+0x10/0x10 [ 1027.752299] ? do_raw_spin_unlock+0x164/0x250 [ 1027.757306] alloc_pages_current+0xe7/0x1e0 [ 1027.762186] kvm_mmu_create+0xd1/0x1c0 [ 1027.767029] kvm_arch_vcpu_init+0x282/0x890 [ 1027.771389] ? alloc_pages_current+0xef/0x1e0 [ 1027.775908] kvm_vcpu_init+0x26d/0x360 [ 1027.779832] vmx_create_vcpu+0xf5/0x2950 [ 1027.783917] ? __mutex_unlock_slowpath+0x75/0x780 [ 1027.788815] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1027.794231] ? alloc_loaded_vmcs+0x240/0x240 [ 1027.798774] kvm_vm_ioctl+0x4ae/0x1430 [ 1027.803304] ? __lock_acquire+0x655/0x42a0 [ 1027.807569] ? kvm_vcpu_release+0xa0/0xa0 [ 1027.811738] ? trace_hardirqs_on+0x10/0x10 [ 1027.815992] ? check_preemption_disabled+0x35/0x240 [ 1027.821299] ? trace_hardirqs_on+0x10/0x10 [ 1027.825582] ? check_preemption_disabled+0x35/0x240 [ 1027.830657] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1027.835744] ? HARDIRQ_verbose+0x10/0x10 [ 1027.840106] ? kvm_vcpu_release+0xa0/0xa0 [ 1027.844654] do_vfs_ioctl+0x75a/0xfe0 22:34:39 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1027.848795] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1027.855059] ? ioctl_preallocate+0x1a0/0x1a0 [ 1027.859687] ? security_file_ioctl+0x76/0xb0 [ 1027.864179] ? security_file_ioctl+0x83/0xb0 [ 1027.871120] SyS_ioctl+0x7f/0xb0 [ 1027.874601] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1027.878636] do_syscall_64+0x1d5/0x640 [ 1027.882762] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1027.888109] RIP: 0033:0x45ca69 [ 1027.891334] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 22:34:39 executing program 2: syz_extract_tcp_res(&(0x7f0000000000)={0x41424344}, 0xfffffff9, 0x7) r1 = socket(0x10, 0x803, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4044044}, 0x8d0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0], 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r8, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={r8, 0x6}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000200)={r9, 0xcf, "1c914cf50ecc18891931860e2fe9a5fcad99d578c441891faf2d1e9b8e5c6278afb107cb364f71c2e9b2535473102d5603fe232b3e46cfef736301b9f72d6785ebb111dddd478ce33701807716007bfe4a2766e8b77a8f371b5867ff28c3ac67251763b787ca15b39d1a413f1becfde0d6fd46841c670f2ff7b518be8ce283d4cb65090f38d086ba54f2929805ee25fd892a04d432cfc0c7b5fa5872adf57b73ea95c6fce93b4eb9731b06c69b1d608a5d8c6084d3aabfb1f4379ecf93a64b62edc8322004f842b1948cabfbfe9cd0"}, &(0x7f0000000300)=0xd7) syz_emit_ethernet(0x13c, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000170001062c00fc000000000000000000000000000001ff02000000000000000000000000000100000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="500000009078000095e60334d04e6c1b88225255fbf811226c8f804b6950327c0678ec97ac2cbfab6a028ef955b78e438c87fd8409d4d4cb133b4f80d5cb0528b1cd1c08501a2501b2638c2ee822f32e82792b9bd62b082194216191c8218f053759910b00007cfaa327b28a065cc38dab4570babc15e8df6e7477a1f4d60b92646c2f29cbb10952d454df455cff64db792cfa49c1b6172e2e2b95b8b4320722dfae565124b2747d8133aa8c6afa1648cac0f3267d523d5489964f10664b3c243e6dc3b0e1a211a190b3cc37c45dc3e6c2018b1b36fabc7101010000000000006e162b18229727db0316d3ffc323"], 0x0) [ 1027.899053] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1027.900460] overlayfs: invalid redirect () [ 1027.906508] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1027.906514] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1027.906519] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1027.906524] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1027.944997] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1028.038620] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 22:34:39 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mount$bpf(0x0, &(0x7f0000000080)='./bus\x00', &(0x7f0000000180)='bpf\x00', 0x4842, &(0x7f0000000300)={[{@mode={'mode', 0x3d, 0x100}}, {@mode={'mode', 0x3d, 0x4}}, {@mode={'mode', 0x3d, 0x8}}, {@mode={'mode', 0x3d, 0x4}}], [{@dont_appraise='dont_appraise'}, {@smackfsdef={'smackfsdef', 0x3d, 'trusted.overlay.redirect\x00'}}]}) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1028.126535] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 22:34:39 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x42, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) timerfd_gettime(r0, &(0x7f0000000080)) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$packet(0x11, 0x3, 0x300) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=ANY=[@ANYBLOB="2000000011000d04000000000000000010000000131af5ae3e4f9973e099ed18fffc2df6eb5d406778f7d7845024ea8318a7575d898ff11559d3681a2fcabab32058668203ddb6f722714e7830fef497ab4246b11abcb107d4c9b69bb6e9cf874e3d56ae3cb5781026f75d6249de23987e889606d9e393a5cd3802d42be28f3fd3ae82d1b567ea5a6f290ad0b3ae88433dce6d4c9a8eefc93b5170031e0a4bab496d1118c627f590030180000000000000d6f90e5b63a3cff2c1ce12f2b8ac6c0a938dd6e7af1334ae7517468eec53d5b17f25b392f1ffd8f41666ccdadf2585578f541aad502166bcef5291c947e33bd7338dde020a6043e192ab53df74a8ef66803d6feba3cd2e324fe18c6954d35c41836c96cf15203f9b08eeb27599a1d834110a4c4d820fc32dd0a5a751ec85b71efda3f7e8b02c16f866f4505f5bd3d38e3c2fc370d2b7fc048c4261f288119a51191d1ae3127d29d8aafd0a1e3235f01ef23d1047cab32377c607ed826d4ca22e647ea6693ce85c22cb7fe471ca82015835406acbcc77ffb48c8d", @ANYRES32=r5, @ANYRESDEC=r4], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x0) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f0000000440)=ANY=[@ANYBLOB="00000000efe32576ecf933fcd95834890e176b1112a4fe8ceb98c7dd586d04ab5063f3674237013015e9046fa6f99f69958106f43e8621880c3111780e52fafa5e1e7983cbe640ba5bfb07213eb8763770cb4a7841cd764f0b81d82a6878cbca0b4280ef0496fd528bb9dc085fde2b8cd06815f83e16804ced9337875095117b1a8837018000000b9348c15dd82da9f45eaa91418d2398e46ce887d220796788848b4a554a9d3ea57b4c1f61eb15689bdb4103c078f2b01011069a5d2a6d7f0fd288439b07d8042f0b165673a562f62ac0ddce248425", @ANYRES32=0x0], 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r7, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000100)={r7, 0xf, &(0x7f0000000300)}, &(0x7f0000000140)=0x10) uselib(&(0x7f0000000000)='./file0\x00') [ 1028.210376] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1028.242623] Mem-Info: [ 1028.245837] active_anon:436864 inactive_anon:11114 isolated_anon:0 [ 1028.245837] active_file:5257 inactive_file:26556 isolated_file:0 22:34:39 executing program 5: setxattr$security_evm(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.evm\x00', &(0x7f00000000c0)=@ng={0x4, 0x0, "cd4da2aba74ad611ed68"}, 0xc, 0x3) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) [ 1028.245837] unevictable:0 dirty:27 writeback:0 unstable:0 [ 1028.245837] slab_reclaimable:50368 slab_unreclaimable:391620 [ 1028.245837] mapped:63673 shmem:11300 pagetables:73201 bounce:0 [ 1028.245837] free:433335 free_pcp:406 free_cma:0 22:34:39 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="bb86030ea720eb9b4fbde55713a4af02c97d4c9d47c2b82a6acebc920547c837919b28865f899630d428569d9bc610324665460a347cb14ccf9afe67f0f66add256b004f872e0b7e5b"], 0x30}}, 0x0) [ 1028.305293] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1028.400687] overlayfs: invalid redirect () [ 1028.439202] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1028.466483] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1028.468901] Node 1 active_anon:362948kB inactive_anon:27144kB active_file:21008kB inactive_file:106224kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37580kB dirty:208kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 22:34:39 executing program 2: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f00000013c0)={r3}) r5 = socket$kcm(0x10, 0x2, 0x10) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x3c, r6, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'wg1\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}]}, 0x3c}}, 0x0) sendmsg$IPVS_CMD_GET_INFO(r4, &(0x7f00000014c0)={&(0x7f0000001400)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001480)={&(0x7f0000001440)={0x1c, r6, 0x8, 0x70bd25, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfff}]}, 0x1c}}, 0x40041) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) restart_syscall() r7 = socket$caif_seqpacket(0x25, 0x5, 0x0) sendmsg(r7, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000000000)="475b6e62da5f7bec70dbb833129d079f422be9c94640bf51a8a80b41d7e52ffbd7fce3169eea79ae8421a52157d985dc950c0f2243c5c5624d8dd78094b61bb316c7b05a98c3dc7add986927b4b1c00dc6ae8400e2326e900f83945e929464ea396dfe38f44ab39475396880ce40a338b0c1f3d50a3999bb5f8e730ca9b11cfc4472d139c1b0dcdb0e8dc0e48e717591b639dd3496a2a755e73e9cc55b589098be1a973c498c41cb9787200dcd8a31c94eb06e3e564d95c829bceb6eace5f176fb7143d863d2057700485a7da7121001139e25999e15", 0xd6}, {&(0x7f0000000300)="aa1c42672d6ac52dd94b6b96e5ea7c527ff0f0e451f112c76aa37b3c0669890587ce54b37a4cf840d0c429cc7c282d14f2f5e560fc2b958002f39b9e9db7da64eeb4c62ffd6bacff3a29bb34244483f692743a521e3bdb0214d4269f887797ce271d0373d6766d8c946da26eb4c09b36e82a32c6772f5625b610eddfaa24d6212bf878376352bb53f49aff3b61249ca355bdb4fa48dfd38b0386a61591078d51c6601a6b46716b1bf075ffee66f25978a5614f7e91d2d598934ea41557039993ee569ada042e7764a66d3025ec65b3b17d8d5a25f88733957038345e647cb10d40e940f04bd204a5edbbe78a78cca0460028e53ec0b744417ad0a2992ce2a6a5319575bd302d599df3c6964b4dc2038d7de1c0889295630754f9943dc7b168bd691279cc503bfa541115ba54e26d305aa666708a7f43f5930c3f9f6876f3b3310050c3a4ab8edaa34ad0c30725dfe99fdf28adec2119c5ca64358451d4c9d0e16ca99fed8dd75c4c14e21666d74c870476ebb7c3943415dff77ccc00d031658ea827f2c36c4d76b19319eb4d5a9694b2d95f0b153e0294e63cbde140fbb3cc45af96959a2a43b6d06f1924918f408caef7e7b7f4f02306772b12b8c4b3c940e65026f6059945e99c48ede768f1d1e131fd160b4b9a11f526e9a64f63947c743746db20ee89e2c1a193a92d7e12f9f1ea76c1b880938482c699c3c62023332b2fb90dd2965bbcfcb612b391527608f033661523e732c2e3937a275d38f3a3aa422a423d18192a537e9e9042207f9349f0de76e003fd1a89aac34f6b07eaaa96ed461412557bf53e67d7e4a2726deef4fb8b7ef8d5b5ada279c9e46ed967775394bb218fdb56e6469f15cfcb6a3c501b4fd25c8df0dea09ec7f0901e1dcf60520fd2ca9f31108c74e6a421494829fd4557848e88eeef01ce79a52fb7880435fb8366a08e0981eb02ce10f7f205847faa5fb9eae9b4d50545caa495b9ac08270eb3cbfb5b8d6a5eaf9be5cd816d844f00291182ed6d35ef6a9fac36cd928cc8f20c2a754d6e9d5664e9c0e8e1b187311fc9f4fad668ce5d6ec52739bfbe869f4bb84b912cfef2fe9f733b98b12c137dacd190098b646930558f05b7c9e8560f9bdf8a00ef2715aa278900ab4d499ea75427cf846836a04cc0c4b7d2efa79c30a08ada1e672bd502c07766aadae4d48af197162c53d20dbf36b937797ecf5414932591003b29030f4a953f5f30bc9c6b05d1767ca92270baed9b98a90d921ba40e84624b29dd2cd9f5b0dcaae5008affbbf87543551e75062081254389bf3cdd2e46a84832337dcaa519496936dd68eed4daab148cb02346b567039549c6ce5560160859d7768b32525aadbbfb91f9902b849f82bff0c27f3ea618b1ce519eeadea95003465abbaba1feb897842828217acc6c368b8b71323da1a7a129dd655476cf60899400ab842eddde4bca4efe124e43a003851d21f976cb85f45d65f65364fcf8870f25a952cd9e7dec1fbaba374199f5954c8a380ad0102f500fe2c513de9a03f072f11961ed536ee45102a08d1b174b929ffbb058c8593a2ccbfe1800b9aba4e8c2af8f0976496cc9cbf4d74548fa3bb4e76eebe6a2c5bd9d98236046ad2f14b494c24dc4398c2cdbc98c266595ecfb424f26f8b584b80048b2cfab21ed020d8799d014b36df865c7b6f7ae31d8bac4a11ee8e11f436ffdb8429e54bc8390fc3befe29669e6cb37ceff8517e9a43373964ab5162afa42eacbd8caf24b9ffe4f3eb4cf7d3665e2c861faf74fe3426337d9f2355c8924462d7020895d24a4e06cfb400d7674014d9999a7ae5c0fb330b9493e6a05f14fd27298f8d3750dc6193ffb91ef7bd0945b980761e1b5f77c757ee5f5441414f279d54a7eab82ad446c0f4204eae09df491f911019713e5dcd295d958404f8826148d2da2d7a1ec4566a8789092fa50cc03f1eb59de7cc4d14ab4304d2ce0e5997b0036b222047324d3fb2adcfd181270a3700be636cab46d7db37ceb350f0d89f05f1c8266bdc7ef6f0b626e2528b82dea63db2c865a9db8032e615aa6904b6ca571e3960a0c415769ba00ca21f72bb483ce2d74de09598dfa0ca55d609d84047f7444611b29256e077f9c73768f0bdad6edcfcc63caad441441a45d29d69eb88a26512137d47e2aeaac690d6fff02a26eaf644d887731fe4ff4f8ab63532cdb04e3e2607503bd26bc8a90c0c99d574cfc8e6e29f163a191669cfeec536fb977ad0d6758ffcc93a0cd78c43fb0efb612ab115972a7cdfd7ab0a29ace761d1d3f9b3322ee66eb8ab43d5c29da04c57d650560587ca1eaef2fe56a2d95b28b701b51f84f514f32e0c0c9d2c355f67ead8416671ff06c59450c196948b51508e823a0f380edac49a84f716d266e0596fd60f7d4b01e22f3d9de3a01ab5d1f7ef01167172ed9448614485debf110e9af0794d96f3dd76e50543c921ea26eb60899f172206750d424b789a1afa168aa24d611315a3ed18780bf12694acfc26b2c13c4db1f9f9f7884b7b0529cda7571dd43961d52dc49cf68ad38ee8ccb52ee8e4371a026f202a244fbc2fb8ae4db42cc3af712d3e267785fa8f09952d545d7f4979a36c866391b3d039fe1a551ce698ad49b3f0e075ea7e30ef7d7a66afa9c3a14fd401b31e2d0cb71dde6ace2a744ea1e6bd835dad04a769fbb6d869a94e0f61550d89d582cf2aeb0096ee1fb1c118320ccb45959310646af553fafc7076a0b71275961e5cb731a9eb21b5b6d3396b2fc791cb1f5170192267be44ac567bd8dbc12ee247787bf0f394086b2923d576f4af40353700d5508585ffc8d391df1cf4882940f215fdce1742737bdfba086c9793d617d079d1b8992343c1e9ad678b7adc6704ddca48f4e6f2f1ecbb9f4eb245afe27b64b26f9163dbadfb3f68106bc4ae90701e8e75511c017f3ee57ed491a43c63fcd9bd00cfcd2f5cfa0e74478c7d1b96c5635fd919ecdaf7036c64cd4e3cf6e870695c903c98118e186027ba407425fc2912f3e33250df9a341b4d9fa9edd82ada468ba5a02cac1d2df5746fb71c5234eba9550d4079d5b46fd476431374212de46c74a8f934016a66dcd4e8bcbfacdd91bb159fd9ae77cce03ef78f7201e1c38b3d48d9970944e54b629e350b3f298ad3fa05c028c4764d70e25ca2d3af2c27247a11972af3e1faab34845c9c78a9ced52a5bf3f36c92231c0e2309c9e535feab4008db922ee8e917f7310a96eec1930e26bb3e7c3d903a2638c9f6d7517a59b206bff98682daa31c928d873dc35c215569090ac0e5e9aa6d0c4e0300d50245845d95637aa4d5336965c0df5e20bb5e7a61e70f5c38574a5710992684fd80313aa28bd7d50b036f93ff93279e8a7aa8d27a60e4ebb7ad4b4bbfc7458e89e5fb19edaffa7e15dfc856f93a2683d0f7da99fa60bff56c4c54cb6bb9a123668d8f630220eaf7cf836ae1b431e58c9d279db447fe387933222bbf73b37d860673adce07a593d0b91be2338fe8bb30b1e5e376a96a4580a4e7afa375e6ece6e1fcacd8710ebd3a148b5ea71a305c0438bca5fcb7393c822b8ad00a5d059c8ea943ef54783ab06ef8b08d1f9c84d3b0dc6adc1d08074a857d40aeafeb209c3a6e809cb26f96d460e3ebe4e68cb492c2a8806ca12a82b0ed2a8b35dc3078047bdd139168563e699056d5b28dfeeb6af7990e53479a5b538acd284113136e2d76f206d32ee4439fa88f7c2923f47824916154850f04fb70ced80cf02b234e456d3e6ce60d94da0248b765988ab3c0230a3d1a5619985301067f850ebdd5cdcbcab044f4a456fb307d14c946634fa3461e4efd42f2c2eb3ac7d2c686d7467180127375a80710e83ac09ab14a8be72df3f1abf29cc0c1ead7e4b0535ffd812f829908ecb03a025f1a723cc205a527d5ae094926d8563d7e4f370fd8eb332d6d43d035569102715032608395e1acef35c25c3b86d5aa6a08145ed6c590cc071bf6e5929ff61955d19e43ca629c014e203bcb53e95486c82fcf98d7216cc7332f8841fecfb4d6b2b1ada4cf15367a508d148d25abe8cbb45a31c62279f1c0b0f8a5403d97b9935075ed7263b63048441e051c389514f9da22cfdd38b9a251edeb5f861bcb069bbefe81f3997b1992a8ba7c08c95fc24f169faae83261d2a4c8b6d1081c829eb3af0bdda5dbb2ee647ea52bfc760ecf668b565768c46f10570c663833ae7037f57e9ab045db326a766a7e101a8d1c481267f5c3f26dd60cfa432cbc8dd7a71c7a70bc68edc478ba4937a7b36380d386aaaab24476be818d715ec9090486c899ea7718761eba7abaaf6502e9e0f7c31ae900a9d96592bf5565505ccbc8cfe944dd400de8cd7ac90920a4b25cb8cb86169f73ab62432b7a1601f83b172db7f0c1d5857559d42425d886f79f33b0fe94cc6c0fef33d93f9f1f838ffd1bcdc114f0510664c92a86bf898e4584b971bb19a4b1aa9afb6ab302562b68d05863acc5577480ae83b3c91da02f0670bdf806786c311e7fdbac8edf475a1abd26492c6ab8288d703ff1cde4efd18033be7a167fca390ef286aace2cc601d2ac1c1df3493db3ba2b0ed6e4ed8304df20f7a988338f3cf0ef599842cb5d9db4afdb4e877329dcfc6a4e8b580660b0ca7636e9983db0b4dd71b2e872d3268006f37263a88587dda5db2f693004f4cd2494e75801c9bb5cc5b1d048d541420120f5255d569fca2bc13b7a6426dd3b3c83545e67cb5caa06c827f29920dac68a50274b55a57bb028fe9e1d9f05311f3de79634504490570f53d4ac69bd1f58f5e44b6f69179fa73dcc324fc76f213c0ec94259474496bf6a691ac39fe0277b90aa3c6a5c11a122fa9348eeb5cd4f13944b94abac5cf15c1fa440475ad525e4e34e8ec2acb7cb4f1ef2cc14aab1b549a7e72f3a5bf505266c72bf36527bbfa590da2583ec01c0131abefc74fa50fe751a1fd7c854a3084317d679f83790873f60f02ea703649ecf4e2b72e2f3036c5e064830b8a4ae49c2307c975270ed3aab3977ab7e537c36e15fb0bb179e9b6147a53522ffe87277ec13240d33e3c8405bf1336cd895d839bf39f78607ab8b3fc7ac7f310fb279aea23221953dd84a23d78e693fd2261ee7d71ac33115b711db13fe22038adc392c266adb4304dc1092a27e06f0aabb18de7ace17c9e366d467bece08ce2c573c3278b7d795a7e286c4869c6b850b192099740f6841d83e68e9481042f6f535d22840a6a5f58c1a2fd3511bdf62b263ad1ed6e1850e246b80bdbcec72724fc14174275efe36955449d148c9a4f2fcfb60e5662cd13bd9bd01f54deb2583a73ef5a671bdb5aa5727fca719ddea784b6529fa8cc3c66a2dc15540a645e1ae16bd8bc0cfedbe072f71c25ab678b36e89d50f56624fb0ac992065dd0c2b6d261584c3366fe0524755e5cb61632a415140e331b02b963e22d428d15b552b122b0650c96776b029411e5a76e8cd7c4c5a8f9725a38b9eac601085eeaae4a1f4a0297a53cf9cb48c8619889a485b2af194673351b0f9dc360aac44d1056fc712fe58ac84d42b408ff812b8a81678efb32e2b82e6f65e49f341f9decfb20119f0b9fcd665caa04c275aeb09092f6398379e5c9ab192413f34c384914b4f1148a203b306f3f42e2ab62167d18ad9b39137d1eb6750e8a1f3914e0e047575d0020bfe4a3192205fcf3794dbc9e48d85e8279fdfb8d028a114f694602477104b657296149866761a21140dc502e74a23f4d4b45ace78daefc2a9d2a1e1270c029da7fdca7eea25c2e50ee70f14d00b6dd", 0x1000}, {&(0x7f0000000100)="21744e6512eecc731a6e4307b830209a5f", 0x11}, {&(0x7f0000000140)="7f210366a74a000cc5549c93e7aff88a5a2231c3421b6d4ef05ad04ff2dd0f7e3f835fee10db089d46c4d630395a1452f5d6fa414a4f9e1ed805de18ce9ab4dd42dd979fe74853d069333eb8", 0x4c}, {&(0x7f00000001c0)="40e12c687a39df86fb2e810c2d0a52199387fef212a440297306a49c2d00bbe3ce5637d3d120cd42d1d95abc27a85c6d7fd2c72399fa523fdcd18394ccedbd57ec235e499883c493997bc6f54391799d9a08989492084c90c123b9717076adb062fc8111", 0x64}], 0x5, &(0x7f0000000240)=[{0x20, 0x102, 0x2, "f470a82ae9ff7c82c1ac834f"}], 0x20}, 0x40001) [ 1028.539011] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1028.615051] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1028.627673] Node 0 DMA32 free:27472kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:248kB local_pcp:144kB free_cma:0kB [ 1028.651728] Cannot find add_set index 0 as target [ 1028.666406] lowmem_reserve[]: 0 0 0 0 0 [ 1028.675141] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1028.712398] IPVS: Unknown mcast interface: wg1 [ 1028.718152] lowmem_reserve[]: 0 0 0 0 0 [ 1028.732570] Node 1 Normal free:1694116kB min:53592kB low:66988kB high:80384kB active_anon:362948kB inactive_anon:27144kB active_file:21008kB inactive_file:106224kB unevictable:0kB writepending:160kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:127616kB pagetables:237560kB bounce:0kB free_pcp:828kB local_pcp:352kB free_cma:0kB [ 1028.775292] lowmem_reserve[]: 0 0 0 0 0 [ 1028.784948] Cannot find add_set index 0 as target [ 1028.786272] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1028.823003] Node 0 DMA32: 384*4kB (ME) 249*8kB (ME) 356*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27432kB [ 1028.850209] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1028.866408] Node 1 Normal: 28*4kB (UME) 149*8kB (UME) 9*16kB (UME) 5*32kB (U) 3*64kB (U) 6*128kB (UM) 6*256kB (UME) 2*512kB (U) 1*1024kB (M) 3*2048kB (UME) 411*4096kB (M) = 1695752kB [ 1028.890571] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1028.903796] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1028.915253] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1028.929924] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1028.939129] 25463 total pagecache pages [ 1028.953177] 0 pages in swap cache [ 1028.958440] Swap cache stats: add 0, delete 0, find 0/0 [ 1028.965629] Free swap = 0kB [ 1028.968957] Total swap = 0kB 22:34:40 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', 0x0, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:34:40 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) pwrite64(r2, &(0x7f0000000280)="739e8176eab72464e733203eb1f95d156174c0bf9bdee6e5ed45a6376573499b8fe3d3e5c5f1a365ba22398abbaaf5667e016511e087ea40bbff9b0937f15222ac7321edb53defa23bbd22fe38d05372e266837847965592abde2956171add2c0b7c7bb6795275a14d61809b39305322b08f78301ed539ab7725426097a95ad01e4b130dfe99d9730759fb29d6d2334f0e04526bc36632c9ecaf908cf946e38148cd2cc68645dc41bb49cddb8cf691ce02e815466406d7c596f24842c9ebeffba5d7e080bd3033280c971898a41748c6261e0068ac98f068cc084a447377329be91870e6d15c7461b569f13f7fd6d2474f83ee14d63bd940a608b15caba0d52bb26ed3291e874c4702ca14b4864c88ddb10116351057a11fc8a5f2c63eb47d2b92d499dd4923a21f48bf472e098fbe1954264a190876c80b1d4f73c89184facacb97c7a9f713422307fb032324680631c9677919df4820d80ddd8614886c5f4d5b22a18052151d6bb5ccd5c6f2670c24d2fa3617dafc67c95f5c716b0b2ec39a2758f8fd106aadefa84ad07099241fb5315c616695c000b6ceee9eaaef5120df90015ead03cb876e16898698c6de1534b19efd1ee3ed5d9620b1b7c27ae58055dbcb1673e098acfe50b6420252d8eb6303e6afa60912bf4beeb333c4432329baa481f450167623a6c1154677fd40ba9ee6debd8315b51131b87a36c4b309d12c385f552712a58083640045685c9d5caa3e4c9656216cb16286b95975f7667be50ea0e960a39ba515598ea62f3aa897a7c22927963249d30531a34cf46f9ffdeaba5a677bb03a35dbbfe231f201ee447e738f09e80558fc40c1840822e14ac179cf4bdd63d004ac070b2e1b370de682c1c21ce23d5f39fb0ab15b043b393b029b07a6dffc097d6221ec99e62c150195429b8c69d884fbab69ef43540862ec46cc29524917a385633b73f1edd77a43c402461379a544595e324d3fdf9db2a30a21b02c557670588faaf7a04cf0f2ce0730e454fc3549194324239317daacaca80aaf16f4ae40e285c6a4e9dc0a96777237bff6ecb7b648400f5551a140bde0c1026c12a543c8f2f7cc7b8556c3ba44d8d3144ea6ba2dea6b1675ac430f544b9902811fcd53865595bef99f52fd8d402ca2030e0996f89404721ea4d319a76c4381bf3310f9f3a6aa896f23e3cbca42e74c6ea96e3db7897bdce3713fdd92d61af7ec47b92870529ffe0bd5388f6e6927737be681eeba712374acfef459eb8b1114965bf92c60015843c9f8890ecaf75557c252bfe773d1897f705f6278b110cb60d9633560ecc71eb264f3667970681e1033a26b2960c35d7118f9057543da912025e794cbba61c513ff2206d105bfc7dd1be7443073d821ef07690b581fb6682e88dc510d9ff609eb6ff403b0fecb62da66107c8a6e409854b44393cc5cb75703381da3ef833eb65698dcea681ed31572a1693188312688177d3247d1a93b99b39f2bc28652dae8bccdb8af95e73fae9ce931c5d66645a083712d639521b7fad123f75f1f0c1c3ac587651bd059620b295f7cb626ae05d86304a6e796d59c6e1fabc4d081e3380ddfdd29d99b7bef805844839dda9521b425b8654b30f5e94f36146546258960867d03532e2f028333d43ebef22b7534078ae716ecf9aec7e20fb129ce6f22a9ac4862a2516366f58f3fefe34c3bb9e808df376c1548c332e2ee5c11063b2d0ccb699f3431135cc69b533c0825f304b66c766f035e3f0c085bcf83fae44daed5f90e89ed952159b4f803bbf2b5d6084a5ff92fc3fc669d45978b2cb028200fd27c0c45a11a0e1020ba9d16b1c2e849e270039678799d0b28f4c69ef7e0a2e0c1d17fb8ca233a9fb16b7d079c600ba096ff0c50e4925b42904a5eb3dddf05b9ec0b456d4e38fa0d94eeb9c80faf16674d2b901729a5d9b11b64773c05c07f18a6d154e85b69a2daad70836e517efe6b4f4f828c20392ee615f2027711d7242f2adfadc40a62d970228c53441dfb3eb98ed3a521d66dd69b4504f2074fb8e6d220be76aecae2b73b951451b91f6785f99e8590baa180e43a80ec7c87a90bbc8d58e714b570fc84b2eaa55ed4ddffc1ad51817867948d1d9f6edb32af353485f55df9356ef9122837625f1e2143e2571e38556a6deb6546312515d266f153a29d27fdc4ec963c6dcebb55cb2d98d988e36c4395064b175ee8a141e085ab7d7d490ef670269d497f5dd30510ade228537a02b1d9e9c42243f108e0f45a59a9ff01aa826e0054959127a46ab06f30674e465240c088011b94b2649727d66cff32541ea4c46c0291c3adc68d05e06d8df2a6a0be4f87302d13de746010ae30d8d0d9540c1c3a3bb6216d95b1db343de83e69d0ae51db289f83906bf3af4ba43c085af3535a0a3da6c738a66f646fbe7666ebab83c31c9660b754aab5c01589a04bbe067d62ba933cfbd3bbd930ff2483a1dd417e9f7901a0f16e0121bac31a02892234ce84cb96c38fa0d24219f0a261a9bafce8e14c5bf3c0f019711047efb30400cb81b80dbf4fcc3cc06405b5b22c0c8ba607343102deff9fb1a9b2dc34d40795afd6e3c9375e732483f57de8aa9e8233b584657484dc5687b9a3890a9130d62974103ac67ee67bf8ea0b9be7102fb24961a3b131fdba33d6bf30976197507721c35e8662a30f2bb46d02aed999544815c5223b3ce69f9ceca28c2cfcc10f6db378207619ab6bccc44af268ad0e3b7867d8615c01cd97f8b2b8f365b91442a12a75151ca01323ad177f24bcbffabaa45586846b84af1758e29c1dac69303e8f0dbdff6c1e86393b64c52e241293880c9a0d890a83f4c12310c6be5042d748b3cbbdef43a9dbdb1114fa5565d7be58bc17f5d9ef5b396c5ed5a5c44a69a88833c9787397ab2e132f56046a2b2faf75aca2865c3b598da38a4d293debaec16fba6572babca42d8690ea450f7e8fdcf5815816273d775754fde2ffb6a5b31c3094e02debf35f86ad14b8e6d7c4ccede94f0f7edf7e262cc518a10dbd728c3ab2cdda472590476e6a88ef2c8a5e303a2034e4645864d17901f7cdf54d885957169d560b3549d88665fd70f2b23a0f24158a706551093b3cee5cd4a43e4cc1560e3d23e94661b0975ebf9d1d696295216389f36b359e1dbba7d611afa6fb28bf2d0ec3f94af06d1573c41e70a2fe1af622e530cb0c879c4b9a17b0c5d6dc54ea646160a629c34639152fb8c2a1f28e2a15b2847a0fca6b495f6b7c08a9a00a13c6b3b06b4fe32c0201a405450a3409df0f74df4c3c8f2d0ce568d90cc580b4d0fa33b320e916cf96887746265a3c1032624cfbe31134be451ef4920bffd398926517b5269af3d33be7f5cf2419a74714c5ea90c90e374f52479d2d2af71fb47ff1ea1b9037ec3d76f902d905137225b9473d73e17b5793256e093a98de67920441b5e3ba48229c2fed257bc2733632f8d94953db71aaceb5ddedb6137cbdcc3ffb3efe809f188821b8e647e040265cf009589fc79a785e6aca347ecdb5caf9e698844d51f198412de75c43145d80947c0742d4e63587d70db26067ab9d9ec02964d65d5042263208185e61a22d83eb9063cb39c1032b90de32c8e8ab275a07d1cb40279997afde8ff677eba1c4689ac4b81c3934d6d393445ae44022f17364486e1d31deb85b166648492d0730d7133ddc95413c2a6d0b91b9993d04779c1459e52e0aeb26bb10995733efe771d691f04e7d0c8f16f62d409abd9a946f8250d0488f630360ba6562819da2985527ce2a2c947077cc9179e100462b16f1c1349473acaf2e9e1f8419b6584f49166e4387869acb0bf8c079f12dd02532682752628cba773fced0307bc996d48dd848aab58f0abddeffc6454e3959f40453cd600ebde39fc557e1e6c9f3b961092be504191a7ce9a6b6c3124225b452919cb6d7aa1a5e4d092f0d0e3d0a225319e5acc3d5b4d43cae5a7e632065ed03a0eeefd9f9cd86b47f23b3c2ef9dcfe5510dbd7c6a5abeab5d37b46b85650826929cec28c7d37b16842443e907087954e2210b6a872d9ee93e6655a7b07df80f04e484c2779e3d3c6a0071a720c0715cdff705c72a0b69a919b692047005d33b98877bea58a4fee85c7343f82ee49f02a5c97962604528dca0938ec64acb5aa967180af7c95edfb55a8e9b270259476d865302f497e16f8fc0625c65a30e48644e1daf01a99f3cc166feccfb61e6fdf43ed9af3c184d1c8385761e237719f7c1cbac8cc89c9faa9bf5ca3d3c3e50135f07777986a74b31c41a1cea0754d22d524071bde946cffe3631c853f3ff68a077c5c7ceafb1f46d39beb3fdc3eb2ac035cfd7b2ecbf14b355dbc7e39f1b07acce44c64bdfe3526c4d4ff7821e8d241c9c9a1b07a414eea8109df579e252e2a91c841230682f0aa7624b0bfb509b676f24f281e135cf5e8aef2b65985dbf0edf9b3c87cf142643d8ff3f96914fd9e9a81d843afed6926a330340c99422fbe7f075ff012240a375dd33bf300687531225c2f4182ec1d17d760795fba9f40f94f962d93f2c47d45f9f1ce0c7992ce19c974be422675bdac5eb5bb57c73f6bcd6fd30d625aea05027abcbd75c2b0c951e819264c1298084a7b120e43fdc80a415bb8f16f37bb6f43110216786441e3d847b2950c9ab0efa53fb5f623aa004bdad227769afb44570e19a092ef1424420cf8dd3dfed1a313b6b6bac088fe4788c82ff4e0e1882677cc9d29155a20c31d975fbb02211275a9dc6f132a531de4b11468525c7802020bf91d84ec76107bb0707343ab93beada838e57b091591a385bbebb890a9f45b7eaa49a394aa9c8b9c2ad127f892c61c9e2adf75822f35880eda9cffa2a42b669315116903bf5341a87030e8311eb29ea131f8b6257031a0e90cc6707e30083b6ee7066b56deaa2597208a4fd465d01a3e6119b0a1d516ebaed53f87643eaea9167446f05114880e3fb901196b8511007444f0f083e1b555af03421265bde2389c5ad8451b37206274cffbe23a821ea4415d4e66baf03ad467884f2017c53bd43ef69e3bcc2bfa044120612719418b05ee4aca20008faeda32b1ec4cbac8f29327f58eff12326b25c928343cafa9ae01e072665c75b92df4a82ecd403289b97cea5ce8b0c4e9038331e3f99c697856967efbdc709161a540723a87ffa0288ea9bcff1c816648f1c06631bf48a61bc8b04cb9dfa76012e49e4c06f7c5645d50b441b4efb464fa411e5a40946691531e6cb58d961b486b4d787fc31209295415459f4ba81d66d5354b67600f15989c53652147960921a0548626851a3e085167228e6be10dba0aea148a396707db142c17cfc9a47afcea56a7ccaec051198da91b37c2282cf3945a2a86c15f7163f8a9ff4063cb4194c5d6716bc45629863d469bea3b4f1c632482f8fe30fd0d724e3ae9809dbc4993835b55c1a1036e89643b8008590777a5d340782c2acb0298cd50fadda3078d431ffa757724e135abe7551d4501848cc4d9fb11dcffd1625ccd4a99122a12eed47ef95f6e040b703754bcad9488ac7f6fb585f75d7b07b5fe71cba25073a9dd0a54908a988626a02a2e32408ce9e2f4f180d602359bc209e676c2fa90b0c80a0782ef0222c2a2f0de93652a55c302828168d70de8f306cd9cd801cd7e74c6b1230888caf743189fbf9ce7d21f7afb3aa3ce3bf0b107bd02d0de6df54d5de1632cef82f8ef172909bbf67abf3cd132b83a502c0f27fd96f16fdc1c5a5d20884d9d253533274d41ddb17c3408e656df12104efb7d91e6042a8f66578", 0x1000, 0x80000001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:34:40 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000080)='\x00', &(0x7f0000000180)='trusted.overlay.opaque\x00', &(0x7f0000000200)='y\x00', 0x2, 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="6c6f77262e37eac8978471b065726469723d2e2f6275732c776fff6b6469723d2e757070657264693d39fe351ead6f33916fc20112b192ae46ea88be9f0af81e70c148219b0462933c6757e9c7f42122383a9f2d6ddb211a60474b3cff0b17b9cb2f4ce76ca517696c32127db4547349e6b021bf2b47a1d8d8bee0b300000000000000"]) rmdir(&(0x7f00000000c0)='./bus/file0\x00') r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000300)='/dev/input/mice\x00', 0x202000) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000440)={0xc, @output={0x1000, 0x0, {0x5927, 0x1}, 0x7, 0xfffff000}}) 22:34:40 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r6 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r7 = dup(r6) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r7, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$DRM_IOCTL_RM_MAP(r7, 0x4028641b, &(0x7f0000000280)={&(0x7f0000ff9000/0x4000)=nil, 0x10000, 0x2, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3}) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffe1ff818de82b13686673630000000008000200000000ada6025f0c7661b18c3bd1147780a31a693a93b42c647dfbfe80e65afce9fee2c91468d85ef8ee4289a004edd3f2b9866858e78fd66eb82d625faa4ba4ced7c55a1cc1fd84439bef8583330b5d3e766f58219f63e02e566f66f1ab53f560f1b7f02a5f84b98392d18b8ad98d0803321fcc8ad1119eac5d0718b1bdce55b8f65393c40f2ce33532374a86aced703e63dd0865e9b07774157218e8e04c313091b26bd552fede170f0b40c7d0a9a656cd3885789a142d6924ad8c19bcb94d8691470cfc72e5057673a57303fe407691941c89b7a67cae0c94c0636a48d022ed"], 0x38}}, 0x200400a3) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a80)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xf}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11, r5}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r8 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) getsockopt$inet_mreqn(r8, 0x0, 0x23, &(0x7f0000000040)={@remote, @remote}, &(0x7f00000000c0)=0xc) 22:34:40 executing program 2: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x80043, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000280)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x12c, r1, 0x800, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0xe, 0x26}}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast2}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'rr\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}]}, @IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_DEST={0x74, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x8}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@remote}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@remote}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@empty}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7670}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@private=0xa010100}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xb3e7}]}, @IPVS_CMD_ATTR_SERVICE={0x28, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'rr\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x24, 0x15}}]}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfffeffff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}]}, 0x12c}, 0x1, 0x0, 0x0, 0x4044000}, 0x40000e0) [ 1028.978132] 1965979 pages RAM [ 1028.982595] 0 pages HighMem/MovableOnly [ 1028.986879] 338456 pages reserved [ 1028.996600] 0 pages cma reserved 22:34:40 executing program 2: syz_extract_tcp_res(&(0x7f0000000080)={0x41424344, 0x41424344}, 0x10001, 0x10001) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, r0, r1, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7ff}}}}}}}, 0x0) [ 1029.109143] overlayfs: unrecognized mount option "low&.7êÈ—„q°erdir=./bus" or missing value [ 1029.128040] Cannot find add_set index 0 as target [ 1029.198315] overlayfs: unrecognized mount option "low&.7êÈ—„q°erdir=./bus" or missing value 22:34:40 executing program 2: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000240)=0x1, 0x4) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="2000000011000000000000000000000010000000", @ANYRES32=r2, @ANYBLOB="0007000004000500db50308bc1c3e6deba6957474adb0329f78b1545efdedfc3260ec8bb45f4b56f2b869d5be8b495877757b2ede207bc44eb9f8b2c776060c482681a753ee278404e7f2ac45cf8ceb280a58256ebe2b8a8777d5390ecdab2eff088cf50a511428d8010d1c86b45f59bb5267b249fb7d6ecb8876cf6aad095ef7f52b3cfb18249a8855338c001294ba79e81a0bfbb7438ac0f6a72568058deff73427b2710cff3e9083aef52c3e6e4f3947622608d1fd62a746245b11d894c227a9d806c8dc126075ea5e168d12a8ca2cb747109fc2d4f664155928f7569e22cc2cc380b3d1a2df60bcb710f67c0f4cabd656a605f3cf57fe89f7cb78dc2fffefe404cd2bb31980616582ba3a31a9135b12905ce28af4c628d5eda661f0000000000000000"], 0x20}}, 0x0) sendmsg$nfc_llcp(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x27, 0x1, 0x2, 0x6, 0x5, 0x8, "b2141295c0c1f7f5a68a8daca23a72ea57347837af2440bd849ad0916b91122e02d4a00a67d28850aa8b3b4b3caa9f9901bc0ed06c6c7da10b7b5f1cc235ee", 0x28}, 0x60, &(0x7f0000000100)=[{&(0x7f00000000c0)="085aa4537b100f57fc", 0x9}], 0x1, 0x0, 0x0, 0x48880}, 0x20040004) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f00000001c0)) setsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f0000000000)=0x100, 0x4) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$sock_ifreq(r3, 0x891c, &(0x7f0000000480)={'veth0_to_bridge\x00', @ifru_settings={0x20, 0x6, @fr_pvc_info=&(0x7f0000000440)={0x0, 'veth0_to_hsr\x00'}}}) 22:34:40 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', 0x0, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:34:40 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x210000, 0x0) accept4$llc(r0, &(0x7f00000003c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000200)=0xffffffffffffffe2, 0x100800) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)={r3}) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000380), 0x4) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r6, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000000c0)={r6, 0x4, 0xffff}, &(0x7f0000000300)=0x8) mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) [ 1029.497052] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1029.523807] Cannot find add_set index 0 as target [ 1029.556415] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1029.594190] CPU: 1 PID: 11205 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 1029.602272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1029.611782] Call Trace: [ 1029.614400] dump_stack+0x1b2/0x283 [ 1029.618086] warn_alloc.cold+0x96/0x1af [ 1029.622431] ? zone_watermark_ok_safe+0x250/0x250 [ 1029.627303] ? wait_for_completion_io+0x10/0x10 [ 1029.632209] __alloc_pages_nodemask+0x2129/0x2730 [ 1029.637446] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1029.642993] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1029.650039] ? HARDIRQ_verbose+0x10/0x10 [ 1029.654388] ? do_raw_spin_unlock+0x164/0x250 [ 1029.658994] alloc_pages_current+0xe7/0x1e0 [ 1029.663515] kvm_mmu_create+0xd1/0x1c0 [ 1029.669204] kvm_arch_vcpu_init+0x282/0x890 [ 1029.673673] ? alloc_pages_current+0xef/0x1e0 [ 1029.678537] kvm_vcpu_init+0x26d/0x360 [ 1029.682454] vmx_create_vcpu+0xf5/0x2950 [ 1029.686796] ? __mutex_unlock_slowpath+0x75/0x780 [ 1029.691994] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1029.697513] ? alloc_loaded_vmcs+0x240/0x240 [ 1029.702287] kvm_vm_ioctl+0x4ae/0x1430 [ 1029.707268] ? __lock_acquire+0x655/0x42a0 [ 1029.711634] ? kvm_vcpu_release+0xa0/0xa0 [ 1029.715985] ? trace_hardirqs_on+0x10/0x10 [ 1029.720251] ? check_preemption_disabled+0x35/0x240 [ 1029.725324] ? trace_hardirqs_on+0x10/0x10 [ 1029.729668] ? check_preemption_disabled+0x35/0x240 [ 1029.734739] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1029.739704] ? HARDIRQ_verbose+0x10/0x10 [ 1029.743789] ? kvm_vcpu_release+0xa0/0xa0 [ 1029.748183] do_vfs_ioctl+0x75a/0xfe0 [ 1029.748530] syz-executor.4: [ 1029.752012] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1029.752023] ? ioctl_preallocate+0x1a0/0x1a0 [ 1029.752044] ? security_file_ioctl+0x76/0xb0 [ 1029.752056] ? security_file_ioctl+0x83/0xb0 [ 1029.752065] SyS_ioctl+0x7f/0xb0 [ 1029.752072] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1029.752086] do_syscall_64+0x1d5/0x640 [ 1029.752104] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1029.752114] RIP: 0033:0x45ca69 [ 1029.752122] RSP: 002b:00007f60e94a6c78 EFLAGS: 00000246 [ 1029.778210] page allocation failure: order:0 [ 1029.781591] ORIG_RAX: 0000000000000010 [ 1029.781598] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1029.781603] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1029.781607] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1029.781612] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1029.781617] R13: 000000000000039c R14: 00000000004c637a R15: 00007f60e94a76d4 [ 1029.854708] Cannot find add_set index 0 as target [ 1029.876006] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. 22:34:41 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x3) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:34:41 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000170000142c00fe800000000000000000004800000000fe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB], 0x0) 22:34:41 executing program 3: semget(0x2, 0x2, 0x40) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f0000000000)={0x10, 0x0, 0xfff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$ttys(0xc, 0x2, 0x0) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000140)='mptcp_pm\x00') sendmsg$MPTCP_PM_CMD_GET_ADDR(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x3c, r4, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x519e1b498eec238d}, 0x4) r5 = dup(r3) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10}}, 0x20}}, 0x0) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r7) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001340)={{{@in6=@remote, @in=@rand_addr=0x64010100, 0x4e22, 0xee9c, 0x4e21, 0x0, 0x2, 0x80, 0x0, 0x0, 0x0, r7}, {0xffffffffffffffff, 0x72f, 0x1, 0x8, 0x240000000, 0x8, 0x3f, 0x9}, {0x664, 0x6, 0x8, 0x7}, 0x400, 0x0, 0x1, 0x1, 0x0, 0x3}, {{@in6=@empty, 0x9, 0x33}, 0x2, @in6=@mcast2, 0x3506, 0x0, 0x0, 0x7, 0x800, 0xfffff3c7, 0x4}}, 0xe8) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) ioctl$GIO_FONT(0xffffffffffffffff, 0x4b60, &(0x7f0000000340)=""/4096) 22:34:41 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000000)=0xa8ee, 0x4) [ 1030.071731] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1030.094398] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1030.115744] CPU: 0 PID: 11245 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1030.123804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1030.133836] Call Trace: [ 1030.136423] dump_stack+0x1b2/0x283 [ 1030.140393] warn_alloc.cold+0x96/0x1af [ 1030.144352] ? zone_watermark_ok_safe+0x250/0x250 [ 1030.150515] ? wait_for_completion_io+0x10/0x10 [ 1030.155465] __alloc_pages_nodemask+0x2129/0x2730 [ 1030.160410] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1030.166039] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1030.171110] ? HARDIRQ_verbose+0x10/0x10 [ 1030.175268] ? do_raw_spin_unlock+0x164/0x250 [ 1030.179788] alloc_pages_current+0xe7/0x1e0 [ 1030.184097] kvm_mmu_create+0xd1/0x1c0 [ 1030.187971] kvm_arch_vcpu_init+0x282/0x890 [ 1030.192288] ? alloc_pages_current+0xef/0x1e0 [ 1030.196773] kvm_vcpu_init+0x26d/0x360 [ 1030.200719] vmx_create_vcpu+0xf5/0x2950 [ 1030.204888] ? __mutex_unlock_slowpath+0x75/0x780 [ 1030.209949] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1030.215115] ? alloc_loaded_vmcs+0x240/0x240 [ 1030.219677] kvm_vm_ioctl+0x4ae/0x1430 [ 1030.223596] ? __lock_acquire+0x655/0x42a0 [ 1030.227984] ? kvm_vcpu_release+0xa0/0xa0 [ 1030.232591] ? trace_hardirqs_on+0x10/0x10 [ 1030.236874] ? check_preemption_disabled+0x35/0x240 [ 1030.241960] ? trace_hardirqs_on+0x10/0x10 [ 1030.246203] ? check_preemption_disabled+0x35/0x240 [ 1030.251421] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1030.256618] ? HARDIRQ_verbose+0x10/0x10 [ 1030.260667] ? kvm_vcpu_release+0xa0/0xa0 [ 1030.264810] do_vfs_ioctl+0x75a/0xfe0 [ 1030.268820] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1030.274533] ? ioctl_preallocate+0x1a0/0x1a0 [ 1030.279373] ? security_file_ioctl+0x76/0xb0 [ 1030.283967] ? security_file_ioctl+0x83/0xb0 [ 1030.288944] SyS_ioctl+0x7f/0xb0 [ 1030.293019] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1030.297540] do_syscall_64+0x1d5/0x640 [ 1030.301430] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1030.306611] RIP: 0033:0x45ca69 [ 1030.309795] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1030.317516] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1030.324862] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1030.332313] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1030.339612] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1030.346890] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1030.354575] Mem-Info: [ 1030.357358] active_anon:437019 inactive_anon:11114 isolated_anon:0 [ 1030.357358] active_file:5261 inactive_file:26568 isolated_file:0 [ 1030.357358] unevictable:0 dirty:29 writeback:0 unstable:0 [ 1030.357358] slab_reclaimable:50464 slab_unreclaimable:391956 [ 1030.357358] mapped:63658 shmem:11300 pagetables:73364 bounce:0 [ 1030.357358] free:432558 free_pcp:187 free_cma:0 [ 1030.404008] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1030.436607] Node 1 active_anon:363668kB inactive_anon:27144kB active_file:21024kB inactive_file:106272kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37520kB dirty:216kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1030.466969] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1030.503212] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1030.540386] Node 0 DMA32 free:27400kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:232kB local_pcp:136kB free_cma:0kB [ 1030.571568] lowmem_reserve[]: 0 0 0 0 0 [ 1030.576045] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1030.603840] lowmem_reserve[]: 0 0 0 0 0 [ 1030.610264] Node 1 Normal free:1692504kB min:53592kB low:66988kB high:80384kB active_anon:363656kB inactive_anon:27144kB active_file:21028kB inactive_file:106284kB unevictable:0kB writepending:116kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:127808kB pagetables:238096kB bounce:0kB free_pcp:688kB local_pcp:264kB free_cma:0kB [ 1030.641435] lowmem_reserve[]: 0 0 0 0 0 [ 1030.645777] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1030.663526] Node 0 DMA32: 384*4kB [ 1030.664816] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1030.681844] (ME) 249*8kB (ME) 354*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27400kB [ 1030.697704] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1030.710721] Node 1 Normal: 20*4kB (UM) 3*8kB (UM) 2*16kB (ME) 7*32kB (U) 3*64kB (UME) 20*128kB (U) 4*256kB (U) 2*512kB (UM) 1*1024kB (U) 3*2048kB (UME) 410*4096kB (M) = 1691688kB [ 1030.729765] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 22:34:42 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000170000142c00fe800000000000000000004800000000fe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50000000907897e20c0af5c5f87cc7e2c8b67aac9268980527950a8ed70822bcaf9584dfd21a1ce4784f09a3499a9e8bc17a08a0f76d06f078cbdee7775a604967318a6311282c84998f741d7100ff446ce3fc8296a3c932518e8eb8f44a0f710ef187a8efe626a262573156e9a46f57ec5ec9ac4e51493c8ae2d88d8cb27c577a622e0dd7e22339022d367906e2fe9fc1d9195da22f815148fd03f0858cd360068213efb088bb22fa33fa69b81d120153b5a1a767415e0a56f8a6f310d24f25cb564f8a07fae0e65ac326a21d3f9eeb5776cdbef49331c76160ca2f8d006921110c7de0ef3abce8d1db45df53d11dd62157c11a65bed0d4c40ec4d8db4ff133ec48bf869624eae243a897ddd0415e0197ec00733fc6863a5f3876000000832ff8933bb237d6b76a9bbfaf5f65978663159c94142aaddf6a63b36bdf10f787819405da"], 0x0) 22:34:42 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x4, &(0x7f0000000240)=@framed={{}, [@alu={0x8000000201a7fe3, 0x0, 0x7, 0x61, 0x0, 0x43}]}, &(0x7f0000000000)='GPL\x00', 0x5, 0x3e2, &(0x7f00001a7f05)=""/251}, 0x34) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000080)={r0, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r1}, 0xc) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000001c0)={0xe4, r1}, 0x8) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x1, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@gettaction={0x18, 0x32, 0x1, 0x70bd28, 0x25dfdbff, {}, [@action_gd=@TCA_ACT_TAB={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 22:34:42 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:34:42 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x40, 0x1412, 0x2, 0x70bd2a, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x3}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) [ 1030.738627] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1030.747968] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1030.759762] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1030.768587] 25483 total pagecache pages [ 1030.775005] 0 pages in swap cache [ 1030.778477] Swap cache stats: add 0, delete 0, find 0/0 [ 1030.784809] Free swap = 0kB [ 1030.787866] Total swap = 0kB 22:34:42 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000080)='./file0/file0\x00', 0x1) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) read$dsp(r1, &(0x7f00000002c0)=""/72, 0x48) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000200)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000340)=ANY=[]) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x4041, 0x0) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1030.792148] 1965979 pages RAM [ 1030.795372] 0 pages HighMem/MovableOnly [ 1030.799481] 338456 pages reserved [ 1030.802936] 0 pages cma reserved 22:34:42 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000040)={0x6, 0x1}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x408000, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r5 = dup(r4) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r5, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r6 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r7 = dup(r6) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r7, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x4000000001) clone(0x808e00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1030.847819] overlayfs: missing 'lowerdir' [ 1030.928981] overlayfs: missing 'lowerdir' 22:34:42 executing program 2: r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3, 0x11c00}}, 0x20}}, 0x0) r4 = accept4$nfc_llcp(r1, &(0x7f0000000300), &(0x7f00000001c0)=0x60, 0x80800) getsockopt$IP_VS_SO_GET_SERVICE(r4, 0x0, 0x483, &(0x7f0000000380), &(0x7f0000000240)=0x68) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r8, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000080)={r8, 0x70, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x80, @loopback, 0x8}, @in6={0xa, 0x4e23, 0x30dc, @mcast2, 0x101}, @in6={0xa, 0x4e21, 0x1, @mcast2, 0x101}, @in6={0xa, 0x4e24, 0x5, @mcast1, 0x4d99}]}, &(0x7f00000000c0)=0x10) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000100)={r9, 0xb939}, &(0x7f0000000140)=0x8) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 22:34:42 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="6c6f7767726462723d2e2f6275732c776f070000000080000066696c65312c75707065764f6c6530"]) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:34:42 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x4a100, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) fcntl$setlease(r1, 0x400, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) 22:34:42 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0xffffffffffffffc1) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000ee0005071d0000000040000000000000", @ANYRESHEX=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}, 0x1, 0x0, 0x0, 0x24000010}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r6, @ANYBLOB="01000000fffffffb0000f2ff0900010068667b63000000000800024f6700f746c8bf73d849ed45295d21b7cb0c"], 0x38}}, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r8 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r9}}, 0x20}}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0x7, &(0x7f0000000080)={0x80, 0x0, 0x1ff, 0xfffffff9}, 0x10) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1031.166999] Cannot find add_set index 0 as target [ 1031.222652] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=238 sclass=netlink_route_socket pid=11328 comm=syz-executor.0 [ 1031.258029] overlayfs: unrecognized mount option "lowgrdbr=./bus" or missing value 22:34:42 executing program 2: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r4}}, 0x20}}, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r6 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r7}}, 0x20}}, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f0000000540)={{{@in6=@initdev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6=@remote}}, &(0x7f00000004c0)=0xe8) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000640)={&(0x7f00000007c0)={0x62c, 0x0, 0x410, 0x70bd25, 0x25dfdbfc, {}, [{{0x8, 0x1, r1}, {0x174, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x80000000}}, {0x8, 0x6, r1}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x5}, {0x8, 0x4, 0x1}}, {0x8, 0x6, r1}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x5}, {0x8, 0x4, 0x1}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}]}}, {{0x8}, {0x188, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x5}, {0x8, 0x4, 0x6bca73ec}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x5c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x5}, {0x2c, 0x4, [{0x7ff, 0x9, 0x0, 0x6}, {0x8, 0x8, 0x6, 0x4}, {0x101, 0x0, 0x1f, 0x8}, {0x6, 0x3f, 0x8a, 0xaa2}, {0xff81, 0x6, 0x75, 0x5}]}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}]}}, {{0x8}, {0xbc, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x88}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x5}, {0x8, 0x4, 0x800}}}]}}, {{0x8}, {0xf8, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0xbe0}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x5}, {0x8, 0x4, 0x6}}}]}}, {{0x8, 0x1, r4}, {0x78, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x5}, {0x8, 0x4, 0xf4}}}]}}, {{0x8, 0x1, r1}, {0xc0, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x5}, {0x8, 0x4, 0x100}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x5}, {0x8, 0x4, 0x80000000}}}, {0x44, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}]}, 0x62c}, 0x1, 0x0, 0x0, 0x40005}, 0x4000) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r9}}, 0x20}}, 0x0) setsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, &(0x7f0000000000)=0x8, 0x4) syz_emit_ethernet(0x4a, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000170000142c00fe800000000000000000004800000000fe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5040000090780000"], 0x0) 22:34:42 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x80) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='rdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f0000000080)='./file0/file0\x00') [ 1031.287098] overlayfs: unrecognized mount option "lowgrdbr=./bus" or missing value 22:34:42 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = shmget$private(0x0, 0x200000, 0x0, &(0x7f000000a000/0x200000)=nil) shmat(r3, &(0x7f0000feb000/0x1000)=nil, 0x5000) shmctl$SHM_LOCK(r3, 0xb) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r5, 0x4, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x5}]}, 0x1c}}, 0x20000001) 22:34:42 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r4 = dup(r3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$EVIOCGPROP(r4, 0xc004743e, &(0x7f0000000140)=""/251) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1031.392399] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=238 sclass=netlink_route_socket pid=11328 comm=syz-executor.0 [ 1031.425427] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1031.497467] overlayfs: unrecognized mount option "rdir=./bus" or missing value [ 1031.513406] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1031.537262] CPU: 1 PID: 11287 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1031.545268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1031.555086] Call Trace: [ 1031.558068] dump_stack+0x1b2/0x283 [ 1031.561713] warn_alloc.cold+0x96/0x1af [ 1031.565789] ? zone_watermark_ok_safe+0x250/0x250 [ 1031.570745] ? wait_for_completion_io+0x10/0x10 [ 1031.575608] __alloc_pages_nodemask+0x2129/0x2730 [ 1031.581973] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1031.587192] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1031.592423] ? HARDIRQ_verbose+0x10/0x10 [ 1031.596640] ? do_raw_spin_unlock+0x164/0x250 [ 1031.601339] alloc_pages_current+0xe7/0x1e0 [ 1031.605847] kvm_mmu_create+0xd1/0x1c0 [ 1031.609847] kvm_arch_vcpu_init+0x282/0x890 [ 1031.614266] ? alloc_pages_current+0xef/0x1e0 [ 1031.618906] kvm_vcpu_init+0x26d/0x360 [ 1031.622851] vmx_create_vcpu+0xf5/0x2950 [ 1031.627163] ? __mutex_unlock_slowpath+0x75/0x780 [ 1031.632133] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1031.637171] ? alloc_loaded_vmcs+0x240/0x240 [ 1031.641602] kvm_vm_ioctl+0x4ae/0x1430 [ 1031.645537] ? __lock_acquire+0x655/0x42a0 [ 1031.650504] ? kvm_vcpu_release+0xa0/0xa0 [ 1031.655009] ? trace_hardirqs_on+0x10/0x10 [ 1031.659441] ? check_preemption_disabled+0x35/0x240 [ 1031.665138] ? trace_hardirqs_on+0x10/0x10 [ 1031.669396] ? check_preemption_disabled+0x35/0x240 [ 1031.674719] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1031.679852] ? HARDIRQ_verbose+0x10/0x10 [ 1031.684038] ? kvm_vcpu_release+0xa0/0xa0 [ 1031.688203] do_vfs_ioctl+0x75a/0xfe0 [ 1031.692799] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1031.699809] ? ioctl_preallocate+0x1a0/0x1a0 [ 1031.704679] ? security_file_ioctl+0x76/0xb0 [ 1031.709788] ? security_file_ioctl+0x83/0xb0 [ 1031.714386] SyS_ioctl+0x7f/0xb0 [ 1031.717852] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1031.722433] do_syscall_64+0x1d5/0x640 [ 1031.726534] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1031.731741] RIP: 0033:0x45ca69 [ 1031.735018] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1031.743082] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1031.750631] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1031.758714] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1031.766356] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1031.773640] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1031.803690] warn_alloc_show_mem: 1 callbacks suppressed [ 1031.803695] Mem-Info: [ 1031.812404] active_anon:437121 inactive_anon:11114 isolated_anon:0 [ 1031.812404] active_file:5259 inactive_file:26575 isolated_file:2 [ 1031.812404] unevictable:0 dirty:77 writeback:0 unstable:0 [ 1031.812404] slab_reclaimable:50544 slab_unreclaimable:391752 [ 1031.812404] mapped:63666 shmem:11300 pagetables:73368 bounce:0 [ 1031.812404] free:432264 free_pcp:400 free_cma:0 [ 1031.813493] overlayfs: unrecognized mount option "rdir=./bus" or missing value [ 1031.850009] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1031.889564] Node 1 active_anon:363876kB inactive_anon:27144kB active_file:21028kB inactive_file:106296kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37552kB dirty:408kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1031.921954] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1031.950122] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1031.955161] Node 0 DMA32 free:27212kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:480kB local_pcp:352kB free_cma:0kB [ 1031.987054] lowmem_reserve[]: 0 0 0 0 0 [ 1031.992199] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1032.018400] lowmem_reserve[]: 0 0 0 0 0 [ 1032.023284] Node 1 Normal free:1693520kB min:53592kB low:66988kB high:80384kB active_anon:363672kB inactive_anon:27144kB active_file:21028kB inactive_file:106296kB unevictable:0kB writepending:464kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:127808kB pagetables:238124kB bounce:0kB free_pcp:1152kB local_pcp:712kB free_cma:0kB [ 1032.055822] lowmem_reserve[]: 0 0 0 0 0 [ 1032.060025] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1032.075590] Node 0 DMA32: 385*4kB (UME) 249*8kB (ME) 342*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27212kB [ 1032.095039] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1032.106145] Node 1 Normal: 196*4kB (UME) 96*8kB (UME) 14*16kB (UM) 8*32kB (UE) 3*64kB (UM) 19*128kB (UME) 6*256kB (U) 3*512kB (UE) 2*1024kB (UE) 2*2048kB (UM) 410*4096kB (M) = 1693232kB [ 1032.123351] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1032.132629] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1032.141557] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 22:34:43 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:34:43 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe17, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, 0x0) getpid() socketpair(0x29, 0x0, 0x0, &(0x7f0000000300)) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f00000013c0)={0x4, 0x0, 0x0, 0x0, 0x100}, 0x14) r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000200)={0xa, 0x404e20}, 0x1c) listen(r0, 0x8) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) mq_open(0x0, 0x0, 0x10c, &(0x7f0000000140)={0x6, 0x6, 0x5, 0x4}) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000340)=@filter={'filter\x00', 0xe, 0x4, 0x368, 0xffffffff, 0xd8, 0x0, 0x1a8, 0xffffffff, 0xffffffff, 0x2d0, 0x2d0, 0x2d0, 0xffffffff, 0x4, &(0x7f0000000040), {[{{@ip={@local, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xff, 0xff, 'bridge_slave_0\x00', 'virt_wifi0\x00', {}, {}, 0x1, 0x5, 0x45}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40, 'set\x00'}, {{0x0, [0x5, 0x1, 0x2, 0x2, 0x4, 0x4], 0x1}}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x5}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @empty, 0x7f, 0xf, [0x37, 0x4, 0x39, 0x3f, 0x2, 0x34, 0x22, 0xe, 0x32, 0x33, 0x2b, 0x1a, 0x5, 0x23, 0xb, 0x14], 0x0, 0x7, 0x800}}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@osf={{0x50, 'osf\x00'}, {'syz0\x00', 0x0, 0x8, 0x1, 0x2}}, @common=@set={{0x40, 'set\x00'}, {{0xffffffffffffffff, [0x2, 0xa, 0x7, 0x4, 0x0, 0x4], 0x4}}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x2}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x10400, 0x0) r3 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000000}}], 0x4000000000000d0, 0x0) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 22:34:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x10101, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x800, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:34:43 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) getsockopt$CAN_RAW_LOOPBACK(r1, 0x65, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) 22:34:43 executing program 5: socket$nl_route(0x10, 0x3, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000440)='/dev/dlm-monitor\x00', 0x80000, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x6788c}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 22:34:43 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmsg$sock(r0, &(0x7f0000000200)={&(0x7f0000000080)=@l2={0x1f, 0x1, @any, 0xfff9}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000300)="1b9814c222150d00a7028862ca5f7616a5e8d0252cfc8a1d019175406b460ce5e0eac626f8219fc594f9557650314bbbc23b20ff7db89d1e560deb206e5787302a7a08bbea4cac9c33f2bac0da12d29dcc155a5c94150569113491f58890a5", 0x5f}, {&(0x7f0000000500)="931331849d0fd3e75267095ab560524e63998d89d209ad74be43b009b4ce442441f0701711ca824823062ad2001100bd45ef02f169b2ff8dd9e106ee790fff2be588233a7362efeaae35ad61d7efa82439319aafd555488900345921325e3d1689c1f57b383bd207e4c4ac7fad09e7d03b29eae6f01d4cdb4d008865b53edaf9d063cfbf890d6a7b884b9e061c23a94e440199ed68f54ec44a385d639876a0982c251ea436b124416326a8eacae46521144c3e65a64991bfed87ea958e7483542871", 0xc2}, {&(0x7f0000000600)="75dacbd6d257d84be566bd88554daa903ebf3317642eb297829db42619ce00a2b3f5f82d83bd97389671ac49b3966508dcc513a2068787a3afcb253e0cf9916f5d3692acf865bf5d6a5bad58896f18530003d91611e4a89356909c615689e82ef3a4d0fed36531fb7fa6857d6fe4b893b838b5ea3a04f8def5d19ad5745fad063dd3d838d07cc0dc186d179c3ae6cc0b9fc30bd5e534e17049efd9e994d3d746d1fa94f3157413210dab85ed283da9c2c8363d1a6e2e3c898de929f8d7b8bf09224c79bb9e70eeb6c73f78052fd6", 0xce}, {&(0x7f0000000180)="a645311d8c44d0d00da3b534c1b398ea7b221d7b54574f7ca442d90e40d5588353", 0x21}, {&(0x7f0000000700)="cf1a8a39d0e6f6289ae2fc7b0f35db38526727035ee72cb0d20cbf03d5f80266d44080dbe2fdbdcfeb0fd1f16067e445a46cab5218ff192f83b9078a9c131caff3f8f6532e856e6bc9a466b0df4e756c66fe9e48989c4a6a0883ae71efacd3183e71a53d5522d450ab0fdde8fa594f66422f635692b09bde0f2706840090f16c2bed6225faae4168bc9054c6abf275c44dd696aa0a2bf669896417177165cec1612146aeda012bcdbf84dbde861572de40e942c2975273761da5e1f445b8d8a41e29e26631ec765e3f4f734410594445402f4e894b2e", 0xd6}, {&(0x7f0000000800)="217109b0265ac18de9feb6f2250028694a2c770c547adf7e633478f546d450e49609e1737c57779c86b58d932e03cf8979112a8b3882ee567c24710a0b0fe00f8bff48575c35639e07a602fd2f4afc6f5c1a2a7e5e44a16cf163292926fe57bc530420b5aa9f42a93de34ceb452438d3ba6b2ccbff3ac59abddc5c7442d2add16fedf770cdd55f01f472219dc00e57e2d6f9893cc67e2af18a570cfbde7722fb3b4d9d1b11bd7d19dab2010ab9ca6adfb1dafc7d2e13ae036383d4d14362d7cdc56d1ad94ef9fd4cf0", 0xc9}, {&(0x7f0000000900)="4837effaf9c24daa1e5d3481be8ca25c328a9ae61285dfb89d265787d340d25ff9a8fd5f4b9886c5438b3dd619a888ebaf5c5b16d308acfafa94483e1e241f2420a278a8cf5e45e2e9f7d78269016bce8e5fe7f575e9ef82e23aaec0eead2352dedaa7272a6803766791cb8bbe936113805641784c414768a6a6b02bdf0a0d9b02e3c79f18ad4cc112fba55155cee57a025f21c7f77ec16fb07bd1e63cc271ccdf5bc00b553e8042d325f399f8b9888ec553650d2b3dbee90dd609df24f7ad426a6b6d8fcdebfd2c4b0527c729f8d0", 0xcf}], 0x7, &(0x7f0000000a00)=[@mark={{0x14, 0x1, 0x24, 0x1}}, @mark={{0x14, 0x1, 0x24, 0x3}}, @timestamping={{0x14, 0x1, 0x25, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x2}}, @timestamping={{0x14}}, @mark={{0x14}}], 0x90}, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x200030, &(0x7f0000000400)=ANY=[@ANYBLOB="6c6f7765726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c75707051726469723d2efe68696c6530ceaada7bbcfc5a58cd8178666f36ccc5d5db95f65be6ce63f4052ebf7d9e39a1304a12f3ef5aa5209b2389142281f2cbd740582df4477ca76d32a217fecd0bf4bf9a172e6faa14d421d9abf79bbaed9e5d1771555ea9d12b601bea37ff330e71ff30c45ba13c97fca44c6a153fb900db4c48d69e7cb3478ffa6b1289698f09e0df42279c8fd423322f2de0516f665111009d0b5e73fac99898dab69440a5c9b4eaf966f0bf1aab8286d359311cf9ece32ea140e11ab6b44ca1980073a9719f6fec"]) [ 1032.151683] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1032.161746] 25489 total pagecache pages [ 1032.166567] 0 pages in swap cache [ 1032.170707] Swap cache stats: add 0, delete 0, find 0/0 [ 1032.176355] Free swap = 0kB [ 1032.180174] Total swap = 0kB [ 1032.183386] 1965979 pages RAM [ 1032.186511] 0 pages HighMem/MovableOnly [ 1032.190772] 338456 pages reserved [ 1032.194483] 0 pages cma reserved 22:34:43 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB='\x00et\x00'/20], 0x48}}, 0x0) openat$urandom(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/urandom\x00', 0x23a801, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a80)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xf}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newlink={0x30, 0x10, 0x100, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xbc2a}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x80) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r6, 0x800c6613, &(0x7f00000000c0)=@v1={0x0, @adiantum, 0x1, "cae0f53b7cb8bea6"}) 22:34:43 executing program 2: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x1f) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000170000142c00fe800000000000000000004800000000fe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="500d0000007839f30000"], 0x0) 22:34:43 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$TIOCGSERIAL(r1, 0x541e, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=""/110}) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="6c6f776572c3d315bb2e2f6275732c776f726b6469723d2e2f66696c65312c75707065726469723d2e2f66696c6530"]) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:34:43 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000040)=ANY=[@ANYBLOB="f6000000029b53fcd2ef0c8e4ea1ec1e2cfdfbf98d3ce51ce9a7081aeaf2adcfd6140db8e43897779682a4bec3d177b3", @ANYRES32=0x0], 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r5, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000000)={r5, 0x4}, 0x8) ioctl$KVM_RUN(r0, 0xae80, 0x0) 22:34:43 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000c00)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x178, 0xffffff80, 0x178, 0x0, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'bond0\x00', {}, {}, 0x88}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}, {0x1}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "423e3b449e33da3691400455e17d929b8b1e294b32a43d20a73bb509d44d"}}, {{@ipv6={@mcast1, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{}, {}, {0x0, 0x0, 0x6}}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x388) syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$TIOCGPTPEER(r3, 0x5441, 0x80000003) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r4 = dup(0xffffffffffffffff) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r5 = socket$phonet(0x23, 0x2, 0x1) ioctl$LOOP_CHANGE_FD(r4, 0x4c06, r5) dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1032.552915] nla_parse: 4 callbacks suppressed [ 1032.552922] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1032.580153] overlayfs: unrecognized mount option "lowerÃÓ»./bus" or missing value 22:34:43 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000000a1400012abd7000fedbdf08001500050000000800030002000000"], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) readlinkat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=""/56, 0x38) [ 1032.618152] overlayfs: unrecognized mount option "lowerÃÓ»./bus" or missing value [ 1032.627810] Cannot find add_set index 0 as target [ 1032.678976] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1032.691597] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1032.707281] Cannot find add_set index 0 as target [ 1032.733682] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1032.751296] CPU: 0 PID: 11383 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1032.759738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1032.759978] Cannot find add_set index 0 as target [ 1032.769709] Call Trace: [ 1032.769733] dump_stack+0x1b2/0x283 [ 1032.769749] warn_alloc.cold+0x96/0x1af [ 1032.769759] ? zone_watermark_ok_safe+0x250/0x250 [ 1032.769778] ? wait_for_completion_io+0x10/0x10 [ 1032.769793] __alloc_pages_nodemask+0x2129/0x2730 [ 1032.799328] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1032.804194] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1032.809076] ? HARDIRQ_verbose+0x10/0x10 [ 1032.813276] ? do_raw_spin_unlock+0x164/0x250 [ 1032.817797] alloc_pages_current+0xe7/0x1e0 [ 1032.822257] kvm_mmu_create+0xd1/0x1c0 [ 1032.826495] kvm_arch_vcpu_init+0x282/0x890 [ 1032.830825] ? alloc_pages_current+0xef/0x1e0 [ 1032.835698] kvm_vcpu_init+0x26d/0x360 [ 1032.839668] vmx_create_vcpu+0xf5/0x2950 [ 1032.843908] ? __mutex_unlock_slowpath+0x75/0x780 [ 1032.848753] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1032.853778] ? alloc_loaded_vmcs+0x240/0x240 [ 1032.857576] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5130 sclass=netlink_route_socket pid=11445 comm=syz-executor.2 [ 1032.858316] kvm_vm_ioctl+0x4ae/0x1430 [ 1032.858332] ? __lock_acquire+0x655/0x42a0 [ 1032.879489] ? kvm_vcpu_release+0xa0/0xa0 [ 1032.883657] ? trace_hardirqs_on+0x10/0x10 [ 1032.889801] ? check_preemption_disabled+0x35/0x240 [ 1032.894922] ? trace_hardirqs_on+0x10/0x10 [ 1032.899170] ? check_preemption_disabled+0x35/0x240 [ 1032.904673] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1032.909608] ? HARDIRQ_verbose+0x10/0x10 [ 1032.913768] ? kvm_vcpu_release+0xa0/0xa0 [ 1032.917925] do_vfs_ioctl+0x75a/0xfe0 [ 1032.921747] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1032.927637] ? ioctl_preallocate+0x1a0/0x1a0 [ 1032.932050] ? security_file_ioctl+0x76/0xb0 [ 1032.936466] ? security_file_ioctl+0x83/0xb0 [ 1032.942186] SyS_ioctl+0x7f/0xb0 [ 1032.945653] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1032.949632] do_syscall_64+0x1d5/0x640 [ 1032.953536] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1032.959001] RIP: 0033:0x45ca69 [ 1032.962181] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1032.969999] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1032.977283] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1032.984826] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1032.992224] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1032.999626] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1033.017179] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1033.025038] Mem-Info: [ 1033.036239] active_anon:437204 inactive_anon:11114 isolated_anon:0 [ 1033.036239] active_file:5263 inactive_file:26583 isolated_file:0 [ 1033.036239] unevictable:0 dirty:146 writeback:0 unstable:0 [ 1033.036239] slab_reclaimable:50632 slab_unreclaimable:392580 [ 1033.036239] mapped:63676 shmem:11300 pagetables:73472 bounce:0 [ 1033.036239] free:431022 free_pcp:502 free_cma:0 [ 1033.085831] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1033.121806] Node 1 active_anon:364208kB inactive_anon:27144kB active_file:21032kB inactive_file:106332kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37592kB dirty:584kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1033.133841] Cannot find add_set index 0 as target [ 1033.158190] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5130 sclass=netlink_route_socket pid=11457 comm=syz-executor.2 [ 1033.175604] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1033.212663] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1033.217902] Node 0 DMA32 free:27204kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:1044kB local_pcp:468kB free_cma:0kB [ 1033.258891] lowmem_reserve[]: 0 0 0 0 0 [ 1033.263812] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1033.294301] lowmem_reserve[]: 0 0 0 0 0 [ 1033.299697] Node 1 Normal free:1688240kB min:53592kB low:66988kB high:80384kB active_anon:364036kB inactive_anon:27144kB active_file:21032kB inactive_file:106332kB unevictable:0kB writepending:584kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:127936kB pagetables:238388kB bounce:0kB free_pcp:1172kB local_pcp:544kB free_cma:0kB [ 1033.344290] lowmem_reserve[]: 0 0 0 0 0 [ 1033.352825] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1033.369582] Node 0 DMA32: 385*4kB (UME) 250*8kB (UME) 341*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27204kB [ 1033.393005] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1033.439178] Node 1 Normal: 94*4kB (UME) 13*8kB (UME) 21*16kB (UME) 4*32kB (UME) 1*64kB (M) 13*128kB (UE) 2*256kB (UE) 0*512kB 2*1024kB (UE) 2*2048kB (UM) 410*4096kB (M) = 1688688kB [ 1033.469143] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1033.478092] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1033.499161] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1033.508802] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1033.541021] 25496 total pagecache pages [ 1033.554597] 0 pages in swap cache [ 1033.564558] Swap cache stats: add 0, delete 0, find 0/0 [ 1033.584763] Free swap = 0kB [ 1033.595311] Total swap = 0kB 22:34:44 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:34:44 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x2c, 0xc, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x90}, 0x40051) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(0xffffffffffffffff) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$TIOCCBRK(r1, 0x5428) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYRESHEX=r0]) rmdir(&(0x7f00000000c0)='./file0/file0\x00') 22:34:44 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$VIDIOC_S_OUTPUT(r1, 0xc004562f, &(0x7f0000000000)=0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x41, &(0x7f0000000280)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e7ff00000000000000000000000000d3d69f49246fa616e06db938d9c7632660fef4969e77739c873db6adb74108c3ffe7902206634d7aa47420e9878bb120ea7262f2ae560f1a2e2558fc864bb00323bbe5992df8317b10d937298c86f92232927215cd934d4a6b765d81875438fd43ae0e71f21ea070a8f0a867a7962d5cc2aeaa098c0b83154694d868273c3785f2c1ad869ec8a503d7b1d2e9bfb9e91498135570d3a2f0ad6e0ef0c25b0afb8b1451ff551fca42076ecee31eae26acc2dab5ca3f04c2668069cb3f21e22f9bea620e460fc0377fb836a8d90d517e4308112378e00cea2410218ea77b16de6f4a2c71c849c304697bec33a1"], 0x68) clone(0x8000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:34:44 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000140)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) socket$nl_netfilter(0x10, 0x3, 0xc) eventfd2(0x5, 0x80000) r3 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$SG_GET_VERSION_NUM(r3, 0x2282, &(0x7f0000000000)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) 22:34:44 executing program 2: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000340)) r3 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r4 = dup(r3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x0, 0x0) r6 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000280)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x40, r6, 0x8, 0x70bd2c, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_SECCTX={0x29, 0x7, 'system_u:object_r:run_init_exec_t:s0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICLIST(r5, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x94, r6, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'geneve1\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast2}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private0={0xfc, 0x0, [], 0x1}}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:zero_device_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private1={0xfc, 0x1, [], 0x1}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @empty}]}, 0x94}, 0x1, 0x0, 0x0, 0x400c0}, 0x20008000) r7 = openat(r4, &(0x7f00000000c0)='./file0\x00', 0xa8000, 0x21) openat$cgroup_subtree(r7, &(0x7f0000000100)='cgroup.subtree_control\x00', 0x2, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd60000b51ef872c00fe80f7ff000000000000004800000000fe8000000000000000000000000000aa000000002955d4bb4748118f0dd0aadf07fc7a1c3c625a9c7e3e08be5087c027a4ffc824447b35f5bd60008a15ff2877b87232ba6270b356127e86901be3b39c18141dffee5ee908c8f07cd1bf78", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) arch_prctl$ARCH_SET_GS(0x1001, &(0x7f0000000140)) 22:34:44 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$SG_GET_SG_TABLESIZE(r1, 0x227f, &(0x7f0000000040)) [ 1033.604568] 1965979 pages RAM [ 1033.615216] 0 pages HighMem/MovableOnly [ 1033.626263] 338456 pages reserved [ 1033.633726] 0 pages cma reserved [ 1033.770108] Cannot find add_set index 0 as target [ 1033.810428] overlayfs: unrecognized mount option "0x0000000000000003" or missing value 22:34:45 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) mmap$snddsp_control(&(0x7f0000ffe000/0x2000)=nil, 0x1000, 0xa, 0x80010, r2, 0x83000000) 22:34:45 executing program 2: syz_emit_ethernet(0x1017, &(0x7f0000000300)={@local, @random="f6cd778eadfb", @void, {@llc={0x4, {@snap={0xaa, 0x1, 'b1', "9ba688", 0x2209, "0b274a2b0fad30426162673a678d4dec7a755daef0a6729dbf00b6b81fac0d59be404721c1f34f0c4a59460f15f45a22e67f906a17bbb0aa10219be20e9c26335ec6fd01d92f220e38bc9740746e4704818f8b0de9824b7700269cc6b0456f6a58d80506757b4a9442d48f1e6ff93ce4fdb3cc07d4854cbd7bb19968f2125616c050484f05ccf4ab2d1054652c0a50c9f97e3488d004d785da571008d19a91629acb55394af87739da263deee1c18d91536ce62af418fadbec1afcee1494ca9f3abfb03dd3e9910b1b1abe668894a23c632fc52d153be2c121bfc9e65ca06d02d5d4baaaa1d34e4412f8d37bb1997d2cc02fb480542f46ad524258c24fbc598b4c444a53b8ec5d2ca478de700ce1d6e64a66d6d4d2190e78600f2d1025cab2db52509dbed46ebe32d391f6d75c02b50c8fe8d6d790112e06d798efc7ee26b4f2725bb4e09f46fd71bb13f0e181e4d3bc555bfb4a3f6b59a20c8f444c7a683c66ad2c1af24771593cd92b6d704fc8f40c5011420da254ed5765efc719e837e8f5d9b05781e1eb55ea668ea483035034a9cb1c1dbcd51b8237e9b9e32b1d2abbcbc1ccbc745003a948aedcc6e089a11ea4b7f848d358b37f4e4f837f1b9bb653bb384814cf2f7ac3e7c58cbde7eaf5b1cf9e3dd6b00deeaf6309689cd3c3e1079923bd1ce2964e5530909530eba44e53e998632c4504c0f509a70f43df4fa87a72a16301a69c0833b0703bf63985dbc12f3555dd7eb1dc52711033cfa3cfaad8a45dd913d1dea3f2df936b12f6f5bd8c13edbb9a183dcc7be9324ebf0541c431ae91787d4c85409edc680825c9b48acc3c587a00f8e81ca089f51a8d422a0d3bdee39f860af770adbb0473caacd9c754b7db0bda0b99b90f183c90e48d1c5d22b24c98320301f16138b0abffdc0e435acf74691a6e3c9196660c0171b22029849270c91df6ecf829baf481f9589a652f3d5b4cd9a6f69c7aa96e4ba27726f80b777cbdffbd4ea247c122dfa2ee14d89a516f0450e9557c383e985ef4b0f9400b721fe68ddb7d029adc735ecec8de14ab01175845ece66ed43088a09e018536b1edb5ee9d773e7cf9cf30e4fe24a1dc3acddf888df5be96e320ca6d290ace4f7bfcefe692b16843e76e8bce99573871e63bd32306280dc164149e5d516e9763bf62e7a7663ceb8b108de106c9709ebff1f2dd46f8d17cccedf11ec0cb75860d161980a2ceb9e545494502d38b9a2300f38645ba73592406e90ecb3283ef768ca2a70879c9af7958ebe2a93368418fd26ab29b2270c31530f738d0a072ee02c235cc2b294abab43a02517afce2f297f3e5d9ed6b135d61459a364a39cd74c0d7ccdd69753f21184fd854d5dcbbf2401b045c88becaa1113cfaacb1eaf98a26fdcd7301c78631d5aa669ecd3ce2f8002eead68f3da263f6ff3983965789ecf399e06ccdd4cc96ef90b6820c4e8127a2a4da68e6fdc1f52abdca4853af0099daf5987216f457bd70827ea9ad875413007f1f1939c597a0a017a6f1d727a15d393f0a0af8f0059d7763f2f5aace48f6bdea4d58c514ed6afce195b79d25e6181819329255dfec94d9b07c5e2d15f95050473d4c6f5e217f9537b65979d1775a44fba5515f598b52fd17e57c79dd2879ad03a09063a291077bf4411e316938aa06c181fb2a186ff603b40c6041f6692778cfff8d462b2132d755c4f76c073e0c00d2d1c97874760ace0f009fa914e5a73b158ea7e94380d8da286815e5ba69d85063cd51f5bbc2cc937274ab57b0c607cd80cc42dd1c35c2c36b11729f3eef022184c05aa0ad348e5b1fba2d0590b0235223d73bb8a77bc3326a3a25ceaec6a720ae1c5625e5ba1098727fed27f59e14717546087766deac3aa8c01607a2374e540cf23fffc7a014a23af41a4fa5f07f71e44122633ddceb0b4c937a9649d0ce2c6ed80346638b2be6f6b1c59c9b4a87f552e6121ae3d5aa2bbdd147cb5720c7a0cb432c32010f89c27da642271229afcb2b36787465829914612b84d9cb4cc0dc6d668738cadf7d928b822325fad9d769f7b35f4222eaebc3f0a52b200c6bef358ee8803014e40678209ac6cbf7a1620df4581783ebce9b11b71dcbd22d045c34debd9621b2f2fa31c60b11484efbf8aabb156974657ed8fd8baa454bca9ec9c9024cf76b27d7eafdc5bd8b6f823186f5075daec6b30a96d3f6550567d20471fa1e0040b1f8c894120bbf100189a106c3250aa515f087cc4c921e30d72080c4123fe848cffd98b357a0468e53ea9a387c3ee3817ca22a9614dcbe8b72d991e41951500ef730d4cc7bc2cf9fc91770727307d7be000858b6e9b13f04749c35247d8ec4fd0672a1452ca9667ece1f6b2147bfe57df2c9a2afa1686e7d69c97062efd6352e697903f9fc0657d55322c10aaa2ac62c9b2634dc5e284220480b13f2f09c8a093e2eb7c49b3f4ed2411a5cbb3773db57de51947a3e2f7913984252e55db245b7700f3ecbb2f73397a9faa6b260d46f2139b2ba6def72e43c7b81f802b92bb73f82e35c828c0aeceb3bb4f21798c99093238d59ae40c1bd2993ad8e3259c7d0d6233dbed8a5d496ff194c79408789c6e98432d1a3bc7a20a5ca6a62f16a9076ff60d7bd1b3ec13d75e19e284d45de81c66405c05b1e6913e6cd42ecbcbd3d98832eb03186b6cf0ac31b22fde307f18d09b673f30737b6e89d4e90bf91208f5dfda3bb18f028689f67fa12b1a69ac4963c64e41edbeeedc06e20066ebf2d3afee54492de45ea9583be235a49e14730f9996c45650e468f81ed1f23f0ee78832d0c8f27511bd20feddfbb92930944d7aea4ec13d9e2826d87192a62e2fd877b9f0d59eeda56f7e571a126c2f21e10942bba1df2a8522ddd7b0d62f6bb831fc65ba8eb182f4cf972950937545961f96d8bf9626ccf1f7232350cf8a6a327a68149c1a80894d1cedb88892134109c26b1df54c1f1d8cf90c3a0682c1ea9ad1f4420e79c772c0269c78c69f3c6630dad7ffaeb65dfb0baa6e90688408067f25091d6eced3cf0bd21dcf48269fec9e2c31bec5f363946057c0cd471952094f80208313e027f070512f7c6ea27ef9782b62b3473ee2a876583469976887ad7c3e5830c6539fc98767b347b1358ba3feafd11bb7b876f29f321a821f597b43e6333983ff1c94112e1d1152e4b048f9564f550412d15e8dd3acc1214617bf1b7109709d4b5178d59068ce8eb5639958329bc6cf892d7fc9e7cbf6663db6a9625e2f446c2943320eca55984b3ce2f240066ade5f2f7ce20f58e743c92de154b464afe8476c92719306b5fc10577275462da9a81d928133c82d20048ef20cb731a6d4f6b694f6300bc8ac6c45b4963d3d009828e66599956e41c744e0407ebebc81c3964bf7ccec1613dc493d5423d329700bbe125fa7946ea307fdf068730f83122a994f10f9cf412ecd9130ceebe0f601b81c8f2b670d322c380339d905489e101132d2b954bab45c626c0bc7a15b0c71ca26749716bf958b7df8f1b49564476fc279694ea2bb9f5e0c22c6c3c1794984654c1a1f664bd484a97bab37ddbc321b6f3534de5e92dd806a26c790e742d9851d52d45389a356947f34c570b5ca754b164bb513d24b642891242248635b3786c12eee02fda992f3334da71d2f1201379e9daf2811e1f3bc79d621b4e71a8548b21ac2863dd01fcb2d8e6db2fd90951ea563a8f3316ee9379b872e915e2be912b017a2587420c52e96842d1be401e56f0cfde365272c9a3de8e0a583b5c454dc28ac45d22e99de0d46ffa9fcde9e05a3d8105a2cd020d18b90b076827bc409457d488e8b30174c4a2b07a7b390c67bd7f60a2af8e2d9dd58c8b0c9d9057b8968e800d189075fb66ecaf2d49fdfa7ca218ae795436ad5bb77993d41184471f273a1713f5cb2472be72ed969d025cac8c9b4e85ffa3766bc25b415da4da6c7246d7e128c63c1071925c4d3ce201894bf07ed4e1937f3532ace47c6f60afc69b9251c22036d9ac4ea964313338bb3b7416ac0452dfaa70ed7a014863267662878409ca2b080769fc5a08d9b2c4973f28b9eb94f6623ff13607889bc33c14c55d330e574ecc662fb56a52df1b4d54ac07a08672c40f59a82fb1ab6e1b1101e3408504d6c2d505726757181a20e86d86a28f4c46008d853b190940957572c7214cbbf4bf5a2db50984e01901fa27349bd7aee3c23ed84bb3befe8b660bc3df0cdd703f0dc6fc49e512b94ada9014897c1fd5cff3408ae752d7382b7f84708630927d5ef9d373cd7d988b37599a5c427d7942d1ce082391c0365f9885f9845b11bdc70e63403c7077992f438edfeef8634e7459050dbd11e75537b91c09b6f8b2516792e51d53fe798de98b7497b8b7f43d97b9e8560a6292a22e6b909e6f5050d4bb6b6da6494367b83712bbfbe00239843d785d1810f2354202fd7453c138c4d77a8e19da2ffc755a7dfbd4f2cf99bc190e97c9a88cf11d723e7c9503a183082574b37552f3e9f2d862e686dfee0321f6ba6edfc844f424ad2ff57b366f5916db2db0f86f636a8738cce12670a54bd07336122e4e8d44a49dfd998ceb100af22d02af5ee8c51a5705a766ce38c904fd63cd401d44186f1289f0485433cb70cecae25f935062738533aba8261f5159678ad0fe639ca076db9551973ec1c1188311d0165ab7bb240585d90f12013291c3cf3c27b113cf690d4c25bb502c6f45b1f9ddf4661e9d330d4e42e7e76607b1755569150c3954015931077d60851c00d71b77afcddd222fd550141c022ea0ccfcdd6f0af06d4abfaf2a1379705fd54d74805c1fa023542063c89f4f3957554a83b5554f70ac5a642f223ff96b35a295344e6bd0b70082393fc6d670afcdbfddf81fd2780554fc64d66dd9aa49ad55518aa6008499e8d0adf07fb609a73fcdae82cfc7c2a75aaf55a08ec068a563856aa804828d60fbb5bdf90eefddb4d940bd1292b375746d426e4909b11682df39ac458268a403f3498bd76aa10b683ca052135d16295f20d69e8c8e73411d98e673a6237e8f599152aafabcaf539266f55def31f5935432036ee20310401ad6e03f6f340e4aeead5db57bc796004b64b5ec6586c8d035f006f00a4579c26b57ec3743f2b363e97f07d199e5686017bcc8997919ed46b7f06ee26534e99a15878ab28ac3ecd24a2dddc158df6da2585e58389ce8d9612c5e353b769b81bb59f04f079beb483b6dc3abd3f218aeb39123ec97d3cc085327c26314db6e32660e1f1e0fb1b38a401f4f98641d0e7f94a62aaf8fd5c81f5d9caada05f0f27c2b5d69779286fc5ee09dd65725af1d89955b74fc4283b69b4c36edecd22f388a85e1565d49e3864528c767573546acef38f571e25ba3fff1476c47e76e39065f1d41d796b72e400e0f98c38b5dd659709ab1c3e3b7e7dc35addee7d5f647f8553b3fa370e88af2e0547c194d5b748a6adf78e4dadea23d752c8f071c703e6c0fea3317d583b648e55b2197648c23b6ee9fe2bdb154c113f017ff89f6e367ea7ca622d9d54bab492f47fe731573673f44fb9b48194d81c6eb9de61a96ea0e7e9abdcec8a4093279dd4080ca924289b982692260a1c55c05005474c1c40504fa960e39ae24c3b34b7bd63049f13865ef8a3594afec1aed20bd7bad6a0e478e3188eff47c78240f31e8c081f0ca3ecd8f42b682b2b3fb47dc4bce8df73b8647ee17f5cbfd0a3191ef87534db8262c9906a83a53a0335568b6ff4b7dc4cc2ea21f5739e54bc26d02a3848b2f3cf4d8eeef10075c0f861887f503b56a48182b"}}}}}, 0x0) [ 1033.978080] Cannot find add_set index 0 as target [ 1033.986438] overlayfs: unrecognized mount option "0x0000000000000003" or missing value 22:34:45 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) r3 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r4 = dup(r3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$VIDIOC_G_AUDOUT(r4, 0x80345631, &(0x7f0000000000)) 22:34:45 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) mkdir(&(0x7f0000000080)='./bus\x00', 0x100) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f0000000180)='./file0\x00') [ 1034.070683] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1034.097930] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1034.160335] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1034.193729] CPU: 1 PID: 11468 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1034.201646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1034.211256] Call Trace: [ 1034.213855] dump_stack+0x1b2/0x283 [ 1034.217501] warn_alloc.cold+0x96/0x1af [ 1034.222890] ? zone_watermark_ok_safe+0x250/0x250 [ 1034.227763] ? wait_for_completion_io+0x10/0x10 [ 1034.232481] __alloc_pages_nodemask+0x2129/0x2730 [ 1034.237887] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1034.242760] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1034.247740] ? HARDIRQ_verbose+0x10/0x10 [ 1034.251822] ? do_raw_spin_unlock+0x164/0x250 [ 1034.256348] alloc_pages_current+0xe7/0x1e0 [ 1034.260692] kvm_mmu_create+0xd1/0x1c0 [ 1034.264711] kvm_arch_vcpu_init+0x282/0x890 [ 1034.269048] ? alloc_pages_current+0xef/0x1e0 [ 1034.273736] kvm_vcpu_init+0x26d/0x360 [ 1034.277668] vmx_create_vcpu+0xf5/0x2950 [ 1034.281747] ? __mutex_unlock_slowpath+0x75/0x780 [ 1034.286609] ? drop_futex_key_refs.isra.0+0x17/0x80 22:34:45 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_buf(r0, 0x1, 0x22, &(0x7f0000000000)=""/36, &(0x7f0000000040)=0x24) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0x1, 0x70bd28}, 0x20}}, 0x0) [ 1034.291649] ? alloc_loaded_vmcs+0x240/0x240 [ 1034.296660] kvm_vm_ioctl+0x4ae/0x1430 [ 1034.300569] ? __lock_acquire+0x655/0x42a0 [ 1034.304823] ? kvm_vcpu_release+0xa0/0xa0 [ 1034.309003] ? trace_hardirqs_on+0x10/0x10 [ 1034.313386] ? check_preemption_disabled+0x35/0x240 [ 1034.318584] ? trace_hardirqs_on+0x10/0x10 [ 1034.322842] ? check_preemption_disabled+0x35/0x240 [ 1034.327998] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1034.332956] ? HARDIRQ_verbose+0x10/0x10 [ 1034.337038] ? kvm_vcpu_release+0xa0/0xa0 [ 1034.341438] do_vfs_ioctl+0x75a/0xfe0 [ 1034.345257] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1034.350912] ? ioctl_preallocate+0x1a0/0x1a0 [ 1034.355360] ? security_file_ioctl+0x76/0xb0 [ 1034.359786] ? security_file_ioctl+0x83/0xb0 [ 1034.364222] SyS_ioctl+0x7f/0xb0 [ 1034.367598] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1034.371585] do_syscall_64+0x1d5/0x640 [ 1034.375496] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1034.380697] RIP: 0033:0x45ca69 [ 1034.383916] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1034.391751] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1034.399177] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1034.406587] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1034.414031] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1034.421317] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1034.437411] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1034.451709] CPU: 1 PID: 11471 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 1034.460041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1034.469388] Call Trace: [ 1034.471994] dump_stack+0x1b2/0x283 [ 1034.475621] warn_alloc.cold+0x96/0x1af [ 1034.479606] ? zone_watermark_ok_safe+0x250/0x250 [ 1034.484472] ? wait_for_completion_io+0x10/0x10 [ 1034.489185] __alloc_pages_nodemask+0x2129/0x2730 [ 1034.494067] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1034.498952] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1034.504090] ? HARDIRQ_verbose+0x10/0x10 [ 1034.508143] ? do_raw_spin_unlock+0x164/0x250 [ 1034.512718] alloc_pages_current+0xe7/0x1e0 [ 1034.517051] kvm_mmu_create+0xd1/0x1c0 [ 1034.521054] kvm_arch_vcpu_init+0x282/0x890 [ 1034.525365] ? alloc_pages_current+0xef/0x1e0 [ 1034.531068] kvm_vcpu_init+0x26d/0x360 [ 1034.534998] vmx_create_vcpu+0xf5/0x2950 [ 1034.539154] ? __mutex_unlock_slowpath+0x75/0x780 [ 1034.544098] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1034.549116] ? alloc_loaded_vmcs+0x240/0x240 [ 1034.553523] kvm_vm_ioctl+0x4ae/0x1430 [ 1034.557665] ? __lock_acquire+0x655/0x42a0 [ 1034.561900] ? kvm_vcpu_release+0xa0/0xa0 [ 1034.566828] ? trace_hardirqs_on+0x10/0x10 [ 1034.571066] ? check_preemption_disabled+0x35/0x240 [ 1034.577146] ? trace_hardirqs_on+0x10/0x10 [ 1034.581538] ? check_preemption_disabled+0x35/0x240 [ 1034.586860] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1034.592080] ? HARDIRQ_verbose+0x10/0x10 [ 1034.596286] ? kvm_vcpu_release+0xa0/0xa0 [ 1034.600705] do_vfs_ioctl+0x75a/0xfe0 [ 1034.604937] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1034.610788] ? ioctl_preallocate+0x1a0/0x1a0 [ 1034.615918] ? security_file_ioctl+0x76/0xb0 [ 1034.620925] ? security_file_ioctl+0x83/0xb0 [ 1034.625416] SyS_ioctl+0x7f/0xb0 [ 1034.628778] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1034.632771] do_syscall_64+0x1d5/0x640 [ 1034.636876] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1034.642152] RIP: 0033:0x45ca69 22:34:45 executing program 2: syz_extract_tcp_res(&(0x7f0000000000)={0x41424344}, 0xfffffff8, 0x8) syz_emit_ethernet(0xc3, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd60001700008d2c00fe800000000000000000004800000002fe80000000000000000000000000003f00000000", @ANYRES32=r0, @ANYRES32=0x41424344, @ANYBLOB="500000009078000092f3dae0777727d46ae8e0cd71457cf835f01a97f70c38c98b2c6727fbd4e14e4c31577740a34aa95234f09f163e0f0d1736c47ca1dd837901e2f777787f5fd17c8888819011da4a43cf1200007ee62284b40a90fa49123186bb9d88037beec00e98e5b71068e9d47b925eea6d5aaeca01479edca09233c69f40da4f4b9ba6d2b94fe68f17b892"], 0x0) [ 1034.645334] RSP: 002b:00007f60e94a6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1034.653161] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1034.661091] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 1034.669300] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1034.676580] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1034.684378] R13: 000000000000039c R14: 00000000004c637a R15: 00007f60e94a76d4 [ 1035.087652] Mem-Info: [ 1035.090299] active_anon:437281 inactive_anon:11114 isolated_anon:0 [ 1035.090299] active_file:5266 inactive_file:26596 isolated_file:0 [ 1035.090299] unevictable:0 dirty:18 writeback:0 unstable:0 [ 1035.090299] slab_reclaimable:50666 slab_unreclaimable:392347 [ 1035.090299] mapped:63698 shmem:11300 pagetables:73523 bounce:0 [ 1035.090299] free:431143 free_pcp:535 free_cma:0 [ 1035.134464] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1035.168679] Node 1 active_anon:364416kB inactive_anon:27144kB active_file:21048kB inactive_file:106380kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37680kB dirty:72kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1035.198577] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1035.230139] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1035.235648] Node 0 DMA32 free:27132kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:1016kB local_pcp:452kB free_cma:0kB [ 1035.266742] lowmem_reserve[]: 0 0 0 0 0 [ 1035.271645] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1035.301739] lowmem_reserve[]: 0 0 0 0 0 [ 1035.306067] Node 1 Normal free:1686632kB min:53592kB low:66988kB high:80384kB active_anon:364152kB inactive_anon:27144kB active_file:21048kB inactive_file:106576kB unevictable:0kB writepending:128kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:128128kB pagetables:238552kB bounce:0kB free_pcp:1320kB local_pcp:684kB free_cma:0kB [ 1035.340165] lowmem_reserve[]: 0 0 0 0 0 [ 1035.345263] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1035.363082] Node 0 DMA32: 385*4kB (UME) 249*8kB (ME) 337*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27132kB [ 1035.381966] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1035.394451] Node 1 Normal: 147*4kB (UME) 15*8kB (UME) 8*16kB (UME) 2*32kB (UE) 3*64kB (UME) 12*128kB (UME) 7*256kB (U) 0*512kB 2*1024kB (ME) 0*2048kB 410*4096kB (M) = 1685828kB [ 1035.412501] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1035.422727] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 22:34:46 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r4, 0x0, r5}}, 0x76) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:34:46 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r7 = gettid() tkill(r7, 0x1004000000016) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f00000003c0)={{0x1, 0x1, 0x9, 0x3, 'syz0\x00'}, 0x4, 0x200, 0x4, r7, 0x6, 0xfff, 'syz1\x00', &(0x7f00000000c0)=['!\\@]!%o$\xad$\x00', '\x00', '{/.[\x00', '\x9b\x00', '\x00', '+/)\x00'], 0x18, [], [0x1, 0x20, 0x3, 0x2]}) setsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000080)={r6, @loopback, @multicast1}, 0xc) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="2000000011000d04000000000000000010000000", @ANYRES32=r3, @ANYBLOB='\x00 \x00\x00\x00'], 0x20}}, 0x0) getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x4) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=@ipv6_newaddr={0x88, 0x14, 0x100, 0x70bd25, 0x25dfdbfd, {0xa, 0x80, 0x80, 0xfe, r8}, [@IFA_FLAGS={0x8, 0x8, 0x408}, @IFA_FLAGS={0x8, 0x8, 0x18c}, @IFA_FLAGS={0x8, 0x8, 0x6d3}, @IFA_LOCAL={0x14, 0x2, @ipv4={[], [], @local}}, @IFA_CACHEINFO={0x14, 0x6, {0x1000, 0xfffffff9, 0x10000002, 0x869f}}, @IFA_ADDRESS={0x14, 0x1, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IFA_FLAGS={0x8, 0x8, 0x284}, @IFA_LOCAL={0x14, 0x2, @private2}]}, 0x88}}, 0x0) 22:34:46 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000170000142c00fe800000000000000000004800000000fe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="12000000907800009942af15b0cd019acc6cb75971b0e408f2f61e9a1528ea3c22b4fd6394db9836210121350a41e5cb6a1a6d70d4a10d15e5d5a08cc16dc849762d1c89f978b14357b6a1839566d4078fbdb76072c94409c0672fbc19f3ce43535e"], 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f00000000c0)={0x22, 0x3, 0x0, {0x0, 0x1, 0x0, '^'}}, 0x22) 22:34:46 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./bus\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:34:46 executing program 0: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c00ffffffffffffffff", @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000180)=[{&(0x7f0000000440)=""/222, 0xde}], 0x1, 0x0) mknod$loop(&(0x7f00000001c0)='./file0/file1\x00', 0x0, 0xffffffffffffffff) read$FUSE(r0, &(0x7f0000000780), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) read$FUSE(r0, &(0x7f0000001780), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000002840)={0x90, 0x0, 0x2}, 0x90) write$FUSE_ENTRY(r0, &(0x7f0000000380)={0x90, 0x0, 0x3, {0x2, 0x0, 0x0, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}}}, 0x90) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x200, 0x80) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) finit_module(r1, &(0x7f0000000040)='^\x00', 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:34:46 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r5 = dup(r4) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r5, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000080)={r3, 0x8, 0x1, r5}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1035.433274] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1035.443506] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1035.452451] 25513 total pagecache pages [ 1035.456653] 0 pages in swap cache [ 1035.460432] Swap cache stats: add 0, delete 0, find 0/0 [ 1035.466772] Free swap = 0kB [ 1035.470763] Total swap = 0kB [ 1035.474031] 1965979 pages RAM [ 1035.477133] 0 pages HighMem/MovableOnly [ 1035.481288] 338456 pages reserved [ 1035.484776] 0 pages cma reserved 22:34:46 executing program 2: syz_extract_tcp_res$synack(&(0x7f0000000000)={0x41424344, 0x41424344}, 0x1, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, r0, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r1 = dup(0xffffffffffffffff) getsockopt$inet6_udp_int(r1, 0x11, 0x66, &(0x7f0000000040), &(0x7f0000000080)=0x4) 22:34:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1035.614732] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. 22:34:47 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="6c6f7765726469720900000075732c776f723b077e836b646972e9062f46696c65312cf2f67065728e69721d2e2f66696c6530"]) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:34:47 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f0000000140)=""/198) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000000)={@mcast1, 0x7, 0x0, 0xc8d26321e7412494, 0xa, 0x9, 0x7}, &(0x7f0000000080)=0x20) 22:34:47 executing program 2: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r4, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={r4, 0xfffe, 0x800, 0xfc, 0x1f, 0x7}, &(0x7f0000000040)=0x14) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 22:34:47 executing program 2: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x119b00, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x49, 0x3, 0x4}) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 22:34:47 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r4, 0x0, r5}}, 0x76) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1036.171307] overlayfs: unrecognized mount option "lowerdir " or missing value [ 1036.203857] overlayfs: unrecognized mount option "lowerdir " or missing value [ 1036.269976] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1036.289346] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1036.295870] CPU: 0 PID: 11593 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 1036.303784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1036.313150] Call Trace: [ 1036.315941] dump_stack+0x1b2/0x283 [ 1036.319710] warn_alloc.cold+0x96/0x1af [ 1036.324032] ? zone_watermark_ok_safe+0x250/0x250 [ 1036.329007] ? wait_for_completion_io+0x10/0x10 [ 1036.333786] __alloc_pages_nodemask+0x2129/0x2730 [ 1036.338808] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1036.344216] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1036.349184] ? HARDIRQ_verbose+0x10/0x10 [ 1036.354255] ? do_raw_spin_unlock+0x164/0x250 [ 1036.358781] alloc_pages_current+0xe7/0x1e0 [ 1036.363613] kvm_mmu_create+0xd1/0x1c0 [ 1036.369104] kvm_arch_vcpu_init+0x282/0x890 [ 1036.373633] ? alloc_pages_current+0xef/0x1e0 [ 1036.378320] kvm_vcpu_init+0x26d/0x360 [ 1036.383392] vmx_create_vcpu+0xf5/0x2950 [ 1036.387476] ? __mutex_unlock_slowpath+0x75/0x780 [ 1036.392503] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1036.397542] ? alloc_loaded_vmcs+0x240/0x240 [ 1036.402493] kvm_vm_ioctl+0x4ae/0x1430 [ 1036.406849] ? __lock_acquire+0x655/0x42a0 [ 1036.411437] ? kvm_vcpu_release+0xa0/0xa0 [ 1036.415961] ? trace_hardirqs_on+0x10/0x10 [ 1036.420478] ? check_preemption_disabled+0x35/0x240 [ 1036.425607] ? trace_hardirqs_on+0x10/0x10 [ 1036.429853] ? check_preemption_disabled+0x35/0x240 [ 1036.435236] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1036.440444] ? HARDIRQ_verbose+0x10/0x10 [ 1036.444520] ? kvm_vcpu_release+0xa0/0xa0 [ 1036.448699] do_vfs_ioctl+0x75a/0xfe0 [ 1036.452713] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1036.459504] ? ioctl_preallocate+0x1a0/0x1a0 [ 1036.463978] ? security_file_ioctl+0x76/0xb0 [ 1036.468519] ? security_file_ioctl+0x83/0xb0 [ 1036.473264] SyS_ioctl+0x7f/0xb0 [ 1036.476737] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1036.481108] do_syscall_64+0x1d5/0x640 [ 1036.485152] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1036.490619] RIP: 0033:0x45ca69 [ 1036.493816] RSP: 002b:00007f60e94a6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1036.501795] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1036.509074] RDX: 0000000000000001 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1036.516440] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1036.523726] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1036.531225] R13: 000000000000039c R14: 00000000004c637a R15: 00007f60e94a76d4 [ 1036.623100] warn_alloc_show_mem: 1 callbacks suppressed [ 1036.635735] Mem-Info: [ 1036.638771] active_anon:436487 inactive_anon:11114 isolated_anon:0 [ 1036.638771] active_file:5267 inactive_file:27528 isolated_file:2 [ 1036.638771] unevictable:0 dirty:45 writeback:18 unstable:0 [ 1036.638771] slab_reclaimable:50746 slab_unreclaimable:392576 [ 1036.638771] mapped:63730 shmem:11300 pagetables:73649 bounce:0 [ 1036.638771] free:430324 free_pcp:547 free_cma:0 [ 1036.693370] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1036.708427] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1036.715092] CPU: 0 PID: 11622 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1036.723353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1036.733564] Call Trace: [ 1036.736229] dump_stack+0x1b2/0x283 [ 1036.740055] warn_alloc.cold+0x96/0x1af [ 1036.744072] ? zone_watermark_ok_safe+0x250/0x250 [ 1036.749083] ? wait_for_completion_io+0x10/0x10 [ 1036.753866] __alloc_pages_nodemask+0x2129/0x2730 [ 1036.758848] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1036.763715] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1036.768592] ? HARDIRQ_verbose+0x10/0x10 [ 1036.772957] ? do_raw_spin_unlock+0x164/0x250 [ 1036.777655] alloc_pages_current+0xe7/0x1e0 [ 1036.782107] kvm_mmu_create+0xd1/0x1c0 [ 1036.786048] kvm_arch_vcpu_init+0x282/0x890 [ 1036.790391] ? alloc_pages_current+0xef/0x1e0 [ 1036.794908] kvm_vcpu_init+0x26d/0x360 [ 1036.798917] vmx_create_vcpu+0xf5/0x2950 [ 1036.803294] ? __mutex_unlock_slowpath+0x75/0x780 [ 1036.808334] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1036.813550] ? alloc_loaded_vmcs+0x240/0x240 [ 1036.818128] kvm_vm_ioctl+0x4ae/0x1430 [ 1036.823004] ? __lock_acquire+0x655/0x42a0 [ 1036.827604] ? kvm_vcpu_release+0xa0/0xa0 [ 1036.831962] ? trace_hardirqs_on+0x10/0x10 [ 1036.836429] ? check_preemption_disabled+0x35/0x240 [ 1036.841497] ? trace_hardirqs_on+0x10/0x10 [ 1036.845843] ? check_preemption_disabled+0x35/0x240 [ 1036.850886] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1036.855925] ? HARDIRQ_verbose+0x10/0x10 [ 1036.860357] ? kvm_vcpu_release+0xa0/0xa0 [ 1036.864528] do_vfs_ioctl+0x75a/0xfe0 [ 1036.868739] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1036.874386] ? ioctl_preallocate+0x1a0/0x1a0 [ 1036.878913] ? security_file_ioctl+0x76/0xb0 [ 1036.883358] ? security_file_ioctl+0x83/0xb0 [ 1036.887788] SyS_ioctl+0x7f/0xb0 [ 1036.892210] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1036.896292] do_syscall_64+0x1d5/0x640 [ 1036.900295] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1036.905505] RIP: 0033:0x45ca69 [ 1036.908748] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1036.917116] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1036.924576] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1036.931867] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1036.939694] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1036.947229] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1036.959088] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1036.991211] Node 1 active_anon:354520kB inactive_anon:27144kB active_file:21060kB inactive_file:116848kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37764kB dirty:288kB writeback:72kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1037.021855] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1037.051274] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1037.057261] Node 0 DMA32 free:27116kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:992kB local_pcp:548kB free_cma:0kB [ 1037.088358] lowmem_reserve[]: 0 0 0 0 0 [ 1037.093417] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1037.120175] lowmem_reserve[]: 0 0 0 0 0 [ 1037.125135] Node 1 Normal free:1684048kB min:53592kB low:66988kB high:80384kB active_anon:350996kB inactive_anon:27144kB active_file:21060kB inactive_file:120292kB unevictable:0kB writepending:304kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:128384kB pagetables:239320kB bounce:0kB free_pcp:1232kB local_pcp:572kB free_cma:0kB [ 1037.159874] lowmem_reserve[]: 0 0 0 0 0 [ 1037.164667] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1037.190848] Node 0 DMA32: 385*4kB (UME) 250*8kB (UME) 335*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27108kB [ 1037.216029] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1037.228654] Node 1 Normal: 82*4kB (UME) 8*8kB (UME) 5*16kB (UME) 1*32kB (M) 7*64kB (UE) 13*128kB (U) 7*256kB (UME) 2*512kB (ME) 1*1024kB (U) 1*2048kB (U) 409*4096kB (M) = 1683768kB [ 1037.268050] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1037.279263] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1037.288450] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1037.298272] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1037.307909] 25526 total pagecache pages [ 1037.312424] 0 pages in swap cache [ 1037.316289] Swap cache stats: add 0, delete 0, find 0/0 [ 1037.322403] Free swap = 0kB [ 1037.326266] Total swap = 0kB [ 1037.330810] 1965979 pages RAM [ 1037.335658] 0 pages HighMem/MovableOnly [ 1037.340515] 338456 pages reserved [ 1037.344435] 0 pages cma reserved 22:34:49 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) lsetxattr$security_ima(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.ima\x00', &(0x7f0000000400)=@ng={0x4, 0x13, "5b177ebf37d110c9"}, 0xa, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$alg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000000300)="6388053895a7650e2fad7d0231d7f09f4a21a83e61b46c12aa08ba9c9ac498b5af309cea1b50418f7d97729e1701c020daa8330662b56d4c633b788d160f9f91e5cc10562af57c2f454aa66b50fd2eec37c50ce8020c0a36da4326b3bdd3d0b4c7e1f2623489ad56b9205694b87f18ff2423516cfbc5b16c3dd3c69455236e65e0ccee9e2e753d5c4f73266eac5c5bc5f2f755b745018166f19b4cd484c73d86ac66b812a7d918cafe19754121a0f6a70f89904859d76c545be98bbe6769f90b02fa6d3d8e39d16a05cb467f3b2747fb2447b7eb7af324c2393d0b1aeca561a064e5ff6317", 0xe5}, {&(0x7f00000007c0)="5930fce7e645ade4efad3124ef07d8459a9a08d3b942387dbef74b83ccd1c4ce7a945a35e604f9e68f89c619ccbd0a127edc07c89b9b2e79c9d6735f9d616531e323d1ab27c5863982ad1571a6a61e157151f8877eda570fc629f931c5fb9d81e5590addfe14f3d489ae272d8796882abe6c21b3de33deefe0fbbe247dada7876ad623cc9bc9a54570111c1529da057edbc2789eaf31b9858d519f0c14620b3f4116af7742f91a95f1222f2b1383ae0e6da6a605cfd228c42d10a6b06b8d05c570b5a7dc06db3d3affa4745ec4a55bdd52f4968c1e7096c8e55f5ef215ab36776b8203c988631208980981ffe2e65ef770c7d1621d57ce48a8163d80b433f702bd85ba831fc681c2976cce3c2233c791fe474289df6e41c4e7edb3247b2590193af557fcdadc614d216687f81617687ece956553e31e0e40a1cb48910b0ddc37b03ace52a5b54f7c6651cca4e406bb070293c61dce5156a64986b74651542a2ae8538dc8ead4d2177ecd84e12439e166104088b43f4ef9575c8fe6bcd5eca4b8d83b6e528bcfd32911893920d9eabf52902573bd90337f54760cfb38666b6982164e618fa06f52932dc15801c182ae6f7abaa3c687e18b0062017959208fb2f4591411f603fdbf60893af9a8bc76c3e009966965b0d68f041bf107a9e872fc15fda9894f0b376fbaec37cb5ab8c718744b321659ecf6c8f2d486a7b0752043ae6b97357dbf791cc040fdcd83813599e89d0a5a3e4a5d4d2e294f7f76153afec6ab73896429d615504e77350dfce879ec03c6b4be66d3e763478fa31632e7816d491414a17b2a1a328858b6c3852fcf1575bb55bbf80656b36166b5e3a70e8f1538ff7aad627b3646547aaba74d2a9ac5c5f126460b2351910fc95050b3e9075cfa6b766fb9383488e023a8b37adffe2394df040aeeb9499dff84e8d7823e1ca37561d09a82176d01028c7da1de8480dbd40ed6df69f77f18bd27f31dfd5e0394c98497a2da7ab515af892f00efa9ba70607ac8f02ae1ed9f5b485e775663fd2db62c63042e551cff1638073184edf1d8d876473980c5bcfd0c8c43e0bcc406598afbaa5853078cb91504b2bb33232fb154119c0550e83d4ad1e6ae391087fb0a9e45e7601988974dd39eae441b711850bb4100a8d4c09ffbb0ac694bb83260e56e06903c2178dc806dc98e86fd91dff2341a7732f84973c249c5d86bf77c328d9b2f3e748179c9ed2030a2d7176fa08e5c7b895a1ba3401d34089f27ccde43d5ba1ded01236c7073f797c266681b67d5f15fbe598ec779d65429b4b4c05717af5e6332a9bf3e35afeecb28cddd3d461f363c7e9eecd9bdb788b9d2cff609af682e62d7c1b43c0ffde542081757dec514d45139d6f1d4d212a4964604ec946192accfcd53bffd0afe299568376215b68d5329e9f438aeaa920b11706d9ced7007263905e8a9d358eabe658e05636b3381142ec2313ade07eebb8e5dd24be61888c566079f020f48c684ca8f6bafd36804a107aa9737a88cb33fda4896b6188716fa44900bdf437b8c327c072212d0a6ab1785607c33ea6bb107157903a6413f4a8a6a9837ab1509b4c017495aa19065d097f66d89d2cfa7f33d9fa6b81215364b02e5dfb33031f48e9469159b0f46ca479b6edb53d40bd0b7029baef44ee988b1ea06003a84a8fa022e0bec39e3906c8c6ab31e2ab015f19615a3aed0db6d537f1fb0eae11a22201131336120f990ce745a55a8e2e406ce1ec73592bb005f3abf7f4bc1f20f255db2354d49c0e3ebb7f672b0d9bc0c089a0982116cea767fb92bee23c46c0ba5afac1e89b34ff11cc94416fd196fdf28eb1611b1838c6367fffc05abd19daceff4b778ea8f4d7b065678038d563281f0afa30ee342e5cfad011e31050bd9ed53a7a3eb460bcc84a7f05f8c427d11d09c408719755dc3e6192a31a7c2deb383c0a380b5b9d0ad27d5f2945b276fe81fe860db9a6f5059e19c9b03157e578711691d7b91ece3c22a2a66f18c028eb373d02ca43bfeb5cecd6f2b394e2babfdccb18c3d819121ac862ddcbdcc6238f983f86b43c80776e4b6161d08bca928a0a3790311c7b87ac5407cfbaffaa90b05855b3f5419d15b2dfe3d6589914856cc4f5579c5b6899cfad768352c1f3ea54fb989fbb1dce9010a17fa9a1559a45998fa41b888d5abdf4927bd9eef676dc2b046c95d3866f159a959a185f7a6edbeceacee25d0581ac8da6b287bd44e3e82c2727e01994dbeef7ce1dd980347d1e0162f8beed839771aa4fb853a54481bf9448797e6b3b45cb3a8baf4af1799922a26e42986ffeca87ac02f199a3e5f69f318928baf5e0f138b1c933f5eb8fb63c672f867afe5a529da002d49a13c0ac0168e2f9e1d5c55d9839adab14060351d0e6df7ee5c5f204320c89f741b43beaea8dfe737629352fa95c8edc67766286599e40f8dac2b5b116117741be6b5fe2932fa704b6c41b16d718ddb77c7fd95d95c3b377aead4be2f6c6a73c98501f86d9b2bd81f0d7c61657eeae45f1a203220782af7b48b2abcc923e59b848705c878ce0aaeecd8cd2b847cbbb67b3cbea0514fdcd266da8e6cc811533a2815df4d4fd0a2d47a0dec06ebd5c93aa6e8fb1f0f3192e7cf3137e6977fd36898d30ab3218ded1ec99571eaa5619123b4b029780d8804ea3744043d67aca5c48339c514b3020a4fd04098b06f34de282f16a0ea30079f08864227499f600722eab8614652954862a70bbec8e80fa9ad2f68d341169903e1d74109a261a50841ca11cda2b32fdf0a377675d47d0706e1c9a5c2059c612b9f8ab8184c23a8bd9de05ad38d984db8cd7068469aac6b43b40f1efc3355b044648dc6fe2e942f9bb741685400238dd00c641e26d273fd3ad99f02d32da46b68dc645c8e0e82110417c11de6836b19fc2262f7533133add9fbb88d43aef1187284b2fd9f86a64abc37b22b3667ab57d53712baf460c7f51090a0b1a727a31c1ff74e40c476a2e6ac3170d20739c55fea1ce3810d20e7a197cd02ae2daf0dba882ed6526b1cc9ef894ec2a418973abdcecd4770abf696110546497be0b3d281aef974a198b2794a9f07a30364de6cf2791e0a2090e5381c42e4bbee00322768c4d451804435e38c0a2fe884b1ee3b5b219ac88af665560960fcf1e2ab5fcdda14099137621e4f3e36207c08042cf9b5f3b74ee9c82cd83f3cfdfc985636540a46207c550e7075ac998d564c29bc49e4e0e281e91cd7b22e0a4df8a19e720e9184be68c33f69f33c9caef4e3c181d58352a03ff7af88a34afeca8f28464b1c4f298ace8e5365934b22f4e26d8c6de1eb88bef0f3ae0df7332533feb0c010c4e78f4f21e77823cc3169da15a2aa15c3cff43e04cba129f48dcb0c4b900528b2ef579ea70d3dd644cd3c1c550877a57d17687406a47eef9884a6048a81456ae6169034a8d6dd7308ea4b2d5c29c82f837556290761a78488438545ef9e237410ffda494f410627650c84dbb7c5a221c014878e69c26aea9674b0bee011fcbe763f4558dfccc75e12fccde336b6f65e61d729e44929e8d2522e6665361cf3353399bd7afa7533688ddf6226b55ddfa8cc9c6dee2b3b1df6801f59c8f6298e40564dc6b7248a8c7d7dba70d55ec54452a1ed9bbc34de98bd70f91e6653b7e95ee30122dd595844d23160e8df2562b5de99d51d99f31529ffd0d7ff3113dfa1e21e254f1685ef21433d93eb669c52b0e49d94f3f46e47baec21060b09dde9cf4e802cac589b92d9243af8a58c2a32137042af11ba96fb3f71841dc9f5a998b668bdf09b1a72a62b243955bb582fc0e8f0c1bb4ea3ef9d36a469197aecdf04506b4ba36da569cbd74a6a3575f518f7d8e8d3fa1bbdca5c62eec9fcd98789e474afdb48425de0d5de34d920c27363f8a8367c450d8dc88ac35e6f1743175e166ac9e00fd09e85e2dc611df23509699afb6028adb7c79a8a5b6c84cfc41d14b59006119171be6e707101838a4e424ca718c99b77e78e421af0e386ddb761b70924112cb5f62df397fce8fba6199a6f58e3e213d7b971c721851c126d5ee4787b980ae9dff69aef02869eab6964567e3d9bebc6fe08d1ffa1c6d47247e0e3083bc4bf7621525cb7adb1ad28bdb500ec9e6ba5d1d3ccec4f4a1b7c6e39c234b4707e30c06b39e048e960d2bca612ab633505975346af8c0e21b322585e89ba08f0d1acd8510b708a68c003d6d3f3908e891a143b40e272700bf5ccd83542c1861d1f8ad82a99c3cb0833a6bc05182f8f018af2c744bc49025fc477b97f244df4a8638f4d0c7ab663a6fecb48bb459f402746ee3f3639d7ff2d6664a5a23825a88d0e0b5f02f60708a1b2c17808aa7be3b7d7501a981fdb80d95a087634492f5349668f09e1cfc75b0a7802df54c1ed18ae6786e8569a4056db6a4f16610c4fb7628e177cd152b3e7fa8a12fc75931342572465a756cd22d50df906be05325a800c7df2388cb62c5b8c1f448ee21c3ea94c8d66ad12de873b506a21a7462409b7d5fc4ea7f4b02544941d4cdd5718e8966a4f1706dd052cf672e931a9bbd8268a051724bda35d347c3064f1b644c5260cb9d56e40cc4579b84454e10ae2dcd07a5ed79a40e7987d05492f30c47dc26df3998e6139e9e430be0a79b7c485fbc2c7466a48e3635e2ff02d83fdcd74d8530edd99244b9caf6953994a67e4c3a724a491939291addba2a3d777d19a1a98501d8175e1067bc0c0646a907bbd529034605867b2995df600b05f0e342839a8ac27fc7fe2d4166e98521e68e81a226c200482784896b9f41f22323d87414c6b75eab2c2b6c53498ed3e43670ee1c092a8c9d25e36f618143c92470e7c900d477f0299d51969201af8474c6fa5224544d448ce5dba1ba43fd11e373966c8c0e193629ab8102660667847c9b030b93b3c91632f7438f7fc77f42f7c10949b0e12566326f0de22c5745cd64304d6389627cd61d1784b909329fd2669f27d9fbfe2c96ee503a96d0dd3e8c820c69e6987b176de71ca4fcd73ca2c1a1fdd355ed7305ef7cdddbd8f92f06d50a350dc5c572fe143df897176560c3ad1149c213ad85436adbea6ced2731f4cae98a35007dcdb1e6e3d0b4e0ca03e8cc997114c81d6811f35ea4a2ef656a7f95f74d7c7b34c869c548b8ccdef4ecdd23e50e9b1a35fc2ad474a71b77ecf90f44c8997e22a7a721402f9be22b9bb3ba18ef104e0178c3b7660a02279ce16f39516ed4f84b1da3c9bc86928defb39e87502bf4f4ffae4335c82b0544610b6e496ad888750c7d41098f5f0b234e178144d73d1dcaca54d4f7ee888941c8ec51e4d012883cf9acd699362e118296ad8f2d0e9f58792b955d5d119ee37265e6e1a644d918a99c3c3c8999e6b34ab9e1e33187ce66da4f5826f48e12d89d02dd3a0c09f035187f136fdbb630ff19b61ecc76c9db5940620217d3b9a194eca3ebbcfc47f26f6a70317a8ce948559e6b56bf12495ddc868cdc949ceb8fd9f4537f0d0fd97424fd5d17c9849659f332e9255859726e372a43c8ca09479edafd7699eb8216c89b7ce754b83663edbdd02645a7233ccc45a31fdc3ca8f9578dac49d7a7c9f0c1f6cc232a7c09ccec753bbd6c516a3f5242278bd59866497484bfdf569d13a946ba76971660437dffaf8eaff05d506c9ea10c89c334afa4ab8a777687a655390dae0bd6c37f6195046be8b34a301b19410a513dce14d6b2c38fb814a85d0391c599aaad8fd291e9f77a952ca9e40399c87f7535aa5572b34577c5a0c04967ae22d1626e03113d3785565", 0x1000}, {&(0x7f0000001840)="c7cf3daf98ec95038d61e254ed1461d5489dafa28bcd9d48eede0c1365de5e67b8f62e71a39666e5e017b3982ec7f48853ba455c7b32ef7f3f2740834c6cb8021deb1c7478adac02db9017435dc2c083c3d53b77c0cefc6b6de474035f262d75d9893509abf2a6c9813124e5a9b07684a620cc7015610ed8e139cda1c6e664dc0645371d6bed98b4c7f68719f64a127ebe7618ccebd6c543f6daef23153a4cc23b108a7e1c", 0xa5}, {&(0x7f00000001c0)="134c8250b276ba90fa228f60cd3b430f484df308db6033a41bf44494baf74aa8ae56ba73bf8da12839179fe49456ed187c15d554", 0x34}, {&(0x7f0000000540)="32fbd3f96ba8948e0b5aaccef3bdb908ae34edc223d7bf286a3d4d1be68c5dd32151094cbed9bb742faffc5c0d72f446ecf2c9f7c07f32bafe96f042fb7e58ec53a5329237344523731907cd4339c34c79cc0687b90a66592f7e7f83e843cce527a1d0a0b20070b55fc82055c9537a3f58c2bcee6dfc69e4a9bd3fa009dfbfae87f0608ad07ee1ef79a607fdc2ce9ee1fd3a58af2cb0ae0a4e9815b67ecc5f1b67a93cfe94d8e22a58a79a366ce6fed735d99d8887f33d6a31fd2c", 0xbb}, {&(0x7f0000000600)="88a09715e55a8a71276265d86fc89ffb7ed904e3a79a424c92964d9a5228605317d12cc4c6e7ea92cafe0e9fddc6cecd78dbaf432814b157ed9f0a447c1d0d2f9653b8cc2e3bc1", 0x47}, {&(0x7f0000000680)="747c145d21520c608d6c8f3ea1d51afb93433aa6c6debcbfdeb5fdd8d2ec74f272658805c35df4d73974e1e42d7c46f36a4800421a98a798489d87d99cd45b13076ac3283e7dc9debd8dc28b2de10d434c91b87f769603628cb2688d7f0c640cb05ab2d7ff4250d07ca283fdb6d9e0a2c8334076bb4a211f0727006c875a916d710ba0948e1d4094f724a003169d1c29de57b31b62a12c069af368c953c21694ea664baee545c0e86e21ee9879c7c862", 0xb0}], 0x7, 0x0, 0x0, 0x40}, 0x20008800) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2000000011000d04000000000000000010000000", @ANYRES32=r3, @ANYBLOB="0000000000000000cc9513584114112fe4fb27972295a6"], 0x20}}, 0x0) setsockopt$PNPIPE_INITSTATE(r1, 0x113, 0x4, &(0x7f0000000100), 0x4) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800"/19, @ANYRES32=0x0, @ANYBLOB="70a800000000000008001100", @ANYRES32=0x0, @ANYBLOB="08001b0000000000"], 0x30}}, 0x0) 22:34:49 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x202202, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000300)={0x5, 0x0, {0x1, 0x2, 0x0, 0x0, 0x2}, 0x7}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r4 = dup(r3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000340)={0x1, &(0x7f00000002c0)=[{0x0}]}) ioctl$DRM_IOCTL_GET_CTX(0xffffffffffffffff, 0xc0086423, &(0x7f00000003c0)={r5, 0x1}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r4, 0xc010641d, &(0x7f0000000200)={r5, &(0x7f0000000440)=""/172}) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000080)={0x800, 0x0, 0x1, "c741ea8433e916818736647fbfadb4df177b8ab974079bd5e67842069d262c60", 0x30314247}) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:34:49 executing program 0: openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x200000, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:34:49 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ppp\x00', 0x420001, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) r1 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x1f1, 0xfffffffffffffffe) keyctl$update(0xb, r1, &(0x7f0000000000), 0x1c8b) r2 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x1f1, 0xfffffffffffffffe) keyctl$update(0xb, r2, &(0x7f0000000000), 0x1c8b) keyctl$negate(0xd, r1, 0x3cb, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) r5 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvme-fabrics\x00', 0x288680, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r7}}, 0x20}}, 0x0) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r9, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) setsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000040)={r9, 0x2, 0xe7b3, 0x88, 0x4, 0x5}, 0x14) bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0x1, 0x1}, 0x6) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) 22:34:49 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x208140, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)) get_mempolicy(&(0x7f0000000040), &(0x7f0000000080), 0x10000, &(0x7f0000ffb000/0x3000)=nil, 0x1) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x103141, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$TCSETS2(r3, 0x402c542b, &(0x7f0000000280)={0x4, 0xffff, 0x1, 0x0, 0x81, "33e26da3b69873ffe6530081a55905dcd88fac", 0x81, 0x7}) write$midi(r1, &(0x7f0000000180)="4ebd8b8d06608d9e53b00b5ab736ae21fd96febf0c9f41883dffa1712c703b392aac6fec75afe3bdac81331dac320627cc0673b4a5848e5946590b0aae9193e298a1786bf2e2be476552d5af7714c94126c0a0156276b06d2d265e5aec540d4b380baaa2b3521dfa374a303e2f314652b22046ed9a29a9600212bf27fb129071a7481dab28cfc0679b21a2c096f569b00f77ec2b07a7bb685ad42f99818ccd0646fa45761229f875246a24b0441e1e1577b295b725ddb8c21d753dddf99b7c52096b09c6e6a246c8b17c61983c2fc277c8575a0a6d40ca61d3f6", 0xda) 22:34:49 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r4, 0x0, r5}}, 0x76) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1038.570190] encrypted_key: insufficient parameters specified [ 1038.586453] encrypted_key: insufficient parameters specified [ 1038.661075] encrypted_key: insufficient parameters specified [ 1038.692122] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. 22:34:50 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="6c6f7565726469723d2e2f62e35d06000000fb3f3ef5b23ad25e75732c776f726b6469723d2e0300001665312c75700265720769723d2e2f66696c6520"]) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r1) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f00000002c0)="6c71f224ee60ce98ac88805394bf959690d5ae5dcd5af6cd1b11e5be33bf1686a7eb0c6b7c282e56fda146849d61f6097b7bef676294a56cd1e8", 0x3a) quotactl(0x10001, &(0x7f0000000080)='./file0/file0\x00', r1, &(0x7f0000000300)="e2f0149f471adb5c3f401be9444c1e6c99d0e4fc0754bf957b87425300f12985953bcd227323a45efa4b1c1edbd51ec2002587d40be2edb0ff2bac014ca077393b59c62df205eea6a809119c0dd52c9dd537f08bb67aea1fb8ae735115fb660c128edba78544b826e57c3bda2835cd8d6a39518c9f9b249a6a25ea5a2d4bc6974ce89fa2f2546060bc56efc96a2056865a72aa57d98ca4edc0680644a9e29d92d7a542f5ba54d12f56f6fda1a516cfc0e66618e6d9a1d1b96b3be7026fe693112de4ff4e9fc0ba7b12b672eca2b956be998b") rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1038.731257] encrypted_key: insufficient parameters specified [ 1038.751804] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1038.838477] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1038.878227] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1038.902053] CPU: 0 PID: 11653 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1038.910508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1038.920020] Call Trace: [ 1038.922673] dump_stack+0x1b2/0x283 [ 1038.926449] warn_alloc.cold+0x96/0x1af [ 1038.930671] ? zone_watermark_ok_safe+0x250/0x250 [ 1038.935626] ? wait_for_completion_io+0x10/0x10 [ 1038.940758] __alloc_pages_nodemask+0x2129/0x2730 [ 1038.946203] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1038.951611] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1038.957227] ? HARDIRQ_verbose+0x10/0x10 [ 1038.962699] ? do_raw_spin_unlock+0x164/0x250 [ 1038.967457] alloc_pages_current+0xe7/0x1e0 [ 1038.971875] kvm_mmu_create+0xd1/0x1c0 [ 1038.975786] kvm_arch_vcpu_init+0x282/0x890 [ 1038.980141] ? alloc_pages_current+0xef/0x1e0 [ 1038.984693] kvm_vcpu_init+0x26d/0x360 [ 1038.988603] vmx_create_vcpu+0xf5/0x2950 [ 1038.992671] ? __mutex_unlock_slowpath+0x75/0x780 [ 1038.997883] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1039.003313] ? alloc_loaded_vmcs+0x240/0x240 [ 1039.007902] kvm_vm_ioctl+0x4ae/0x1430 [ 1039.011829] ? __lock_acquire+0x655/0x42a0 [ 1039.016079] ? kvm_vcpu_release+0xa0/0xa0 [ 1039.020267] ? trace_hardirqs_on+0x10/0x10 [ 1039.024521] ? check_preemption_disabled+0x35/0x240 [ 1039.029610] ? trace_hardirqs_on+0x10/0x10 [ 1039.033854] ? check_preemption_disabled+0x35/0x240 [ 1039.039168] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1039.044248] ? HARDIRQ_verbose+0x10/0x10 [ 1039.048358] ? kvm_vcpu_release+0xa0/0xa0 [ 1039.052545] do_vfs_ioctl+0x75a/0xfe0 [ 1039.056796] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1039.063039] ? ioctl_preallocate+0x1a0/0x1a0 [ 1039.067478] ? security_file_ioctl+0x76/0xb0 [ 1039.071902] ? security_file_ioctl+0x83/0xb0 [ 1039.076680] SyS_ioctl+0x7f/0xb0 [ 1039.080078] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1039.084062] do_syscall_64+0x1d5/0x640 [ 1039.088041] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1039.093332] RIP: 0033:0x45ca69 22:34:50 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000170000142c00fe8000000010000000000000fe8000000000000000000000000000aa0097b900", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000010090780000"], 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000300)=r3, 0x4) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r4 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r5}}, 0x20}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0xb4, 0x0, 0x1, 0x301, 0x0, 0x0, {0x7, 0x0, 0x9}, [@CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xf, 0x1, 'sane-20000\x00'}}, @CTA_LABELS_MASK={0x24, 0x17, [0x4, 0x4, 0x7, 0x2, 0x8, 0x800, 0x10001, 0x0]}, @CTA_TUPLE_MASTER={0x18, 0xe, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x7}, @CTA_ID={0x8}, @CTA_SEQ_ADJ_ORIG={0xc, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x920d}]}, @CTA_SEQ_ADJ_ORIG={0x34, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x1130}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x9}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x2}]}]}, 0xb4}}, 0x51) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f00000001c0)={0x980000, 0xff, 0x1000, 0xffffffffffffffff, 0x0, &(0x7f0000000180)={0x990a70, 0x23, [], @p_u32=&(0x7f0000000140)=0x10000}}) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r6, 0x84, 0x65, &(0x7f0000000200)=[@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x38}}, @in6={0xa, 0x4e22, 0x3, @local, 0x320}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e22, 0x59, @private2, 0x6}, @in={0x2, 0x4e21, @loopback}, @in={0x2, 0x4e21, @local}], 0x78) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000080)={0x980000, 0x9e, 0x3ff, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x980922, 0x7ff, [], @string=&(0x7f0000000000)=0x2}}) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000100)={'veth0\x00', 0x800}) recvfrom$l2tp6(r7, &(0x7f00000000c0)=""/44, 0x2c, 0x41, 0x0, 0x0) 22:34:50 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) 22:34:50 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00'/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="08001b0000000000"], 0x30}}, 0x0) [ 1039.096796] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1039.104910] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1039.112956] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1039.120827] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1039.128322] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1039.136997] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1039.223661] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1039.265117] Cannot find add_set index 0 as target [ 1039.280458] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11691 comm=syz-executor.5 [ 1039.289702] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1039.334658] CPU: 0 PID: 11658 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 1039.342762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1039.352238] Call Trace: [ 1039.354849] dump_stack+0x1b2/0x283 [ 1039.358920] warn_alloc.cold+0x96/0x1af [ 1039.363021] ? zone_watermark_ok_safe+0x250/0x250 [ 1039.367917] ? wait_for_completion_io+0x10/0x10 [ 1039.372618] __alloc_pages_nodemask+0x2129/0x2730 [ 1039.377965] ? gfp_pfmemalloc_allowed+0x150/0x150 22:34:50 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x8) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) getsockopt$netlink(r0, 0x10e, 0x3, &(0x7f0000000440)=""/83, &(0x7f0000000200)=0x53) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) r3 = creat(&(0x7f0000000080)='./file2\x00', 0x10a) utimensat(r3, &(0x7f0000000180)='./bus\x00', 0xfffffffffffffffe, 0x100) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='lowerdir=./bus,woOkdir=./file1,upperdir=./file0']) r4 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) ioctl$GIO_SCRNMAP(r3, 0x4b40, &(0x7f0000000380)=""/77) r5 = dup(r4) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r5, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) write$snddsp(r5, &(0x7f0000000300)="fabea5854214b0448175e58d8476ee1fa3264866773dc3419048882a4676dc494bbb5266a5b51e2fa4651fd1872264fbc35d5a90fa00c972aee2906de0a18ecec65493ddd6f16e8292171fda75796295700b53537424033df8cdca9e6008f14a6be4bb23129df373c28d46a2ab9f4e84771c0439", 0x74) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1039.382833] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1039.387734] ? HARDIRQ_verbose+0x10/0x10 [ 1039.391818] ? do_raw_spin_unlock+0x164/0x250 [ 1039.396373] alloc_pages_current+0xe7/0x1e0 [ 1039.400847] kvm_mmu_create+0xd1/0x1c0 [ 1039.404761] kvm_arch_vcpu_init+0x282/0x890 [ 1039.409101] ? alloc_pages_current+0xef/0x1e0 [ 1039.413358] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1039.413640] kvm_vcpu_init+0x26d/0x360 [ 1039.426198] vmx_create_vcpu+0xf5/0x2950 [ 1039.430277] ? __mutex_unlock_slowpath+0x75/0x780 [ 1039.435135] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1039.440297] ? alloc_loaded_vmcs+0x240/0x240 [ 1039.444737] kvm_vm_ioctl+0x4ae/0x1430 [ 1039.448730] ? __lock_acquire+0x655/0x42a0 [ 1039.453070] ? kvm_vcpu_release+0xa0/0xa0 [ 1039.457248] ? trace_hardirqs_on+0x10/0x10 [ 1039.461506] ? check_preemption_disabled+0x35/0x240 [ 1039.466556] ? trace_hardirqs_on+0x10/0x10 [ 1039.470928] ? check_preemption_disabled+0x35/0x240 [ 1039.476402] ? perf_trace_lock_acquire+0x10d/0x4b0 [ 1039.481463] ? HARDIRQ_verbose+0x10/0x10 [ 1039.485753] ? kvm_vcpu_release+0xa0/0xa0 [ 1039.490430] do_vfs_ioctl+0x75a/0xfe0 [ 1039.494584] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1039.500270] ? ioctl_preallocate+0x1a0/0x1a0 [ 1039.504762] ? security_file_ioctl+0x76/0xb0 [ 1039.509363] ? security_file_ioctl+0x83/0xb0 [ 1039.511744] overlayfs: unrecognized mount option "woOkdir=./file1" or missing value [ 1039.513881] SyS_ioctl+0x7f/0xb0 [ 1039.513891] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1039.513908] do_syscall_64+0x1d5/0x640 [ 1039.513928] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1039.513942] RIP: 0033:0x45ca69 [ 1039.541546] RSP: 002b:00007f60e94a6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1039.549630] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1039.556999] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1039.565407] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1039.572851] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 22:34:50 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045613, &(0x7f0000000000)=0x7) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYRES32, @ANYRES32=0x0, @ANYRESHEX, @ANYRES32=0x0, @ANYRES16=r0], 0x30}, 0x1, 0x0, 0x0, 0x95}, 0x0) [ 1039.581911] R13: 000000000000039c R14: 00000000004c637a R15: 00007f60e94a76d4 [ 1039.597973] warn_alloc_show_mem: 1 callbacks suppressed [ 1039.597978] Mem-Info: [ 1039.607799] active_anon:434070 inactive_anon:11114 isolated_anon:0 [ 1039.607799] active_file:5268 inactive_file:30102 isolated_file:4 [ 1039.607799] unevictable:0 dirty:81 writeback:5 unstable:0 [ 1039.607799] slab_reclaimable:50826 slab_unreclaimable:392730 [ 1039.607799] mapped:63721 shmem:11300 pagetables:73752 bounce:0 [ 1039.607799] free:429880 free_pcp:416 free_cma:0 [ 1039.659807] Cannot find add_set index 0 as target 22:34:51 executing program 2: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x6}, 0x1, 0x0, 0x0, 0x20008015}, 0x4040) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000001d080)={&(0x7f0000000100)={0x1c, r3, 0x709, 0x0, 0x0, {}, [@NL80211_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) sendmsg$NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="00042abd8223fbdbdf250800000008000300", @ANYRES32=r6, @ANYBLOB="0c00990059000000000000000c009900040000000000000008000500000000000800010001000000"], 0x44}, 0x1, 0x0, 0x0, 0x8845}, 0x1) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r8, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={r8, @in6={{0xa, 0x4e23, 0x6, @private1, 0x3}}, 0x7fff, 0x6, 0x3, 0x7a, 0x8, 0x9716, 0x9}, &(0x7f00000000c0)=0x9c) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 1039.742477] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):16kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1039.777951] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1039.798189] Cannot find add_set index 0 as target [ 1039.825791] overlayfs: unrecognized mount option "woOkdir=./file1" or missing value 22:34:51 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCGFLAGS1(r2, 0x8004745a, &(0x7f0000000000)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) 22:34:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x65, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r4}}, 0x20}}, 0x0) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r6, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000000)={r6, 0x5}, &(0x7f0000000080)=0x8) r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r8, 0x4400ae8f, &(0x7f0000000580)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b75fb3488fd8015bba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377aba09e7b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d41f6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1039.880319] Node 1 active_anon:351676kB inactive_anon:27144kB active_file:21072kB inactive_file:120412kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37876kB dirty:368kB writeback:20kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1039.882776] Cannot find add_set index 0 as target [ 1039.971470] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1040.032942] Cannot find add_set index 0 as target [ 1040.099493] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1040.111019] Node 0 DMA32 free:27060kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:904kB local_pcp:500kB free_cma:0kB [ 1040.141417] Cannot find add_set index 0 as target [ 1040.184215] lowmem_reserve[]: 0 0 0 0 0 [ 1040.188639] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1040.229283] lowmem_reserve[]: 0 0 0 0 0 [ 1040.233524] Node 1 Normal free:1682672kB min:53592kB low:66988kB high:80384kB active_anon:351796kB inactive_anon:27144kB active_file:21072kB inactive_file:120416kB unevictable:0kB writepending:528kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:128832kB pagetables:239636kB bounce:0kB free_pcp:904kB local_pcp:236kB free_cma:0kB [ 1040.271647] lowmem_reserve[]: 0 0 0 0 0 [ 1040.275756] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1040.277104] syz-executor.0: [ 1040.320260] syz-executor.0: [ 1040.321189] page allocation failure: order:0 [ 1040.323370] Node 0 [ 1040.327356] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1040.347671] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1040.358045] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1040.367999] DMA32: 385*4kB (UME) 250*8kB (UME) 332*16kB (UME) 229*32kB (UM) 32*64kB (UM) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27060kB [ 1040.378585] CPU: 1 PID: 11742 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 1040.384775] syz-executor.0 cpuset= [ 1040.392266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1040.392271] Call Trace: [ 1040.392295] dump_stack+0x1b2/0x283 [ 1040.392311] warn_alloc.cold+0x96/0x1af [ 1040.392322] ? zone_watermark_ok_safe+0x250/0x250 [ 1040.392342] ? wait_for_completion_io+0x10/0x10 [ 1040.392366] __alloc_pages_nodemask+0x2129/0x2730 [ 1040.392401] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1040.392414] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1040.392442] ? HARDIRQ_verbose+0x10/0x10 [ 1040.392453] ? do_raw_spin_unlock+0x164/0x250 [ 1040.392469] alloc_pages_current+0xe7/0x1e0 [ 1040.392485] kvm_mmu_create+0xd1/0x1c0 [ 1040.392498] kvm_arch_vcpu_init+0x282/0x890 [ 1040.396469] / [ 1040.405422] ? alloc_pages_current+0xef/0x1e0 [ 1040.408488] Node 0 [ 1040.412534] kvm_vcpu_init+0x26d/0x360 [ 1040.412550] vmx_create_vcpu+0xf5/0x2950 [ 1040.412566] ? __mutex_unlock_slowpath+0x75/0x780 [ 1040.412576] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1040.412588] ? alloc_loaded_vmcs+0x240/0x240 [ 1040.412606] kvm_vm_ioctl+0x4ae/0x1430 [ 1040.417114] Normal: [ 1040.422368] ? __lock_acquire+0x655/0x42a0 [ 1040.422383] ? kvm_vcpu_release+0xa0/0xa0 [ 1040.422394] ? check_preemption_disabled+0x35/0x240 [ 1040.422406] ? perf_trace_lock+0x109/0x4b0 [ 1040.422419] ? check_preemption_disabled+0x35/0x240 [ 1040.422430] ? perf_trace_lock+0x109/0x4b0 [ 1040.422445] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1040.422456] ? HARDIRQ_verbose+0x10/0x10 [ 1040.422467] ? kvm_vcpu_release+0xa0/0xa0 [ 1040.422481] do_vfs_ioctl+0x75a/0xfe0 [ 1040.422495] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1040.422507] ? ioctl_preallocate+0x1a0/0x1a0 [ 1040.422532] ? security_file_ioctl+0x76/0xb0 [ 1040.422541] ? security_file_ioctl+0x83/0xb0 [ 1040.422553] SyS_ioctl+0x7f/0xb0 [ 1040.422565] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1040.428786] mems_allowed=0-1 [ 1040.432675] do_syscall_64+0x1d5/0x640 [ 1040.432696] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1040.438890] 0*4kB [ 1040.442601] RIP: 0033:0x45ca69 [ 1040.442608] RSP: 002b:00007f60e94a6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1040.442618] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1040.442623] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000009 [ 1040.442628] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1040.442633] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1040.442643] R13: 000000000000039c R14: 00000000004c637a R15: 00007f60e94a76d4 [ 1040.458879] 0*8kB [ 1040.575211] CPU: 1 PID: 11746 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 1040.577562] 0*16kB [ 1040.580177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1040.580181] Call Trace: [ 1040.580203] dump_stack+0x1b2/0x283 [ 1040.580219] warn_alloc.cold+0x96/0x1af [ 1040.580231] ? zone_watermark_ok_safe+0x250/0x250 [ 1040.580251] ? wait_for_completion_io+0x10/0x10 [ 1040.580268] __alloc_pages_nodemask+0x2129/0x2730 [ 1040.580297] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1040.580310] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1040.580344] ? HARDIRQ_verbose+0x10/0x10 [ 1040.580356] ? do_raw_spin_unlock+0x164/0x250 [ 1040.580371] alloc_pages_current+0xe7/0x1e0 [ 1040.580387] kvm_mmu_create+0xd1/0x1c0 [ 1040.580401] kvm_arch_vcpu_init+0x282/0x890 [ 1040.580410] ? alloc_pages_current+0xef/0x1e0 [ 1040.580425] kvm_vcpu_init+0x26d/0x360 [ 1040.580440] vmx_create_vcpu+0xf5/0x2950 [ 1040.580455] ? __mutex_unlock_slowpath+0x75/0x780 [ 1040.580464] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1040.580479] ? alloc_loaded_vmcs+0x240/0x240 [ 1040.580497] kvm_vm_ioctl+0x4ae/0x1430 [ 1040.580510] ? __lock_acquire+0x655/0x42a0 [ 1040.580522] ? kvm_vcpu_release+0xa0/0xa0 [ 1040.580533] ? check_preemption_disabled+0x35/0x240 [ 1040.580546] ? perf_trace_lock+0x109/0x4b0 [ 1040.580559] ? check_preemption_disabled+0x35/0x240 [ 1040.580573] ? perf_trace_lock+0x109/0x4b0 [ 1040.580588] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1040.580601] ? HARDIRQ_verbose+0x10/0x10 [ 1040.580612] ? kvm_vcpu_release+0xa0/0xa0 [ 1040.580625] do_vfs_ioctl+0x75a/0xfe0 [ 1040.580638] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1040.580668] ? ioctl_preallocate+0x1a0/0x1a0 [ 1040.580695] ? security_file_ioctl+0x76/0xb0 [ 1040.580706] ? security_file_ioctl+0x83/0xb0 [ 1040.580719] SyS_ioctl+0x7f/0xb0 [ 1040.580726] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1040.580740] do_syscall_64+0x1d5/0x640 [ 1040.584689] 0*32kB [ 1040.587874] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1040.592175] 0*64kB [ 1040.597367] RIP: 0033:0x45ca69 [ 1040.599639] 0*128kB [ 1040.602770] RSP: 002b:00007f60e9485c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1040.610780] 0*256kB [ 1040.617941] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1040.625294] 0*512kB [ 1040.632480] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1040.632486] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1040.632492] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1040.632497] R13: 000000000000039c R14: 00000000004c637a R15: 00007f60e94866d4 [ 1040.687253] warn_alloc_show_mem: 2 callbacks suppressed [ 1040.687257] Mem-Info: [ 1040.688426] 0*1024kB [ 1040.703816] active_anon:434051 inactive_anon:11114 isolated_anon:0 [ 1040.703816] active_file:5271 inactive_file:30105 isolated_file:1 [ 1040.703816] unevictable:0 dirty:132 writeback:0 unstable:0 [ 1040.703816] slab_reclaimable:50904 slab_unreclaimable:393070 [ 1040.703816] mapped:63730 shmem:11300 pagetables:73720 bounce:0 [ 1040.703816] free:429517 free_pcp:522 free_cma:0 [ 1040.710140] 0*2048kB [ 1040.720794] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:12kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):4kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1040.722795] 0*4096kB [ 1040.726776] Node 1 active_anon:351596kB inactive_anon:27144kB active_file:21072kB inactive_file:120416kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37808kB dirty:528kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1040.731559] = 0kB [ 1040.747230] Node 0 [ 1040.751193] Node 1 [ 1040.756231] DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1040.764760] Normal: [ 1040.774726] lowmem_reserve[]: [ 1040.808524] 67*4kB [ 1040.836889] 0 [ 1040.892717] (UME) [ 1040.895022] 2559 [ 1040.937184] 5*8kB [ 1040.965474] 2559 [ 1040.999214] (UM) [ 1041.027423] 2559 [ 1041.040632] 16*16kB [ 1041.062207] 2559 [ 1041.090014] Node 0 DMA32 free:27060kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:896kB local_pcp:400kB free_cma:0kB [ 1041.125650] lowmem_reserve[]: 0 0 0 0 0 [ 1041.126206] (UM) [ 1041.131298] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1041.136422] 4*32kB [ 1041.168507] lowmem_reserve[]: 0 0 0 0 0 [ 1041.176734] Node 1 Normal free:1679948kB min:53592kB low:66988kB high:80384kB active_anon:351548kB inactive_anon:27144kB active_file:21072kB inactive_file:120456kB unevictable:0kB writepending:576kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:128672kB pagetables:239652kB bounce:0kB free_pcp:1336kB local_pcp:648kB free_cma:0kB [ 1041.178190] (UME) [ 1041.209059] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1041.216462] lowmem_reserve[]: 0 0 0 0 0 [ 1041.224261] 3*64kB [ 1041.228783] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1041.228875] Node 0 [ 1041.231939] (U) [ 1041.251744] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1041.255414] DMA32: [ 1041.260969] CPU: 0 PID: 11762 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 1041.270457] 395*4kB [ 1041.271350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1041.271359] (UME) [ 1041.273765] Call Trace: [ 1041.273795] dump_stack+0x1b2/0x283 [ 1041.273813] warn_alloc.cold+0x96/0x1af [ 1041.283800] 259*8kB [ 1041.285796] ? zone_watermark_ok_safe+0x250/0x250 [ 1041.288493] (UME) [ 1041.292391] ? wait_for_completion_io+0x10/0x10 [ 1041.292411] __alloc_pages_nodemask+0x2129/0x2730 [ 1041.292443] ? perf_trace_run_bpf_submit+0x113/0x170 [ 1041.292454] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1041.292464] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1041.292489] ? check_preemption_disabled+0x35/0x240 [ 1041.306384] 375*16kB [ 1041.306531] alloc_pages_current+0xe7/0x1e0 [ 1041.311562] (UME) [ 1041.316419] kvm_mmu_create+0xd1/0x1c0 [ 1041.316435] kvm_arch_vcpu_init+0x282/0x890 [ 1041.321703] 230*32kB [ 1041.326902] ? alloc_pages_current+0xef/0x1e0 [ 1041.326921] kvm_vcpu_init+0x26d/0x360 [ 1041.326938] vmx_create_vcpu+0xf5/0x2950 [ 1041.337381] (UME) [ 1041.337785] ? __mutex_unlock_slowpath+0x75/0x780 [ 1041.342337] 33*64kB [ 1041.345129] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1041.345151] ? alloc_loaded_vmcs+0x240/0x240 [ 1041.345171] kvm_vm_ioctl+0x4ae/0x1430 [ 1041.347431] (UME) [ 1041.351215] ? kvm_vcpu_release+0xa0/0xa0 [ 1041.351231] ? perf_trace_run_bpf_submit+0x113/0x170 [ 1041.351244] ? check_preemption_disabled+0x35/0x240 [ 1041.351255] ? perf_trace_run_bpf_submit+0x113/0x170 [ 1041.351274] ? perf_trace_lock+0x2ef/0x4b0 [ 1041.351295] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1041.364554] 23*128kB [ 1041.366895] ? kvm_vcpu_release+0xa0/0xa0 [ 1041.366909] do_vfs_ioctl+0x75a/0xfe0 [ 1041.371175] (UME) [ 1041.373280] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1041.373299] ? ioctl_preallocate+0x1a0/0x1a0 [ 1041.378398] 7*256kB [ 1041.380628] ? security_file_ioctl+0x76/0xb0 [ 1041.380639] ? security_file_ioctl+0x83/0xb0 [ 1041.380650] SyS_ioctl+0x7f/0xb0 [ 1041.380660] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1041.380674] do_syscall_64+0x1d5/0x640 [ 1041.380693] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1041.380701] RIP: 0033:0x45ca69 [ 1041.380710] RSP: 002b:00007f60e9464c78 EFLAGS: 00000246 [ 1041.395184] (M) [ 1041.396738] ORIG_RAX: 0000000000000010 [ 1041.396744] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1041.396749] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 1041.396754] RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000 [ 1041.396760] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1041.396765] R13: 000000000000039c R14: 00000000004c637a R15: 00007f60e94656d4 [ 1041.399273] 8*128kB [ 1041.418795] 6*512kB [ 1041.421961] (UME) [ 1041.426602] (M) [ 1041.430314] 4*256kB [ 1041.443095] 1*1024kB [ 1041.447409] (UM) [ 1041.453674] (E) [ 1041.454519] 0*512kB [ 1041.458595] 0*2048kB [ 1041.463808] 1*1024kB [ 1041.474676] 0*4096kB [ 1041.480809] (U) [ 1041.485230] = 27956kB [ 1041.489592] 1*2048kB [ 1041.499434] Node 0 [ 1041.504442] (U) [ 1041.518006] Normal: [ 1041.519532] 409*4096kB [ 1041.527431] 0*4kB [ 1041.549623] (M) [ 1041.558353] 0*8kB [ 1041.561149] = 1681268kB [ 1041.566030] 0*16kB [ 1041.566381] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1041.570700] 0*32kB [ 1041.577193] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1041.588750] 0*64kB [ 1041.607404] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1041.619216] 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1041.625380] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1041.640102] Node 1 Normal: 119*4kB (UM) 31*8kB (UME) 7*16kB (UME) 7*32kB (UME) 1*64kB (E) 12*128kB (UME) 6*256kB (UM) 1*512kB (U) 0*1024kB 1*2048kB (U) 409*4096kB (M) = 1682020kB [ 1041.644123] 25549 total pagecache pages [ 1041.659001] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1041.672708] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1041.674385] 0 pages in swap cache [ 1041.682731] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1041.694225] Swap cache stats: add 0, delete 0, find 0/0 [ 1041.696091] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1041.704394] Free swap = 0kB [ 1041.712535] 25549 total pagecache pages [ 1041.720135] 0 pages in swap cache [ 1041.722583] Total swap = 0kB [ 1041.724440] Swap cache stats: add 0, delete 0, find 0/0 [ 1041.727281] 1965979 pages RAM [ 1041.735906] Free swap = 0kB [ 1041.742741] Total swap = 0kB 22:34:53 executing program 2: syz_extract_tcp_res$synack(&(0x7f0000000000)={0x41424344}, 0x1, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@empty, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001708", 0xfffffffffffffe2f, 0x2c, 0x1, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, r0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}}}}}}}, 0x0) 22:34:53 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) r0 = gettid() tkill(r0, 0x1004000000016) rt_sigqueueinfo(r0, 0x1d, &(0x7f0000000300)={0x36, 0x0, 0x8}) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:34:53 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="00000002000000d0cab67ccd", @ANYRES32=0x0, @ANYBLOB="08001b000000000054fea6b626444dfe18d8f3a6e71981576d4682589ec059668d562d22864ffc9cdf3471b4848a620cfb7e7ff4259e8c0c491128e23df8069949d5f188cc225f086cb37a8ce04eede1d9b59cca2d06b88afd9b7948b6260a8f"], 0x30}}, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x1, 0x22004) getpeername$ax25(r2, &(0x7f00000003c0)={{0x3, @rose}, [@rose, @null, @rose, @remote, @rose, @bcast, @default, @null]}, &(0x7f0000000440)=0x48) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[@ANYBLOB="200000001158cea7000d04c1967d7dd30bf30f1a4ed945e119fa76167bd7567f32087bf70ce1bfd49c1a35c9e1926a36d4f93dc9911b5c579e0325ce0000000000c147ccf8", @ANYRES32=r4, @ANYBLOB="00f6065b729c00000000000000c6fbdb22f0bfad189123c047f6be364d4fce26040fb74077abe8154334fd6288ab40acdc602b62eff9c4f8ded731cc9ca6163eee4e65230000000000"], 0x20}}, 0x0) getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x4) 22:34:53 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) syz_genetlink_get_family_id$team(&(0x7f0000000000)='team\x00') r1 = gettid() tkill(r1, 0x1004000000016) r2 = syz_open_procfs(r1, &(0x7f0000000080)='setgroups\x00') ioctl$ASHMEM_SET_PROT_MASK(r2, 0x40087705, &(0x7f0000000140)={0x8000, 0x2}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r6 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r7}}, 0x20}}, 0x0) sendmsg$TIPC_NL_MEDIA_GET(r5, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000040}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)={0x100, 0x0, 0x4, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x400}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5c0}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffffffff}]}, @TIPC_NLA_SOCK={0x6c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x17cf}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2ed3}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x218}, @TIPC_NLA_SOCK_CON={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3ff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1800000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffff8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}]}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6a9}]}, @TIPC_NLA_MEDIA={0x34, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x4}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x56}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}]}, 0x100}}, 0x80) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) 22:34:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KDGKBMODE(r3, 0x4b44, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:34:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1041.746417] 1965979 pages RAM [ 1041.746564] 0 pages HighMem/MovableOnly [ 1041.751971] 0 pages HighMem/MovableOnly [ 1041.753931] 338456 pages reserved [ 1041.760930] 338456 pages reserved [ 1041.766110] 0 pages cma reserved [ 1041.767761] 0 pages cma reserved 22:34:53 executing program 2: syz_extract_tcp_res(&(0x7f0000000100)={0x41424344, 0x41424344}, 0x1, 0x5) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @local, @remote, {[], {{0x0, 0x0, 0x41424344, r0, 0x0, 0x0, 0x5}}}}}}}, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000840)=ANY=[@ANYBLOB="2000000011000d04000000000000000010000000", @ANYRES32=r3, @ANYBLOB="0000000000000000dda8c5b09020583cc50781d1b6ae5eed64c48ba311abaae6cfa4d6f7f09bcb03e5ad6bc668f90fb0154091bd3cd2c0f9f694d093671ed8a0ff92a4cade7c1bf19068b34e36d1335cbc3867aeb6903c8b7bf549f29f5a88c3ad5fce396422d4f7709bf39d9031a3d5287fb7405abf849bdb68c4c6df6daa648dcb61759a3cd02e997ef15f65692783fc36aceaa18fb53a69c7329c5578e020bedf8f5f627191fa5116a7b55d454966181d5043ff15db65b4e7e62539fb756e8f560eb8458b22b0241901861f462b6b6b8043ca520188ade06fc3de88ce6611355c75d35e9a8f"], 0x20}}, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$sock_proto_private(r4, 0x89e9, &(0x7f0000000300)="3886592cdf76b0f535fdfed4ee69731497a78d325b83aea65d37af1d17b7340fed7cdbfa2ba4d89fd3541ddcbbcd06581f57ed44b1233fae9640f90fb8c44526cc6f30fb6ef8514e337b269005044bf2c7e7cb89d75540752a49811c16f008c4f1059b16332cbd77167fcb3db871c8bf91846570281c7eb90a174115b58826f56c2104f16376ef8305bdf0ee6482f390d6fdd285fa634ceb1e66471955db9190d8cc5653ab7283dfab8cb3c6043c74c39e72a1654ef08d51aa484262aa83a5708b") getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, &(0x7f0000000140), &(0x7f0000000040)=0x4) [ 1041.881971] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1041.925365] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=22545 sclass=netlink_route_socket pid=11807 comm=syz-executor.5 [ 1042.013949] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1042.025541] Cannot find add_set index 0 as target [ 1042.035296] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=22545 sclass=netlink_route_socket pid=11807 comm=syz-executor.5 22:34:53 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="3000000010000fc41141f0010800000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="08001b0000000000"], 0x30}}, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) getsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0xb) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x50400, 0x0) sendto$inet(r4, &(0x7f0000000300)="b59d94cb4a43a08f9089c6c7f9d137e077779b00c6cf08b663ffc41b68c6bd8a02484e106a8079842f578618cab8db34b27123a5b2f52ec2d57aabcb87f031b56b13aa91d88e2bd2928724c9b661ec7adfca4b8587a08c57f7f0c586d56a32f9aea67706f74b836f5710dbd0a3f5f28378c911ea1d3e54c0bffa39f92d3c5d50a63316f9f85203f5284e17e504d3efb82374", 0x92, 0x0, &(0x7f00000001c0)={0x2, 0x4e24, @remote}, 0x10) 22:34:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) statx(r2, &(0x7f0000000000)='./file0\x00', 0x6d870b462e7c4d08, 0x10, &(0x7f0000000040)) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1042.168005] Cannot find add_set index 0 as target [ 1042.247885] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1042.271514] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1042.284858] CPU: 0 PID: 11798 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1042.293041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1042.302962] Call Trace: [ 1042.305592] dump_stack+0x1b2/0x283 [ 1042.309323] warn_alloc.cold+0x96/0x1af [ 1042.313548] ? zone_watermark_ok_safe+0x250/0x250 [ 1042.318783] ? wait_for_completion_io+0x10/0x10 [ 1042.323855] __alloc_pages_nodemask+0x2129/0x2730 [ 1042.329274] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1042.334228] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1042.339131] ? HARDIRQ_verbose+0x10/0x10 [ 1042.343300] ? do_raw_spin_unlock+0x164/0x250 [ 1042.347818] alloc_pages_current+0xe7/0x1e0 [ 1042.352190] kvm_mmu_create+0xd1/0x1c0 [ 1042.356106] kvm_arch_vcpu_init+0x282/0x890 [ 1042.360455] ? alloc_pages_current+0xef/0x1e0 [ 1042.364986] kvm_vcpu_init+0x26d/0x360 [ 1042.368900] vmx_create_vcpu+0xf5/0x2950 [ 1042.372987] ? __mutex_unlock_slowpath+0x75/0x780 [ 1042.377851] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1042.382900] ? alloc_loaded_vmcs+0x240/0x240 [ 1042.388046] kvm_vm_ioctl+0x4ae/0x1430 [ 1042.391959] ? __lock_acquire+0x655/0x42a0 [ 1042.396337] ? kvm_vcpu_release+0xa0/0xa0 [ 1042.400514] ? check_preemption_disabled+0x35/0x240 [ 1042.405561] ? perf_trace_lock+0x109/0x4b0 [ 1042.409844] ? check_preemption_disabled+0x35/0x240 [ 1042.415144] ? perf_trace_lock+0x109/0x4b0 [ 1042.419402] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1042.424356] ? HARDIRQ_verbose+0x10/0x10 [ 1042.428511] ? kvm_vcpu_release+0xa0/0xa0 [ 1042.432676] do_vfs_ioctl+0x75a/0xfe0 [ 1042.436996] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1042.443182] ? ioctl_preallocate+0x1a0/0x1a0 [ 1042.448621] ? security_file_ioctl+0x76/0xb0 [ 1042.453843] ? security_file_ioctl+0x83/0xb0 [ 1042.458280] SyS_ioctl+0x7f/0xb0 [ 1042.461848] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1042.465928] do_syscall_64+0x1d5/0x640 [ 1042.469840] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1042.476187] RIP: 0033:0x45ca69 [ 1042.479382] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1042.487204] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 22:34:53 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) sendmsg$AUDIT_SET_FEATURE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x3fa, 0x511, 0x70bd26, 0x25dfdbfb, {0x1, 0x2, 0x0, 0x1}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x830) [ 1042.494664] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1042.505508] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1042.513063] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1042.521294] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1042.616758] warn_alloc_show_mem: 1 callbacks suppressed [ 1042.616762] Mem-Info: [ 1042.627121] active_anon:434117 inactive_anon:11114 isolated_anon:0 [ 1042.627121] active_file:5270 inactive_file:30123 isolated_file:2 [ 1042.627121] unevictable:0 dirty:178 writeback:0 unstable:0 [ 1042.627121] slab_reclaimable:50966 slab_unreclaimable:393340 [ 1042.627121] mapped:63785 shmem:11300 pagetables:73820 bounce:0 [ 1042.627121] free:429154 free_pcp:247 free_cma:0 22:34:54 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00') r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r7, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a80)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xf}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x4}}]}, 0x38}}, 0x0) sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x54, r2, 0x10, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r7}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x899}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000090) [ 1042.687380] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1018 sclass=netlink_route_socket pid=11830 comm=syz-executor.2 22:34:54 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000000)={0x17, 0x800, 0xffffffff, "809efa1f8bd7af66b6311e43643a1eb1d8076f151b352d"}) 22:34:54 executing program 0: socketpair(0x25, 0x6, 0x9, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f000001d080)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="090726bd7000000000000100000008000300", @ANYRES32=0x0, @ANYBLOB="29650fdfeeb2797a2a51cd385635f8bab7b337"], 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="04000000", @ANYRES16=r2, @ANYBLOB="00022abd7000fedbdf251a000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000005}, 0x2000c0a4) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) write$evdev(r3, &(0x7f00000002c0)=[{{0x77359400}, 0x0, 0x4, 0x9}, {{0x77359400}, 0x5, 0x1, 0x7fffffff}, {{r4, r5/1000+10000}, 0x15, 0x95, 0x9}, {{r6, r7/1000+10000}, 0x14, 0xfff9, 0x1000}, {{}, 0x16, 0xffc0, 0x1}], 0x78) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1042.753880] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1042.833417] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1042.833825] Node 1 active_anon:351960kB inactive_anon:27144kB active_file:21072kB inactive_file:120488kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:38028kB dirty:712kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1042.903385] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1042.917038] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1042.951245] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1042.964442] Node 0 DMA32 free:27932kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:120kB local_pcp:116kB free_cma:0kB [ 1043.014169] lowmem_reserve[]: 0 0 0 0 0 [ 1043.021229] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1043.064240] lowmem_reserve[]: 0 0 0 0 0 [ 1043.068380] Node 1 Normal free:1678784kB min:53592kB low:66988kB high:80384kB active_anon:352136kB inactive_anon:27144kB active_file:21080kB inactive_file:120508kB unevictable:0kB writepending:792kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:128896kB pagetables:240080kB bounce:0kB free_pcp:1060kB local_pcp:652kB free_cma:0kB [ 1043.104896] lowmem_reserve[]: 0 0 0 0 0 [ 1043.110106] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1043.126159] Node 0 DMA32: 384*4kB (ME) 250*8kB (ME) 373*16kB (UME) 230*32kB (UME) 33*64kB (UME) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27808kB [ 1043.145903] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1043.160641] Node 1 Normal: 13*4kB (UME) 94*8kB (UME) 73*16kB (UME) 56*32kB (U) 12*64kB (UE) 1*128kB (M) 3*256kB (UME) 2*512kB (ME) 2*1024kB (ME) 2*2048kB (ME) 407*4096kB (M) = 1679668kB [ 1043.183167] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1043.192708] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1043.203805] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1043.220617] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1043.240885] 25565 total pagecache pages [ 1043.251079] 0 pages in swap cache [ 1043.258421] Swap cache stats: add 0, delete 0, find 0/0 [ 1043.272693] Free swap = 0kB [ 1043.281063] Total swap = 0kB [ 1043.287966] 1965979 pages RAM [ 1043.296959] 0 pages HighMem/MovableOnly [ 1043.297472] syz-executor.0: [ 1043.307947] 338456 pages reserved [ 1043.308371] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1043.315943] 0 pages cma reserved [ 1043.333445] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1043.343481] CPU: 1 PID: 11853 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 1043.351583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1043.361042] Call Trace: [ 1043.363749] dump_stack+0x1b2/0x283 [ 1043.367749] warn_alloc.cold+0x96/0x1af [ 1043.371848] ? zone_watermark_ok_safe+0x250/0x250 [ 1043.376754] ? wait_for_completion_io+0x10/0x10 [ 1043.381817] __alloc_pages_nodemask+0x2129/0x2730 [ 1043.387031] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1043.392345] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1043.399068] ? HARDIRQ_verbose+0x10/0x10 [ 1043.403383] ? do_raw_spin_unlock+0x164/0x250 [ 1043.408179] alloc_pages_current+0xe7/0x1e0 [ 1043.412633] kvm_mmu_create+0xd1/0x1c0 [ 1043.416773] kvm_arch_vcpu_init+0x282/0x890 [ 1043.421152] ? alloc_pages_current+0xef/0x1e0 [ 1043.425773] kvm_vcpu_init+0x26d/0x360 [ 1043.429776] vmx_create_vcpu+0xf5/0x2950 [ 1043.433865] ? __mutex_unlock_slowpath+0x75/0x780 [ 1043.438753] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1043.443809] ? alloc_loaded_vmcs+0x240/0x240 [ 1043.448357] kvm_vm_ioctl+0x4ae/0x1430 [ 1043.452301] ? __lock_acquire+0x655/0x42a0 [ 1043.456555] ? kvm_vcpu_release+0xa0/0xa0 [ 1043.461160] ? check_preemption_disabled+0x35/0x240 [ 1043.466198] ? perf_trace_lock+0x109/0x4b0 [ 1043.470469] ? check_preemption_disabled+0x35/0x240 [ 1043.475522] ? perf_trace_lock+0x109/0x4b0 [ 1043.479905] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1043.484980] ? HARDIRQ_verbose+0x10/0x10 [ 1043.490537] ? kvm_vcpu_release+0xa0/0xa0 [ 1043.494742] do_vfs_ioctl+0x75a/0xfe0 [ 1043.498565] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1043.504727] ? ioctl_preallocate+0x1a0/0x1a0 [ 1043.509262] ? security_file_ioctl+0x76/0xb0 [ 1043.514121] ? security_file_ioctl+0x83/0xb0 [ 1043.518563] SyS_ioctl+0x7f/0xb0 [ 1043.521979] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1043.525984] do_syscall_64+0x1d5/0x640 [ 1043.530441] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1043.536072] RIP: 0033:0x45ca69 [ 1043.539356] RSP: 002b:00007f60e94a6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1043.547200] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1043.554505] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 1043.561879] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1043.569167] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1043.576457] R13: 000000000000039c R14: 00000000004c637a R15: 00007f60e94a76d4 22:34:56 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) accept4$alg(r0, 0x0, 0x0, 0x80800) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:34:56 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="300000001000010800000000006d388efc55d1f9999fad8a397aa000000080004518802300762978b897207261f981e70b945108ccf713433fe2283cca593197b966456adb31638a5b1cc6a321f23f2505dee77b9736f83e527fd1294a2ae9a2867506b4c39e185fa7cbe98b9b8c965c5ec4b220be77ba6c93b5ccc634106f88de983399ca6717ba37de873cb75bf5cc4959b30d3aa8970d31f5b8d12a8ff83e8c8bf3d09cff4c1b6674e3ad57ac1447b24b206b8f2a531e0d46b5dcefcbe90fdaae1ae7c479247a8d193f97084d745e850d1803b95119b6932b3706cc51ed8c5e60beda934c236469207836bf6e2cfa79b200fdb51c1881b3fb0f76c575d99c945a", @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="08001b0000000000"], 0x30}}, 0x0) 22:34:56 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setsig(r0, 0xa, 0x2f) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) 22:34:56 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:34:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x104000) ioctl$TIOCSTI(r2, 0x5412, 0x5) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1044.885789] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. 22:34:56 executing program 5: socket$nl_route(0x10, 0x3, 0x0) r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvme-fabrics\x00', 0x200, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x20080, 0x0) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000000c0)=0x2, 0x4) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x58800}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x40088c1}, 0x8010) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/vmstat\x00', 0x0, 0x0) [ 1045.024434] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1045.070175] overlayfs: invalid redirect () 22:34:56 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r2, 0xc01864b0, &(0x7f0000000000)={0x5, 0x4, 0x1, 0x800, 0x2}) 22:34:56 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) r0 = socket(0x9, 0xa, 0x2) getpeername$unix(r0, &(0x7f0000000300), &(0x7f0000000080)=0x6e) mkdir(&(0x7f00000002c0)='./bus\x00', 0x80) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$packet(0x11, 0x3, 0x300) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@setneightbl={0xfff8, 0x43, 0x100, 0x70bd29, 0x25dfdbfe, {0x2}, [@NDTA_PARMS={0x3c, 0x6, 0x0, 0x1, [@NDTPA_IFINDEX={0x8, 0x1, r2}, @NDTPA_MCAST_REPROBES={0x8, 0x11, 0x3}, @NDTPA_RETRANS_TIME={0xc, 0x5, 0x4}, @NDTPA_PROXY_QLEN={0x8, 0xe, 0x4}, @NDTPA_IFINDEX={0x8}, @NDTPA_BASE_REACHABLE_TIME={0xc, 0x4, 0x9}]}, @NDTA_NAME={0x1d, 0x1, 'trusted.overlay.redirect\x00'}, @NDTA_THRESH3={0x8, 0x4, 0x7}, @NDTA_THRESH3={0x8, 0x4, 0x4}, @NDTA_PARMS={0x1c, 0x6, 0x0, 0x1, [@NDTPA_BASE_REACHABLE_TIME={0xc, 0x4, 0x3}, @NDTPA_GC_STALETIME={0xc, 0x6, 0x8}]}, @NDTA_THRESH3={0x8, 0x4, 0x3}, @NDTA_THRESH3={0x8, 0x4, 0x3ff}]}, 0xac}}, 0x0) getsockopt$inet_mreqn(r1, 0x0, 0x0, &(0x7f0000000180)={@rand_addr, @multicast1}, &(0x7f0000000200)=0xc) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./dir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:34:56 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="48000000100005ec00"/20, @ANYRES32=r6, @ANYBLOB="00000000000000002800a6b4a9a9185af1d96112000900010076657468"], 0x48}}, 0x0) r7 = syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r7, 0x800, 0x70bd2c, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}}, 0x0) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r7, 0x8, 0x70bd2a, 0x25dfdbfb, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x24004880}, 0x4a0) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="2000000011000d04000000000000000010000000", @ANYRES32=r4, @ANYBLOB="0000ffffffffffff"], 0x20}}, 0x0) ioctl$sock_x25_SIOCDELRT(r5, 0x890c, &(0x7f0000000140)={@null=' \x00', 0x1, 'syzkaller1\x00'}) r8 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400201) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1045.274711] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1045.305622] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1045.323859] CPU: 0 PID: 11884 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1045.331782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1045.337763] syz-executor.0: [ 1045.341165] Call Trace: [ 1045.341187] dump_stack+0x1b2/0x283 [ 1045.341204] warn_alloc.cold+0x96/0x1af [ 1045.341216] ? zone_watermark_ok_safe+0x250/0x250 [ 1045.341239] ? wait_for_completion_io+0x10/0x10 [ 1045.341254] __alloc_pages_nodemask+0x2129/0x2730 [ 1045.341282] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1045.355546] page allocation failure: order:0 [ 1045.359294] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1045.359325] ? HARDIRQ_verbose+0x10/0x10 [ 1045.359338] ? do_raw_spin_unlock+0x164/0x250 [ 1045.359355] alloc_pages_current+0xe7/0x1e0 [ 1045.359372] kvm_mmu_create+0xd1/0x1c0 [ 1045.359388] kvm_arch_vcpu_init+0x282/0x890 [ 1045.374872] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1045.378894] ? alloc_pages_current+0xef/0x1e0 [ 1045.378918] kvm_vcpu_init+0x26d/0x360 [ 1045.378934] vmx_create_vcpu+0xf5/0x2950 [ 1045.378948] ? __mutex_unlock_slowpath+0x75/0x780 [ 1045.378958] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1045.378971] ? alloc_loaded_vmcs+0x240/0x240 [ 1045.388962] (null) [ 1045.393191] kvm_vm_ioctl+0x4ae/0x1430 [ 1045.393207] ? __lock_acquire+0x655/0x42a0 [ 1045.393219] ? kvm_vcpu_release+0xa0/0xa0 [ 1045.393231] ? check_preemption_disabled+0x35/0x240 [ 1045.393244] ? perf_trace_lock+0x109/0x4b0 [ 1045.406851] syz-executor.0 cpuset= [ 1045.411733] ? check_preemption_disabled+0x35/0x240 [ 1045.411749] ? perf_trace_lock+0x109/0x4b0 [ 1045.411764] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1045.411777] ? HARDIRQ_verbose+0x10/0x10 [ 1045.411790] ? kvm_vcpu_release+0xa0/0xa0 [ 1045.411803] do_vfs_ioctl+0x75a/0xfe0 [ 1045.411817] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1045.411828] ? ioctl_preallocate+0x1a0/0x1a0 [ 1045.411851] ? security_file_ioctl+0x76/0xb0 [ 1045.432042] / [ 1045.434390] ? security_file_ioctl+0x83/0xb0 [ 1045.449032] mems_allowed=0-1 [ 1045.449253] SyS_ioctl+0x7f/0xb0 [ 1045.519920] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1045.523920] do_syscall_64+0x1d5/0x640 [ 1045.527843] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1045.534174] RIP: 0033:0x45ca69 [ 1045.537573] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1045.545416] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1045.552711] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1045.560261] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1045.567553] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1045.575006] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1045.583213] CPU: 1 PID: 11882 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 1045.591476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1045.601155] Call Trace: [ 1045.603785] dump_stack+0x1b2/0x283 [ 1045.607443] warn_alloc.cold+0x96/0x1af [ 1045.611588] ? zone_watermark_ok_safe+0x250/0x250 [ 1045.616614] ? wait_for_completion_io+0x10/0x10 [ 1045.622161] __alloc_pages_nodemask+0x2129/0x2730 [ 1045.627477] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1045.632348] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1045.637242] ? HARDIRQ_verbose+0x10/0x10 [ 1045.641510] ? do_raw_spin_unlock+0x164/0x250 [ 1045.646068] alloc_pages_current+0xe7/0x1e0 [ 1045.650506] kvm_mmu_create+0xd1/0x1c0 [ 1045.654425] kvm_arch_vcpu_init+0x282/0x890 [ 1045.658848] ? alloc_pages_current+0xef/0x1e0 [ 1045.663367] kvm_vcpu_init+0x26d/0x360 [ 1045.667275] vmx_create_vcpu+0xf5/0x2950 [ 1045.671468] ? __mutex_unlock_slowpath+0x75/0x780 [ 1045.676330] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1045.681391] ? alloc_loaded_vmcs+0x240/0x240 [ 1045.685838] kvm_vm_ioctl+0x4ae/0x1430 [ 1045.689841] ? __lock_acquire+0x655/0x42a0 [ 1045.694099] ? kvm_vcpu_release+0xa0/0xa0 [ 1045.698366] ? check_preemption_disabled+0x35/0x240 [ 1045.703411] ? perf_trace_lock+0x109/0x4b0 [ 1045.708274] ? check_preemption_disabled+0x35/0x240 [ 1045.713698] ? perf_trace_lock+0x109/0x4b0 [ 1045.717968] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1045.723185] ? HARDIRQ_verbose+0x10/0x10 [ 1045.727373] ? kvm_vcpu_release+0xa0/0xa0 [ 1045.731547] do_vfs_ioctl+0x75a/0xfe0 [ 1045.735379] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1045.741083] ? ioctl_preallocate+0x1a0/0x1a0 [ 1045.745543] ? security_file_ioctl+0x76/0xb0 [ 1045.750025] ? security_file_ioctl+0x83/0xb0 [ 1045.754483] SyS_ioctl+0x7f/0xb0 [ 1045.758008] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1045.763088] do_syscall_64+0x1d5/0x640 [ 1045.767037] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1045.772258] RIP: 0033:0x45ca69 22:34:57 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000000)={0x3, [0x3, 0x6, 0x2]}, &(0x7f0000000040)=0xa) [ 1045.775688] RSP: 002b:00007f60e94a6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1045.783588] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1045.790953] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1045.798300] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1045.805692] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1045.813270] R13: 000000000000039c R14: 00000000004c637a R15: 00007f60e94a76d4 22:34:57 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000000)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000000000000000000000000200"/72], 0x48) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="0800c79aa3e21b00"], 0x30}}, 0x0) [ 1046.050413] Cannot find add_set index 0 as target 22:34:57 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r5 = dup(r4) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r5, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r6 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r7 = dup(r6) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r7, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000080)=0x1080007f) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) dup(r8) [ 1046.138613] overlayfs: option "workdir=./dir=./file0" is useless in a non-upper mount, ignore [ 1046.158202] warn_alloc_show_mem: 1 callbacks suppressed [ 1046.158207] Mem-Info: [ 1046.167583] active_anon:434233 inactive_anon:11114 isolated_anon:0 [ 1046.167583] active_file:5278 inactive_file:30141 isolated_file:0 [ 1046.167583] unevictable:0 dirty:31 writeback:17 unstable:0 22:34:57 executing program 5: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'batadv_slave_1\x00'}) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000002cdf1bc3bf4f0d6e010076657468"], 0x48}}, 0x0) r7 = syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r7, 0x800, 0x70b92c, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}}, 0x0) sendmsg$TIPC_CMD_GET_REMOTE_MNG(r4, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000300)={&(0x7f00000000c0)={0x1c, r7, 0x902, 0x70bd2a, 0x25dfdbfc, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000003}, 0x10068041) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="48000000100005072000000000000000000000001d62e8343b67b6faf89abb5e51cb5ed79933a5be84ebb790ba0a4bd72d784359e1d0a2fc9f04ab70490a4fcc91e5bd0309d17f4137859767a1fc7a01b2586e37c9e7c2a9781eb0ea4c6be4518109beedeb262460fafe2a70efb50688cf445f9058014418f1f0fbabe006a2b8bb9a412003aac513a85f77aebdcc3b3b2581dbbc7a994683eb8039517974477835ad8bd22ad3061a827402ebf30204132fdd9146242bc7e95042696171c51202f4bc", @ANYRES32=r8, @ANYBLOB="00006734f2b30a961ea42a1889112a4088f344786549978008da00000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3800004007000500"/18, @ANYRES32=r8, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a80)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xf}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="00001b000000000009002e2900f46afa00000800030000002000000000000000"], 0x48}}, 0x0) [ 1046.167583] slab_reclaimable:51119 slab_unreclaimable:393520 [ 1046.167583] mapped:63778 shmem:11300 pagetables:73892 bounce:0 [ 1046.167583] free:428465 free_pcp:306 free_cma:0 [ 1046.193648] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1046.260871] Cannot find add_set index 0 as target [ 1046.262337] overlayfs: option "workdir=./dir=./file0" is useless in a non-upper mount, ignore 22:34:57 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1046.305368] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1046.327899] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1046.375865] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1046.413971] Cannot find add_set index 0 as target [ 1046.459672] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1046.515159] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1046.527739] Node 1 active_anon:352724kB inactive_anon:27144kB active_file:21096kB inactive_file:120560kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:38900kB dirty:224kB writeback:68kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1046.586945] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1046.615818] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'. 22:34:58 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000001240)={@l2tp6={0xa, 0x0, 0x8001, @mcast1, 0x40000, 0x2}, {&(0x7f0000000240)=""/4096, 0x1000}, &(0x7f0000000000), 0x10}, 0xa0) [ 1046.675564] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1046.761724] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1046.776829] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1046.819884] Node 0 DMA32 free:27684kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:76kB local_pcp:48kB free_cma:0kB [ 1046.856050] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1046.872445] CPU: 1 PID: 11969 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1046.880464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1046.889840] Call Trace: [ 1046.892478] dump_stack+0x1b2/0x283 [ 1046.896136] warn_alloc.cold+0x96/0x1af [ 1046.900169] ? zone_watermark_ok_safe+0x250/0x250 [ 1046.905129] ? wait_for_completion_io+0x10/0x10 [ 1046.909922] __alloc_pages_nodemask+0x2129/0x2730 [ 1046.914809] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1046.919897] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1046.924894] ? HARDIRQ_verbose+0x10/0x10 [ 1046.928977] ? do_raw_spin_unlock+0x164/0x250 [ 1046.933838] alloc_pages_current+0xe7/0x1e0 [ 1046.938215] kvm_mmu_create+0xd1/0x1c0 [ 1046.942300] kvm_arch_vcpu_init+0x282/0x890 [ 1046.946651] ? alloc_pages_current+0xef/0x1e0 [ 1046.951704] kvm_vcpu_init+0x26d/0x360 [ 1046.955933] vmx_create_vcpu+0xf5/0x2950 [ 1046.960237] ? __mutex_unlock_slowpath+0x75/0x780 [ 1046.965119] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1046.970292] ? alloc_loaded_vmcs+0x240/0x240 [ 1046.974819] kvm_vm_ioctl+0x4ae/0x1430 [ 1046.978741] ? __lock_acquire+0x655/0x42a0 [ 1046.983175] ? kvm_vcpu_release+0xa0/0xa0 [ 1046.988122] ? check_preemption_disabled+0x35/0x240 [ 1046.993528] ? perf_trace_lock+0x109/0x4b0 [ 1046.997829] ? check_preemption_disabled+0x35/0x240 [ 1047.003514] ? perf_trace_lock+0x109/0x4b0 [ 1047.007891] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1047.012873] ? HARDIRQ_verbose+0x10/0x10 [ 1047.016973] ? kvm_vcpu_release+0xa0/0xa0 [ 1047.021512] do_vfs_ioctl+0x75a/0xfe0 [ 1047.025353] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1047.031652] ? ioctl_preallocate+0x1a0/0x1a0 [ 1047.036377] ? security_file_ioctl+0x76/0xb0 [ 1047.041052] ? security_file_ioctl+0x83/0xb0 [ 1047.045507] SyS_ioctl+0x7f/0xb0 [ 1047.049053] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1047.053222] do_syscall_64+0x1d5/0x640 [ 1047.057162] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1047.062453] RIP: 0033:0x45ca69 [ 1047.066021] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1047.074207] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1047.081930] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1047.090087] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1047.097658] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1047.104951] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1047.115883] lowmem_reserve[]: 0 0 0 0 0 [ 1047.121146] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1047.148842] lowmem_reserve[]: 0 0 0 0 0 [ 1047.153936] Node 1 Normal free:1672652kB min:53592kB low:66988kB high:80384kB active_anon:352408kB inactive_anon:27144kB active_file:21096kB inactive_file:120520kB unevictable:0kB writepending:364kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:129088kB pagetables:240240kB bounce:0kB free_pcp:1276kB local_pcp:716kB free_cma:0kB [ 1047.187173] lowmem_reserve[]: 0 0 0 0 0 [ 1047.193081] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB 22:34:58 executing program 5: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="2000000011000d04000000000000000010000000", @ANYRES32=r2, @ANYBLOB="eeffffffdf000000"], 0x20}}, 0x0) r3 = accept4$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000040)=0x14, 0x800) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r3, 0x800c6613, &(0x7f0000000080)=@v2={0x2, @aes128, 0x3, [], "600c383edf9fbbb761902c91b2758a48"}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="30ffffffff000000d318433b", @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="08001b0000000023ecfe7efd4f28a3c9280732d867b786beb54486c0cf7c836d050137729d2cebb658f976896fe87c5e30d46f9c3ad74dcab438423462b3704f0f814207e463182037ae475bfd0658bd186f1ac51338b641775a6726963fddb8a2fca99aa283d0dffce55a3c015c82d15986fb98030976e565acb0d8771c8420d5dff514b14bfadebdb6dadf07021e2e35b81028f8b668206064b41bdeeb1b8361dd6630e8"], 0x30}}, 0x0) [ 1047.210821] Node 0 DMA32: 385*4kB (UME) 250*8kB (ME) 364*16kB (UME) 230*32kB (UME) 33*64kB (UME) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27668kB [ 1047.231147] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1047.246013] Node 1 Normal: 49*4kB (UME) 66*8kB (UM) 6*16kB (UME) 15*32kB (UME) 1*64kB (U) 18*128kB (UME) 3*256kB (U) 1*512kB (U) 3*1024kB (UME) 3*2048kB (UME) 405*4096kB (M) = 1673044kB [ 1047.270134] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1047.280473] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1047.292385] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1047.304214] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1047.315917] 25584 total pagecache pages [ 1047.321727] 0 pages in swap cache [ 1047.326439] Swap cache stats: add 0, delete 0, find 0/0 [ 1047.335705] Free swap = 0kB [ 1047.342498] Total swap = 0kB [ 1047.348074] 1965979 pages RAM [ 1047.351788] 0 pages HighMem/MovableOnly [ 1047.356669] 338456 pages reserved [ 1047.363571] 0 pages cma reserved [ 1047.378965] warn_alloc_show_mem: 1 callbacks suppressed [ 1047.378970] Mem-Info: [ 1047.401170] active_anon:434229 inactive_anon:11114 isolated_anon:0 [ 1047.401170] active_file:5279 inactive_file:30130 isolated_file:0 [ 1047.401170] unevictable:0 dirty:91 writeback:0 unstable:0 [ 1047.401170] slab_reclaimable:51186 slab_unreclaimable:393214 [ 1047.401170] mapped:63779 shmem:11300 pagetables:73871 bounce:0 [ 1047.401170] free:427962 free_pcp:314 free_cma:0 [ 1047.465344] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1047.494402] Node 1 active_anon:352308kB inactive_anon:27144kB active_file:21096kB inactive_file:120520kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:38104kB dirty:364kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 22:34:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x1f1, 0xfffffffffffffffe) keyctl$update(0xb, r2, &(0x7f0000000000), 0x1c8b) r3 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x1f1, 0xfffffffffffffffe) keyctl$update(0xb, r3, &(0x7f0000000000), 0x1c8b) keyctl$unlink(0x9, r2, r3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1047.527573] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1047.556732] lowmem_reserve[]: 0 2559 2559 2559 2559 22:34:58 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)={0x7, 0x4, 0x8, 0xf1a}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x28, &(0x7f0000000240)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000001280)={r1}, 0xc) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000080)={0x4, r1}, 0x8) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:34:58 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) timerfd_gettime(r2, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) [ 1047.564452] Node 0 DMA32 free:27668kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:56kB local_pcp:44kB free_cma:0kB [ 1047.601683] lowmem_reserve[]: 0 0 0 0 0 [ 1047.606099] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1047.657923] encrypted_key: insufficient parameters specified [ 1047.666636] encrypted_key: insufficient parameters specified [ 1047.719602] encrypted_key: insufficient parameters specified [ 1047.728221] encrypted_key: insufficient parameters specified [ 1047.765390] lowmem_reserve[]: 0 0 0 0 0 [ 1047.786353] Node 1 Normal free:1674184kB min:53592kB low:66988kB high:80384kB active_anon:352708kB inactive_anon:27144kB active_file:21096kB inactive_file:120520kB unevictable:0kB writepending:364kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:129184kB pagetables:240684kB bounce:0kB free_pcp:396kB local_pcp:228kB free_cma:0kB [ 1047.838571] overlayfs: invalid redirect () 22:34:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000080)=0x2) r3 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r4 = dup(r3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$PPPIOCSACTIVE(r4, 0x40107446, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x5, 0x7f, 0x5, 0x1}, {0x2, 0x6, 0x8, 0xd1d0}, {0x800, 0x0, 0xf9, 0x8001}, {0x6, 0x8, 0x7, 0x7}]}) [ 1047.860575] lowmem_reserve[]: 0 0 0 0 0 [ 1047.865963] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1047.891954] Node 0 DMA32: 385*4kB (UME) 251*8kB (UME) 363*16kB (UME) 230*32kB (UME) 33*64kB (UME) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27660kB [ 1047.931382] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 22:34:59 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="2000000011000d04000000000000000010000000dd19178394c5fc556aee6836d82011dcb8b342bd1ca023f670947f611c98582ca64d5e8cbf54f64898a470f3e06f2b0cc9e1b2760efdb1473e633064b651502de1e860b993de9b48fe6f1cc08d2095ce3e14a5d58abe1a4a15795f7cfc9591b59beafe98ff2f8e225a580d4a4d5b0a7706777bd8ed9d194425558ccab232d6f828fba26d9b084f336fa58bf411ea4d4193727059471d5cb1a2c8", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080), 0x4) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:34:59 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = gettid() tkill(r1, 0x1004000000016) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(0xffffffffffffffff, 0xc1105511, &(0x7f0000000240)={{0x8, 0x0, 0x5, 0x6, '\x00', 0x3ff}, 0x0, 0x200, 0x5, r1, 0x8, 0xffff, 'syz0\x00', &(0x7f0000000000)=['-@)\x00', '%+\xc1-/\x00', '\\!&}\x00', '\x00', '%.#\x00', '*\xca\x00', ']].~\xab#.:})&$--*\x00', '\x00'], 0x28, [], [0x40, 0x7f, 0x3, 0x1ff]}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="38000000240007050000004007a2a300050000003c463482803f02174c66c61b1a2992a149ad283c998371f8d3898aa3aa2fd5e6a18d392b8b4d14f4fdf14bf6970c1877a2474fc7215905d82b10795a84c4ec73487072d9eebb6d773426be2c82a271745bf0adbf2937308eb22ae213add2b1c4081202fedb38659f15ea103cdd96948c67f5f3dcb630524ff4356057507ea48263", @ANYRES32=r6, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a80)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {}, {0xf}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x4}}]}, 0x38}}, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r8}}, 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@bridge_newneigh={0x58, 0x1c, 0x300, 0x70bd29, 0x25dfdbfe, {0x1c, 0x0, 0x0, r6, 0x10, 0x9c, 0xa}, [@NDA_IFINDEX={0x8, 0x8, r8}, @NDA_LINK_NETNSID={0x8, 0xa, 0x40}, @NDA_PORT={0x6, 0x6, 0x4e21}, @NDA_LINK_NETNSID={0x8, 0xa, 0xae19}, @NDA_IFINDEX, @NDA_CACHEINFO={0x14, 0x3, {0x400, 0x0, 0x5, 0xbfffffff}}]}, 0x58}}, 0x0) [ 1047.998412] Node 1 Normal: 4*4kB (UME) 8*8kB (M) 22*16kB (UM) 5*32kB (UME) 1*64kB (E) 14*128kB (UME) 5*256kB (UE) 4*512kB (UE) 2*1024kB (UM) 3*2048kB (UME) 405*4096kB (M) = 1672848kB [ 1048.085943] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1048.111852] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1048.131698] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1048.157691] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1048.221369] overlayfs: invalid redirect () [ 1048.234662] 25595 total pagecache pages [ 1048.260147] 0 pages in swap cache [ 1048.280779] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1048.297849] Swap cache stats: add 0, delete 0, find 0/0 [ 1048.323620] overlayfs: invalid redirect () [ 1048.331903] Free swap = 0kB [ 1048.346402] Total swap = 0kB [ 1048.356582] 1965979 pages RAM [ 1048.372707] 0 pages HighMem/MovableOnly [ 1048.387419] 338456 pages reserved [ 1048.393330] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1048.418360] 0 pages cma reserved [ 1048.439410] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1048.456443] CPU: 1 PID: 12023 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 1048.465690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1048.476797] Call Trace: [ 1048.479420] dump_stack+0x1b2/0x283 [ 1048.483495] warn_alloc.cold+0x96/0x1af [ 1048.487500] ? zone_watermark_ok_safe+0x250/0x250 [ 1048.492380] ? wait_for_completion_io+0x10/0x10 [ 1048.497084] __alloc_pages_nodemask+0x2129/0x2730 [ 1048.501980] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1048.507466] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1048.512677] ? HARDIRQ_verbose+0x10/0x10 [ 1048.516919] ? do_raw_spin_unlock+0x164/0x250 [ 1048.521704] alloc_pages_current+0xe7/0x1e0 [ 1048.526424] kvm_mmu_create+0xd1/0x1c0 [ 1048.530351] kvm_arch_vcpu_init+0x282/0x890 [ 1048.534745] ? alloc_pages_current+0xef/0x1e0 [ 1048.539270] kvm_vcpu_init+0x26d/0x360 [ 1048.543191] vmx_create_vcpu+0xf5/0x2950 [ 1048.547282] ? __mutex_unlock_slowpath+0x75/0x780 [ 1048.552348] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1048.557420] ? alloc_loaded_vmcs+0x240/0x240 [ 1048.562310] kvm_vm_ioctl+0x4ae/0x1430 [ 1048.566576] ? __lock_acquire+0x655/0x42a0 [ 1048.571812] ? kvm_vcpu_release+0xa0/0xa0 [ 1048.576158] ? check_preemption_disabled+0x35/0x240 [ 1048.581210] ? perf_trace_lock+0x109/0x4b0 [ 1048.585473] ? check_preemption_disabled+0x35/0x240 [ 1048.591055] ? perf_trace_lock+0x109/0x4b0 [ 1048.595324] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1048.600715] ? HARDIRQ_verbose+0x10/0x10 [ 1048.604799] ? kvm_vcpu_release+0xa0/0xa0 [ 1048.608965] do_vfs_ioctl+0x75a/0xfe0 [ 1048.612820] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1048.618587] ? ioctl_preallocate+0x1a0/0x1a0 [ 1048.623061] ? security_file_ioctl+0x76/0xb0 [ 1048.627505] ? security_file_ioctl+0x83/0xb0 [ 1048.631943] SyS_ioctl+0x7f/0xb0 [ 1048.635327] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1048.639323] do_syscall_64+0x1d5/0x640 [ 1048.643508] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1048.648722] RIP: 0033:0x45ca69 [ 1048.651922] RSP: 002b:00007f60e94a6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1048.659734] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1048.667079] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1048.674894] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1048.682179] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 22:35:00 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140), 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:35:00 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x410000, 0x0) execveat(r1, &(0x7f00000003c0)='./bus/file0\x00', &(0x7f0000000300)=[&(0x7f0000000200)='&\'@#$-\x00'], &(0x7f0000000380), 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$KDGKBENT(r3, 0x4b46, &(0x7f0000000240)={0x1f, 0x80, 0x81}) r4 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$USBDEVFS_GET_SPEED(r4, 0x551f) mkdir(&(0x7f0000000180)='./file0/file0\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f00000002c0)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x68, &(0x7f0000000400)=ANY=[@ANYRESOCT]) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1048.689463] R13: 000000000000039c R14: 00000000004c637a R15: 00007f60e94a76d4 [ 1048.813313] Mem-Info: [ 1048.824466] active_anon:434389 inactive_anon:11114 isolated_anon:0 [ 1048.824466] active_file:5279 inactive_file:30146 isolated_file:2 [ 1048.824466] unevictable:0 dirty:32 writeback:6 unstable:0 [ 1048.824466] slab_reclaimable:51271 slab_unreclaimable:393706 [ 1048.824466] mapped:63788 shmem:11300 pagetables:74028 bounce:0 [ 1048.824466] free:426946 free_pcp:218 free_cma:0 22:35:00 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x298, 0x0, 0xffffff80, 0x178, 0xe8, 0x178, 0x1c8, 0x258, 0x258, 0x1c8, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @rand_addr=0x64010101}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0xffffffffffffffd3) flock(r0, 0x6) mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./bus\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$FBIOGETCMAP(r2, 0x4604, &(0x7f0000000340)={0xf40, 0x4, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0], &(0x7f0000000300)=[0x0, 0x0]}) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f0000000380)='./file1\x00') [ 1049.007287] overlayfs: failed to resolve './file0': -2 [ 1049.029178] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 22:35:00 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x9, 0x3, 0x2d0, 0xf0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x200, 0xffffffff, 0xffffffff, 0x200, 0xffffffff, 0x3, &(0x7f0000000080), {[{{@uncond, 0x0, 0xd0, 0xf0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}, {{@uncond, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}, {0x8}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x1, 0x2e, "b99a2a3809b3caf99849fbd3147fbbe62ba3f376c4630f5f28cb4318e52d"}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x330) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={&(0x7f0000000180)='./file1\x00'}, 0x10) 22:35:00 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140), 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1049.175510] Node 1 active_anon:353064kB inactive_anon:27144kB active_file:21108kB inactive_file:120628kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:38076kB dirty:248kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1049.248634] Cannot find add_set index 0 as target [ 1049.297198] xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables [ 1049.306968] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1049.349155] x_tables: ip6_tables: rpfilter match: used from hooks PREROUTING/OUTPUT, but only valid from PREROUTING [ 1049.436218] Cannot find add_set index 0 as target [ 1049.461773] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1049.466461] x_tables: ip6_tables: rpfilter match: used from hooks PREROUTING/OUTPUT, but only valid from PREROUTING [ 1049.518001] Node 0 DMA32 free:27380kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:16kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:180kB local_pcp:108kB free_cma:0kB [ 1049.549464] overlayfs: invalid redirect () [ 1049.635993] lowmem_reserve[]: 0 0 0 0 0 [ 1049.641469] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1049.672276] lowmem_reserve[]: 0 0 0 0 0 22:35:01 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) socketpair(0x1d, 0xa, 0x4, &(0x7f0000000080)={0xffffffffffffffff}) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001240)='TIPCv2\x00') sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b0000000", @ANYRES16=r1, @ANYBLOB="000427bd7000fedbdf250f0000000c000280080002000100acae544781115d350200040002000400020008000100ffff000004000200080001000400000004000200080001000100000008000100030000002400038008000300fa9a0000080001000800000008000100050000000800030000000000340004801400078008000400fb09000008000200090000001c0007800800020001040000080001001d0000000800010017000000"], 0xb0}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000200)={&(0x7f0000000440)={0x110, r1, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x50, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xeb5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x51}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xcc}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_SOCK={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8000}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffff09aa}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x794}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7ff}]}, @TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1049.694404] Node 1 Normal free:1669472kB min:53592kB low:66988kB high:80384kB active_anon:353164kB inactive_anon:27144kB active_file:21108kB inactive_file:120628kB unevictable:0kB writepending:248kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:129504kB pagetables:241020kB bounce:0kB free_pcp:1164kB local_pcp:480kB free_cma:0kB [ 1049.735541] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1049.774370] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1049.790652] CPU: 0 PID: 12064 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1049.795532] lowmem_reserve[]: [ 1049.798596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1049.798602] Call Trace: [ 1049.798625] dump_stack+0x1b2/0x283 [ 1049.798642] warn_alloc.cold+0x96/0x1af [ 1049.798654] ? zone_watermark_ok_safe+0x250/0x250 [ 1049.798674] ? wait_for_completion_io+0x10/0x10 [ 1049.798690] __alloc_pages_nodemask+0x2129/0x2730 [ 1049.798723] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1049.798736] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1049.798763] ? HARDIRQ_verbose+0x10/0x10 [ 1049.798776] ? do_raw_spin_unlock+0x164/0x250 [ 1049.798794] alloc_pages_current+0xe7/0x1e0 [ 1049.798811] kvm_mmu_create+0xd1/0x1c0 [ 1049.798827] kvm_arch_vcpu_init+0x282/0x890 [ 1049.798837] ? alloc_pages_current+0xef/0x1e0 [ 1049.798852] kvm_vcpu_init+0x26d/0x360 [ 1049.798868] vmx_create_vcpu+0xf5/0x2950 [ 1049.798883] ? __mutex_unlock_slowpath+0x75/0x780 [ 1049.803814] 0 [ 1049.811544] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1049.811563] ? alloc_loaded_vmcs+0x240/0x240 [ 1049.811582] kvm_vm_ioctl+0x4ae/0x1430 [ 1049.811595] ? __lock_acquire+0x655/0x42a0 [ 1049.811605] ? kvm_vcpu_release+0xa0/0xa0 [ 1049.811615] ? check_preemption_disabled+0x35/0x240 [ 1049.811627] ? perf_trace_lock+0x109/0x4b0 [ 1049.811639] ? check_preemption_disabled+0x35/0x240 [ 1049.830992] 0 [ 1049.831450] ? perf_trace_lock+0x109/0x4b0 [ 1049.831466] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1049.831493] ? HARDIRQ_verbose+0x10/0x10 [ 1049.848122] 0 [ 1049.850086] ? kvm_vcpu_release+0xa0/0xa0 [ 1049.850099] do_vfs_ioctl+0x75a/0xfe0 [ 1049.850115] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1049.850129] ? ioctl_preallocate+0x1a0/0x1a0 [ 1049.850156] ? security_file_ioctl+0x76/0xb0 [ 1049.850168] ? security_file_ioctl+0x83/0xb0 [ 1049.865016] 0 [ 1049.868289] SyS_ioctl+0x7f/0xb0 [ 1049.868301] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1049.868318] do_syscall_64+0x1d5/0x640 [ 1049.868337] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1049.868347] RIP: 0033:0x45ca69 [ 1049.868355] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 [ 1049.886649] 0 [ 1049.886704] ORIG_RAX: 0000000000000010 [ 1049.898188] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1049.898194] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1049.898200] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1049.898206] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1049.898213] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1049.977103] can: request_module (can-proto-4) failed. [ 1049.991295] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1050.096906] Node 0 DMA32: 385*4kB (UME) 251*8kB (UME) 345*16kB (UME) 230*32kB (UME) 33*64kB (UME) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27372kB [ 1050.119532] overlayfs: invalid redirect () [ 1050.119877] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1050.126636] can: request_module (can-proto-4) failed. 22:35:01 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) open$dir(&(0x7f0000000080)='./file0/file0\x00', 0x402, 0x188) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1050.182172] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1050.205330] Node 1 Normal: 27*4kB (UME) 116*8kB (UME) 35*16kB (UME) 8*32kB (UM) 2*64kB (UE) 13*128kB (UM) 3*256kB (UM) 2*512kB (UE) 0*1024kB 3*2048kB (UME) 405*4096kB (M) = 1670460kB [ 1050.286148] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1050.296623] Mem-Info: [ 1050.309028] active_anon:434480 inactive_anon:11114 isolated_anon:0 [ 1050.309028] active_file:5284 inactive_file:30160 isolated_file:0 [ 1050.309028] unevictable:0 dirty:19 writeback:0 unstable:0 [ 1050.309028] slab_reclaimable:51356 slab_unreclaimable:393729 [ 1050.309028] mapped:63826 shmem:11300 pagetables:74087 bounce:0 [ 1050.309028] free:426733 free_pcp:226 free_cma:0 [ 1050.320765] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1050.412048] overlayfs: invalid redirect () [ 1050.436255] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1050.450850] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 22:35:01 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') syz_mount_image$afs(&(0x7f0000000080)='afs\x00', &(0x7f0000000180)='./bus\x00', 0xb13, 0x9, &(0x7f0000001700)=[{&(0x7f0000000300)="e52d47ad3d27f249c61d02348a292dcb7d4b38db4f26bcd2975cad477d81d532d281b8095920d5547a55ffc84b8ce613a5c5e002280e97f42cb1430fd8ee95c89cd9548dfebf75df9758c17c3eb715b9977fa1a1959d57c4b710ae69144a8ed37e3d7419142ae6", 0x67, 0x3d1f}, {&(0x7f0000000200)="54045f", 0x3, 0x81}, {&(0x7f0000000380)="fb91ecf9dec0ced8d4d29b6b6c66bd914dd5162c7b86088509ded867f0cb3a95845aff4340a06793f5288901917cfe6cdcd297b3605fddf1b25ff634e81a6be5", 0x40, 0x71a}, {&(0x7f0000000440)="0b4f13c521ac844a6d5f6200c4143b80b1bfd669010d09f3ffdca477f63d8c83beca1dee1662657b27ea5a750b9add7c9cbefa791f7c4bc3ee9736023f0569a088b4d260678548944291f81bddd5b1b80051c8393fdc2fa9a827a9e7cc76eeed8393d9926530a30e80aa0722f0c9aed77d5204cedcdd31ef6640620ed9134234f2ed9f5ca343377c5e42a07743204b84fb58dde5208d32a88d555359bceaafcf773c7d202f2f4596d47fd2dd36ce43c23f6da5156802425e71", 0xb9}, {&(0x7f0000000500)="470dcbd74d64f8a2022a2bd6a056bdd03e6b88642d4c736ef8a6bc61b1bee78f63317acc962a4d379d78ad6e96d8d0b2210c6f29749afd94964945da6a619b91170adc72d3d335c1c78f3bb49d510664325c344f05834ac4f9a18cf74e36ce9c4594c09764cdc5c897086c5cfc2227b85be004f8f1adf2b8287f4c626941adb8ff695fa83b38e06951ab44d1b32a8acf7d3e3b9b032596ae747f81c69588ee816e53841870c91beb224398bf55a20598237abea4b4db4029e15f6f504a1d6c57957a26ecb7eb70107a8fcb77a82e3b79fcb1e763c6bcab1caaa6f0dd9f356911a2fd8c680e4e58aff3c631a37f79bd462c2483faa1046217178c892bfd0b", 0xfe}, {&(0x7f0000000600)="4e15e823516a5a5993275baf8b1ca3c6e22d957c57b829951635552900e8c71c43050bed9a4752fe09839fa0119a8e1625fdcc741291c2987ddc20d37824ce43917dcc97eb4da55d4aa617fd1861a3b3ce6522bba64f0a8c7123a1d09fc3f2e0535960f07527947c5814a6033560fb2ce928c40cd8a8d3f0f24ab1b9ed5d0265cd7f8a6b88de2a531ba0a4ece883cb8d678e5c1acd57259578e4961e90045c4887", 0xa1, 0x80000000}, {&(0x7f00000003c0)="a04044bd86267abd1a", 0x9, 0x2}, {&(0x7f00000006c0)="c3634168d407195667143bd47aeb289a08158ff3456902ae5fa8b0920a7d12cfc42ece114ee90f50edada3c2ceb350ee6a626b37cc443ef701d69dadfd196e6740da05b6e92b4413e2c21eaf79f5abe2a0101d0d12ced33d7c288560446e9cc81a484ee7c0e7fe5f8bd71ccefb4ae09b31ad07e508544eeb926041f3043caed9fbdb1e31cabe5bbbd24b47efc790db401b8d788d8cd186f0ee35c9364ad88b48ed24c8efae08ab71684ce67cf0604942620d5803f03e53c15107add6d95364e877d87d01f7267921c53cba463facc0a46cbd2816d19c636216d3b162498befacb8afc95a569ec32955eb5582f5769bdd17f353df09e0924b69a69acece7ba96d4f3501dc2253eb4355223323b7b1249a81a467395a81fad17ee6619d3dbc99e0997175372f7e496cff0bed81453507e14c02696a147480bec46d2f6a5756a2d15cbde783a89660291a456e5d039f1f068aba98aa6bc56b6ef441326ffa966103781a3609c4fd3fe4b80cf3fc0872aa15c4cb30b2ae7c921a0a32c7fa6e31b4f13e2f3a6ff456adfddf5991e5737df9f5051f5f18d3cf2073d25fd573ecd3b39a595ac3692fdae66e13409f248fdd00e7f878416cb6913540edbf040f1106959f6b62f51f1f34435eafeb4fffd5e3d7038889720c181c234695d7ce7ddfbd88e078e4e1f759631a2ff9012156bf933106aad0106d0e2404e5e4fb3a5f0e669a3dadb6b645c05c3af33cdfce2e4b268f50708495fc080b7bb0502dcb0713a9fbd5546e01699e2801843d07c58bf1585c3dcd81f540c5970ca586cd631217be199effdd06c6b29ce485cc9ced744428604212a17a6eaa22547af1e100fd59e5c5e36acb236db1841cd3833015ad5a22316a19070e7c72c7ab9f8c699efe791a416e4392dc7f9cbecd80c8adf496adbe1f1e54a96606b4324eaed47c078effe1e439cf0ad6484418e20236f10e4f6898b654aa7668d5380318639699a0e3922ca61b2f47600254b4f1c1170a8e005af2a2c74c7248fe746d1fd6bef1df533b83bcd2dfa6bb3dca74d8f692ddc6960ebbfda46ef1726dc8df530864c3376b2f4bdc1f2b72bfbf75b9966c32ca772abf58a8fc4a06b9a783131e8cfae9b6a781b00e0728ee868c22822d41ed0a740ab4d44e68937c85d306018a1858ee690e16e00514ed96dc4bde88c06291dc4f5889b29b319153bc10a644e84e2b666abbefee95af77137d9cc19566a99c2405b7af7e7f4688d1057deeac569bbae5ce5369f403cadc8e3f3efbbc34abaa79ebe33381fc8e70adfdf1f31c7c92edf7184bec4f8f7cdb3c2c0e9d145b69f343d90a2e1ee76ff468b4410eb087d743696009e6ca9b2e6ee17f2cd277e7d16f8996a9563c416ae660f90f7fe6cefbf3df05fc310ee4e0f687e23c55216bfe2f50d652d03579c1f23ebf8e0ceae8ab556750b369c15556ff315ba248af4e674904e7c7493032d4976ddf7651aaf9842b37da893155f7145f3f26d9dbc671ce7849e98b8a59b397919bfa9fa946c8c219bb8853c73db5c64c7574df3620318319794529a148e7afe5fd04ea70e36ea45ecb3c5ebe24ef48e748987c6de138242df995b6e27f3e05340d1086a83d46b6d7682c1960aa54d3b5893ba3a5f03193a27f70c0acc632d04cd1ce04d50861bb790d8c02a14d20fc6b7773af8ed8a2492edb6b5d734c92a11d56aad731f18f4c4af34133f0f302523a17d566c62a830a085916bb2b1734b4357d5df1f37e16743a0d880fc498aa85fdc3df96ce4c6797a9e775b3ba502c39895c8d976fa3cf407b36dfd533b56e48ccc88703a6efec1f9c64b6b94b1f15ffcc670693a56113e400e9e87af3ef4b621bf86f342a426b118fb937347bd41c4486a73e9a47fb9d30bf579d240f472b923e4cd8c414823c5aa0df51960ec5e223b8bfe33dbf8a29964651e574757d671222a5bd79a4064fa06fd6f6fcb667203a4ea1ef1b908c6d320ee3a11766f08767f3bb9a3309d57f33c14b73e1edaf12e7503b5c41a5300889820c8e87a1b1db1f67291cad8d956af297c96616b43c7eb14f288719f47627ceb099965b4b08fc0ab59bf36c6c979a2c714fabf0b16f3a8a233f95c4121cc53eefd6ad80af2fe1104374bb58ad272ac1ee25f1bb91c0261b32fab5d3b24bde558fc13262034acc0775b66a2baccb0cc38355410df41b2463b1800a95b32dc63088fd6d9c83e64e84e04b94d90b8c32826e96923eb6355931c21508ee1af93d5ff194b568425fb413cb69e493bbb3facc8196a96e5a88081dd1fddae4affc2d91c2f093ba58631be15513612bed0df1729a2e182ea4a851fe7f011b0e249d8b7ad7495f2851ae7b7f7a747bcbe2025ae57cf76f2c701a881802ee5a4479d29898ee499e3a1ea3765f5dc51b9362d6b32202c8362fcf8860c01c6b148d90fb39c9bed327243aa48565fae8a5f4fb2c9a55c8464f78da8a0e3017c5219baab34d71949e690b9a0543f0145ee33ab443b067bd60965947e1ff2ee2117990610fe3a4cf7a279209b1bc9192a5a943ac55940c30fb1ea6af95ecea5e1f8d9c1c3b1757b7c4883101f66d5f7a86e7d0bf3738ce8a9fb899b3b79b83023e3d875821016d90f6a656d661ba56f5a2abd63a8290e746674770b96f983e6f590153378bf37503606bdc23c9d1d4e5580181d39c1bcaf578a9deda6d62e8495ca7068d00f2f15c83a80b1ef00a6df7ef35455090af1a330f7edbfc6ef20227b80fc2c67f321a3c191c7f739cadc664dab36ec6b62d38783fdfac0000c62e1e4002db1d8c6dfa73e73cabad369b8265dae5b894df9ca99fb5cfde8c5bded307e9033580685fa939695db66961f102ebb1f82b7129e60fbd077f56baaded942c70a0886bbdcd32744ce8370b22016758febe0626cb027a6d3591dccf87630cb91abf9eb9d32345a5c75669aeab9fa185518cfa33b76789a762b539a13c81919f0f4bfaed857528a5371f68c895c8def8bd97ebaf83e3ef9281b23817fd7ded51aa755e2118d720a879ca4aba86770ef5da84ad1e444f77ca446e5ff8472c8355f0eeb4ae9acca4c763142cc528f24334dd36b293c0836088efc15f417721cd82ffdd503e8eefa0aee977c13bb181bd6c0b4cca76c04cb4b0e68776087cb97ec43fbf626bf347ef290bfa370f1ce21c427f6cf0e90fff08288b16e153ff351a8481e909561f5a73f2fede218c07da594882b4e637db4edba0a896ced1f17af3f046f572fd0ac1d4595b429df9310d4a5a4704035f1edfd0faaa7bb7bf6be31dd26d8b4f026094c14e945acc8054ed5df45f0ebbca5429eb8bf53f30f4bcdcb667a7ed36ad8129fc27106e503fe52c95f0824a003d9ded33893b91674ac8c4aaf0714ef8fb9327b26aba14bbe9d48f0f93faed22b3b625081bc71f79dfa770d52e8276a0e9369c063c53766f5666a7a6093cc0aeece769574380fdc8e461acf48272658ed4942d14572e4598c0fcce17702ed518d3cf763608f6593130d4eff1166d5f84566a364f141cc3ab3fd9519fd7c5c093fe86bd3d67d2ead4a572042b78e986f9f1db015c8bd09734d25e6c2d0abac63a9905398e8271dada907e09011157457b666af58af5bc27096a7fb8decea3b4bc282a4339143807429ec05f2c8a5d232290cd1852b8375529ee5aed49f8b826202f9e0934771d72e6275f28f447f8948f2329fd6255e9aca892e5bfc7685fd25f609490e603a76729fe2c7a5806910bb5bd0bcf617f71739c894b2f1ca9af7874c4fe0d94e7fb96e3434de0492a5399a7f5d6fbcacf7131ce257f49f627ba7daa5850c04469f18d17abd8f746b65537ad33610f0f8e63e8c55dad40a5b21a5e1512b784c09609675d953ee91fc1e58cf731abef1eafd24114b8a8e2e4cc9b1b7ec9a5e20194827bbbf36b5ca68fc67a6f2dcb2a84a17cffaffd98b63908ae9b19ba753c894b4d30d8acf32bef2ce80b05c889a6e877fa33158b123c760d5e22bb3cb31ea5717d33308524fd7c1e8d0620af70196c450e70175f80dda1abf74d0c3190d541dece19a928247572cae1c17c3f8912fc33553ffeed01b87077fcdecc6a71059d0bebb77d9a0dd8af0e5ed2d0692169e9414644615a0b77d4a00b946bd49ddbca0cfb2933076d69028a35fe7ad459bf5b2941c7163730abd4a8380e63fb1fc286c00ea2258b0235b09e14f12b2b814de854d742ccfcd86de7c80055754b2094984a20ca328e21583017001259a83a69ee7aaac55031254e7d1aaf083fad56b30ae6cf4c21bc287d1067423c04b565ab1e540af2d2219a1266e35074665697226e059e44e410aa8c38ab6d3d6fade78993b891e6f0d47b0a9b1d0200ded43ebfafdfd12c64e97b0353e36ce27826720333c134287209d6c3d542de2005a66dae813f2fe3168964ab558a31f03fe732ec61127503eb079551802c911b5b827917956d0d2fcf7df703cac8bd7745375ffcfa5a33f422fc52eba653c31afafaac5b7d224989e322ba370231c32d2538ecf093026224178ef5b761bab0552d19dd8d36799c28ef765f25f2cc3cc7328df881176f6cb7350a4ac99e10707351bfbc68508fbc0040f976317478d4b513801b821309bebc547ebd3e01df9074d757b5ce51ea108d099e116e78d0b356fe16a821827c179e72a0051fa5cbe4ed945575a91510e1229daa19e0c8bb1afea8c865a6b1d1ed64a19251503f5209824f2731a71f9d1fee7b2fbe9acc81aafa3289c45d6e8120e6e40ccc60cfeefeebab1e087397b63df01bde667d539cbd4d4ed0d1f14ffe3fdfe1ae3f9db404264babb424bc38ae424eafdf33857e683796e4e429628f8fa023bbe2ba6e1028eb78b4f856056e788d637a46facf09345ae3c96a1419a18c9360e863ff5be3f97ecf5eb50e2ece611b0b4c3c036782437c2c94b72bd9c08cb99b16f02ed09defab0832a492968c0227ea5242e3fad8fce241dd7328a6aa96d41d5b4b714bd17f0d3f89b05be58e0e32f1c4c2e7bfc837de0a49311711f893b227c43949e616b0df17521dd92fe1911e3c2974d6b5bdb9bc0f1816a25dfeec52ae1f761800a8c8118f49c95cfdf1d19b20f2c3ea81673f65632a89902022c963701fa17d3bb57b89eaa7893ccf443ece42a20d8adcc8122a03a011ca27c8a2a81012b5f0cd61a31024a3e5f23ff6ed4223ef8c3b7848214196f8923eb775c99433222aeacfa28169156b23a3d84260bc040d37e60d517d0b639f26fb89c7a2a0006c5109d012e8555f8936189658d070aaea4c0f54e615e9bdb791a2704043640613e28d8394135ed7af0ecec047cebb89180ef3f9985a67f14092a08df1bff74ae7a52e8a4e9b16dc3b89cfa6c9f41fb73f1583737c95ac327876a0eee7f0334a7fba79497a798c0c2427be4e8b94bba19e235f3cb3527811a44a9ef09f4e495347743e74c52e2d0dcfd57ff3edbaed92a895a78c797c7e240f644b7007af8ef09faf01ec61f7b43dbbe058e20a33576c0e310ff50b69d2870150aabf4b5bdc41e2a72d2fa7acffbf5915bbdf37aac446bb2b96b9897ba2b8ec088ca410e452e4b640dc7acb52a491bd2a3a5d5594b81062e0c5b6514d7b9b9e3080125a6246a011d998b6fb5068b782a79a933f0592bcdfd3ce5d6cd035a32f5b28679497af52592ae9c3590d609472db4dda1f829214e646670ceccbaa42bbd8705d50e8f1776bd27c042183d31bea96980e057f237190e27437bea87ee04750a270335c54081b3f70666cfb640be887a56e5003fc80868322fb8cf6a621c34f017fda4430d292ccf4fc2b", 0x1000, 0x8}, {&(0x7f00000016c0)="f2c6389b962a6e1671a8700b81f87b2989c1d848de19e0780c86bc08d46b4ada7f3aa152b2866fca234002", 0x2b, 0x3}], 0x40400, &(0x7f0000001800)={[{@source={'source', 0x3d, '$]#(^(-@'}}, {@flock_local='flock=local'}, {@autocell='autocell'}, {@flock_local='flock=local'}, {@dyn='dyn'}, {@flock_strict='flock=strict'}, {@flock_write='flock=write'}], [{@func={'func', 0x3d, 'POLICY_CHECK'}}, {@dont_measure='dont_measure'}, {@smackfstransmute={'smackfstransmute', 0x3d, 'trusted.overlay.redirect\x00'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'trusted.overlay.redirect\x00'}}]}) [ 1050.476489] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1050.489277] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1050.564120] Node 1 active_anon:353212kB inactive_anon:27144kB active_file:21116kB inactive_file:120640kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:38192kB dirty:76kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1050.590456] 25606 total pagecache pages [ 1050.605480] 0 pages in swap cache [ 1050.614345] Swap cache stats: add 0, delete 0, find 0/0 [ 1050.626239] Free swap = 0kB [ 1050.634375] Total swap = 0kB [ 1050.643834] 1965979 pages RAM [ 1050.655481] 0 pages HighMem/MovableOnly [ 1050.666121] 338456 pages reserved [ 1050.681168] 0 pages cma reserved 22:35:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x14001, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x42c865bc, 0x20}) [ 1050.684092] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1050.726304] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1050.733067] Node 0 DMA32 free:27372kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:144kB local_pcp:44kB free_cma:0kB [ 1050.770277] overlayfs: invalid redirect () [ 1050.794979] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1050.811750] overlayfs: invalid redirect () [ 1050.822512] lowmem_reserve[]: 0 0 0 0 0 22:35:02 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000300)={0x2, 0x4, 0x5, {0x0, 0x6}, 0x58, 0x5}) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x7, &(0x7f0000000080)=0x800, 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6c6f7765726469723d2e2f627573000069723d2e2f66696c65312c75707065726469723d2e2f666900000000e4dadd3beacdb655d57c2ac6f26b4fc490d2a4c40379ee14f89d96fc2ae2d55c21c02d6524bd7f9c7ec6506dc535c000000000"]) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1050.847900] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1050.946266] lowmem_reserve[]: 0 0 0 0 0 [ 1050.955455] Node 1 Normal free:1668408kB min:53592kB low:66988kB high:80384kB active_anon:353116kB inactive_anon:27144kB active_file:21116kB inactive_file:120640kB unevictable:0kB writepending:24kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:129376kB pagetables:240896kB bounce:0kB free_pcp:988kB local_pcp:328kB free_cma:0kB [ 1050.991479] lowmem_reserve[]: 0 0 0 0 0 22:35:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x400, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) syz_genetlink_get_family_id$smc(&(0x7f0000000080)='SMC_PNETID\x00') r4 = dup(r3) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000000840)={{0x8, 0x3, 0x6, 0x1, 'syz0\x00', 0x5}, 0x1, [0x80000001, 0x8, 0x9, 0xfff, 0x5, 0x8, 0x100000000, 0xfffffffffffffff7, 0x200, 0xfffffffffffffff8, 0xd4, 0x200, 0x70000, 0x4, 0x5, 0xff, 0x101, 0x1000, 0x8, 0x8, 0xffffffff, 0x1, 0x9, 0xffffffff, 0xffffffffffffff01, 0x9, 0x6, 0x2, 0x800, 0x8, 0x2, 0x0, 0x40, 0x3, 0x8, 0x4, 0x7fff, 0x6a445ce3, 0x7f, 0x8001, 0x9, 0x1, 0x101, 0x7, 0x3, 0x4, 0x4ad0f8c8, 0xff, 0x4, 0x100, 0x9, 0x3, 0x8, 0x5d04, 0x1, 0xfffffffffffffffd, 0x405, 0x7, 0x8001, 0x5, 0x6, 0x33a, 0x81, 0x9, 0x4, 0x7, 0x3ff, 0x0, 0x0, 0x6, 0x5, 0xa, 0x6, 0x1, 0x8000, 0x2, 0xbcb, 0x8, 0x9, 0x7fff, 0x9, 0x1, 0x6ee63d31, 0x9c48, 0x200, 0x3, 0x466d, 0x101, 0x4, 0x6, 0x5, 0xff, 0x6, 0x8, 0xe0f, 0x7fff, 0x2, 0x9e, 0x3, 0xff, 0x3, 0x9, 0x7, 0xfffffffffffffff7, 0x83, 0x1, 0x0, 0x2, 0xfffffffffffff2fe, 0x800, 0x0, 0x0, 0x8000, 0x0, 0x6, 0x80000000002, 0x4, 0x4f67, 0x5, 0x5, 0xffffffff, 0x2, 0x6, 0x4, 0x6, 0x4, 0x3ed, 0x9]}) clone(0x8a9ee780, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1051.003169] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1051.040142] Node 0 DMA32: 385*4kB (UME) 258*8kB (UME) 345*16kB (UME) 230*32kB (UME) 33*64kB (UME) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27428kB 22:35:02 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_BROADCAST={0xa, 0x2, @multicast}]}, 0x34}}, 0x0) [ 1051.079329] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1051.090987] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1051.117554] Node 1 Normal: 23*4kB (UM) 51*8kB (UME) 40*16kB (UM) 2*32kB (UM) 2*64kB (M) 7*128kB (UM) 3*256kB (UM) 2*512kB (UE) 0*1024kB 3*2048kB (UME) 405*4096kB (M) = 1669044kB [ 1051.144478] Cannot find add_set index 0 as target [ 1051.151639] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1051.162389] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 22:35:02 executing program 5: socket$nl_sock_diag(0x10, 0x3, 0x4) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000040)={&(0x7f0000000240)={0xbc, 0x0, 0x1, 0x801, 0x0, 0x0, {0xc, 0x0, 0x7}, [@CTA_MARK_MASK={0x8}, @CTA_TUPLE_REPLY={0x50, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @private0={0xfc, 0x0, [], 0x1}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_NAT_SRC={0x4}, @CTA_LABELS={0xc, 0x16, 0x1, 0x0, [0x4, 0x0]}, @CTA_PROTOINFO={0x30, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x9}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x16}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x180}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0x200}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x7}]}}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x5}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}]}, 0xbc}, 0x1, 0x0, 0x0, 0x404e814}, 0x4044001) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) bind$vsock_dgram(r2, &(0x7f0000000180)={0x28, 0x0, 0x2711, @my=0x1}, 0x10) [ 1051.213868] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1051.244728] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1051.282604] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1051.315222] 25613 total pagecache pages [ 1051.326314] 0 pages in swap cache [ 1051.339970] Swap cache stats: add 0, delete 0, find 0/0 [ 1051.357211] Free swap = 0kB [ 1051.365197] Total swap = 0kB [ 1051.378382] 1965979 pages RAM 22:35:02 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x10) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000300)='/dev/full\x00', 0x100, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000340)={0xa903, 0x4, 0x0, 'queue0\x00', 0x80000000}) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r2) r3 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) syz_mount_image$f2fs(&(0x7f0000000440)='f2fs\x00', &(0x7f0000000480)='./bus\x00', 0x2, 0x5, &(0x7f0000000780)=[{&(0x7f00000004c0)="f3d9e180a0c4ea7e", 0x8, 0x8000000000000000}, {&(0x7f0000000500)="bdd095a556d6258811", 0x9, 0xa1}, {&(0x7f0000000540)="bd64a3eabeb4b1a575a0ca91a775eb63cf8da096773e0aaf19e2fd02ca8f97cad48c09e31297357f6b9191216a6f11119d3aabddc52c7e3b67df45553a661a3e3dddfef69f710c5d8d307b2a9950805b9966f459551f7b6a9eeb8dfafc7027cfff7cfc18cc5f32ae7fc18f78def705691ae4f478abd87ed43c1289ba397cc67879730327ede88d3030319c4d07ec7b1c7db21a0afba13609c145c807aa3e", 0x9e, 0x3}, {&(0x7f0000000600)="58007d04001904ac91113c0a87569771c34cd84fb2fee6aec7e0cf0f4a8e4fd3d66acca4ced690cc5699f3bd8b425e4472f761efe216d621de8a349e9f2e8210b819941f29cc8dfdaea1eb87e3da61ccace1429a8e8a22c356249e264514f1101b0c16a99956a3e7fd50d7b1d60d5f186ef7fafb", 0x74, 0x6}, {&(0x7f0000000680)="3d10b7226b61f9db5041799eac3ccd13731eee58e7e2315939accd0442d6f42ea72425e6adc9a34f5f3f0f5f7952403395780910e9c39dde85004869da81e21f846f76058e201796a8345d71d4daaf129db5d2d294f7252419cf861f4b82bc09e308f8ec1541d589b6116fab7b66e1eb35f90f82ee3e555366f08d0fe87f7bea2b1e2905870629006eb9f50e3349316b08d449a890634b037e5055116a9e738c795bf31532d0b37911efde5a8361b04e4516193c575903c961836d879ef3cfb0b0c4e27730be", 0xc6, 0x2}], 0xc8000, &(0x7f0000000800)={[{@background_gc_on='background_gc=on'}, {@noextent_cache='noextent_cache'}, {@inline_xattr='inline_xattr'}], [{@appraise='appraise'}, {@smackfshat={'smackfshat', 0x3d, 'T$'}}, {@seclabel='seclabel'}, {@obj_user={'obj_user', 0x3d, '/dev/full\x00'}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'overlay\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x0, 0x64, 0x63, 0x63, 0x39, 0x66, 0x37, 0x33], 0x2d, [0x61, 0x38, 0x38, 0x32], 0x2d, [0x31, 0x4d, 0x0, 0x32], 0x2d, [0x65, 0x63, 0x77dc070602f9baa5, 0x30], 0x2d, [0x30, 0x65, 0x39, 0x35, 0x57, 0x31, 0x38, 0x33]}}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@euid_lt={'euid<', r2}}, {@uid_lt={'uid<', r4}}]}) rmdir(&(0x7f00000000c0)='./bus/file0\x00') r5 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000900)='/dev/dlm_plock\x00', 0x80, 0x0) ioctl$SIOCGETLINKNAME(r5, 0x89e0, &(0x7f0000000940)={0x2}) lsetxattr$security_evm(&(0x7f0000000080)='./bus\x00', &(0x7f0000000180)='security.evm\x00', &(0x7f0000000200)=@md5={0x1, "7917bd065735d17ad392cc6c485f6b6f"}, 0x11, 0x1) 22:35:02 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140), 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1051.387070] 0 pages HighMem/MovableOnly [ 1051.399134] 338456 pages reserved [ 1051.405995] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1051.424691] 0 pages cma reserved [ 1051.441027] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1051.459241] CPU: 0 PID: 12095 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 1051.467255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1051.476733] Call Trace: [ 1051.479343] dump_stack+0x1b2/0x283 [ 1051.482996] warn_alloc.cold+0x96/0x1af [ 1051.486994] ? zone_watermark_ok_safe+0x250/0x250 [ 1051.492301] ? wait_for_completion_io+0x10/0x10 [ 1051.497089] __alloc_pages_nodemask+0x2129/0x2730 [ 1051.502964] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1051.507957] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1051.512974] ? HARDIRQ_verbose+0x10/0x10 [ 1051.517175] ? do_raw_spin_unlock+0x164/0x250 [ 1051.521735] alloc_pages_current+0xe7/0x1e0 [ 1051.526265] kvm_mmu_create+0xd1/0x1c0 [ 1051.530175] kvm_arch_vcpu_init+0x282/0x890 [ 1051.534515] ? alloc_pages_current+0xef/0x1e0 22:35:02 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="f7ff1a0000000000"], 0x30}}, 0x0) r1 = dup(0xffffffffffffffff) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x541c, &(0x7f00000001c0)) r2 = dup(0xffffffffffffffff) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r5}}, 0x20}}, 0x0) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r7, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={r7, 0x400, 0x2}, &(0x7f0000000100)=0xc) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$TIOCSIG(r2, 0x40045436, 0x5) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000040)={'netdevsim0\x00', @broadcast}) [ 1051.539121] kvm_vcpu_init+0x26d/0x360 [ 1051.543137] vmx_create_vcpu+0xf5/0x2950 [ 1051.547493] ? __mutex_unlock_slowpath+0x75/0x780 [ 1051.552347] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1051.557648] ? alloc_loaded_vmcs+0x240/0x240 [ 1051.562468] kvm_vm_ioctl+0x4ae/0x1430 [ 1051.568201] ? __lock_acquire+0x655/0x42a0 [ 1051.575680] ? kvm_vcpu_release+0xa0/0xa0 [ 1051.580418] ? check_preemption_disabled+0x35/0x240 [ 1051.586284] ? perf_trace_lock+0x109/0x4b0 [ 1051.590550] ? check_preemption_disabled+0x35/0x240 [ 1051.595589] ? perf_trace_lock+0x109/0x4b0 [ 1051.599950] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1051.605129] ? HARDIRQ_verbose+0x10/0x10 [ 1051.609222] ? kvm_vcpu_release+0xa0/0xa0 [ 1051.613745] do_vfs_ioctl+0x75a/0xfe0 [ 1051.617573] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1051.623386] ? ioctl_preallocate+0x1a0/0x1a0 [ 1051.628434] ? security_file_ioctl+0x76/0xb0 [ 1051.633031] ? security_file_ioctl+0x83/0xb0 [ 1051.637462] SyS_ioctl+0x7f/0xb0 [ 1051.640929] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1051.644932] do_syscall_64+0x1d5/0x640 [ 1051.649048] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1051.654722] RIP: 0033:0x45ca69 [ 1051.658290] RSP: 002b:00007f60e94a6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1051.666725] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1051.674013] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1051.681401] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1051.689251] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1051.697412] R13: 000000000000039c R14: 00000000004c637a R15: 00007f60e94a76d4 [ 1051.721168] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1051.748918] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1051.938144] Cannot find add_set index 0 as target 22:35:03 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000080)) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1052.008388] Mem-Info: [ 1052.027733] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1052.047039] active_anon:434492 inactive_anon:11114 isolated_anon:0 [ 1052.047039] active_file:5282 inactive_file:30172 isolated_file:4 [ 1052.047039] unevictable:0 dirty:6 writeback:3 unstable:0 [ 1052.047039] slab_reclaimable:51465 slab_unreclaimable:393666 [ 1052.047039] mapped:63816 shmem:11300 pagetables:74070 bounce:0 [ 1052.047039] free:426582 free_pcp:255 free_cma:0 [ 1052.087455] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1052.093769] CPU: 0 PID: 12112 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 22:35:03 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x200, 0x0, 0x0, {0x10, 0x0, 0x0, r3, 0x0, 0x10090}}, 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0x338, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x0) [ 1052.102236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1052.112256] Call Trace: [ 1052.115046] dump_stack+0x1b2/0x283 [ 1052.119319] warn_alloc.cold+0x96/0x1af [ 1052.124294] ? zone_watermark_ok_safe+0x250/0x250 [ 1052.131000] ? wait_for_completion_io+0x10/0x10 [ 1052.135895] __alloc_pages_nodemask+0x2129/0x2730 [ 1052.142126] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1052.147094] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1052.153195] ? HARDIRQ_verbose+0x10/0x10 [ 1052.158007] ? do_raw_spin_unlock+0x164/0x250 [ 1052.162889] alloc_pages_current+0xe7/0x1e0 [ 1052.167341] kvm_mmu_create+0xd1/0x1c0 [ 1052.171263] kvm_arch_vcpu_init+0x282/0x890 [ 1052.175859] ? alloc_pages_current+0xef/0x1e0 [ 1052.180387] kvm_vcpu_init+0x26d/0x360 [ 1052.184308] vmx_create_vcpu+0xf5/0x2950 [ 1052.188696] ? __mutex_unlock_slowpath+0x75/0x780 [ 1052.193652] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1052.198701] ? alloc_loaded_vmcs+0x240/0x240 [ 1052.203148] kvm_vm_ioctl+0x4ae/0x1430 [ 1052.207069] ? __lock_acquire+0x655/0x42a0 [ 1052.211502] ? kvm_vcpu_release+0xa0/0xa0 [ 1052.215762] ? check_preemption_disabled+0x35/0x240 [ 1052.221218] ? perf_trace_lock+0x109/0x4b0 [ 1052.225476] ? check_preemption_disabled+0x35/0x240 [ 1052.230613] ? perf_trace_lock+0x109/0x4b0 [ 1052.235837] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1052.240924] ? HARDIRQ_verbose+0x10/0x10 [ 1052.245095] ? kvm_vcpu_release+0xa0/0xa0 [ 1052.249362] do_vfs_ioctl+0x75a/0xfe0 [ 1052.253984] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1052.259650] ? ioctl_preallocate+0x1a0/0x1a0 [ 1052.264217] ? security_file_ioctl+0x76/0xb0 [ 1052.269484] ? security_file_ioctl+0x83/0xb0 [ 1052.274011] SyS_ioctl+0x7f/0xb0 [ 1052.277397] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1052.282201] do_syscall_64+0x1d5/0x640 [ 1052.286135] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1052.291534] RIP: 0033:0x45ca69 [ 1052.295089] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1052.303074] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1052.310485] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1052.317778] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1052.325160] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1052.332652] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 [ 1052.373046] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):16kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1052.427911] overlayfs: invalid redirect () [ 1052.448735] Node 1 active_anon:353460kB inactive_anon:27144kB active_file:21124kB inactive_file:120688kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:38152kB dirty:124kB writeback:12kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1052.487426] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1052.516409] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1052.525815] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1052.545779] Node 0 DMA32 free:27412kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:60kB local_pcp:24kB free_cma:0kB [ 1052.578484] overlayfs: invalid redirect () [ 1052.585803] lowmem_reserve[]: 0 0 0 0 0 [ 1052.590024] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1052.623523] lowmem_reserve[]: 0 0 0 0 0 22:35:03 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="6c6f7765726469723d2e2f6275732c776f726b64bce4154825d424698b4fa98e211669723d2e2f66696c65312c75707065726469723d2e2f66696c6530"]) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:35:03 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, 0x400, 0x10701}, [@IFLA_MASTER={0x8, 0x11, r6}, @IFLA_CARRIER={0x5, 0x21, 0x7}]}, 0x30}}, 0x20000080) 22:35:04 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1052.627575] Node 1 Normal free:1669848kB min:53592kB low:66988kB high:80384kB active_anon:353460kB inactive_anon:27144kB active_file:21124kB inactive_file:120688kB unevictable:0kB writepending:288kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:129472kB pagetables:241036kB bounce:0kB free_pcp:1056kB local_pcp:704kB free_cma:0kB [ 1052.670103] lowmem_reserve[]: 0 0 0 0 0 [ 1052.674162] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1052.690636] Node 0 DMA32: 385*4kB (UME) 256*8kB (UME) 345*16kB (UME) 230*32kB (UME) 33*64kB (UME) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27412kB [ 1052.711829] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1052.789033] Node 1 Normal: 16*4kB (ME) 2*8kB (UM) 2*16kB (UM) 24*32kB (UE) 28*64kB (U) 9*128kB (UM) 3*256kB (UM) 0*512kB 1*1024kB (U) 2*2048kB (ME) 405*4096kB (M) = 1668592kB [ 1052.826462] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1052.866244] overlayfs: unrecognized mount option "workd¼äH%Ô$i‹O©Ž!ir=./file1" or missing value [ 1052.881100] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 22:35:04 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r8, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a80)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xf}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@ipv4_deladdr={0x28, 0x15, 0x0, 0x70bd2d, 0x25dfdbfd, {0x2, 0x18, 0xa0, 0xc8, r8}, [@IFA_LOCAL={0x8, 0x2, @broadcast}, @IFA_FLAGS={0x8, 0x8, 0x8c}]}, 0x28}, 0x1, 0x0, 0x0, 0x44040}, 0x0) [ 1052.918653] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1052.932124] overlayfs: unrecognized mount option "workd¼äH%Ô$i‹O©Ž!ir=./file1" or missing value [ 1052.954037] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1053.017147] 25626 total pagecache pages [ 1053.033300] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1053.042025] 0 pages in swap cache [ 1053.045503] Swap cache stats: add 0, delete 0, find 0/0 [ 1053.057205] Free swap = 0kB [ 1053.064074] Total swap = 0kB [ 1053.067137] 1965979 pages RAM [ 1053.100078] 0 pages HighMem/MovableOnly [ 1053.104112] 338456 pages reserved [ 1053.107771] 0 pages cma reserved [ 1053.122007] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 22:35:04 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = accept$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x10) mkdir(&(0x7f0000000180)='./file1/file0\x00', 0x1) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000340)={'veth1_to_batadv\x00', &(0x7f00000002c0)=@ethtool_coalesce={0xf, 0x4, 0xfffffff8, 0x5, 0x3ff, 0x8, 0x0, 0x5, 0x2f72, 0x2, 0x9, 0x437, 0x0, 0x4f44, 0x6b7, 0xcf40, 0x8695, 0x1, 0x3, 0x80000000, 0x4, 0x0, 0x3}}) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6c6f7765726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c75707065726469723d2e2f66696c653042e374b881926b0b56e213004382e0604768c95be80d43e7913b39a5b193b22b631cc42cd0ce2e907156115656684d7973084b80deae75b0f32b5b82a2b434d164edfce67fea8a0bd208249071953c06e8fed19bff827f149fe500000000ffffff7fe4741b689a7a471e384ed74e"]) rmdir(&(0x7f00000000c0)='./bus/file0\x00') r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0)='nl80211\x00') sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x24, r5, 0xf00, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x10000}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x3f}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x5) 22:35:04 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$DRM_IOCTL_MODE_CURSOR2(r2, 0xc02464bb, &(0x7f0000000000)={0x3, 0x3, 0x80000000, 0x26f0, 0xf3, 0x9, 0x5, 0x7fff}) 22:35:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r4}}, 0x20}}, 0x0) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000000)=""/113, 0x71, 0x20, &(0x7f0000000080)={0x11, 0x10, r4, 0x1, 0x9, 0x6, @broadcast}, 0x14) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) [ 1053.200211] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1053.226326] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1053.232030] CPU: 0 PID: 12145 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1053.239996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1053.249409] Call Trace: [ 1053.252249] dump_stack+0x1b2/0x283 [ 1053.256439] warn_alloc.cold+0x96/0x1af [ 1053.260803] ? zone_watermark_ok_safe+0x250/0x250 [ 1053.265945] ? wait_for_completion_io+0x10/0x10 [ 1053.271052] __alloc_pages_nodemask+0x2129/0x2730 [ 1053.276063] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1053.280956] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1053.286025] ? HARDIRQ_verbose+0x10/0x10 [ 1053.290468] ? do_raw_spin_unlock+0x164/0x250 [ 1053.295594] alloc_pages_current+0xe7/0x1e0 [ 1053.299956] kvm_mmu_create+0xd1/0x1c0 [ 1053.303874] kvm_arch_vcpu_init+0x282/0x890 [ 1053.308263] ? alloc_pages_current+0xef/0x1e0 [ 1053.312811] kvm_vcpu_init+0x26d/0x360 [ 1053.316757] vmx_create_vcpu+0xf5/0x2950 [ 1053.320849] ? __mutex_unlock_slowpath+0x75/0x780 [ 1053.325747] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1053.330822] ? alloc_loaded_vmcs+0x240/0x240 [ 1053.335267] kvm_vm_ioctl+0x4ae/0x1430 [ 1053.339186] ? __lock_acquire+0x655/0x42a0 [ 1053.343455] ? kvm_vcpu_release+0xa0/0xa0 [ 1053.347871] ? check_preemption_disabled+0x35/0x240 [ 1053.353049] ? perf_trace_lock+0x109/0x4b0 [ 1053.357328] ? check_preemption_disabled+0x35/0x240 [ 1053.362387] ? perf_trace_lock+0x109/0x4b0 [ 1053.366651] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1053.371731] ? HARDIRQ_verbose+0x10/0x10 [ 1053.375966] ? kvm_vcpu_release+0xa0/0xa0 [ 1053.380627] do_vfs_ioctl+0x75a/0xfe0 [ 1053.384465] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1053.390413] ? ioctl_preallocate+0x1a0/0x1a0 [ 1053.394877] ? security_file_ioctl+0x76/0xb0 [ 1053.399307] ? security_file_ioctl+0x83/0xb0 [ 1053.403741] SyS_ioctl+0x7f/0xb0 [ 1053.407254] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1053.411261] do_syscall_64+0x1d5/0x640 [ 1053.415269] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1053.420476] RIP: 0033:0x45ca69 [ 1053.423685] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1053.431413] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1053.438701] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1053.445984] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1053.453279] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1053.460706] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 22:35:04 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="e4e28d7213008000009a9ad108001b0000000000"], 0x30}}, 0x0) 22:35:04 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="2000000011000d04000000000000000010000000", @ANYRES32=r2, @ANYBLOB="1100000000000000"], 0x20}}, 0x0) accept4$phonet_pipe(r0, &(0x7f0000000000), &(0x7f0000000040)=0x10, 0x80000) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) clone(0x2840000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1053.605743] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. 22:35:05 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x2, 0x3, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, [@sadb_key={0x1, 0x8}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0xfb}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, 0x58}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="ee", @ANYRES32=0x0, @ANYBLOB="08001b0000000000"], 0x30}}, 0x0) [ 1053.703544] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1053.740097] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. 22:35:05 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=.^busXworkdir=./fileT,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:35:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = gettid() tkill(r2, 0x1004000000016) ioprio_get$pid(0x2, r2) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1053.804541] warn_alloc_show_mem: 1 callbacks suppressed [ 1053.804546] Mem-Info: [ 1053.826873] active_anon:434606 inactive_anon:11114 isolated_anon:0 [ 1053.826873] active_file:5285 inactive_file:30179 isolated_file:0 [ 1053.826873] unevictable:0 dirty:45 writeback:0 unstable:0 [ 1053.826873] slab_reclaimable:51486 slab_unreclaimable:393733 [ 1053.826873] mapped:63848 shmem:11300 pagetables:74172 bounce:0 [ 1053.826873] free:426198 free_pcp:278 free_cma:0 [ 1053.878987] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1053.900648] overlayfs: missing 'workdir' 22:35:05 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) bind$llc(r1, &(0x7f0000000000)={0x1a, 0x101, 0x1f, 0x5, 0x7, 0xc0}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) [ 1053.907634] cgroup: fork rejected by pids controller in /system.slice/ssh.service [ 1053.947051] overlayfs: missing 'workdir' [ 1053.981524] Node 0 active_anon:1384608kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217112kB dirty:0kB writeback:0kB shmem:18036kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1247232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1054.044424] Node 1 active_anon:353776kB inactive_anon:27144kB active_file:21132kB inactive_file:120732kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:38248kB dirty:352kB writeback:0kB shmem:27164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 22:35:05 executing program 5: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r0, 0x110, 0x3) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) [ 1054.081201] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:4164kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1054.114826] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1054.122481] Node 0 DMA32 free:27256kB min:36296kB low:45368kB high:54440kB active_anon:1380444kB inactive_anon:17312kB active_file:20kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:34208kB pagetables:55132kB bounce:0kB free_pcp:124kB local_pcp:4kB free_cma:0kB [ 1054.161314] lowmem_reserve[]: 0 0 0 0 0 [ 1054.165711] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1054.202592] lowmem_reserve[]: 0 0 0 0 0 [ 1054.206631] Node 1 Normal free:1666948kB min:53592kB low:66988kB high:80384kB active_anon:353776kB inactive_anon:27144kB active_file:21132kB inactive_file:120732kB unevictable:0kB writepending:352kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:129696kB pagetables:241440kB bounce:0kB free_pcp:1344kB local_pcp:672kB free_cma:0kB [ 1054.246480] lowmem_reserve[]: 0 0 0 0 0 [ 1054.250881] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 3*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 1054.273557] Node 0 DMA32: 385*4kB (UME) 251*8kB (UME) 330*16kB (UME) 230*32kB (UME) 33*64kB (UME) 23*128kB (UME) 7*256kB (M) 6*512kB (M) 1*1024kB (E) 0*2048kB 0*4096kB = 27132kB [ 1054.296496] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1054.314932] Node 1 Normal: 9*4kB (UME) 2*8kB (E) 75*16kB (UME) 12*32kB (UME) 10*64kB (U) 3*128kB (UM) 4*256kB (UME) 4*512kB (UME) 2*1024kB (ME) 0*2048kB 405*4096kB (M) = 1666660kB [ 1054.354720] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1054.363976] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1054.382828] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1054.394170] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1054.407732] 25633 total pagecache pages [ 1054.414428] 0 pages in swap cache [ 1054.429846] Swap cache stats: add 0, delete 0, find 0/0 [ 1054.435268] Free swap = 0kB [ 1054.448324] Total swap = 0kB 22:35:05 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:35:05 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') sendmsg$unix(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB="340500004b81aee12a8a5d9cb054572009d1b4a816442a04b8ff6d84d1b1e658e8932ab268ca6bfd278e0e8d1c520a3421ecbb655405444491a1ab15dadc23f5dd7cda133cdeda33d54d8878e0e30f50dfd95c82fcb1465b07000000f40c890600ae1de149b9d3ec23c6fd1050da5cb8c02e5ca34717f300cbb22cae340ce63394", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES32, @ANYRES32=0xee01, @ANYRES32, @ANYBLOB="000000001d5c5dc94660bfe12f7141d36638ce19a1a86b882de6c5aa1b73bb29a625339329eb1b96174f893d541ae078d3896daac177dd7295427c755199592eff96b59cf81128dc31e74f"], 0x58, 0x4}, 0x4040000) fchown(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000016c0)=0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0xc) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB="340500004b81aee12a8a5d9cb054572009d1b4a816442a04b8ff6d84d1b1e658e8932ab268ca6bfd278e0e8d1c520a3421ecbb655405444491a1ab15dadc23f5dd7cda133cdeda33d54d8878e0e30f50dfd95c82fcb1465b07000000f40c890600ae1de149b9d3ec23c6fd1050da5cb8c02e5ca34717f300cbb22cae340ce63394", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r0, @ANYRES32, @ANYRES32, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r3, @ANYBLOB, @ANYRES32=r4, @ANYRES32=0xee01, @ANYRES32=r5, @ANYBLOB="000000001d5c5dc94660bfe12f7141d36638ce19a1a86b882de6c5aa1b73bb29a625339329eb1b96174f893d541ae078d3896daac177dd7295427c755199592eff96b59cf81128dc31e74f"], 0x58, 0x4}, 0x4040000) fchown(0xffffffffffffffff, 0x0, r5) lsetxattr$system_posix_acl(&(0x7f0000000080)='./bus\x00', &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000300)={{}, {0x1, 0x3}, [{0x2, 0x1}, {0x2, 0x5, 0xffffffffffffffff}, {0x2, 0x2}, {}, {0x2, 0x4}, {}], {0x4, 0x6}, [{0x8, 0x2}, {0x8, 0x5}, {0x8, 0x2}, {0x8, 0x0, r5}], {0x10, 0x2}, {0x20, 0x1}}, 0x74, 0x2) 22:35:05 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) fstat(r1, &(0x7f00000000c0)) r2 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r4}}, 0x20}}, 0x0) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x0, 0x24, 0x70bd2b, 0x25dfdbfb, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x3}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x6c3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40c1}, 0x4040000) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) getsockopt$inet_sctp6_SCTP_INITMSG(r5, 0x84, 0x2, &(0x7f00000002c0), &(0x7f0000000300)=0x8) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001240)='TIPCv2\x00') sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b0000000", @ANYRES16=r7, @ANYBLOB="000427bd7000fedbdf250f0000000c000280080002000100acae544781115d350200040002000400020008000100ffff000004000200080001000400000004000200080001000100000008000100030000002400038008000300fa9a0000080001000800000008000100050000000800030000000000340004801400078008000400fb09000008000200090000001c0007800800020001040000080001001d0000000800010017000000"], 0xb0}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(r2, &(0x7f0000000280)={&(0x7f0000000040), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x50, r7, 0x100, 0x70bd2c, 0x25dfdbfe, {}, [@TIPC_NLA_NODE={0x3c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x400}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3f}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40880}, 0x4000004) syz_genetlink_get_family_id$net_dm(&(0x7f0000000000)='NET_DM\x00') [ 1054.456452] 1965979 pages RAM [ 1054.465658] 0 pages HighMem/MovableOnly [ 1054.475913] 338456 pages reserved [ 1054.485098] 0 pages cma reserved [ 1054.600940] Cannot find add_set index 0 as target [ 1054.781571] overlayfs: invalid redirect () 22:35:06 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) alarm(0x3) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}, 0x1, 0x0, 0x0, 0x8}, 0x0) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r5, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000000)={r5, 0x401}, 0x8) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001100e139c8ef19abd11da8c176996dbc6c914e8ab7b44c9e", @ANYRES32=0x0, @ANYBLOB="08001b00000000008929485f2fbf8248fa7646f6b6f169878cd492509ba2a125ba97a580942af67d950747bfd90945f2f04649dad00dfd0389faf1905270039ba705f9f71d59eb4e7744acae032ca88489dd847453224295550f9f799c636d8c7a1db659830c068ef6b583e36d0337acb5e89e35eee4fa5eabf24f122e12ab4bfd4c913f06372e477308ee5750f3339564b6649b1d173e74c2e37de3a433aeeeef0efd7d7483223e14e401dab0cc1d82ce04d2830f6d463eaeebbaf76250f6620cf751f3621c42904a425bcae6e807cf77926a8372d2dbeab958e71aa6900f4101817511a3a821d19a2567cc8cc8ad1357ee7e74923d6584dbb6399673b4f0bbf6c2600f23dd8378c2e6f8f36d3b6a029b1c053fe13527d852d0bed747f2ed154f9102968cbdd3a80ba067ffcbc5159d"], 0x30}}, 0x0) [ 1054.805764] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 1054.928672] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1057.276333] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1058.091056] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1058.096845] CPU: 1 PID: 12240 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0 [ 1058.104944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1058.114534] Call Trace: [ 1058.117143] dump_stack+0x1b2/0x283 [ 1058.120810] warn_alloc.cold+0x96/0x1af [ 1058.124899] ? zone_watermark_ok_safe+0x250/0x250 [ 1058.130035] ? wait_for_completion_io+0x10/0x10 [ 1058.134759] __alloc_pages_nodemask+0x2129/0x2730 [ 1058.139741] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1058.144799] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1058.149721] ? HARDIRQ_verbose+0x10/0x10 [ 1058.153918] ? do_raw_spin_unlock+0x164/0x250 [ 1058.159009] alloc_pages_current+0xe7/0x1e0 [ 1058.163360] kvm_mmu_create+0xd1/0x1c0 [ 1058.167365] kvm_arch_vcpu_init+0x282/0x890 [ 1058.171819] ? alloc_pages_current+0xef/0x1e0 [ 1058.177214] kvm_vcpu_init+0x26d/0x360 [ 1058.181145] vmx_create_vcpu+0xf5/0x2950 [ 1058.185314] ? __mutex_unlock_slowpath+0x75/0x780 [ 1058.190267] ? drop_futex_key_refs.isra.0+0x17/0x80 [ 1058.195322] ? alloc_loaded_vmcs+0x240/0x240 [ 1058.199932] kvm_vm_ioctl+0x4ae/0x1430 [ 1058.203844] ? __lock_acquire+0x655/0x42a0 [ 1058.209218] ? kvm_vcpu_release+0xa0/0xa0 [ 1058.214036] ? check_preemption_disabled+0x35/0x240 [ 1058.219318] ? perf_trace_lock+0x109/0x4b0 [ 1058.223605] ? check_preemption_disabled+0x35/0x240 [ 1058.228871] ? perf_trace_lock+0x109/0x4b0 [ 1058.233104] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1058.238054] ? HARDIRQ_verbose+0x10/0x10 [ 1058.243403] ? kvm_vcpu_release+0xa0/0xa0 [ 1058.247634] do_vfs_ioctl+0x75a/0xfe0 [ 1058.251517] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 1058.257133] ? ioctl_preallocate+0x1a0/0x1a0 [ 1058.261567] ? security_file_ioctl+0x76/0xb0 [ 1058.266168] ? security_file_ioctl+0x83/0xb0 [ 1058.270676] SyS_ioctl+0x7f/0xb0 [ 1058.274033] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1058.278024] do_syscall_64+0x1d5/0x640 [ 1058.282315] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1058.290347] RIP: 0033:0x45ca69 [ 1058.293637] RSP: 002b:00007f2303d47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1058.301439] RAX: ffffffffffffffda RBX: 00000000004e7900 RCX: 000000000045ca69 [ 1058.308809] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1058.316376] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1058.324134] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1058.331485] R13: 000000000000039c R14: 00000000004c637a R15: 00007f2303d486d4 22:35:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x80000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:35:10 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$MON_IOCX_GET(r2, 0x40189206, &(0x7f0000000200)={&(0x7f0000000180), &(0x7f0000000300)=""/229, 0xe5}) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f0000000080)={'vxcan1\x00', {0x2, 0x4e20, @loopback}}) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1059.865029] Cannot find add_set index 0 as target [ 1060.008749] Mem-Info: [ 1060.022810] Cannot find add_set index 0 as target [ 1060.028640] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1060.036325] active_anon:408512 inactive_anon:10961 isolated_anon:0 [ 1060.036325] active_file:5292 inactive_file:30190 isolated_file:0 [ 1060.036325] unevictable:0 dirty:23 writeback:25 unstable:0 [ 1060.036325] slab_reclaimable:50643 slab_unreclaimable:344356 [ 1060.036325] mapped:55358 shmem:11147 pagetables:62277 bounce:0 [ 1060.036325] free:538507 free_pcp:656 free_cma:0 [ 1060.124280] Node 0 active_anon:1335780kB inactive_anon:17184kB active_file:44kB inactive_file:684kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:182328kB dirty:4kB writeback:4kB shmem:17908kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1200128kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 22:35:11 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x62) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="6c6f7765726469723d2e2f6275732c7775c162956d157070657264624cb01f8033e0cdee69000000000000af7634a10000000000"]) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1060.186117] Node 1 active_anon:294132kB inactive_anon:26660kB active_file:21124kB inactive_file:120076kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:39104kB dirty:88kB writeback:96kB shmem:26680kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1060.321392] Node 0 DMA free:10388kB min:220kB low:272kB high:324kB active_anon:4136kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1060.334071] overlayfs: unrecognized mount option "wuÁb•mpperdbL°€3àÍîi" or missing value 22:35:11 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000040)={0xa00000, 0x1, 0x1d3ceff0, r0, 0x0, &(0x7f0000000000)={0x9a091a, 0x9, [], @value=0xe4}}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x24000, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001840)=ANY=[@ANYBLOB="20000000001000000000000000000000000000000000000000e81b858960354524b687196430b51df7cefc27d81c7debd1cd59abe48c0d7158cf661d06d22f488296ed712e391e350a200551fe27f15243d8d3a3e404034e8b818e94c2492f19c68f29d2b7e86976a2494d8141fcc2a5b4baee009cf0cd89343aa208bdfe5d95e7d5420a0884dc3611e7ad6893047ef5e7ce75c8", @ANYRES64, @ANYBLOB="eadb31fd04a2e881b2b3fe4c00f610284401e37ff15e976384e24b8a7942ec3d646965734ffd65a3eeedef7272c7ffebfd669f20f811f899a3e31ef9dfe2ae264bcba51627894ce6b30db4095cf79577da21395ec050e2f4da02138155c063d3267593172db9faf17b904ed0516440487d841f146f8ccf845665440a02351c013b9c72fe7468e3fed853ad3d422726455f309a4165e68d736e4ca812f113952fe83dabcc298bf17427dd789ffc060bf57393d9d9e53158e5c8e10c2b63b6a7834e9492b3"], 0x20}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000250700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a80)=ANY=[@ANYBLOB="380000002c00270d0000ffef0900000000000000", @ANYRES32=r8, @ANYBLOB="00000000000000000f0000000d0001006d61746368616c6c0000000004000200"], 0x38}}, 0x0) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000840)=""/4096, 0x1000, 0x0, &(0x7f00000000c0)={0x11, 0x1a, r8, 0x1, 0x20, 0x6, @broadcast}, 0x14) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:35:11 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0/file0/../file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1060.392031] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 1060.398765] overlayfs: unrecognized mount option "wuÁb•mpperdbL°€3àÍîi" or missing value [ 1060.409036] Node 0 DMA32 free:87936kB min:36296kB low:45368kB high:54440kB active_anon:1333680kB inactive_anon:17184kB active_file:44kB inactive_file:684kB unevictable:0kB writepending:8kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:31168kB pagetables:49660kB bounce:0kB free_pcp:1000kB local_pcp:472kB free_cma:0kB [ 1060.514204] Cannot find add_set index 0 as target [ 1060.525119] lowmem_reserve[]: 0 0 0 0 0 [ 1060.542827] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1060.612443] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1060.629507] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. 22:35:12 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f0000000080)='./file1/file0\x00') [ 1060.661916] lowmem_reserve[]: 0 0 0 0 0 [ 1060.677810] Node 1 Normal free:2067464kB min:53592kB low:66988kB high:80384kB active_anon:294132kB inactive_anon:26660kB active_file:21124kB inactive_file:120076kB unevictable:0kB writepending:192kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:107296kB pagetables:199208kB bounce:0kB free_pcp:1456kB local_pcp:724kB free_cma:0kB [ 1060.753250] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1060.769286] lowmem_reserve[]: 0 0 0 0 0 [ 1060.791351] Node 0 DMA: 7*4kB (UM) 3*8kB (UM) 4*16kB (UME) 1*32kB (M) 0*64kB 4*128kB (UME) 2*256kB (ME) 2*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 1*4096kB (M) = 10388kB [ 1060.859522] Node 0 DMA32: 1868*4kB (UH) 419*8kB (UMEH) 171*16kB (UMEH) 93*32kB (UMEH) 170*64kB (UME) 26*128kB (UME) 15*256kB (UM) 9*512kB (UM) 1*1024kB (E) 16*2048kB (UM) 0*4096kB = 72984kB [ 1060.879694] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1060.906239] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1060.934977] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1060.958171] device bridge_slave_0 left promiscuous mode 22:35:12 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0xc443, 0x0) getpeername$unix(r0, &(0x7f0000000300)=@abs, &(0x7f0000000180)=0x6e) [ 1060.974360] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1060.982133] bridge0: port 1(bridge_slave_0) entered disabled state [ 1061.015257] Node 1 Normal: 14964*4kB (UME) 12880*8kB (UME) 4724*16kB (UME) 2048*32kB (UME) 419*64kB (UME) 301*128kB (U) 95*256kB (UME) 29*512kB (UME) 10*1024kB (UME) 1*2048kB (U) 404*4096kB (M) = 2075600kB [ 1061.106303] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1061.132194] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1061.161851] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1061.195223] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1061.220415] overlayfs: invalid redirect () [ 1061.244408] 25517 total pagecache pages [ 1061.251320] audit: type=1400 audit(1592001312.527:123): avc: denied { write } for pid=13293 comm="syz-executor.1" name="net" dev="proc" ino=229199 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1 [ 1061.265083] 0 pages in swap cache [ 1061.284824] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1061.299970] overlayfs: invalid redirect () [ 1061.324643] Swap cache stats: add 0, delete 0, find 0/0 [ 1061.346107] Free swap = 0kB [ 1061.356054] Total swap = 0kB [ 1061.359370] audit: type=1400 audit(1592001312.527:124): avc: denied { add_name } for pid=13293 comm="syz-executor.1" name="pfkey" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1 [ 1061.388773] 1965979 pages RAM 22:35:12 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x10) mkdir(&(0x7f0000000080)='./bus/file0\x00', 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000640)={&(0x7f0000000600)='./bus/file0\x00', 0x0, 0x8}, 0x10) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) syz_mount_image$minix(&(0x7f0000000180)='minix\x00', &(0x7f0000000200)='./file0\x00', 0x8, 0x3, &(0x7f0000000380)=[{&(0x7f00000002c0)="a8654df14673a2e2f16d3da8e2ab08a8983e1239d16c8a41afa5119628364e870b9727b693e773f2c3c394b6874eaa38f324a4ea5a47936f0a7b8bc364274fe6e31e81419c6d6f85219c537f8a1a8bfe2ae991a7faf3ac2edd4c5787434a475ef95064a32057cc964bd686c9cf2d0e7cc19517103e7477ec2eb5a97f8dadd1ee0b987668d0a8da10eea333fb9c6d148c0932e006bc51cdc5a01513bb563220090378f933a55e8bde9f6cbcb67fd0434bd37021e41a8571549a", 0xb9, 0x1}, {&(0x7f0000000440)="226c426916bed2f805ea193521e2714c918c24063c7ebb44103e4d6a866c8bc8fe1cfbb43ebb79be63c4fcae85321e4e479ae768f609d1e456ba67dba01b14f6bbbc7e7cc89d2bc7c5d3fcd85c3ae6dae5c93ad62a14981b97f09a96f8060fac78f826ec775973dc7dd957e8451d3596be4c6714d18a4bce8038cd89f809b023cdf739d95b352904a2c4c00717f33cbd049f94cc0c611d57cfc10d00701773d11acdae4e326093a3d365b1eb8e108f9465091688323cb2d0b85728e4a678a50987505322e3709d9c31f4bc1903a5de03c79bbcd18e51242022a6481677b0779116372a9f5a06fdcc348ab5e69a3b", 0xee}, {&(0x7f0000000540)="c306460899f13e3614e3af6b79ee7c441ff71f7155e3c50b2af2059e42ec754ae4ac6a612f09899b9654df1ff67240ca3b401dda7e5459a224797b4592bd53f4810acfeda10b82b783c617d2a46fd8438f8197e0c079c4d0db34572d2c7f2966b693db59b6f0ed6f1f37efb39138e6955c59cb7f958b2fba3748445bbcef1c7f33de6e15df77ce35392571c3a7e01010201c524b174e81f1fe45fa998971840634c925537dded380", 0xa8, 0x7}], 0x300e1, 0x0) rmdir(&(0x7f00000000c0)='./file0/file1\x00') r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000840)='trusted.overlay.redirect\x00', &(0x7f0000000880)='./file0\x00', 0x8, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) flock(r0, 0x4) [ 1061.398874] 0 pages HighMem/MovableOnly [ 1061.403066] 338456 pages reserved [ 1061.406528] 0 pages cma reserved 22:35:12 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1061.478063] audit: type=1400 audit(1592001312.527:125): avc: denied { create } for pid=13293 comm="syz-executor.1" name="pfkey" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:kernel_t:s0 tclass=file permissive=1 [ 1061.527990] Cannot find add_set index 0 as target [ 1061.626256] Cannot find add_set index 0 as target 22:35:13 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) name_to_handle_at(r1, &(0x7f0000000080)='./bus/file0\x00', &(0x7f0000000440)={0x1008, 0x4, "1a9c0a1801cf1eebe269aee6a885e28e7b6c718dc6be6e9717f84c648798f143b561d36f6e5c5a552eaca7d51ed3c764609341c2c636c9601e0954e042866962dae68be6e5c110456ef809831c91d7ba1b1b9642817fd2e358d8221fa2d0c1bbc55012ecbfea8c9ad397af755abf68b88045a7932988b4f82b41037cf04884e5bdd9944093a6f68c6d09412bc256b08145e62babfd8866e06faa0f1fd5e5d98fd52b9554fb891dbae9f8a57c4a03edee25914d140115cad3f54b08fc810e6a1334f45f23852128a3046dc71524f8b91a7aa94f1ceee98ff04cea544ff0f58ca530d0a71b2f4f7a923c903f4b0749f8c3821ec374c81eac243b2d9e8e0929e4ac37102b97e1136c9e3f9df7089282e88235e64c1b5e8aacb7a61baa0af68f947a4240d1c021dc7e1ea2286e1d14bde013cfc017d3e308b9b8e517a23ab656b3c305b2c124fa279bbfd28521aa54c619c39bc6cf361a3ae010c628fb1a7ab8a658369aee7c22fe7bd358992aae6d3d27dc6ace87534e73c31b99b6b67ae05443ca3a2512864b64ebff0ec3f10666c1eb5909c760aaa45e83caae39d023d29cdef5bb0c2aada4fe88f7ee202cbf19711de702259942aafbdf161bac5c1e793221f3c737b536b63684f6f3659c93ed5b468fbfb00c52c01a21ae8924f135083215c684c06c92c8ca5acc4c1ca22397e1c34b2782a6e0317c6d72d333a913708a7f304d238bd5e98b9a54d206bd5446aebc39ef3dfd7b4ae60b72dd9aee62380c324e0379aff9a4b6cf2a3ccc870dc0d7962da3cf6db89280d3a9c79aa78ac9d79d3b4804b7438d137e11c4be5b2ef30121db20f38f58d7b406805f0358f0be771d3360a5dfd0063826c37a740fa39f5d4722c4a828b53b909693cca4feb1475f80dd3d3d3df6afa9c9f1c8418bd54da7b9a45d7be7d9bc15c5090963a4348dcf24c53f94ad456bb5a4f2c3b7bcecb5aa56fa10524fac2c77e1e1d0103fcf90db2ce2371412592c3696b3aeca21b7dee2eaa2396ecadebe6a2faf38f6e18cdb7141046854f1a0f8b7a78fb7cb50b38bb9b45aadb06c6a1b2eaac9765b3b770970719876bdd6a26a4f37576a78b0f3175d79a4c29b378ceab35e90a0db033e62b1c2f12d4f61829c73890fe0a4b0125bf126adf853959ee334a61c14901c77034d7dc7fe4bea9d070d13103907e5afd4c29a205a0c7880613a38b93e634d6457d8ae59eb4c8b716b4453461e560bea73a6fa521aadc13d5bb3f0ccdf247f053333d78a6295694a91b9af38bb3ac2126e2872509d551021fe6961ae096b7b412b016abf571f9fe20057d4988e2a0df8faa693c08c0ecbc8804bc56a1abed137a55c028d94ffcf71aba74a397bfabfac0cb8b897b1bf6760ccef522f696444010b22ac24c74bf41643a96a3e7229fc474ec6cb4acbc8fe96fe7c8255c887ee234f6aae6f66d75d1068a42699e9a21b55e9265873bd10ff809d49665203c7972926385140dc77d1edc36eaa51f53c6ef09aa94182a139a1219dbd221334d2d9b84570b8ab6d64e65d683d00f238b7b4b359c698a449a42b1c19757fe644e31b553a53f3e843e5e1610bfc8e0ac0fcb7941214119e96e9c7d55776b730e10cb843f6a6f5fdcccaa666f32bdd2c9966323fdcca617b5ad04dfcca656277d363c58ce90b64bb5455989e347d7b256d649a6f434ddc8bb2e677779707d8349be61bcb6f18d9f3666bdfd200a60e3fdf29627095ed7ec736bdb40a02413b17de79ab070b8d95f5d4eeb5170a95e11b71f43992a9c4c60aa0af24b12c09b273a1175d8917728b0adf790e694ba36e450c8474a4cda664bec1b58489874a86f6aa2871ac3115098f88d06a2bb734fd141d247e760c10da8aafa7568f57f21ee247d6c84962dbaea9d692d999d8454dd9de84856572f9ca655bd9cf028c1206774e742fbe24cb5e0f612046966c50cdea5ff4d732b3b3f8b5837a71cb156a8c2ee6c33b1a46d5053eedf76c6349e18698d5911e14351d53ed506168899a9a47f2bdb5de358c59925fc6446d5509de759c7eb812994e842cbec7ccd5f9d86c36ba89bbc8f247f1a6c8d73d58e3bceb4df68aa7d18e726a6bf4a027a83b86f073ee645e2e96a36d77e15c9f0746c3b17af651a08c192f7edd334ae510b4816c44ea86ed36659314831e294092250801a1419dae0f5730aa331818ab418fb5100d8804debc1a00cf33f9bd90262f31d28401f169d57d64e9adbb4fef31371b0a63667962268998b835a2d5a4be9939c130910c441e16102d267972d529d8165a9b1561cda7d5cf2069313cb8ea38a6b2abf0196ac918e57d3f1c1f60a1e4dfd2a3d0b1f71efd6a04f4d42d5567343ac0bc816a54b3d6c38757a7778f1909216bf4ba6aaf4a6484edc8c15236bfd0c79b8c7fa9726938fb24fedb03f26187cb89c4b9809a0e4ded416c6fa4a82ee1f56777f7b6404fda06588f3db19f13af59731c2e0343ebc834676737be478e9c66631d0c54969d0b6104e8d1b1aa9cd2ab26284d5a172c7625933a3188e2834431fc92b14e205c7ab3709f3604a1b8292ce1353d27b97a7f700a9e9983f87d4235c450edb2674e51077f9769b6729b28706ce9627b9c71e00bfadf81aa05073bccfc25d45bb2f5cf4e5fc3d652fa55eaa2eb35d2a86ace36899c3806f2803e747c84a0a79ad672747b34df2be7c14271822da956188a16fb2eef0dc7ec8a8c5818dde7c0f52f6d2a0e458fa37c83e4be2758a20458339e16b171302d3a5129f24f6e45d33fef14bc5d4f52239a21394be3cd12dbf3d8308e035a3460fc4a88ced8987324ae57ccc200e6f7f0e91674444c81955dbaf25a95b00c967d341d035d90df0bf1c0215720e58854b89827d12836ad56dbc233cc2a65f364af161f00a6b021c3a7056db17bfa515201fe5edc5cb168b61b6c1612a36b593877745c84741579d8bfe5f848ede9dbfe3ec12b330332a8b2b54be1fdf2be7e60f309beb95edaea633b0307b6a05fe82d2967bab988a711e6acc1921889e3d27dec16e41f5deb442cd380b7c2fee1bcb450b1340ff485890da48556f07344af2d9dbb0df07344062f9ac0ed087be4dbaa5cb71dc1a7637c4360231bb905e343e865473a1d1d8058e9af48764aaf43d8eba302632a3f4dea84a7a1e6c5e3dcc6808fdc8459e0fe8fbd2b45bdf1160b427654c19d2f68a17b68251bcc5437c6f4ba2445504bae04080300b26ec81d1d07b40e0c4e2725c8859a75a00a86dc0eae49a7ef58f798c4c22cff4e2c6bc84f63cf68a278a6cb2f75db434114ba9ebd67c0f7aa2c40d2c3295f6d5bbcf119fbfb96ea17870cdde831a8db02d0c17c555012bd854fc7996750b5074ce9ec5ff7a750129ea69065850237bd53307edc34991ab50ceafeeb8439c235cd1d0ccbf98308828ece0e4c3f2082548cfb3632087f5637492e7645b8d576bf0bd4a7f7f2db19e40f573661e02e69aa3731ce1375c45d5461be598ea489519f1318eb0865a6193a5f9c24c009b62a911916add44b7bdede2341d7a6c3ed921e7d135b4118bbf167501ef6dc0da8e5d6b65cb81f05190a63de4df64746883c5e5588f6627d569836a82a0f7306a60c5b335184798f4d34ee5f354076940e59d965b4c6e32b60d2e4c828a4db65d69e20d87ebb6e2283c3cbb22b467e63a399899b0dd6ba84b558aa0d1e708c5459861a5fb552a1269178cb071ae49dbdf42268fc5af1a705aa09abe45678fd47bd2c773a181451535b5666319e4c408648a93d2a04ab792d869a1813e947b0543b542f4be0c1772531fb7ddf124323c617e0674dd4e81f0d06be17637c32a9ee6b8bc2a109c6657653cf23a2c8b5104b436a6cb2edd22dfca2edc40f1b47019f8a3513312ca1cfdae293301e7ffa10043689ab48db148e9000cc8f1233355d30d19118746d87a0f04559ad7541923be23c42a5c4bfd79dfbaf75c181a0f559c489e95f790e8ed9a665bbdf71c54790cbef5655d27d00c8527bf037518a748e6118b5fbc02a98a3aaacf0ae682208a26a2302e3ddca95c7b199d78468e194e7faccc8b455f0449daf3fd99dfb59cd7495575a398827d36fa8daa0851a2f3fad23586ac373833600554e51f903dcee3cc074bd7aa3a5e063b523c3f8ded8697bb5628cea52e4a369e0ee7e454554bb0bd9b3a9b0eb3df9bc73bb1b1204ebf02b546ef2e2380e513e701fc443672b1699f9a372d7ab8d68bd0dc6666dc9322d3b138301bd9c30c906c61658faaf0d07cc3b62bf02313df79a52e36421fe2ccb3930868a15a77f0e1d0de73816be8979ee33a7919dec1c65797c0a296804aca272694ce77ad792d34c615804d780db2e99e21528fd786517f37fc0a01a7b95855146f6816f6b7f514c44315914792930387bf336330e1b6cb05f9c1441cd5ffe164b50fab93f96e99ae0bbfdb6d25f29da6f362a1d3d4b53c1f3477682c80bccd31ba1b28d8a0da163bcddc900ba5aa6d4bc7d31cf783a66626127321922a7b754135f9496f85e1403e779ee76242456cd1e4feb28f8299f281e39998b64b5e00f6560cd08653edf204eeb87232ce989ae1f77d7ef3d2ab656e87acaa89adf295e57251bacefbfdfbc19632c980c1573b484bcc12bc248a9f78d612f6ce3f6be5b078f920be2f2b51ccc4e6044334250925110eed8e9909e1b24cbff9b93f1326759be6932a6b282dbcd4c2dcb31babdeeb5d4b99a68a9c0d0ef4f1c13f2c7dcce2418295a291934f2d612f0be9a75a58a87d0a2c94b800de24c11c16c48af8760090d0baba195bc5cf6b84a89825f9be1538df6be781734e54a557c7e56c8b8ed645996a42ccc25f927ae27e847109c98c371f6850b8bd6f4dead151a8a2fe907ec7178f1fa10de110f51d69b3b2a4a2278154272608d25c59dbffe5758b80c5199e60441183dc74f68f8d794e4312a7566bf99563038ad87fbee70a1536c96ac068a3a4a72742a0ba53973ce84891cead2159fbe52d02395dfdc5c0b707591291610a7131066b18ae60ba774c09f02970eb03f7e49dcae28d8e860652f246da40043f326e73bce0f3ae80f66c6aa8a2c0bcc9515c00f708fa134b9f6fe5ff6d071b79155ca32af87e6474acb21f9931731e41a5a9720b487d63b34efeb66afd61112e54a49599d1bca85277ff5c19dba079baaf7c7060f386720214f3624d1052d3a08cd514c63953d4f2cfc5985619b038c560f0943c0a4bac7c9a27dcd61e38f45e162045dd81a2538c28e44ba6864fb23a5870d66c13dae2392a3fb3a41957272ce82094a2805809a75d0b681927c88c404428d6bfeba97df7a9fa0b1054617194d2463d19b6a65c4ee2bfcf94052293759b285d9d68b33d75395753bde2f4967ab981d66d40a0ecd528030c743b0780238a03db08fcfc47f970b29a0ae67f7dcb9a5bc28fcfc14600b8d4eb9d28d1cd83330509d91b6890590aa46f008e252267985d5a0cb89f2ceccc60c71137a8d32e3549e74293de815b32ec2df549ba7c3f0fd4c4d3d80d5377f68313bf800e6ffebcfdae774c2e7c920bb712728f77870cd50aa49e1dd8494ec520af31287d9e6d57076111c53e559631fc3355385b32ce67f283e3697b7aa8664182358e9b3320f2de21240242ce6a40a3dcb1b727106ce461cc9c3b8f6f8ad1503961b9423683047993d30725bfd18cb986f6ff6d51f69300eb2652669bec7c2af3c49c9b80e9e59b039c67a177bdf795be5012dc4a12954c363ebe5dc0a738ec0c05d56448bd90c26432c71ca0c25aa393c18dc967d4351dd0400f8c79b137c"}, &(0x7f0000000180), 0x1400) mkdir(&(0x7f0000000280)='./file2\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="6c6f7765726469723d2e2fafed42c1a8ebdcbc6469723d2e2f66696c65312c75707065726469723d2e2f66696c6530"]) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:35:13 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r4, 0x0, r5}}, 0x76) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(0xffffffffffffffff, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) [ 1061.915054] device hsr_slave_1 left promiscuous mode [ 1061.935732] overlayfs: missing 'workdir' [ 1061.982363] device hsr_slave_0 left promiscuous mode [ 1061.992123] overlayfs: missing 'workdir' [ 1062.099714] team0 (unregistering): Port device team_slave_1 removed [ 1062.152122] team0 (unregistering): Port device team_slave_0 removed [ 1062.213668] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 1062.329136] bond0 (unregistering): Released all slaves [ 1067.439228] IPVS: ftp: loaded support on port[0] = 21 [ 1067.896532] chnl_net:caif_netlink_parms(): no params data found [ 1068.108773] bridge0: port 1(bridge_slave_0) entered blocking state [ 1068.115538] bridge0: port 1(bridge_slave_0) entered disabled state [ 1068.123592] device bridge_slave_0 entered promiscuous mode [ 1068.131385] bridge0: port 2(bridge_slave_1) entered blocking state [ 1068.138708] bridge0: port 2(bridge_slave_1) entered disabled state [ 1068.146422] device bridge_slave_1 entered promiscuous mode [ 1068.170899] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1068.180406] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1068.206278] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1068.214382] team0: Port device team_slave_0 added [ 1068.221984] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1068.230762] team0: Port device team_slave_1 added [ 1068.254204] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1068.261810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1068.289385] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1068.303540] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1068.313074] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1068.340200] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1068.353180] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1068.361659] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1068.393481] device hsr_slave_0 entered promiscuous mode [ 1068.400107] device hsr_slave_1 entered promiscuous mode [ 1068.406572] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1068.414652] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1068.516122] bridge0: port 2(bridge_slave_1) entered blocking state [ 1068.522997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1068.529921] bridge0: port 1(bridge_slave_0) entered blocking state [ 1068.536522] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1068.584712] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 1068.592338] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1068.604961] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1068.616207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1068.626980] bridge0: port 1(bridge_slave_0) entered disabled state [ 1068.644901] bridge0: port 2(bridge_slave_1) entered disabled state [ 1068.656072] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1068.663525] 8021q: adding VLAN 0 to HW filter on device team0 [ 1068.674033] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1068.682503] bridge0: port 1(bridge_slave_0) entered blocking state [ 1068.689502] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1068.709947] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1068.721384] bridge0: port 2(bridge_slave_1) entered blocking state [ 1068.730299] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1068.750286] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1068.760057] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1068.770838] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1068.790978] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1068.801769] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1068.814427] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1068.824273] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1068.835057] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1068.846579] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1068.856675] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1068.874124] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1068.885015] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1068.892173] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1068.899876] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1068.915164] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1068.999411] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1069.013973] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 1069.022218] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1069.031386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1069.077630] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1069.086409] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1069.095930] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1069.107863] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 1069.114946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1069.124898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1069.134441] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1069.143339] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1069.155321] device veth0_vlan entered promiscuous mode [ 1069.168903] device veth1_vlan entered promiscuous mode [ 1069.175741] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1069.188718] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1069.205637] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1069.220134] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 1069.228960] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1069.242079] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1069.249638] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1069.259765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1069.271446] device veth0_macvtap entered promiscuous mode [ 1069.279289] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1069.289421] device veth1_macvtap entered promiscuous mode [ 1069.295847] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 1069.306770] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1069.319516] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1069.330388] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1069.341165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.350869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1069.361391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.370864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1069.380699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.390134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1069.399955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.411137] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 1069.418457] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1069.426604] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1069.435771] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1069.443713] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1069.452272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1069.463041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1069.473557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.483876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1069.494888] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.504231] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1069.514297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.523493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1069.534179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.546388] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1069.553699] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1069.560832] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1069.571153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 22:35:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r4, 0x0, r5}}, 0x76) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(0xffffffffffffffff, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:35:21 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="6c6f7765664fd93c3b9d726469723d2e2f6275732c776f72498f8a74cdc477634ce74139dafb76166b6469723d312c"]) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:35:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0xc881, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xfffffffffffffffd) clone(0x71200400, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:35:21 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000000)={0x0, 0x2, 0x5, 0x9, 0x0}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000040)={0x7, 0x800, 0x40, 0x6a3afda3, r2}) 22:35:21 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$packet(0x11, 0x3, 0x300) r4 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r5 = dup(r4) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r5, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$TUNGETFEATURES(r5, 0x800454cf, &(0x7f0000000040)) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000000)={'wg2\x00', r6}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="00000000190008002bbd7000fddbdf25720600000000d9fea591ed485a8d0300", @ANYRES32=r7, @ANYBLOB="00000700e0000001"], 0x30}}, 0x0) 22:35:21 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) msgget$private(0x0, 0xb0) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000000)={0x6, 0x0}, 0x8) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000080)=r3, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1069.794506] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1069.811035] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 22:35:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x40, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:35:21 executing program 2: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x200, 0x70bd28, 0x25dfdbfb, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40d8}, 0x80) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/vmallocinfo\x00', 0x0, 0x0) sendmsg$key(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x2, 0x4, 0x1, 0x0, 0x8, 0x0, 0x70bd29, 0x25dfdbfd, [@sadb_x_filter={0x5, 0x1a, @in=@multicast1, @in6=@loopback, 0x1f, 0x9bd5cbb7f5a051e4, 0x14}, @sadb_x_nat_t_type={0x1, 0x14, 0x3f}]}, 0x40}}, 0x8080) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 1070.025585] Cannot find add_set index 0 as target 22:35:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r4, 0x0, r5}}, 0x76) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(0xffffffffffffffff, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:35:21 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000000)={0x3, 0x5, 0x3, 0x8}, 0x10) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1070.049011] overlayfs: unrecognized mount option "lowefOÙ<;rdir=./bus" or missing value [ 1070.098648] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=13726 comm=syz-executor.2 [ 1070.138046] overlayfs: unrecognized mount option "lowefOÙ<;rdir=./bus" or missing value 22:35:21 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) r0 = socket$inet(0x2, 0x4, 0x5dc6) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000080)={0x0, @local, @multicast2}, &(0x7f0000000180)=0xc) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:35:21 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@private0, 0x2da, 0x2, 0x1, 0x8, 0x3, 0x200}, &(0x7f0000000040)=0x20) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 22:35:21 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r4, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000080)={r4, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e22, 0x12, @mcast1, 0x9}, @in6={0xa, 0x4e21, 0x3, @mcast2, 0x80}, @in6={0xa, 0x4e20, 0x101, @loopback, 0x9}, @in={0x2, 0x4e20, @multicast1}]}, &(0x7f00000000c0)=0x10) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) clone(0x290300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1070.214873] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=13744 comm=syz-executor.2 22:35:21 executing program 2: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) ioctl$sock_ax25_SIOCDELRT(r0, 0x890c, &(0x7f0000000000)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, [@default, @null, @bcast, @null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default]}) syz_emit_ethernet(0xcf, &(0x7f0000000100)={@local, @remote, @val={@val={0x9100, 0x7, 0x0, 0x4}, {0x8100, 0x4, 0x1, 0x3}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "081700", 0x91, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"2023bfdeea6eb80cb6448ba4697a1ee098af5d7c80093095ee12c069881dfa42151aa488a462e996ee55d0d2cdff7ea17dffc90fd36a1efe4f437400b6b9dc4cca001f27705db7a9c09b777faa6517e90f061519929a51138b05d929db3c124b351c7b89c9672d701c24e7817f3e6b778df773953cd4980d5d779a9e19"}}}}}}}, 0x0) 22:35:21 executing program 3: ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) accept$unix(r1, 0x0, &(0x7f0000000000)) r4 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1070.435116] Cannot find add_set index 0 as target 22:35:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x141041, 0x0) sysfs$1(0x1, &(0x7f0000000040)='/dev/rtc0\x00') r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl(r0, 0x9, &(0x7f0000000080)="a772bcd8d0abe7548173a0dc307ae0ae496f31e730cd75270385b6575994274d7855317b100ad6331b1392e3e583a04813430db0eb701a5bfb5ff06f08aa28b178e46f9436918b44fe3347bbf172eb9af797235b18980f4c5c45c541c39544cdc196e10d5c00cea7e9bc06d0321769e3e23dd96510462cd0dadc3cde931ae10fcf91c07b478abba2715b7d836e8e141c512a97823c6f23739a9dc7071fae37dce9a9dc1fd9dfab63f6c85611294083dabdcbd16a4d5faa58ad3234") [ 1070.529261] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1070.545231] overlayfs: invalid redirect () [ 1070.572720] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 22:35:21 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000300)={0x3, 0x2, 0x5, 0x6d019ca4, &(0x7f00000001c0)=[{}, {}]}) mkdir(&(0x7f0000000080)='./file0/file0/file0\x00', 0xc) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$sock_inet_SIOCSIFNETMASK(r3, 0x891c, &(0x7f0000000380)={'veth1_macvtap\x00', {0x2, 0x4e20, @remote}}) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$FIBMAP(r2, 0x1, &(0x7f0000000180)=0x56f) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="6c6f7765726469723d2e2f6275732c776f726b6469728cb43d7b7e33283aa46feedf4fa23d2e2f66696c65312c7570"]) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1070.672633] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1070.704542] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1070.780795] Cannot find add_set index 0 as target 22:35:22 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) setxattr$trusted_overlay_redirect(&(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file0\x00', 0xffffffffffffffa9, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) 22:35:22 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, 0x0) 22:35:22 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r2 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000080)=0x6, 0x4) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) syz_emit_ethernet(0x4a, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa2ff3af3cc4aaaaaaaaaabb86dd6000170000142c00fe800000000000000035eb48000000aa000000000000000002000000000000cae7cc387d300787152356de137474", @ANYRES32, @ANYRES16=r3, @ANYRES32=r1, @ANYBLOB="6a18c7967df21d006a700a804a7837b718e0d58b15a686957ab0830864f7a72e9db1ac98fb137c5c542d361604d9596e98704dfe42933292e54cb7569824b8"], 0x0) [ 1070.871559] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1070.928497] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1070.962901] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1070.989081] Cannot find add_set index 0 as target [ 1071.100008] Cannot find add_set index 0 as target 22:35:22 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYRES64=r1, @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="08001b0000000000ed81f18bbd9558be01e55625e734f0f4edbe6d842211db558efd62ad26d90167f782774790e994939a32554fcc94fb395c2d7f9099d10db21359f88367968ac56dfe7f5512076df1"], 0x30}}, 0x400c008) [ 1071.179178] Cannot find add_set index 0 as target 22:35:22 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000140)=""/252) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$EVIOCSREP(r2, 0x40084503, &(0x7f0000000000)=[0x3, 0x8]) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) [ 1071.277640] overlayfs: unrecognized mount option "workdirŒ´={~3(:¤oîßO¢=./file1" or missing value 22:35:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = shmget$private(0x0, 0x200000, 0x0, &(0x7f000000a000/0x200000)=nil) shmat(r2, &(0x7f0000feb000/0x1000)=nil, 0x5000) shmctl$IPC_INFO(r2, 0x3, &(0x7f0000000000)=""/149) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:35:22 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x11c080}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, r3, 0x800, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3}, @BATADV_ATTR_GW_SEL_CLASS={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3f9}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x20040800) [ 1071.387526] Cannot find add_set index 0 as target [ 1071.404990] overlayfs: unrecognized mount option "workdirŒ´={~3(:¤oîßO¢=./file1" or missing value 22:35:22 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) faccessat(r1, &(0x7f0000000080)='./bus/file0\x00', 0x4, 0x200) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) utimes(&(0x7f0000000180)='./bus\x00', &(0x7f0000000300)={{r2, r3/1000+60000}, {0x0, 0xea60}}) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1071.714762] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 22:35:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x7) 22:35:23 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$MEDIA_IOC_REQUEST_ALLOC(r2, 0x80047c05, &(0x7f0000000000)) 22:35:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, 0x0) 22:35:23 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x416c03, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0x80007c) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r5}}, 0x20}}, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, &(0x7f0000000000)=0x3, 0x4) [ 1071.904726] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 22:35:23 executing program 2: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockname$packet(r0, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000480)=0x59) socket$packet(0x11, 0x3, 0x300) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000300)={0x3, 0x40, 0x2, {0xc, @vbi={0x1, 0x1d, 0x9, 0xa0363159, [0x12b98, 0x7], [0x9, 0x7fff], 0x1}}, 0xff}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYBLOB="20000000f4ff0c0400000000000000001000000005c72bca2dfbdf174603796ba24ceb016cea9230cc07ef2c01ab13b06622d458d7172ebe2340b1b7d8e94bfd512799843815ff1c3a000000000021e7d8f1bda2fed2de9b3a0b7fb4766ee889e342c44984975cd03b486e26fffd615e7079a5b85946d3cc6b891c0a4784090b9432f0ad442445bb5bfb93d4778df4dac536a8f2ef77bac878509fa00d38b9194b0f4b0734f5d7e5b867519a8dc15837780b36af4c9739302e56cfad752344ec8217387b431015018e3785d853cd22ec12d8eae732e6bc3e7cf12dae15e05827136521fa233170cbc68d20f8abc83e44fca4", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000001080), &(0x7f00000010c0)=0x4) r5 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000040)='NLBL_CALIPSO\x00') sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r5, 0x300, 0x70bd29, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x20006040) syz_emit_ethernet(0x52, &(0x7f00000005c0)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x1c, 0x2c, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, @mcast1, {[@hopopts={0x32}], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x0, 0x9}}}}}}}, 0x0) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer2\x00', 0x10100, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240)='nl80211\x00') sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000001040)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001000)={&(0x7f0000000b00)={0x30c, r7, 0x200, 0x70bd2a, 0x25dfdbed, {}, [@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x4}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0xee}, @NL80211_ATTR_IE_PROBE_RESP={0x2e2, 0x7f, "5f2cd621fd193d927c9c73390644161ad0050b6a60c5a363e7bbf62d2bd7f744f4aa1df5f51eab1d56ee4f5e4aaa7a49ef6ebd428c68b88b607634e896e5c43197d97a50e2f59dbbd95e5a1b568121300b9f2ce155819fb71e6c67b301f7983e2c03e97353ce482b4ffc1ff1b31686a6485904ddf502bb6aefe51d52f38442ac285e5bebdbf160bab48dfe0e3987a3cb78f86a58a6aed3eaa9c5ada73dc1c539d82ed93c0955211fb4d5d384aca8aea5b17046a32f9fed51a2ce7c435560327b66aa006067d56f6277bbd5ae4b7e7c46ef95a5868f093b2bfe6c0157742767aa61b4c4bc627375d09f40e48daf1bf63b427dd822b361766ac9c5ce353349d38b2fda80a7779468154d7a3fcba637f37fe71bd945e9538ecbf67e83457250da550928346520c35cb4be74212a64ef88b486fc846042b4a7b62a876659fbbdbb06df48dd6a3b8c1eb8981b527b550ab0786e4173c602cd191c2fb1f31d4c880bce539abdb457dbc77ede7230ec0ad53279792ad048cc50a4f6cda35828620871bb1f0d69be70423122022a5aedc1d3120146a94e4a6113969e762afb8f9aba11a2661f959a441543de53e20c529009c05028473dc4fd2342a9d3256ed89bc23d70216d1b2c8139f8bc2f0d88e844cd89499c5fcdee6bc1ff86a02cb1852d174dc7aac189f863cd7d6a4f55d97afaee7cb437d52ad085b8cb974324c7b7290227c374a21291b322f3ce2568d447a311816755c29e235f177ef0dd10750a668b33f56175f8801185ae9a00f5c5263b2cfbdf43669f9a8e99c37eadde65f50aac120762f235694280da7ef7d044433394f41389827e4bd8efc6a910a4446270df406096b9a3ebfa6262a2dbd35e051d79fa3eae3ad5a05bc302192623971fc666786dfae41c02a3d2dd516029dd50f62728cd91993712f1d38505aaa9c0f9303ffecf6ffcd1455210bbea1d419300ea1ce4cc614bba950e4a2947ec5312ba9192454f91a6f21621ef216986c9254b112e3da3e7a14c5f7b6d8679b2a8f74aa8e0"}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, 0x7fff}]}, 0x30c}, 0x1, 0x0, 0x0, 0x8001}, 0x50) [ 1072.074764] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1072.114194] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1072.126858] overlayfs: invalid redirect () 22:35:23 executing program 1: mkdir(&(0x7f00000001c0)='./file0/file1\x00', 0x0) statfs(&(0x7f0000000080)='./bus\x00', &(0x7f0000000180)=""/18) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dlm-monitor\x00', 0x20000, 0x0) mkdirat(r0, &(0x7f0000000300)='./file0\x00', 0xc2) syz_mount_image$bfs(&(0x7f0000000380)='bfs\x00', &(0x7f00000003c0)='./bus/file0\x00', 0x2, 0x1, &(0x7f0000000480)=[{&(0x7f0000000440)="64bfe6669abe453d019758ea8d1bcaa26ebb507671e33cc75a0572569f", 0x1d, 0x1}], 0x1040002, 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="6c6bb0e59a16fd0f2f6275732c776f726b6469723d2e2f00696c65312c75e37bafae4231"]) r1 = gettid() socket$nl_audit(0x10, 0x3, 0x9) tkill(r1, 0x1004000000016) sched_getparam(r1, &(0x7f0000000340)) rmdir(&(0x7f00000000c0)='./bus/file0\x00') [ 1072.170333] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1072.236401] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 22:35:23 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x964c839fec404543, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) openat$rfkill(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/rfkill\x00', 0x4200, 0x0) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$SIOCGSTAMP(r4, 0x8906, &(0x7f0000000500)) r5 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r6 = dup(r5) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r6, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$KVM_REINJECT_CONTROL(r6, 0xae71, &(0x7f0000000000)={0x5}) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KDFONTOP_SET(r1, 0x4b72, &(0x7f0000000040)={0x0, 0x1, 0x5, 0x7, 0x32, &(0x7f00000000c0)="06a24b00d96c5a35e0957285741a7cc44fe88a917ee9bc32f8394b5d19721f9a96a6dc7c9c622f8dc2a00a6727066e641dd14de92b29dbab9ca65515bb9aac61d268a9716d1a4e6850de38b98f8f6705153cb3198f7ce2cd8691bdcf741d78762a7c1fceb995668a45683921809475f7286f46d8fae1d4ad5faaba7b45ff9ded0fdb2ed356265ba0c172a6bd43865ecd7600ffeea5ece87cae7b1b51333a946868814ff9f6f05c4f21f87e9bd043c8cf6d46c3ca7bd275a8b88effc0b385a2fcb9f3a3dc204502a396d2afeb1cc85f0e091f52806532a9c3f5fe30ce67052e164b00d5354dcd7c6cd60c9808d9036e4dd810ef24882fd99adef723fc0c50a60310567911fed63f782790f99f0cf083b98d002d7e13179c207b18a86ae8be8ac08efb926e020507f1c391ab35fdb03bed1799b9d2626a3840a26b3123faaee9509ac89d1eb358599504d19b762a7c14d1a6a922288699196da14838de3d85aed2b95e7efbbe69c3f591298092e5740a544a785c0be44a87386bb1fb98e3302c934a82f75cd65b3bf1e8d2e923adf1f5500289889db8bd67a24262f0955c8fc32080c8699ea9a4d6b780526930752ea51c894aac7cabb148f0efc3035793ff0b8e4770c4b03cecc2a4e5cf9d282a897bfafa94199767053da01f873ffe04baab87d6668a65f3ff12fc93f5177b7173401160c4b338ac4954a6fff6831f1391ecffa4920816dae566dc8f0ed6438d418c55e669d8622d3418e350d5cd999ac67f33e9dbdbb38eac417748d140b5a409e515c7741b156ad539b078dde669cc21cf920549bd874c26053c40127007e92100ee9c86b71d2b6f344fcf495cd19b91351a73f2aafb94e1cef90214cdadf9b94afeba43effce57b9bbc2fdc869905053822fb26f5f96d14d849d97619229f52954a65986b2286b206d7973de7a5be5952c8b9acfbf5b80726b7817b1b7f24c395d85d34e1f81b8b715c493d22dd4deda4cf99a8186611123c8d5828e484eb09f633fd8d49be911199214f9f778ad6296770bec3a6fe12c645828463882187d6542f52db7bc178af464bb606dca892b0bdaa280898759f7e915463db605a45685d84e84f8e1f6a8fcf89c82f3d46498946f9a730d8afb6ffc1ea61fad589523b5c40e5376f367679a0a8bbd21f30169daa68e2e6420fbd10e6c06c3a6ea7a2f56d45b626c1e334630f7d578f25104516986be85ce0c8e868c11f4ac21ba170be1331014a12ab7eb66b837ad8f94cb2f202ec6c5e4eda12844940f34fbbb4f85763a6547ab50b9913d088a22f1302b61f7bdf470ba833b41122d32bf872dbd4828ed174c800b95a5905d3954e37db2fa062df810385c9d007525742ee48f5b4fdb1994aa83e53c1c8b5189d41b6f4e9201acc0282f338c3f8d41d187a145ec61f2d2565e961035ba11247840900"}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:35:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, 0x0) [ 1072.355585] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65524 sclass=netlink_route_socket pid=13984 comm=syz-executor.2 [ 1072.403441] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1072.467934] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1072.479048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65524 sclass=netlink_route_socket pid=14000 comm=syz-executor.2 [ 1072.500636] Cannot find add_set index 0 as target [ 1072.510420] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 22:35:23 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) pread64(0xffffffffffffffff, &(0x7f00000007c0)=""/4096, 0x1000, 0x6) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000000c0)={r7, 0x2e}, &(0x7f0000000100)=0x8) r8 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r8, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$RTC_ALM_SET(r8, 0x40247007, &(0x7f0000000000)={0x14, 0xe, 0x4, 0x8, 0x4, 0x1, 0x5, 0x138}) 22:35:23 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, 0x0) 22:35:24 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000380)={{{@in=@broadcast, @in6=@mcast2}}, {{@in=@empty}, 0x0, @in6=@remote}}, &(0x7f0000000040)=0xe8) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=@ipv6_delroute={0x30, 0x19, 0x100, 0x70bd25, 0x25dfdbfd, {0xa, 0x10, 0x80, 0x9b, 0x1, 0x3, 0xc8, 0xb, 0x2600}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x7}, @RTA_MULTIPATH={0xc, 0x9, {0x3, 0xff, 0x99}}]}, 0xfffffffffffffdb9}}, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r6 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="2003000000000d84001010894600000000000000", @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0) ioctl$SIOCX25SCAUSEDIAG(r5, 0x89ec, &(0x7f0000000000)={0x20, 0x44}) [ 1072.691274] overlayfs: unrecognized mount option "lk°åšý/bus" or missing value 22:35:24 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r4 = gettid() tkill(r4, 0x1004000000016) r5 = syz_open_procfs(r4, &(0x7f0000000040)='net/rt6_stats\x00') r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:35:24 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48], 0x24}, @remote, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x40000) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000300)=ANY=[@ANYBLOB="802a21b5f9e58058e640aae714da3586826adf697c44dcab166659a93b0d206acb3493fcd94af294608a315516f92d0962f258d3f8132a11100ebabedec8033420a916e31a146567176232c80129eba516bb267f1d772c6036565a16cdc42e6f78c569120c2e1458d329e0516534f7e07525451047d3035eb11a23a8e12adc39d15899b7c729d0b5aed251e3e072521b28c21aa99dc06f674ab4fd1f140a12b9c29242576d0d13e93ea9f2df17e2882b268460d80aa53f08f5afdbff08baee7b05000000f3df24a2372f0a831dae1e7575650bd018c2e32b7b6b55aa1a5d062b32c53380d6a6b0f7ff0f052ed970f283a49d4288d3e25558f8c949e45475fc2c399d6cb1fe14def580daaae2c4ae4ee684a3ab621d55b9414be5bccb688fe66562b5d95d07e43178514667b6f8010a70104e6a6b184d5d7246cfe2a47c9f92455fe912e20885e911868cd6aab50f068fd0d2d36ca7231f8df2f39068e7f0d80c67fbd5ae4ae3e18a2037fb704fe3dc97", @ANYRES32=0x0], 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r2, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000040)={r2, 0x5c, "7675362258ba7b7f0e493ee9e9df11c10e53e70a5bc8b8a2f4cd13e86d984b3395fa1ec3ed19273a41c6e0c0eb3eb2fcdbf07e1dafb8d5282075d2bb0a376f7f4028951b8e888a98e637bb23a9be5e2a8e9282efc0d0ef0b56a6570a"}, &(0x7f00000000c0)=0x64) r4 = socket(0x10, 0x803, 0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r6 = dup(r5) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r6, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) write$FUSE_DIRENT(r6, &(0x7f0000000480)={0x50, 0xfffffffffffffffe, 0x5, [{0x6, 0x8, 0x1, 0x6, '+'}, {0x0, 0x5, 0x6, 0x6, '+{b^&.'}]}, 0x50) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r7 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r8}}, 0x20}}, 0x0) bind$unix(r4, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e21}, 0x6e) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000100)={r3, 0x1d, "cb2c405a597c8af7aabdb57decf7836ffc41d38366d8d89ef0305d2d71f76314686334c4b910825eace5d626"}, &(0x7f0000000140)=0x34) 22:35:24 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:24 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCNXCL(r0, 0x540d) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb91000e008100290086dd6000170000142c00fe800000000000000000004800000000fe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50396d3e35f45bd9f00f4783ee393400e6b1b05c8b8206547d57549b4155ba9fb77e27d88d6acc791a2faabe920798efbabe362bc1d5832b7406bb79f887b1e23e347137634672403215446fa8665293177f739a749209584a9dea115d53dca620ce2a765bb2cdb89b173c05e3745573b3bf75c74d3565b00f7e9caeb9c015b567faf7eaca304696946d52e2cffd969cc8"], 0x0) 22:35:24 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, 0x0) 22:35:24 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB="0100dc3e", @ANYRES32=0x0], 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r1, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000000)={r1, 0x86, "ccf6cbd746ad188a3ac9822867c630a4afb248a1b68109da8100ae92291de9ccc9a73974c863ba9d0e8f3d0c2dda83afead137792e017394fe5dfef2525f35e133347c5c25493da4482889f74f8953e8c5bb913e6e3d2e1f49ca9dd03db0e51fcaff797a50321c210c2583b96b091d579289dac8d20566279c3decbd96338442f9d8412031fb"}, &(0x7f00000000c0)=0x8e) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r4}}, 0x20}}, 0x0) getsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000100), &(0x7f0000000180)=0x4) 22:35:26 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:26 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000170000142c00fe800000020000000000004800000000fe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) 22:35:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:26 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000000080)={0x9a0000, 0xe344, 0x3, r0, 0x0, &(0x7f0000000040)={0x9b090d, 0x8, [], @p_u32=&(0x7f0000000000)=0x101}}) r2 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x7399, 0x402040) ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r1, 0x8982, &(0x7f0000000140)={0x7, 'sit0\x00', {0x9afb}, 0x4}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000100)=r2) [ 1075.689061] Cannot find add_set index 0 as target 22:35:27 executing program 2: syz_emit_ethernet(0x7a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x44, 0x2c, 0x0, @empty, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x11, 0x2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3, 0xff}, @window={0x3, 0x3, 0x7}, @nop, @sack={0x5, 0x22, [0x7fff, 0x1ff, 0xfa, 0x2, 0x3, 0xfffffffb, 0xc, 0x1]}, @exp_fastopen={0xfe, 0x4}]}}}}}}}}, 0x0) 22:35:27 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r4}}, 0x20}}, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000000)) 22:35:27 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:27 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000170000142c00fe050000000000be000000480000fa00fe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000edb389a7063816b831bbb2e2e1a65052f700000000"], 0x0) 22:35:27 executing program 2: syz_emit_ethernet(0x99, &(0x7f0000000000)={@local, @remote, @void, {@mpls_uc={0x8847, {[{0x400}, {0x7f}, {0x1f, 0x0, 0x1}, {0x101, 0x0, 0x1}, {0x6}], @ipv4=@generic={{0x6, 0x4, 0x1, 0x6, 0x77, 0x66, 0x0, 0x5, 0x1d, 0x0, @private=0xa010100, @rand_addr=0x64010100, {[@end, @end, @noop]}}, "6b1f9e77e84a7c2b6fa1248b817531d37dbfb2d4b7088d9c69412f52beb0c826c53484daca8a3a075baffb5b81c2210e51c052f0e5d20adf005780e4a3fa897ceba7bd7e2682381383c7c592a9efa1e3871de7b6022a995da1c939585d8e04"}}}}}, 0x0) restart_syscall() 22:35:27 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r2}}, 0x20}}, 0x0) r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000280)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x40, r3, 0x8, 0x70bd2c, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_SECCTX={0x29, 0x7, 'system_u:object_r:run_init_exec_t:s0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)={0xa8, r3, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_SECCTX={0x2b, 0x7, 'system_u:object_r:dhcpd_unit_file_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x2d, 0x7, 'system_u:object_r:admin_passwd_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0_virt_wifi\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private0}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private=0xa010102}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4000}, 0x40000000) 22:35:27 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$TIOCNXCL(r3, 0x540d) 22:35:27 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001700", 0x14, 0x2c, 0x0, @private2={0xfc, 0x2, [], 0x1}, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 22:35:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) [ 1076.450418] overlayfs: invalid redirect () [ 1076.486205] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14179 comm=syz-executor.1 [ 1076.583557] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. 22:35:27 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:35:28 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000180)) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f00000003c0)=0xb0, 0x1) socket$l2tp(0x2, 0x2, 0x73) openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x400101, 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) open(&(0x7f0000000200)='./file0\x00', 0x10000, 0x80) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:35:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3}) 22:35:28 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000380)={{{@in=@broadcast, @in6=@mcast2}}, {{@in=@empty}, 0x0, @in6=@remote}}, &(0x7f0000000040)=0xe8) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=@ipv6_delroute={0x30, 0x19, 0x100, 0x70bd25, 0x25dfdbfd, {0xa, 0x10, 0x80, 0x9b, 0x1, 0x3, 0xc8, 0xb, 0x2600}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x7}, @RTA_MULTIPATH={0xc, 0x9, {0x3, 0xff, 0x99}}]}, 0xfffffffffffffdb9}}, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r6 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="2003000000000d84001010894600000000000000", @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0) ioctl$SIOCX25SCAUSEDIAG(r5, 0x89ec, &(0x7f0000000000)={0x20, 0x44}) 22:35:28 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, 0x0) 22:35:28 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup3(0xffffffffffffffff, r2, 0x80000) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f00000000c0)) ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f0000000040)={0x0, 0x7ff, 0x4, &(0x7f0000000000)=0x8000}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r5 = dup(r4) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r5, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) write$FUSE_NOTIFY_INVAL_ENTRY(r5, &(0x7f0000000080)={0x2a, 0x3, 0x0, {0x1, 0x9, 0x0, '/dev/kvm\x00'}}, 0x2a) [ 1077.428431] Cannot find add_set index 0 as target [ 1077.526045] overlayfs: failed to resolve './file0': -2 [ 1077.577395] Cannot find add_set index 0 as target 22:35:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) [ 1077.641423] overlayfs: failed to resolve './file0': -2 22:35:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3}) 22:35:29 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000080)='./file2\x00', 0x40) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) 22:35:29 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, 0x0) 22:35:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$DRM_IOCTL_ADD_MAP(r2, 0xc0286415, &(0x7f0000000000)={&(0x7f0000ffb000/0x3000)=nil, 0x8200000000000000, 0x2, 0x2, &(0x7f0000ffb000/0x2000)=nil, 0x7}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r4, 0x8983, &(0x7f0000000040)={0x3, 'macvtap0\x00', {0xffffffff}, 0x101}) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1077.994303] Cannot find add_set index 0 as target [ 1078.148210] Cannot find add_set index 0 as target 22:35:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3}) 22:35:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$unix(0x1, 0x5, 0x0) r3 = socket(0x10, 0x803, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@ipv6_delrule={0x84, 0x21, 0x100, 0x70bd27, 0x25dfdbfd, {0xa, 0x10, 0x14, 0x8, 0x5, 0x0, 0x0, 0x4, 0xa}, [@FIB_RULE_POLICY=@FRA_FWMASK={0x8, 0x10, 0x2}, @FRA_DST={0x14, 0x1, @loopback}, @FIB_RULE_POLICY=@FRA_FWMASK={0x8, 0x10, 0x196}, @FRA_DST={0x14, 0x1, @dev={0xfe, 0x80, [], 0x39}}, @FIB_RULE_POLICY=@FRA_PROTOCOL={0x5, 0x15, 0x1}, @FRA_DST={0x14, 0x1, @mcast1}, @FRA_DST={0x14, 0x1, @local}]}, 0x84}, 0x1, 0x0, 0x0, 0x800}, 0x1) setsockopt$IPT_SO_SET_ADD_COUNTERS(r4, 0x0, 0x41, &(0x7f0000000000)={'nat\x00', 0x3, [{}, {}, {}]}, 0x58) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r6 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r7}}, 0x20}}, 0x0) accept$packet(r3, &(0x7f00000041c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000004200)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000004240)={'team0\x00', r8}) 22:35:30 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3}) 22:35:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:30 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r1, 0x40045731, &(0x7f0000000080)=0x4634) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) clone(0x21001400, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x1004000000016) r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0xa302, 0x0) ioctl$RTC_UIE_OFF(r5, 0x7004) sched_getparam(r4, &(0x7f0000000000)) 22:35:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r4, 0x0, r5}}, 0x76) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:35:31 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r4, 0x0, r5}}, 0x76) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(0xffffffffffffffff, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:35:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r4, 0x0, r5}}, 0x76) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:35:31 executing program 1: mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mknod$loop(&(0x7f0000000080)='./file1\x00', 0x80, 0x1) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$EVIOCGABS2F(r1, 0x8018456f, &(0x7f00000001c0)=""/16) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x10c1410, &(0x7f0000000300)=ANY=[]) syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) rmdir(&(0x7f00000000c0)='./bus/file0\x00') rmdir(&(0x7f0000000180)='./file0/file0\x00') sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000680)={&(0x7f0000000300)={0x348, 0x0, 0x8, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x150, 0x8, 0x0, 0x1, [{0x4c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xee}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x667d1ae9}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x94}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc4}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x597c577c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x72fd16c2}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x50}]}, {0x3c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x77bfc694}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x50684acb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x6d}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf7}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xa2}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x785db4c1}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x62}]}, {0x54, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3d}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7a5150e1}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6583c080}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xa1}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1032d2e}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7016b863}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x52}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x81}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x46}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x628c9dd}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5686583}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xa1}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x29}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x78e8a8f3}]}, {0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x36f6e3e3}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe1}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x26}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x79}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf6}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5efc64bb}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3ac13357}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0xa0, 0xc, 0x0, 0x1, [{0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7c319c0}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x43a2}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1a2}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x81f4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x60f6fd5e}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x38d8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x33e7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa93c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x783d19fb}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2dc0d92d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x610f}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe79f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x91b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2f203a12}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x907930}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x20370e87}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x18f8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xeed9}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x128, 0x8, 0x0, 0x1, [{0x3c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4925b8ca}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x30230114}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x9e}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x7}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xeb}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x7b}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x461915c2}]}, {0x54, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xca}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x75}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3e1c56a4}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x54bfd246}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd3}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x26a1139}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfc}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfa}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x73}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x67}]}, {0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x6c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d37467d}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x2f}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3ff}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x19}]}, {0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x11}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x53b91ab3}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf9}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1a592eae}]}, {0x3c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x43}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x82}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xcd26068}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x37}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xad}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x348}, 0x1, 0x0, 0x0, 0x4000001}, 0x20000010) 22:35:31 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:35:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r4, 0x0, r5}}, 0x76) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:35:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:32 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:35:32 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:35:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:33 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r4, 0x0, r5}}, 0x76) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:33 executing program 1: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) r0 = gettid() tkill(r0, 0x1004000000016) r1 = gettid() tkill(r1, 0x1004000000016) setpgid(r0, r1) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x100000, &(0x7f0000000300)=ANY=[]) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self\x00', 0x80000, 0x0) rmdir(&(0x7f00000000c0)='./bus/file0\x00') r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) r4 = gettid() tkill(r4, 0x1004000000016) write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000000200)={0x20, 0x37, 0x8002, {0x0, 0x200, 0x40, r4, 0x2, '@/'}}, 0x20) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$BLKRAGET(r3, 0x1263, &(0x7f0000000180)) 22:35:33 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:33 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:34 executing program 3: mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') sendmsg$unix(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB="340500004b81aee12a8a5d9cb054572009d1b4a816442a04b8ff6d84d1b1e658e8932ab268ca6bfd278e0e8d1c520a3421ecbb655405444491a1ab15dadc23f5dd7cda133cdeda33d54d8878e0e30f50dfd95c82fcb1465b07000000f40c890600ae1de149b9d3ec23c6fd1050da5cb8c02e5ca34717f300cbb22cae340ce63394", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES32, @ANYRES32=0xee01, @ANYRES32, @ANYBLOB="000000001d5c5dc94660bfe12f7141d36638ce19a1a86b882de6c5aa1b73bb29a625339329eb1b96174f893d541ae078d3896daac177dd7295427c755199592eff96b59cf81128dc31e74f"], 0x58, 0x4}, 0x4040000) fchown(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000016c0)=0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0xc) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB="340500004b81aee12a8a5d9cb054572009d1b4a816442a04b8ff6d84d1b1e658e8932ab268ca6bfd278e0e8d1c520a3421ecbb655405444491a1ab15dadc23f5dd7cda133cdeda33d54d8878e0e30f50dfd95c82fcb1465b07000000f40c890600ae1de149b9d3ec23c6fd1050da5cb8c02e5ca34717f300cbb22cae340ce63394", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r0, @ANYRES32, @ANYRES32, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r3, @ANYBLOB, @ANYRES32=r4, @ANYRES32=0xee01, @ANYRES32=r5, @ANYBLOB="000000001d5c5dc94660bfe12f7141d36638ce19a1a86b882de6c5aa1b73bb29a625339329eb1b96174f893d541ae078d3896daac177dd7295427c755199592eff96b59cf81128dc31e74f"], 0x58, 0x4}, 0x4040000) fchown(0xffffffffffffffff, 0x0, r5) lsetxattr$system_posix_acl(&(0x7f0000000080)='./bus\x00', &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000300)={{}, {0x1, 0x3}, [{0x2, 0x1}, {0x2, 0x5, 0xffffffffffffffff}, {0x2, 0x2}, {}, {0x2, 0x4}, {}], {0x4, 0x6}, [{0x8, 0x2}, {0x8, 0x5}, {0x8, 0x2}, {0x8, 0x0, r5}], {0x10, 0x2}, {0x20, 0x1}}, 0x74, 0x2) [ 1083.103598] overlayfs: invalid redirect () 22:35:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) [ 1083.164649] ip6_tables: ip6tables: counters copy to user failed while replacing table 22:35:34 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x104000) ioctl$TIOCSTI(r2, 0x5412, 0x5) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 22:35:35 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000240)=""/252) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r5 = dup(r4) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r5, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r6 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r7 = dup(r6) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r7, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000080)=0x1080007f) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) dup(r8) 22:35:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) [ 1083.874891] Cannot find add_set index 0 as target 22:35:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', 0x0, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:35:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', 0x0, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:35:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x3, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', 0x0, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:35:36 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x182) mkdir(&(0x7f00000002c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x40) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) rmdir(&(0x7f00000000c0)='./bus/file0\x00') 22:35:36 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) [ 1085.230201] overlayfs: failed to resolve './file1': -2 22:35:36 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) [ 1085.252103] overlayfs: failed to resolve './file1': -2 22:35:36 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:37 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x76, 0x7d, 0x2, {{0x0, 0x5e, 0x800, 0x6, {0x10, 0x4, 0x7}, 0x8000000, 0x35, 0x4, 0x0, 0x9, '/dev/kvm\x00', 0x9, '/dev/kvm\x00', 0x8, '#^..$$:%', 0x11, '/dev/vga_arbiter\x00'}, 0x3, '{%)', r5, 0x0, r6}}, 0x76) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x3, 0x7}) 22:35:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:37 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r4 = syz_open_dev$vcsn(&(0x7f00000029c0)='/dev/vcs#\x00', 0xfffffffffffffbff, 0x14000) r5 = gettid() tkill(r5, 0x1004000000016) sendmsg$nl_netfilter(r1, &(0x7f0000002c00)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000002bc0)={&(0x7f0000002a00)={0x190, 0x5, 0x7, 0x3, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x2}, [@nested={0x8c, 0x73, 0x0, 0x1, [@generic="b2fa935e8c5e226caf5d7a91550a0ad60c7895a8bff0a10e12ea08404e353721f84ee7c5f51eb1fabed8479b8ec098d089a3168adb1e5f704594ac4a4e2db0c9c3baa63ee5d25a368337754ebf6f041cb77f84163ccdb97a19fb944d9c5a22981ff7570edb5d1825568a926d9d1bca83bb6d0bd9c1e50839f93c686e36921d30", @typed={0x8, 0x7e, 0x0, 0x0, @fd=r4}]}, @typed={0x8, 0x5, 0x0, 0x0, @pid=r5}, @nested={0x37, 0x85, 0x0, 0x1, [@generic="27eef099c3c90c2508c564516481a7a8c0a99622ab34eb", @typed={0xc, 0x43, 0x0, 0x0, @u64=0xffff}, @typed={0xc, 0x96, 0x0, 0x0, @u64=0x1}, @generic="6908a4dd"]}, @generic="fcb78e080196a2aef41182a36fb8c1d54de809cb5100db5489023bdca28dd3cf9cd8f4c20164821ee819ede2c7a8338ba7beea86e479d1129c6bf65ed08b2e16a1ac7313e249565d9b23b83379b208dc59e65da79946e796272b4b8d3a789eaac33f61ab871087af1a5d2e642298b8518d940d8a57b7aa3b8ba2d0bbb59ffc787b0a0c9177e32c5d41c3cd8a3a158b2726ca86ab056694ffb268f203f832dfca634ece8c419f3fd2221e0d4a7c73"]}, 0x190}, 0x1, 0x0, 0x0, 0x44840}, 0x4) 22:35:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) [ 1086.633566] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1086.658711] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1086.674160] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1086.708151] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 22:35:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) setreuid(0x0, 0x0) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) setreuid(0x0, 0x0) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) setreuid(0x0, 0x0) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:40 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) setreuid(0x0, 0x0) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:41 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:42 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:42 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:43 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:43 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) fremovexattr(r0, &(0x7f00000000c0)=@known='system.posix_acl_default\x00') r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYRES16], 0x30}}, 0x800) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001240)='TIPCv2\x00') sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b0000000", @ANYRES16=r4, @ANYBLOB="000427bd7000fedbdf250f0000000c000280080002000100acae544781115d350200040002000400020008000100ffff000004000200080001000400000004000200080001000100000008000100030000002400038008000300fa9a0000080001000800000008000100050000000800030000000000340004801400078008000400fb09000008000200090000001c0007800800020001040000080001001d0000000800010017000000"], 0xb0}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x50, r4, 0x4, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x20004000}, 0x4) r5 = socket$inet_udp(0x2, 0x2, 0x0) getsockname$inet(r5, &(0x7f0000000000)={0x2, 0x0, @broadcast}, &(0x7f0000000040)=0x10) r6 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r7 = dup(r6) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r7, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000100)={0xffffffffffffff86, 0x0, 0x2, 0x3}) ioctl$DRM_IOCTL_SG_ALLOC(r7, 0xc0106438, &(0x7f0000000180)={0xa449, r8}) 22:35:43 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) [ 1091.923167] Cannot find add_set index 0 as target 22:35:43 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) r2 = fcntl$dupfd(0xffffffffffffffff, 0x406, r1) getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f00000002c0)={'filter\x00'}, &(0x7f0000000340)=0x54) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0x48}}, 0x0) r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_LIST(r3, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000429bd7000ffdbdf250200000014000200ff018000000000000000000000000001080004000000000014000600697036670000000000080004007f000001140006006e7230001000000000000000000000007e63015c4e7643c768cb45fcb6dae9915bcc954e275478b3ac90312f6a7b14376c69dc781fb512f35684478e5f2d4df12a4922a019b395647d21f9323acf965eb7bd553ffacc6da86cbd1c429fbba8ed13f70cfde55b4a6a8a5fe72b75a25b2c2cb669f64e1c"], 0x60}, 0x1, 0x0, 0x0, 0x2401c0d1}, 0x4000042) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="e2ffff0200d2580000000000dcb6e9711ec9f78c87a0191cb3e0ea54c214aa4c6cd7b30f41bb9fa25078d8c6c755852ac1882b723b410f09457533a09c18acd99d2aa4049523dca4e27e86033a3c3a89094ab655a85f0d06000000218057bf8da13f7fd85d", @ANYRES32=0x0, @ANYRESHEX=r1], 0x30}}, 0x0) 22:35:43 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) [ 1092.291349] Cannot find add_set index 0 as target [ 1092.367838] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=14991 comm=syz-executor.5 [ 1092.413781] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. 22:35:43 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) [ 1092.459412] Cannot find add_set index 0 as target [ 1092.509033] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=14988 comm=syz-executor.5 [ 1092.522155] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. 22:35:44 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) socket$isdn_base(0x22, 0x3, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$VHOST_SET_VRING_NUM(r2, 0x4008af10, &(0x7f0000000000)={0x3, 0x8000}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) [ 1092.900501] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1092.966988] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1092.992512] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 22:35:44 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:44 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) [ 1093.177934] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1093.274149] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1093.329641] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 22:35:44 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:44 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80085504, &(0x7f00000000c0)={0x9, 0x2e}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a80)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xf}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000840)=@ipv4_delroute={0x1210, 0x19, 0x200, 0x70bd29, 0x25dfdbfc, {0x2, 0x14, 0x0, 0x5, 0x0, 0x2, 0xfd, 0x9, 0x1500}, [@RTA_DST={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @RTA_MARK={0x8, 0x10, 0x2}, @RTA_ENCAP={0x11d0, 0x16, 0x0, 0x1, @nested={0x11cc, 0x71, 0x0, 0x1, [@typed={0x4, 0x67}, @generic="5f161295e50f31b684dbd69f7be9af451bae9972265f996b17efd3a0f57db9897a79aba056c5a1b5c404fceaf0f33d33c681c24431a857b242d45974c4fe85edeb2e235219336b97a52408396744fa76fa93a24882628d38c1e4eac784a1c703c49f6818b1817d3e759f30b1f15a5a6d107a1072179aad41b7f33f9d8c5bad45ee82e63e080625ad29a6bef6521d51b2919464fcf13daff0d153b4c8fb68d4ce0a5be80dc184b6f060c185eff610036f9975b6ca0bb1fa0bf9070515ea64e83e9599c598a9ba5e380616aad607b87b1a940c7d83ca225df50a0a5d8cfb6fdb8a6a", @generic="b6119cdf15ec158c2cc5661cb7d27737c2af83b45f531fe91e8bd59a35bfe1658c471f1a9cbc00940082a660ab625c3b1a67bbc23e2a6fa257eaf8bd3ad52beed8e22733d782ec10adaab670f1d337bd87b160165927f75bba3e114dc92fa1915173c55d6cf933de29880ee22cfe3323f1a162d795ee8b8711b0ec7d88d8aa9fb65bef30f9fc64d8df53ea127b00", @generic="80a0548a0da0ce71b99c379f0ae7c716bc8843a94dc572af1b384bd6cf1c07ff5b492a5eac7eaf5f8c4c71ec6146e486d385971077bc4cc5c51671743ee85669672da55f53a227d17f4a2c5bd58430926a94907449", @generic="193d2a432078c872f576fe3e0fdc6dca633c36cc014b2c13ea827e3ac6391e25c061ec157529279ff30953f0d5fefa3d8b8dec4eccad93ea5d5991307257b2712372f153700bd500163082291475b070a15fcdde264f86bae690d1f22049c62543f780cba7155fc8475b7c63de94839dcc35e0287789ae9c5dad02eb76e53f4e394f4c1f4a297fd1371ad806569190a0876a6df83e9319332258e7b36c8e0770c0f6082b224ad0ff4fc6061fcc9d5a5698dd658b26a0c3a5f636645886f791c2afed63b9624e18706d6fca1703c28a703508237af921363a6bf3ee4f66e6e6f45a0247058eaac946140b467cfa3f41ed8cc8db11dc569ad7e7a5a3458f0593812bed5ba76b479bcb3fac4b83b3e74d7ac05f2cad295f81cf97a39fa5fc062f8b1c15cecb31fe3d6ac3da53d1ee8f3486f98e6b47fe82ebab55e46a1476c4f50b41fb26620596b844e4695298368742165a61088a1909b4905e4f3699d4ea7c69ebbbf4d95baa19a917dc9bdb4fac453600ce615ff835cc7165267168786ac04803e9edb39faf4b5d1f110c550b6004ca23d4840c01b0b6c6f052b69507ea911347e815d0557aae80eee49612230ee6f1697e31de561022b327839e880bdd4a040d09ce39c3e32875060d908c50e2b2cfd4fdb6925af3a08c35cadcc44be2eb127f173522ae1d13d79d4288dddbeef797e0d78b1faf2e602535440543e0d31e94d89f43db7dbcab1a783b2fb0e55e764d1e638c658e335d585382559849269668b30c35fcca315edd18c2024b24ac65bbd78d013012158510ef5aeaca8e3a54f99d6b03a93054ec53d9fa43bdb79d9574556d56fbe6362823d874dd9b59559a5b5484a52803e17baa075d8d467641b5dfa52288f62488bd032b961762146dd20597ede4d7891fd5bf7ab817466673a84cd5f038b9603399a9b6b0427facbdd2283c1527f517d7b0cdf6737bcb0ab85b337214c63c1fdc349411c0d7b65bea3429e8ea49d8f3b6d9690ea3e67d1d8e7a173aed3246c27180852208f906728f31ec1f211d01bcd9c4d8a60ed13255dc83737ded1073b5c750352f85f6f46be25fb78ee903ad69802eafeb3c64d1e03a2ab7723d2b6a7c4161a251dc94b6a77621263a811cefb4a7a3cbc81d9a595ad397cb71d7862e1d006cc9d0061168310aa0c0be1e9390dadb5c991b36d7e509cf28e1c2787cdf00ca2cd3f87c3fd3c34b1ec161b014c243820268cf24f79182a6cf5bbb8032cf8784b0134da603894ca5ccd1f574edb9f562f281de7f6805f149f4cb940335e25a74ca2ba4e4cd8d0b5b7ee948fb523d5019777d1209497806eed42c8a449f41fecc670e1c2d0d50b6872147ef67ee22e639854b71ac9c2663a02035f84a49410ebf273e90800b5fe7ded67e0027a0d2f50ecf9f972f5d0467765955c0a42d1eb173a0b52a5da3d91de7efcb5b93bd66ed64483e1ac697190251d3c836bfc75abd8b3355328ac56faf2a3e37c04076ee4da4b667b0e169e4995a46f523f11477e35433d996a4e1e63c46e617e3a6f9344b31d8090c58e4ec5729a18198493e42bf3a0092de2079b7b9276401800654fa9cace5a40e282c25323a983d25ee16a3f6a0db55eb25bc41b7190f8367f07cfc00e561c9d54ff22735b261a45ff6a4ffcf7a72e2dcc949f6404543913698ac653746c8a426e8a2842aa1d0d3569ff73974783d50f2efa5a3cda14a28b12f6ca22279766f6ca97483916b67c769775d12aba43cb1e2880eb19435a6b822dc22d260e47fa2f7a7c672d28f2bac6e38e101058fb88650d9ae0ac1399f966ae89944f661409729a628ad91781a62df22cfdd4222f859fff17cf303367bbcb37f98bb1197f542f81907e2fe29417924f386395fcd29d970a9e8db73ca47651740f2d150a82cdae768d637c2bfb96304f41aaffc9c67088f024d4fceb6e1306a9bf6a7c2edeaecce42f25af2e4dfd63eab70d03bfd4e3781a2dfd49c5360d3bf41ddca4a996ca373867f17144fe5815aee1f9afd6caf32d0e6b82432d5721fc3f2877fdb2b148d18b3ae53c66927050ab377ac30631ac02066bb65d0496232846b613abb76e00d75ea8028499dfc05a9e3fef427d38cc4156f32c0295e3d5c3b563152749d261b304a8efffa88013bbb57be7c472b0f2487c435d2ce507973a8c176311b7d0cca8f9a52b5f9956629db092997115d705cc536f6de35b2bf09c9cd45b616c76d6a069b18e093236b7306fcc0a67b39d685c30378efc1d4a742a0c5c67c482e6dc108cdad4f52cd1f0709445fa344f15d57378a41f41eb18a15f7c25a071344da81ce261c50a1a27f17ef32f6b433f6421d7793b2a185311ba017b59abe74f165fe18ea87782fe24984c4d4b8c11f7e730247556cbb5efb66c82854236bccd576bb8ab4d3104dd3570a69013546badbbdf3ae926b687b2b6aa70b5ead1358160829e94d8bee9f698788219a0e58db97cccc33312b3841592064f626dfffd9889c6214089668738a029c53e05500cde78002e47a41ce453d1a38d368bdf6c30fcf350c29485f739e24cf129ffaeaaa58ceffba353d1f5643be185948ac4c1188cddc0639b9874a9c79288127e0f05b53794ff2144dac153adc8e4f28cf218bfbdbcd2c89764a7fec80167a82c7cb0b01b4be9ab7d76f89f1638af0a3895505848887fd6038d36c39146a37c79f9c290c9dda734b191f861c5e339687ee074b28393b367e76b0cbc7aa40939deffa8b9ecbd6a700c5fb43764861c5b7a509694c585a6a1e8c2e7b185f6bbd42031f0733de05bed803a2c72f04c2a65fa9f734a5c88c35a0ed5d4c5a02a9537b2ee811a74d89cbc8212842003c46c9fe6558f2483a3f52b249408827da7b5315c1dd6b88ba6c49cd2dc93ee5aac58fdb60312be17499b593ce07386c4324eb4b14ee5addd0f09cc88f18a9d6d1a83a74dab6618b6643e93b5d87bd534968fc573cd3209e4ce24c39fae2e687f9b57fb27a558e816ea99a80144735177597e60ea5174d9a1f6291615b449bf85f28d7f0b4e24918cb4458ec6cd105ef1a3e931a3b9ab375e14ebdf33f6e852c43de387c7db6649776a4758b2bad43f28f652f572e694121aefc3faf6e378573094b0559193828f95fd3a3555017c8637e52a5245be9fbc6a38fe5ac12abe0052d562e174a1764e2b5ac2bda28a5444746f3f49d13dcee77c23f20e842728f68fb195eed3aa3da77a666735341510a8c84011a82bf85d6654a8294be6ea73beeef02cf76808db2e24445211cdd7a9c95f013c7c4221a0ce9d4222c20fc4933a2144e82985f6d046207ba3e27b62f81315ef24348ccb64d2d57997514739fe0deb83f8edc57155cbd0161ebe3a16d6de9244d95d5b2473c0e835323db4f5a854f4f49ffa30468271dd02b8cdac1cfe2bfc771c8d2db5e3b17178679950cc314c308738740664d228052e787777b890aff55c405196cd909dde769b8c23841e81f81df8eff79b9641defdb86b5f9ed23058a83cecc252539ddb7fa8b7bc4d9082ced6ef52e7a606e834da1ef1e7f7fe5f470641dcdb4732401bc28f845f9afc1a37add7be2a55f0528b2f9be96980e393aa88eb64ee8c641a54d4d66384e84c752ed49b8c08b28d22ec0b5a121ede9bf9b5aac44d39687c090e7021e25bfa5a9a157977370bc56bfd5750ac3197e48a4354c68cab180701551ebd3835f4ff82fbe7728f1a9a1befe886caa4cbe55fcc6bb5a0b5550b9c39e172a4a2f18acdf5317aeb428f606de28b1a739e6f2e387c6c8743b9414915f46f70e6cf41cf36ba5b46802e6a3883de9a15b00c1d71cca175e2b04cbc31486ec6f639f20825a611104b4d4777f6efa5b788681e9cd0a6d585eb667ed3317c6548480803de2f995e5822e617482af6e3d05220fe7f84cc9c9236b808830c92ed64fd20b942e8c05ac28d2a8e09b84180b9aa532b423f33da25108aa34a94ce681b425f1a82cce1e814285aee8d08610bfa179f1a3b75016e746a4926e14a986ef75bea562b4cccdefedf188c48eeafa6a753d13dc46ca03ecf0944b34874dabcd821596f2068b0db19f4eaa5604545ae8bbb75e26c4b15a84b4bf92aab02e7723490b0168ba6691eab6be2982d5dd6ba5e25d4b670d934974432b76784a1013c7fcd4d359e23b162adb17f7d3f38296c14db14c94aa4b759c03a6ac4ab359d66a413ad0153576fda8cf9dbae022d87044edd04f82c1efc74b36514aaa2ac6ab08dfcbaa5c38288fbda8a7b60af29c3ee324b00c5bffb1dc55adf4f73450e0ea86548b9ca5f4bc618dd197f2c1ef7eebaf2936598210b8970501edd8c14d758ef6f3035ef5ec65db5c233097a9ad63b003708faba6a21af1230cc6537b0ef5bfee769c046d67905943d5b59ac1e874170a3d16adc3e234b2c25f510f5678020efc269e3559d6f58ca766cd0f2ed9e653d3807bd32c8b14c4475a2e04f93eca960035091e97744979ad72fe785236d900a6e3ffac2256a4262c456302fd195d9efc8ce57b7026b23deaccda9fe634a0d0e93d0798ecd72be04b7643e1a8546497e7ac2035ace4a37b33142b9755ec71585ed7eb878f6a313cb903dbf30a99e577886e3800672ea142dff9ea7940b008ef5cb018b29d40c0ef5831e33bca9c51e235f191a4294e6a5690bdafdb9abc8dca8be2554c73c2bfd3bfb8d562b5d5766a5a12c857dbdc72c99bb9d664583048d0067c74ed2cff5abd39138b1ecac074b73583f1cc8e9f37ff74526e3bd52b7d33c4118684fdb930597cae553ecb8a174b67dd49abdc50e7e0da950832aada910ea9a25952594c1498ddb01002b97abf6807f8712300fba99607cd0917d57f4f8a387927acd5e78b31bf52046c8dfcbdc97665896160ef2493131ece2791e814c8143a9fc2c13a2a9e2d7f180f2634df6e52fed4fa9e78e5dc80992199e6fcaf4c539f0b47f95d3e282ff3a7d648846495a26ad85441f6fb1cf2772d5dc9e8058a59e5b99f0dfa7816860b7063c351c4d0eb31837195d956eaca6f28b62f4d321330e73e254f74c4075a366afa8ef493f80bc6b26a82e9bf68a35d73b6858e45ba572b614a19cba4bd00ed04818f1edc51afd227d125548f1766e1ca951166fe58dbe5904dcb3f7c8cad6949a28bb615038850ad2b79b91bbd2b14a0172d4976c6749e36cbbb94e7ece2c86dca7f1f688701ad014e3ebe2870bb0e47bab01c2bc3d996a417c51aedcda2cd218425ca3f3e01d47e94136640ce0674ecc6550214c8078d124d4395a1e6f3652d24a094f710eeb270f899b7c6d104fb8f46e80d87b3eecdd20186b33d2c37af9e1ad8b193af825cbea3bb43d6eb9a2d6cfa0c22850a79a116fbaae51d286155792a77268602173f6029c6bf3762e260aa56976421ad0ef3c97049c0b9a1610e51d10a93e51abf511cea09f3eff71c86cdbfe7ff4cf1d0f74d42d5b326786b7e507d4f6b05ce28902cc979ba0d84b7ea664532970d3901c885c511e643e749491d95326249344a6c8ab99b36960c4a5d44e45e1980a0e6dd9d21ed388cdb76017656eca4b3d1d93df512a82d5e82a6b82dc6fbc7ef6f04769a2e4e987c6284462d117a24d36047ca6332b7fd1a61201009f6afa2fe044f87597b4e44c0bd7d5cb2b8506c4d7ba55039ef9d2b757c7bfc97d7ff31a2a1b34705c945ad4fa48115fd48c1a8758eab60f1d3fc2f4944f940c6749a273ccb29a909948a4775963e9f9af9f6caebfc6f030377eace793146307d0b138bef9b3cb6012264f05d65e1fb70d08a77d374ace2ed68e82e9d3a3b82a838"]}}, @RTA_PREFSRC={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x10}}, @RTA_MULTIPATH={0xc, 0x9, {0x0, 0x1, 0x2, r5}}]}, 0x1210}}, 0x0) r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x10140, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r6, 0xc034564b, &(0x7f0000000040)={0x1f, 0x43353039, 0x4, 0x0, 0x2, @discrete={0x1, 0xc55}}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$TCSETSF2(r6, 0x402c542d, &(0x7f0000000280)={0xb2e3, 0x8, 0x2af, 0x550, 0x7f, "c6471ef1e757edd6db0a770b332e20eeb65db6", 0x5, 0x1ff}) sendfile(r7, 0xffffffffffffffff, &(0x7f0000000100)=0xaa, 0x9) [ 1093.768959] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1093.830814] Cannot find add_set index 0 as target 22:35:45 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) [ 1093.933983] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1093.970817] Cannot find add_set index 0 as target 22:35:45 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:45 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000040)={0x0, 0x9, 0x93, r0, 0x0, &(0x7f0000000000)={0x9b0972, 0x3, [], @value64=0x1}}) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, 0x0) r4 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff9) request_key(&(0x7f0000000180)='.request_key_auth\x00', &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000340)='&]\\&%&:[\x00', r4) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={r3, 0x9fa, 0xfa, 0x0, 0x3bb1, 0x10000}, &(0x7f0000000140)=0x14) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000100)=0x5, 0x4) r5 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r6 = dup(r5) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r6, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r6, 0x80184153, &(0x7f0000000980)={0x0, &(0x7f0000000940)=[&(0x7f0000000840)="b4e619cd9eb721477399a02a10b09e5c7fa0a6d2eb4bfdae3f28a5cf752488a0fa4510bed185346b95f4d254dc5dcf94614b0663dde9c14f6cad9a4a0c1e986a60ef0a541b534bd105d05584cef57c9d7d89c5f9ebf5f1abcf30a2d67d459a5dfa1f0ec02e5f75d3d4f71db4bdb0742f6456e1fcf2117d612e7e1c093ba70f2c068a1ca5c189842f5937f4682ff7c7ca23c796916ed8bbc68b0cf310e0211d1f14d9c77577010ebcf970f51c11c1dec8a938d4", &(0x7f0000000400)="7d60555db8efe55a4c0d23251d81d6034ad32eaa7b0a7213b9d5d860f309e4abe7f98abb76a23191a8ce6f4103aa5b609ff0a804f59b19d64e34a62437e9a92cb59deef290fb1a4b60097a8ab625d1afca95f9012ba0bcc30826db39e102c5685644eb31adc39cfe1e", &(0x7f0000000900)="d9cb13bfe0d6baf7da955959d5e32a3e055ca41260f37635d6325991ed60e6411b01ab9fe03ff5d8d9b73db8902b184f3b055aeaa4432e8c76fc56c0857078"]}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000240)={r3, @in6={{0xa, 0x4e24, 0x6, @remote, 0x7}}, [0x200, 0x4, 0x5, 0x2, 0x85, 0x10001, 0x20, 0x9be, 0x0, 0x10000, 0x2, 0x0, 0xcbb7, 0x7, 0xb5]}, &(0x7f00000000c0)=0x100) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001100", @ANYRES32=0x0, @ANYBLOB="c246864700000006"], 0x30}}, 0x0) [ 1094.433804] Cannot find add_set index 0 as target [ 1094.502845] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 22:35:45 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) [ 1094.547113] Cannot find add_set index 0 as target 22:35:45 executing program 5: socket$nl_route(0x10, 0x3, 0x0) 22:35:45 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) 22:35:46 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r3}}, 0x20}}, 0x0) r4 = accept$phonet_pipe(r1, &(0x7f0000000000), &(0x7f0000000040)=0x10) fcntl$setpipe(r4, 0x407, 0x4) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x11000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x11}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 22:35:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000280)="baf80c432c9187f01766efbafc0cb8bd00ef0f320f624e10bad104ec26660ff85f50361b0f20c0663502000080f26eb800088ec00fae470b", 0x38}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) getsockopt$IP_SET_OP_VERSION(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000100), &(0x7f0000000300)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x2101, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x0, 0x7}) [ 1095.064235] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1095.119441] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1095.162219] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1095.236959] kasan: CONFIG_KASAN_INLINE enabled [ 1095.307525] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 1095.349305] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 1095.355686] Modules linked in: [ 1095.359095] CPU: 0 PID: 15139 Comm: syz-executor.5 Not tainted 4.14.184-syzkaller #0 [ 1095.367248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1095.377613] task: ffff888213288000 task.stack: ffff8881ba4c8000 [ 1095.383969] RIP: 0010:hsr_check_carrier_and_operstate+0x3b/0x5d0 [ 1095.390365] RSP: 0018:ffff8881ba4cf0d8 EFLAGS: 00010202 [ 1095.396126] RAX: dffffc0000000000 RBX: ffff8881cc35cd40 RCX: ffffc900148c9000 [ 1095.403809] RDX: 0000000000000002 RSI: ffffffff8635c927 RDI: ffff88808c292fa0 [ 1095.411270] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 1095.418559] R10: ffff8882132888b0 R11: ffff888213288000 R12: 0000000000000001 [ 1095.425852] R13: 0000000000000010 R14: ffffffff8819e2e0 R15: 0000000000000004 [ 1095.434023] FS: 00007fbad238f700(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000 [ 1095.443651] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1095.450969] CR2: 00007f957f9409d0 CR3: 000000005b122000 CR4: 00000000001426f0 [ 1095.458812] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1095.467142] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1095.474916] Call Trace: [ 1095.477645] hsr_netdev_notify+0x201/0x8b0 [ 1095.482221] notifier_call_chain+0x107/0x1a0 [ 1095.487182] netdev_state_change+0xaf/0xd0 [ 1095.491795] ? dev_get_valid_name+0x1c0/0x1c0 [ 1095.496401] ? do_setlink+0xe9e/0x2d30 [ 1095.500419] do_setlink+0x2514/0x2d30 [ 1095.504250] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1095.509208] ? do_set_master+0x200/0x200 [ 1095.513976] ? check_preemption_disabled+0x35/0x240 [ 1095.519042] ? perf_trace_lock+0x109/0x4b0 [ 1095.523411] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1095.528359] ? HARDIRQ_verbose+0x10/0x10 [ 1095.532625] ? is_bpf_text_address+0x7c/0x120 [ 1095.537155] ? lock_acquire+0x170/0x3f0 [ 1095.541167] ? __lock_acquire+0x655/0x42a0 [ 1095.545830] ? is_bpf_text_address+0xa3/0x120 [ 1095.550351] ? validate_nla+0x1f0/0x5d0 [ 1095.554349] ? nla_parse+0x162/0x220 [ 1095.558163] ? validate_linkmsg+0x3a1/0x460 [ 1095.562499] rtnl_newlink+0xbe4/0x1720 [ 1095.566401] ? perf_trace_lock+0x109/0x4b0 [ 1095.570656] ? rtnl_link_unregister+0x1f0/0x1f0 [ 1095.575339] ? perf_trace_lock_acquire+0x60/0x4b0 [ 1095.580196] ? HARDIRQ_verbose+0x10/0x10 [ 1095.584279] ? __lock_acquire+0x655/0x42a0 [ 1095.588542] ? lock_acquire+0x170/0x3f0 [ 1095.592566] ? lock_acquire+0x170/0x3f0 [ 1095.596651] ? lock_downgrade+0x6e0/0x6e0 [ 1095.601616] ? rtnl_link_unregister+0x1f0/0x1f0 [ 1095.606477] rtnetlink_rcv_msg+0x3be/0xb10 [ 1095.610970] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 1095.615483] ? perf_trace_lock+0x109/0x4b0 [ 1095.619766] ? HARDIRQ_verbose+0x10/0x10 [ 1095.623860] netlink_rcv_skb+0x127/0x370 [ 1095.628218] ? memcpy+0x35/0x50 [ 1095.631620] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 1095.636269] ? netlink_ack+0x970/0x970 [ 1095.640383] netlink_unicast+0x437/0x610 [ 1095.644472] ? netlink_sendskb+0x50/0x50 22:35:47 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r3 = dup(r2) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r6}}, 0x20}}, 0x0) getpeername$tipc(r4, &(0x7f0000000180)=@id, &(0x7f00000001c0)=0x10) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r3, 0xc01064bd, &(0x7f0000000100)={&(0x7f0000000000)="dc888db40589ce3af675354aea09ae0bc4710b5f3ab4d78a01b97d2dc0099160480b251b9aff5e6c35749f259f586000077f6ec2fc99252eb27189f6b3d1cb94d698724ccdf6af62f650a77da94510add28100c1c36b045e6e1e887e41d94fcdd0ad5a84b4d6955d0cc576f1f7d3e8575a0ad95420207768c65c6b77f24739d74b573069e9e635a2291310b79f285852f75b9e6bce8bb123a883e6c75d76157b4992d9ed8025ccef77f6557f0e7e49c5551d807c8b8b1485c825cfd28633ccc3c685f389ce22346f20", 0xc9, 0x2}) ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r1, 0xc00464be, &(0x7f0000000140)={r7}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x10100, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1095.648791] netlink_sendmsg+0x64a/0xbb0 [ 1095.652931] ? nlmsg_notify+0x160/0x160 [ 1095.656947] ? move_addr_to_kernel.part.0+0xf0/0xf0 [ 1095.662426] ? security_socket_sendmsg+0x83/0xb0 [ 1095.667206] ? nlmsg_notify+0x160/0x160 [ 1095.671219] sock_sendmsg+0xb5/0x100 [ 1095.674963] ___sys_sendmsg+0x70a/0x840 [ 1095.678963] ? copy_msghdr_from_user+0x380/0x380 [ 1095.683749] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1095.688837] ? HARDIRQ_verbose+0x10/0x10 [ 1095.693487] ? lock_acquire+0x170/0x3f0 22:35:47 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x0, 0x0}) ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80085504, &(0x7f00000000c0)={0x9, 0x2e}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000780)={0x0, 0x6, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a80)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xf}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000840)=@ipv4_delroute={0x1210, 0x19, 0x200, 0x70bd29, 0x25dfdbfc, {0x2, 0x14, 0x0, 0x5, 0x0, 0x2, 0xfd, 0x9, 0x1500}, [@RTA_DST={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @RTA_MARK={0x8, 0x10, 0x2}, @RTA_ENCAP={0x11d0, 0x16, 0x0, 0x1, @nested={0x11cc, 0x71, 0x0, 0x1, [@typed={0x4, 0x67}, @generic="5f161295e50f31b684dbd69f7be9af451bae9972265f996b17efd3a0f57db9897a79aba056c5a1b5c404fceaf0f33d33c681c24431a857b242d45974c4fe85edeb2e235219336b97a52408396744fa76fa93a24882628d38c1e4eac784a1c703c49f6818b1817d3e759f30b1f15a5a6d107a1072179aad41b7f33f9d8c5bad45ee82e63e080625ad29a6bef6521d51b2919464fcf13daff0d153b4c8fb68d4ce0a5be80dc184b6f060c185eff610036f9975b6ca0bb1fa0bf9070515ea64e83e9599c598a9ba5e380616aad607b87b1a940c7d83ca225df50a0a5d8cfb6fdb8a6a", @generic="b6119cdf15ec158c2cc5661cb7d27737c2af83b45f531fe91e8bd59a35bfe1658c471f1a9cbc00940082a660ab625c3b1a67bbc23e2a6fa257eaf8bd3ad52beed8e22733d782ec10adaab670f1d337bd87b160165927f75bba3e114dc92fa1915173c55d6cf933de29880ee22cfe3323f1a162d795ee8b8711b0ec7d88d8aa9fb65bef30f9fc64d8df53ea127b00", @generic="80a0548a0da0ce71b99c379f0ae7c716bc8843a94dc572af1b384bd6cf1c07ff5b492a5eac7eaf5f8c4c71ec6146e486d385971077bc4cc5c51671743ee85669672da55f53a227d17f4a2c5bd58430926a94907449", @generic="193d2a432078c872f576fe3e0fdc6dca633c36cc014b2c13ea827e3ac6391e25c061ec157529279ff30953f0d5fefa3d8b8dec4eccad93ea5d5991307257b2712372f153700bd500163082291475b070a15fcdde264f86bae690d1f22049c62543f780cba7155fc8475b7c63de94839dcc35e0287789ae9c5dad02eb76e53f4e394f4c1f4a297fd1371ad806569190a0876a6df83e9319332258e7b36c8e0770c0f6082b224ad0ff4fc6061fcc9d5a5698dd658b26a0c3a5f636645886f791c2afed63b9624e18706d6fca1703c28a703508237af921363a6bf3ee4f66e6e6f45a0247058eaac946140b467cfa3f41ed8cc8db11dc569ad7e7a5a3458f0593812bed5ba76b479bcb3fac4b83b3e74d7ac05f2cad295f81cf97a39fa5fc062f8b1c15cecb31fe3d6ac3da53d1ee8f3486f98e6b47fe82ebab55e46a1476c4f50b41fb26620596b844e4695298368742165a61088a1909b4905e4f3699d4ea7c69ebbbf4d95baa19a917dc9bdb4fac453600ce615ff835cc7165267168786ac04803e9edb39faf4b5d1f110c550b6004ca23d4840c01b0b6c6f052b69507ea911347e815d0557aae80eee49612230ee6f1697e31de561022b327839e880bdd4a040d09ce39c3e32875060d908c50e2b2cfd4fdb6925af3a08c35cadcc44be2eb127f173522ae1d13d79d4288dddbeef797e0d78b1faf2e602535440543e0d31e94d89f43db7dbcab1a783b2fb0e55e764d1e638c658e335d585382559849269668b30c35fcca315edd18c2024b24ac65bbd78d013012158510ef5aeaca8e3a54f99d6b03a93054ec53d9fa43bdb79d9574556d56fbe6362823d874dd9b59559a5b5484a52803e17baa075d8d467641b5dfa52288f62488bd032b961762146dd20597ede4d7891fd5bf7ab817466673a84cd5f038b9603399a9b6b0427facbdd2283c1527f517d7b0cdf6737bcb0ab85b337214c63c1fdc349411c0d7b65bea3429e8ea49d8f3b6d9690ea3e67d1d8e7a173aed3246c27180852208f906728f31ec1f211d01bcd9c4d8a60ed13255dc83737ded1073b5c750352f85f6f46be25fb78ee903ad69802eafeb3c64d1e03a2ab7723d2b6a7c4161a251dc94b6a77621263a811cefb4a7a3cbc81d9a595ad397cb71d7862e1d006cc9d0061168310aa0c0be1e9390dadb5c991b36d7e509cf28e1c2787cdf00ca2cd3f87c3fd3c34b1ec161b014c243820268cf24f79182a6cf5bbb8032cf8784b0134da603894ca5ccd1f574edb9f562f281de7f6805f149f4cb940335e25a74ca2ba4e4cd8d0b5b7ee948fb523d5019777d1209497806eed42c8a449f41fecc670e1c2d0d50b6872147ef67ee22e639854b71ac9c2663a02035f84a49410ebf273e90800b5fe7ded67e0027a0d2f50ecf9f972f5d0467765955c0a42d1eb173a0b52a5da3d91de7efcb5b93bd66ed64483e1ac697190251d3c836bfc75abd8b3355328ac56faf2a3e37c04076ee4da4b667b0e169e4995a46f523f11477e35433d996a4e1e63c46e617e3a6f9344b31d8090c58e4ec5729a18198493e42bf3a0092de2079b7b9276401800654fa9cace5a40e282c25323a983d25ee16a3f6a0db55eb25bc41b7190f8367f07cfc00e561c9d54ff22735b261a45ff6a4ffcf7a72e2dcc949f6404543913698ac653746c8a426e8a2842aa1d0d3569ff73974783d50f2efa5a3cda14a28b12f6ca22279766f6ca97483916b67c769775d12aba43cb1e2880eb19435a6b822dc22d260e47fa2f7a7c672d28f2bac6e38e101058fb88650d9ae0ac1399f966ae89944f661409729a628ad91781a62df22cfdd4222f859fff17cf303367bbcb37f98bb1197f542f81907e2fe29417924f386395fcd29d970a9e8db73ca47651740f2d150a82cdae768d637c2bfb96304f41aaffc9c67088f024d4fceb6e1306a9bf6a7c2edeaecce42f25af2e4dfd63eab70d03bfd4e3781a2dfd49c5360d3bf41ddca4a996ca373867f17144fe5815aee1f9afd6caf32d0e6b82432d5721fc3f2877fdb2b148d18b3ae53c66927050ab377ac30631ac02066bb65d0496232846b613abb76e00d75ea8028499dfc05a9e3fef427d38cc4156f32c0295e3d5c3b563152749d261b304a8efffa88013bbb57be7c472b0f2487c435d2ce507973a8c176311b7d0cca8f9a52b5f9956629db092997115d705cc536f6de35b2bf09c9cd45b616c76d6a069b18e093236b7306fcc0a67b39d685c30378efc1d4a742a0c5c67c482e6dc108cdad4f52cd1f0709445fa344f15d57378a41f41eb18a15f7c25a071344da81ce261c50a1a27f17ef32f6b433f6421d7793b2a185311ba017b59abe74f165fe18ea87782fe24984c4d4b8c11f7e730247556cbb5efb66c82854236bccd576bb8ab4d3104dd3570a69013546badbbdf3ae926b687b2b6aa70b5ead1358160829e94d8bee9f698788219a0e58db97cccc33312b3841592064f626dfffd9889c6214089668738a029c53e05500cde78002e47a41ce453d1a38d368bdf6c30fcf350c29485f739e24cf129ffaeaaa58ceffba353d1f5643be185948ac4c1188cddc0639b9874a9c79288127e0f05b53794ff2144dac153adc8e4f28cf218bfbdbcd2c89764a7fec80167a82c7cb0b01b4be9ab7d76f89f1638af0a3895505848887fd6038d36c39146a37c79f9c290c9dda734b191f861c5e339687ee074b28393b367e76b0cbc7aa40939deffa8b9ecbd6a700c5fb43764861c5b7a509694c585a6a1e8c2e7b185f6bbd42031f0733de05bed803a2c72f04c2a65fa9f734a5c88c35a0ed5d4c5a02a9537b2ee811a74d89cbc8212842003c46c9fe6558f2483a3f52b249408827da7b5315c1dd6b88ba6c49cd2dc93ee5aac58fdb60312be17499b593ce07386c4324eb4b14ee5addd0f09cc88f18a9d6d1a83a74dab6618b6643e93b5d87bd534968fc573cd3209e4ce24c39fae2e687f9b57fb27a558e816ea99a80144735177597e60ea5174d9a1f6291615b449bf85f28d7f0b4e24918cb4458ec6cd105ef1a3e931a3b9ab375e14ebdf33f6e852c43de387c7db6649776a4758b2bad43f28f652f572e694121aefc3faf6e378573094b0559193828f95fd3a3555017c8637e52a5245be9fbc6a38fe5ac12abe0052d562e174a1764e2b5ac2bda28a5444746f3f49d13dcee77c23f20e842728f68fb195eed3aa3da77a666735341510a8c84011a82bf85d6654a8294be6ea73beeef02cf76808db2e24445211cdd7a9c95f013c7c4221a0ce9d4222c20fc4933a2144e82985f6d046207ba3e27b62f81315ef24348ccb64d2d57997514739fe0deb83f8edc57155cbd0161ebe3a16d6de9244d95d5b2473c0e835323db4f5a854f4f49ffa30468271dd02b8cdac1cfe2bfc771c8d2db5e3b17178679950cc314c308738740664d228052e787777b890aff55c405196cd909dde769b8c23841e81f81df8eff79b9641defdb86b5f9ed23058a83cecc252539ddb7fa8b7bc4d9082ced6ef52e7a606e834da1ef1e7f7fe5f470641dcdb4732401bc28f845f9afc1a37add7be2a55f0528b2f9be96980e393aa88eb64ee8c641a54d4d66384e84c752ed49b8c08b28d22ec0b5a121ede9bf9b5aac44d39687c090e7021e25bfa5a9a157977370bc56bfd5750ac3197e48a4354c68cab180701551ebd3835f4ff82fbe7728f1a9a1befe886caa4cbe55fcc6bb5a0b5550b9c39e172a4a2f18acdf5317aeb428f606de28b1a739e6f2e387c6c8743b9414915f46f70e6cf41cf36ba5b46802e6a3883de9a15b00c1d71cca175e2b04cbc31486ec6f639f20825a611104b4d4777f6efa5b788681e9cd0a6d585eb667ed3317c6548480803de2f995e5822e617482af6e3d05220fe7f84cc9c9236b808830c92ed64fd20b942e8c05ac28d2a8e09b84180b9aa532b423f33da25108aa34a94ce681b425f1a82cce1e814285aee8d08610bfa179f1a3b75016e746a4926e14a986ef75bea562b4cccdefedf188c48eeafa6a753d13dc46ca03ecf0944b34874dabcd821596f2068b0db19f4eaa5604545ae8bbb75e26c4b15a84b4bf92aab02e7723490b0168ba6691eab6be2982d5dd6ba5e25d4b670d934974432b76784a1013c7fcd4d359e23b162adb17f7d3f38296c14db14c94aa4b759c03a6ac4ab359d66a413ad0153576fda8cf9dbae022d87044edd04f82c1efc74b36514aaa2ac6ab08dfcbaa5c38288fbda8a7b60af29c3ee324b00c5bffb1dc55adf4f73450e0ea86548b9ca5f4bc618dd197f2c1ef7eebaf2936598210b8970501edd8c14d758ef6f3035ef5ec65db5c233097a9ad63b003708faba6a21af1230cc6537b0ef5bfee769c046d67905943d5b59ac1e874170a3d16adc3e234b2c25f510f5678020efc269e3559d6f58ca766cd0f2ed9e653d3807bd32c8b14c4475a2e04f93eca960035091e97744979ad72fe785236d900a6e3ffac2256a4262c456302fd195d9efc8ce57b7026b23deaccda9fe634a0d0e93d0798ecd72be04b7643e1a8546497e7ac2035ace4a37b33142b9755ec71585ed7eb878f6a313cb903dbf30a99e577886e3800672ea142dff9ea7940b008ef5cb018b29d40c0ef5831e33bca9c51e235f191a4294e6a5690bdafdb9abc8dca8be2554c73c2bfd3bfb8d562b5d5766a5a12c857dbdc72c99bb9d664583048d0067c74ed2cff5abd39138b1ecac074b73583f1cc8e9f37ff74526e3bd52b7d33c4118684fdb930597cae553ecb8a174b67dd49abdc50e7e0da950832aada910ea9a25952594c1498ddb01002b97abf6807f8712300fba99607cd0917d57f4f8a387927acd5e78b31bf52046c8dfcbdc97665896160ef2493131ece2791e814c8143a9fc2c13a2a9e2d7f180f2634df6e52fed4fa9e78e5dc80992199e6fcaf4c539f0b47f95d3e282ff3a7d648846495a26ad85441f6fb1cf2772d5dc9e8058a59e5b99f0dfa7816860b7063c351c4d0eb31837195d956eaca6f28b62f4d321330e73e254f74c4075a366afa8ef493f80bc6b26a82e9bf68a35d73b6858e45ba572b614a19cba4bd00ed04818f1edc51afd227d125548f1766e1ca951166fe58dbe5904dcb3f7c8cad6949a28bb615038850ad2b79b91bbd2b14a0172d4976c6749e36cbbb94e7ece2c86dca7f1f688701ad014e3ebe2870bb0e47bab01c2bc3d996a417c51aedcda2cd218425ca3f3e01d47e94136640ce0674ecc6550214c8078d124d4395a1e6f3652d24a094f710eeb270f899b7c6d104fb8f46e80d87b3eecdd20186b33d2c37af9e1ad8b193af825cbea3bb43d6eb9a2d6cfa0c22850a79a116fbaae51d286155792a77268602173f6029c6bf3762e260aa56976421ad0ef3c97049c0b9a1610e51d10a93e51abf511cea09f3eff71c86cdbfe7ff4cf1d0f74d42d5b326786b7e507d4f6b05ce28902cc979ba0d84b7ea664532970d3901c885c511e643e749491d95326249344a6c8ab99b36960c4a5d44e45e1980a0e6dd9d21ed388cdb76017656eca4b3d1d93df512a82d5e82a6b82dc6fbc7ef6f04769a2e4e987c6284462d117a24d36047ca6332b7fd1a61201009f6afa2fe044f87597b4e44c0bd7d5cb2b8506c4d7ba55039ef9d2b757c7bfc97d7ff31a2a1b34705c945ad4fa48115fd48c1a8758eab60f1d3fc2f4944f940c6749a273ccb29a909948a4775963e9f9af9f6caebfc6f030377eace793146307d0b138bef9b3cb6012264f05d65e1fb70d08a77d374ace2ed68e82e9d3a3b82a838"]}}, @RTA_PREFSRC={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x10}}, @RTA_MULTIPATH={0xc, 0x9, {0x0, 0x1, 0x2, r5}}]}, 0x1210}}, 0x0) r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x10140, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r6, 0xc034564b, &(0x7f0000000040)={0x1f, 0x43353039, 0x4, 0x0, 0x2, @discrete={0x1, 0xc55}}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0xffffff80, 0x178, 0x178, 0x178, 0x258, 0x258, 0x258, 0x258, 0x258, 0x3, 0x0, {[{{@ipv6={@mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74]}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00', {0x0, 0x0, 0x178, 0x0, 0x0, 0x5, 0xa6}}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15e) ioctl$TCSETSF2(r6, 0x402c542d, &(0x7f0000000280)={0xb2e3, 0x8, 0x2af, 0x550, 0x7f, "c6471ef1e757edd6db0a770b332e20eeb65db6", 0x5, 0x1ff}) sendfile(r7, 0xffffffffffffffff, &(0x7f0000000100)=0xaa, 0x9) [ 1095.697639] ? lock_downgrade+0x6e0/0x6e0 [ 1095.702092] ? __fget+0x226/0x360 [ 1095.706881] ? __fget_light+0x199/0x1f0 [ 1095.711332] ? sockfd_lookup_light+0xb2/0x160 [ 1095.716067] __sys_sendmsg+0xa3/0x120 [ 1095.719905] ? SyS_shutdown+0x160/0x160 [ 1095.723911] ? SyS_clock_gettime+0xf5/0x180 [ 1095.728258] ? SyS_clock_settime+0x1a0/0x1a0 [ 1095.732703] SyS_sendmsg+0x27/0x40 [ 1095.737355] ? __sys_sendmsg+0x120/0x120 [ 1095.741433] do_syscall_64+0x1d5/0x640 [ 1095.746859] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1095.753104] RIP: 0033:0x45ca69 [ 1095.756337] RSP: 002b:00007fbad238ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1095.764221] RAX: ffffffffffffffda RBX: 0000000000501a40 RCX: 000000000045ca69 [ 1095.771502] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 1095.778829] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1095.786155] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1095.795707] R13: 0000000000000a21 R14: 00000000004cd05a R15: 00007fbad238f6d4 [ 1095.802997] Code: 08 e8 4a 8c 24 fb 48 89 ef be 04 00 00 00 e8 ed ae ff ff 4c 8d 68 10 48 89 c5 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 00 05 00 00 48 b8 00 00 00 00 00 fc ff df 48 [ 1095.822612] RIP: hsr_check_carrier_and_operstate+0x3b/0x5d0 RSP: ffff8881ba4cf0d8 [ 1095.847940] ---[ end trace 47370c850d6c54e7 ]--- [ 1095.853417] Kernel panic - not syncing: Fatal exception [ 1095.860973] Kernel Offset: disabled [ 1095.864806] Rebooting in 86400 seconds..